• This topic has 8 replies, 6 voices, and was last updated November 8, 2017 by Slawomir J.

Domain controller replication case

  • Business case:

    Client organization “A” has a business requirement to have main operational site and DR (disaster recovery) site in different geographical zone. The main site and the DR site are connected via strong network connection with very low latency.

    Once DR test recovery executed, all of the services including (DC, DB, Applications etc) in the isolated DR site must be able to be up and running operational up to 10 (ten) calendar days

    The DR site is running on isolated network with enough IPs to host the most critical services. The DR site must be activated as needed. There is no permanent authentication service (Domain Controller / LDAP / IdM) solution in the DR site.

    Technical requirements:

    Domain controller (DC) from the Production site must be replicated to the DR site via Zerto ZVM tool while the same DC is fully operational in the production site. The replicated DC must be able to provide authentication services for the replicated VMs in the DR site while the entire DR site is isolated from the production site.


    Hi Ivaylo,

    Is your question around can this be done, or are you asking something else? If you’re asking if this can be done, the answer is yes. You could either replicate the DC with ZVR and isolate during testing, or you can replicate the DC live on the network using AD replication/architecture and (clone, then) isolate this DC from production during testing.


    Follow me: www.twitter.com/HarrySiii

    Hello Harry

    This is a real case scenario which my client has. Only the names and the details related to the case are removed.

    During the first attempt of using the product , we were not able to have successful recovery of the Domain Controller in the isolated DR network.

    As I said, the DR network is isolated and there is no locally hosted DC and DNS server.

    Any documentation and / or real case failover instructions for the domain controllers will be great. If that is not the case, what would be a potential workaround or plan B for this recovery


    At a high level, Zerto can protect any VM and there are no unique needs of Zerto in protecting MS Active Directory Domain controllers (AD DC), however the requirements to protect and recover an AD DC can change depending on the version of Windows Server being used. You can refer to Microsoft documentation on protection and recovery of AD DCs by Windows Server version. Depending on the version you may be able to simply protect the VM and fail it over, or you may need to have one or more changes take place on the guest or in AD post-recovery. These changes can also impact the disaster recovery plan in other ways.

    Since you are a Zerto partner I suggest connecting with your Zerto account team on a design discussion. I do not recommend trying to solve this here on the forums since the customer network topology, any number of unique customer requirements, and so on may impact the final design.

    In our case, once we started using zerto vss agent, we were able to successfully start not only vm, but also all AD DS on that DR isolated DC.

    Hope that may help other guys having similar issues.

    so is it supported to replica Windows Active Directory Servers?I usually say to customer hey use Windows replication but not sure about that now

You must be logged in to create new topics. Click here to login