Burned by Eschewing Best Practices
-
That's a lot of PCs to have no Active Directory. Going to need to do ridiculous things like having common admin passwords or using Keepass and storing tons of passwords.
-
Not a bad approach.
-
Here is another topic of it, where an IT Department virtualized, but failed to develop and deploy a proper backup solution. Now the IT person is stuck manually restoring files and ActiveDirectory from a Snapshot created in January!
-
@DustinB3403 I wonder if that snapshot from January is part of what messed his system up when it lost power. You shouldn't keep snapshots hanging around that long. Nothing but trouble.
-
Well the story appears to thicken, as he was panicked (not having a recovery strategy) and simply restored with what he saw...
So likely it did.
-
@DustinB3403 Panicking leads to bad choices.
-
@brianlittlejohn said:
@DustinB3403 Panicking leads to bad choices.
And bad choices lead to panicking.
-
And the plot thickens even more.
he has separate DC's, that are for an Old DC.
So only having 1 DC. More of that eschewing practice...
-
Here is another, RAID 5 (4x3TB) took the server down to replace the drive. (May have been the only way to do so). Restored AD from backup etc etc.
-
@DustinB3403 said:
So only having 1 DC. More of that eschewing practice...
Sometimes it is OK to do that, as I learned here at ML.
Risk and reward. Reliability not redundancy.
http://www.mangolassi.it/topic/6495/storage-question/37 -
@BRRABill said:
@DustinB3403 said:
So only having 1 DC. More of that eschewing practice...
Sometimes it is OK to do that, as I learned here at ML.
Risk and reward. Reliability not redundancy.
http://www.mangolassi.it/topic/6495/storage-question/37But here the risk is losing all ability to use your computer systems. So the risk does not outweigh the cost.
-
@DustinB3403 said:
But here the risk is losing all ability to use your computer systems. So the risk does not outweigh the cost.
By losing the DC?
-
In that case yes, a single DC which was restored from a backup make in January.
The system is almost useless. A second VM host, even a desktop running HyperV and a vDC on it would have prevented his predicament.
-
The thread I posted made a good case that it isn't crazy for smaller businesses to run only 1 DC, even though it is not "best practice".
@scottalanmiller said that for small businesses, it is actually decently rare that the cost of a second AD DC is justified.
Not saying it is optimal, and of course there is risk. But there was a lot of talk in that thread about only having 1 DC.
-
But @BRRABill what you're missing is that the OP has multiple issues, compounding the issues, no recovery solution, no documentation, nothing.
All of this compounds the issue.
A very simple answer to that is a super cheap backup Hypervisor running an "Oh-Shit Domain controller".
-
Right, there are other issues.
Just saying having 1 DC isn't what caused the problem, and it the right circumstances might have been fine.
I'm just defending the 1 DC theory.
I agree all the rest of the stuff is nowhere near best practice.
Like if you don't want to do backups, perhaps have a second DC DEFINITELY.
-
@DustinB3403 said:
@BRRABill said:
@DustinB3403 said:
So only having 1 DC. More of that eschewing practice...
Sometimes it is OK to do that, as I learned here at ML.
Risk and reward. Reliability not redundancy.
http://www.mangolassi.it/topic/6495/storage-question/37But here the risk is losing all ability to use your computer systems. So the risk does not outweigh the cost.
That's purely an assumption. Losing AD does not cut off your computers and losing ability to work does not necessarily outweigh the cost of the second AD.
-
@DustinB3403 said:
In that case yes, a single DC which was restored from a backup make in January.
The system is almost useless. A second VM host, even a desktop running HyperV and a vDC on it would have prevented his predicament.
So would a good backup. So it's a leap to talk about the big cost of a second server. The logical fix here is just good backups. You only go beyond that it that doesn't meet your needs.
-
@BRRABill said:
The thread I posted made a good case that it isn't crazy for smaller businesses to run only 1 DC, even though it is not "best practice".
@scottalanmiller said that for small businesses, it is actually decently rare that the cost of a second AD DC is justified.
Correct. It is not a best practice to knee jerk to dual DCs. No redundancy at the system level is ever a best practice but only ever an option based on cost and risk balancing.
-
@DustinB3403 said:
But @BRRABill what you're missing is that the OP has multiple issues, compounding the issues, no recovery solution, no documentation, nothing.
All of this compounds the issue.
A very simple answer to that is a super cheap backup Hypervisor running an "Oh-Shit Domain controller".
That's not cheap. Backups are cheaper and always more important.