Active Directory replication?

  • I was wondering if anybody has any experience with replication Active Directory Domain Controllers?  Are you actually using Zerto to do the replication to a “AD specific VPG” as indicated here:, or are you letting Active Directory native replication occur to a “live” VM in the DR environment?

    I am asking as Active Directory has some “uniqueness” when it comes to making sure the AD databases and versioning (USN rollback issues) are all on the same page between the DCs.  I have some concerns with letting Zerto just replication the DC through its process, rather than letting the DC use the native AD replication.

    Any help/suggestions would be appreciated.

    Rhett B – question can be answered as “yes”. Both methods will work.

    The real answer lies in how you have your DR site set up or if you are using a DRaaS offering from a service provider. If your DC is virtualized then I recommend replicating the DC. This keeps everything in the “island” moving to the Recovery “island” the same as it was. This will aid in testing and will in no way effect production as the recovery sites should land on network(s) (vlans, ect) that do not talk back to the production site. You will be able to login with domain creds, ect. Now the vm’s that failover all need to point to the DC as primary or secondary like they do in production.

    Now I don’t like the use of a permanent DC in the Recovery vCenter as it would have to access to the production network all the time to talk to the other DC(s). This Network communication will need to be severed at testing and the DC given access to the testing network, for the vm’s that are failing over to talk to it for authentication. If something is missed and your DC is still talking to the other DC’s, it could report both vm’s (production and test) meaning production work could land on the test vm’s, thus the that data will be lost after test is complete and the opposite could happen as testing could be done on production vm’s. This will cause you trouble. So why take the chance, just replicate the DC.


    Thanks for the follow-up.  We have decided on the “fenced option” for the exact same reasons you mentioned (don’t want the DR DC polluting the production DCs during testing).  Thanks again.

    hey guys

    I think i did not quite understand….

    right now I ‘m a service provider providing DraaS… that means having multiple customers replicating a lot of servers and of course they have ADs right now we have ADs in the the recovery site for each customer (so meaning native AD windows replication)…. is that the way to go or i should be replicating using Zerto instead?


    Carlos C – I too am a service provider and I have all of my customers (at least all that ask me) to just replicate the AD server. I have a large number of offsite customers and have all of them setup this way where AD is replicated.

You must be logged in to create new topics. Click here to login