This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No. Any additional feedback? Windows Server TechCenter. Sign in. United States English. Ask a question. Quick access. Search related threads.
Remove From My Forums. Answered by:. Archived Forums. If the Active Directory Domain Controller AD DC becomes unavailable for whatever reason, then users cannot log in and systems cannot function properly, which can cause disruption to business activities.
In this article, we will show you how to backup an Active Directory domain controller running on Windows Server Before we begin we will take a look at a concept known as System State backup and how it affects Active Directory data. A Full backup makes a copy of the system drives of a physical or a virtual machine, including applications, operating systems, and even the System State. This backup can be used for bare metal recovery—this allows you to easily reinstall the operating system and use the backup to recover.
System State backup on the other hand creates a backup file for critical system-related components. This backup file can be used to recover critical system components in case of a crash. Active Directory is backed up as part of the System State on a domain controller whenever you perform a backup using Windows Server Backup, Wbadmin. For the purpose of this guide, we will be using System State backup because it allows us to backup only the components needed to restore Active Directory.
However note that Microsoft does not support restoring a System State backup from one server to another server of a different model, or hardware configuration. The System State backup is best suited for recovering Active Directory only on the same server.
As described later in this guide, Windows Server Backup must be installed through features in Server Manager before you can use it to back up or recover your server. The type of backup you select for your domain controllers will depend on the frequency of changes to Active Directory and the data or applications that might be installed on the domain controller. The bare minimum you need to back up to protect essential Active Directory data on a domain controller is the System State.
The System State includes the following list plus some additional items depending on the roles that are installed:.
File-based DNS zones must be backed up as part of a volume-level backup, such as a critical volume backup or full server backup. All the above backup types can be run manually on-demand, or they can be scheduled using Windows Server Backup. You can use either Windows Server backup or Wbadmin. Microsoft recommends using either a dedicated internal disk or an external removable disk such as a USB hard disk to perform the backups. Backup operators do not have the privileges required to schedule backups.
You must have administrative rights to be able to schedule a System State backup or restore. A System State backup is particularly important for disaster recovery purposes as it eliminates the need to reconfigure Windows back to its original state before the system failure occurred. It is important that you always have a recent backup of your System State.
They may require you to perform regular System State backups to increase your level of protection. We recommended that you perform System State backups before and after any major change is made to your server. Before going ahead with the backup process, you need to take note of the following initial steps:. It is important to ensure that the AD database is backed up in a way that preserves database consistency.
One way to preserve consistency is to back up the AD database when the server is in a powered-off state. VSS is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. VSS writers create a snapshot that freezes the System State until the backup is complete to prevent modifying active files used by Active Directory during a backup process.
In this way, it is possible to back up a running server without affecting its performance. For this guide, we are going to show you how to change the Shadow Copy size limit configuration on the volume where we are going to store the AD database. I usually go with the default values and leave the Automatically grow the volumes box checked, just in case these values are not enough. Choose how and when the backup s should start. This is recommended because a lot of traffic will be created and the domain controllers will be a little busy.
If you want DPM to run a consistency check on your backups , leave the first box enabled. If you want it to run daily, enable the box Run a daily consistency check according to the following schedule. On the Summary screen click the Create Group button to create the protection group.
After this, DPM will run a consistency check and the protection status should turn to green. Your email address will not be published. Notify me of followup comments via e-mail. Skip to content. Want content like this delivered right to your email inbox?
0コメント