Double-Take Software

Active Directory Domain Controllers (DC’s) are a staple of Windows networks around the world.  DC’s manage access rights, help people and devices find other people and other devices, and even power complex applications like Microsoft Exchange.  The good news is that DC’s are multi-master, and so they have the ability to protect each other from a domain data perspective.  This means that you can put another DC in another location, assign it to the same Domain as your primary site, and it can take over if the first DC fails.  This works great if you want to maintain DC’s in multiple locations and if you have no other applications running on that DC.  Since AD replication only protects the domain info, anything else on the box is your own responsibility.

This has led many of our clients to look to Double-Take Software products for protection of their DC’s.  Either they don’t want to continually maintain servers in another location, or they have critical applications and data residing on a DC that also require protection. Both Double-Take Availability and Double-Take Backup can safely replicate and fail over and/or recover DC’s, but there are certain things to keep in mind:

Only Full Server Fail Over (FSFO) tools in Double-Take Availability or Full Server Recovery in Double-Take backup can be used to protect DC’s for failover purposes.  We can do non-domain data replication only, of course, but failover/recovery of the DC can only be accomplished via our System State Protection tool sets.

FSFO Failback – otherwise known as a Fail Forward Operation – does not work for DC’s.  This is mainly because the security principles of a DC are designed to prohibit such operations from working the way they would on any other Windows server.  You can still re-install Windows (leaving all the data intact) on a surviving Source server, then set up FSFO in the opposite direction.  For help on that, reach out to Technical Support.

If the server you failed over or recovered is the last surviving DC when you had multiple DC’s in production, it will come up in non-authoritative mode.  This is a safety catch built into AD that makes sure a “lone wolf” DC doesn’t attempt to overwrite other DC’s with outdated or incorrect information.  This is fully reversible, though.  Follow the instructions on this TechNet site.  Note that if you only had one active DC in your environment, then you will not have to ever run through those steps, this only applies if you had more than one production DC and all have failed.

DC’s often contain data and applications outside of the AD components themselves.  When this happens, Double-Take Software Tools can be used to protect and recover the whole server.  Just keep in mind that as DC’s are highly specialized and secured platforms, you have to handle them slightly differently with Double-Take Software products to match their needs.