The Active Directory database for your domain is a single point of failure that could bring down not only your network, but your entire organization as well. Most companies rely heavily, if not exclusively, on their network for their daily operations and ultimately their profits. Every minute your network is down can result in hundreds to hundreds of thousands of dollars in lost profits or incurred expenses. Thus, protecting the stability of your network's lifeblood, i.e. the Active Directory database, becomes a mission-critical issue.
Microsoft built in several self-repair mechanisms and self-adjusting features to keep AD happy and healthy. But you should not rest on your laurels.
First and foremost, you should always deploy at least three domain controllers (DC) in each domain. Windows 2000 domains no longer use the term backup domain controller, but you can still consider it a backup as in a protection against failure of your primary machine. Two DCs offers the protection against a single failure, but the more important your business and the more you rely upon your network for productivity, the more you should implement protection against multiple failures.
Another reason to deploy multiple DCs is to spread the load of the AD operations master roles among several systems. Ideally you should have 2 global catalog servers, plus one server each for schema master, domain naming master, PDC emulator, RID master, and infrastructure master. Thus a
In addition to relying on internal checking and multiple DCs to maintain your AD, you should still deploy a reliable backup system. A reliable backup is one that is capable of backing up your network (whether every bit or just the created data (i.e. not software and OS)) in a reasonable amount of time and offers an efficient method to restore some or all of the backed up data. Make sure your backup solution supports backing up the live AD database. This is usually a separate file selection checkbox named System State or similar.
As part of your backup schedule, you should include regular backup verifications and restore tests. A backup is only good if you can read it, if it contains the necessary data, and it can be restored. Be sure to abide by intelligent backup etiquette, such as replacing tapes after 6 to 10 uses, storing backups off site, and physically controlling access to backup media at all times.
In the unlikely event that all of your DCs are damaged or corrupted, a backup is your only form of insurance. Believe me, if you don't pay for protection now, you will pay for the lack of that protection later.
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in May 2002