You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/tutorial-perform-disaster-recovery-drill.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,22 +17,22 @@ ms.author: justinha
17
17
18
18
# Tutorial: Perform a disaster recovery drill using replica sets in Microsoft Entra Domain Services
19
19
20
-
This topic shows how to perform a disaster recovery (DR) drill for Microsoft Entra Domain Services using replica sets. This will simulate one of the replica sets going offline by making changes to the network virtual network properties to block client access to it. It is not a true DR drill in that the replica set will not be taken offline.
20
+
This topic shows how to perform a disaster recovery (DR) drill for Microsoft Entra Domain Services using replica sets. This excercise simulates one of the replica sets going offline by making changes to the network virtual network properties to block client access to it. It's not a true DR drill in that the replica set isn't taken offline.
21
21
22
-
The DR drill will cover:
22
+
The DR drill covers:
23
23
24
24
1. A client machine is connected to a given replica set. It can authenticate to the domain and perform LDAP queries.
25
25
1. The client's connection to the replica set will be terminated. This will happen by restricting network access.
26
-
1. The client will then establish a new connection with the other replica set. Once that happens, the client will be able to authenticate to the domain and perform LDAP queries.
27
-
1. The domain member will be rebooted, and a domain user will be able to log in post reboot.
28
-
1. The network restrictions will be removed, and the client will be able to connect to original replica set.
26
+
1. The client then establishes a new connection with the other replica set. Once that happens, the client is able to authenticate to the domain and perform LDAP queries.
27
+
1. The domain member will be rebooted, and a domain user can sign in after reboot.
28
+
1. The network restrictions are removed, and the client can connect to original replica set.
29
29
30
30
## Prerequisites
31
31
32
32
The following requirements must be in place to complete the DR drill:
33
33
34
34
- An active Domain Services instance deployed with at least one extra replica set in place. The domain must be in a healthy state.
35
-
- A client machine that is joined to the Domain Services hosted domain. The client must be in its own virtual network, virtual network peering enabled with both replica set virtual networks, and the virtual network must have the IP addresses of all domain controllers in the replica sets listed in DNS.
35
+
- A client machine that's joined to the Domain Services hosted domain. The client must be in its own virtual network, virtual network peering enabled with both replica set virtual networks, and the virtual network must have the IP addresses of all domain controllers in the replica sets listed in DNS.
36
36
37
37
## Environment validation
38
38
@@ -49,7 +49,7 @@ The following requirements must be in place to complete the DR drill:
49
49
50
50
## Perform the disaster recovery drill
51
51
52
-
You will be performing these operations for each replica set in the Domain Services instance. This will simulate an outage for each replica set. When domain controllers are not reachable, the client will automatically fail over to a reachable domain controller and this experience should be seamless to the end user or workload. Therefore it is critical that applications and services don't point to a specific domain controller.
52
+
You need to perform these operations for each replica set in the Domain Services instance. The operations simulate an outage for each replica set. When domain controllers aren't reachable, the client automatically fails over to a reachable domain controller. This experience should be seamless to the end user or workload. Therefore, it's critical that applications and services don't point to a specific domain controller.
53
53
54
54
1. Identify the domain controllers in the replica set that you want to simulate going offline.
55
55
1. On the client machine, connect to one of the domain controllers using `nltest /sc_reset:[domain]\[domain controller name]`.
@@ -67,7 +67,7 @@ These operations demonstrate that the domain is still available even though one
67
67
68
68
## Summary
69
69
70
-
After you complete these steps, you will see domain members continue to access the directory if one of the replica sets in the Domain Services is not reachable. You can simulate the same behavior by blocking all network access for a replica set instead of a client machine, but we don't recommend it. It won’t change the behavior from a client perspective, but it will impact the health of your Domain Services instance until the network access is restored.
70
+
After you complete these steps, you see domain members continue to access the directory if one of the replica sets in the Domain Services isn't reachable. You can simulate the same behavior by blocking all network access for a replica set instead of a client machine, but we don't recommend it. It won't change the behavior from a client perspective, but it impacts the health of your Domain Services instance until the network access is restored.
0 commit comments