Active Directory Backup and Restore in Windows Server 2008
Active Directory is one of the most critical components of your infrastructure. If it goes down, your network is rendered useless. Therefore, to ensure business continuity and compliance, you need to have a solid backup and recovery plan in place for Active Directory.
Now, you may already have a plan (after all, TechNet Magazine has stressed the importance of this in the past). But guess what--with the release of Windows Server 2008 and the new Windows Server Backup utility, you'll find many changes and enhancements to backing up. So Gil Kirkpatrick is back with an in-depth guide to backing up and restoring Active Directory in the new server OS.
Cheers,
matt
Comments
- Anonymous
January 01, 2003
Thanks for sharing helpful information, it's briefly explanation that restore active directory in windows server 2008. I found good information related to this topic fromhttp://www.lepide.com/lepideauditor/active-directory-control.html which helps to restore active directory and generate and view reports on all critical changes that were made in Active Directory environment. - Anonymous
May 31, 2015
"In the new Windows Server Backup utility, you'll find many changes and enhancements to backing up."
And a lot of useful things that were ripped out, adding to the challenge of learning this software. You'll enjoy hundreds of new, 1990's cryptic dos style WBADMIN command lines that you will never be able to memorize, expanding backup and restore tasks that used to take a couple of hours will now require a couple of days. If that is not enough fun for you, we also have POWERSHELL 1990's dos/linux style commands you can use to backup and restore your data. Save your time, and purchase anything except Symantec products. They all cost around $600 or more, but it is peanuts, compared to the time (and data) you will save trying to master this half-baked software. - Anonymous
May 31, 2015
If the team ever gets around to making the product user friendly, how about building in the AD snapshot as an option for every backup? I'd rather have a hundred backup copies of AD, other than none. Sounds simple enough, but I guess for once the project had to be finished on time and under-budget.
" Such an exciting change" Something else to have to do on a manual, one-off basis. Or, take a few hours and write your own batch file to make sure you have those critical snapshots. Well, nobody uses batch files anymore, forget the VisualBasic scripts....the years you spent learning VB scripting can be forgotten too, with the "exciting" PowerShell feature that will take even longer to learn that VB.
Please build it in. Make it easy to help us protect our data. With the cost of server and cal's, you would expect something more polished.....
Remember to do manual, one-off point time snapshots of the most critical aspect of a domain? Really?
Thanks for the articles though, very well written and appreciated, given the product you have to work with.
Taking Active Directory Snapshots
One of the most exciting changes in terms of backup for Active Directory has nothing at all to do with Windows Server Backup. In Windows Server 2008, you can take advantage of the fact that Active Directory can provide Volume Shadow Copy Service snapshots. These snapshots are very lightweight, point-in-time backups of the running Active Directory service. And even better, they take only a few seconds of your time to create! You can then mount these snapshots and access them using normal LDAP-based utilities, such as the LDP tool.
You take snapshots of ADDS or Active Directory Lightweight Directory Services (ADLDS) using the NTDSUTIL command, as shown here:
ntdsutil: snapshot
snapshot: activate instance ntds
Active instance set to "ntds".
snapshot: create
Creating snapshot...
Snapshot set {42c44414-c099-4f1e-8bd8-4453ef2534a4} generated successfully.
snapshot: quit
ntdsutil: quit
This sequence of NTDSUTIL commands creates a Volume Shadow Copy Service snapshot of the volumes that contain the Active Directory DIT, logs, and SYSVOL. Even though Active Directory is still being updated, Volume Shadow Copy Service uses a copy-on-write strategy to make sure that the snapshots you've taken are properly maintained. Note that the snapshots are not a complete copy of the DIT. They are really just a collection of disk blocks in the DIT that have been modified since the snapshot was taken. By combining these blocks with the current copy of the DIT, VSS can present the Active Directory DIT just as it appeared at the time of the snapshot. Figure 12 shows how to delete old or unneeded snapshots.