Active Directory Backup

Active Directory Backup

Best Practices

  • Restoring Active Directory from a backup should be your last option for recovery.
  • You should have multiple domain controllers. This will allow for a single domain controller to fail and still provide full recovery without a backup.
  • DO NOT rely on multiple controllers as your only source of recovery. You should absolutely still be doing a backup of Active directory. All domain controllers can fail, database corruption can occur, viruses, ransomware or some other disaster could wipe out all domain controllers. In this situation, you would need to restore it from a backup. Also backing up Active Directory is FREE so there is no reason not to do it.
  • You should enable the Active Directory Recycle Bin, this will give you the ability to restore deleted objects without the need for a backup.
  • Document your Active Directory environment, backup policy, and disaster recovery plans.
  • Backup Active Directory at least daily, if you have a large environment with lots of changes then consider twice a day backups.
  • Ensure you have an offsite backup of Active Directory. This will be explained more throughout this guide.
  • Backup two domain controllers in each domain, one of those should hold the Operation master role.

Full Backup VS System State Backup

Full Backup

  • Backs up all server data, including applications and the operating system;
  • Includes the system state;
  • Allows for bare metal recovery – This allows for restoring to an entirely different piece of hardware. Although, it is recommended that the hardware receiving the restore have the same hardware configuration;
  • If you have lots of data or 3rd party applications installed on your domain controller (not recommended) your backups will be considerably larger;
  • The full backup option is best used for restoring the whole server to the same or different server. A full restore will allow you to easily re-install the operating system and use the backup to recover.

System State Backup
The system state backup includes only the components needed to restore Active Directory. The system state includes the following:

  • SYSVOL from the domain controller – The sysvol includes group policy objects but I still recommend you backup group policy from the GPMC;
  • Active Directory database and related files;
  • DNZ zones and records (only for Active Directory integrated DNS);
  • System registry;
  • Com+ Class registration database;
  • System startup files;
  • The system state backup is best used for recovering AD only on the same server.  It cannot be used to recover a corrupt server operation system. Microsoft does not support restoring a system state backup from one computer to a second computer of a different make, model, or hardware configuration.

Related Posts

Lasă un răspuns

Adresa ta de email nu va fi publicată. Câmpurile obligatorii sunt marcate cu *