locked
How to backup Active Directory when D:\Windows\NTDS folders are not on C: volume (no longer part of System State)? RRS feed

  • Question

  • Our architect specified servers for new AD forest and domain. ADDS is to be installed to D:\Windows\NTDS (not the default C:\Windows\NTDS). These are VMs and a cloud provider will be backing up the VMs by snapshot. I suspect the backups of the VMs will be trustworthy (but "suspect" is not good enough in my estimation), so I always like to have my own Microsoft-specified and Microsoft-supported backup in my back pocket for when the complete disaster arrives - so I'm still covered, even if the cloud provider fails.

    In the past I've used the usual Windows Server Backup, ran a scripted backup that performs a System State Backup of C: (which would have contained C:\Windows\NTDS, the registry, and all of Active Directory's components on the DC). But now I have to also back up D:\Windows\NTDS and System State Backup will not be backing up D:.

    Here is the essential working section from the scripted backup:

    • WBADMIN Delete SystemStateBackup -KeepVersions:1 -Quiet >> %MyLogFile% 
      WBADMIN Start Backup -BackupTarget:E: -SystemState -Quiet >> %MyLogFile% 

    Notice that my script cleans up the destination backup volume E: to minimize the size of the backup and to ensure there is free space prior to starting the backup. WBADMIN does not have an equivalent "Delete" option for non-SystemStateBackup backups. 

    I am aware of the generalized recommendation (create a FULL backup on virtual domain controller including both C: and D: volumes). But automating and maintaining (prune old backups) is the question. (When the backup method is only the system state backup,  WBADMIN provides a method to remove prior backups and only keep current fresh backups in the destination backup location. But WBADMIN does not provide a pruning mechanism for a FULL backup of all volumes on the Domain Controller).

    Back in the "Windows Server  > Backup – Windows and Windows Server" forum, the moderator response there  provided a link to backups <https://docs.microsoft.com/en-us/windows/desktop/ad/backing-up-an-active-directory-serverwhich contains C++ library functions to perform a backup. However, what I need from Microsoft is the equivalent of a script or backup module which uses those same C++ library functions (or WBADMIN or PowerShell equivalent) to perform a complete Directory Services backup regardless of what disk volume the components are located on AND the ability to prune the backup history to maintain a small disk footprint in the destination backup location.

    Can you help with this request?

    P.S. I had already asked this question in the "Windows Server > Backup – Windows and Windows Server" AND the "Windows Server > Directory Services" forums, but those moderators recommended I ask here. For completeness, here are links to those unanswered questions:  


    George Perkins

    Friday, November 9, 2018 4:47 PM

Answers

  • I also think you are mistaken about a correctly relocated NTDS folder not being part of System State.   System State backup in not a file backup.  It is a complete backup of all system configuration elements including AD.


    \_(ツ)_/

    • Marked as answer by George Perkins Monday, November 12, 2018 4:19 PM
    Monday, November 12, 2018 7:23 AM

All replies

  • Your backup is batch file code and not PowerShell.  This is not a batch file forum. 

    You are not asking a question.  You have described a lot of things you are doing but there is no question.


    \_(ツ)_/

    Friday, November 9, 2018 4:56 PM
  • To summarize: 

    I need from Microsoft the equivalent of a script or backup module to perform a complete Directory Services backup regardless of what disk volume the components are located on AND the ability to prune the backup history to maintain a small disk footprint in the destination backup location.

    Given that original backup architecture for Directory Services pre-dates PowerShell it is time for Microsoft to offer a PowerShell solution. Does such a solution exist for the above need?

    P.S. Sorry for so much verbosity, but trying to give the background (as I indicated, Backup and Directory Services forum moderators both asked to move the question).


    George Perkins

    Friday, November 9, 2018 5:25 PM
  • First understand that this is not Microsoft support.  This is a community forum specific to answering questions about PowerShell scripting.  It is not for questions about batch files and not a place to get Microsoft support.  All people here are volunteers and not Microsoft employees.

    If you post in the Directory services forum and ask one simple question.  "How can I get an AD backup when NTDS is not on the system drive?"

    The way you originally asked the question sounds like you are not asking that question.

    If you have issues about the Windows product then contact Microsoft support here: http://support.microsoft.com


    \_(ツ)_/

    Friday, November 9, 2018 5:38 PM
  • I also think you are mistaken about a correctly relocated NTDS folder not being part of System State.   System State backup in not a file backup.  It is a complete backup of all system configuration elements including AD.


    \_(ツ)_/

    • Marked as answer by George Perkins Monday, November 12, 2018 4:19 PM
    Monday, November 12, 2018 7:23 AM
  • I will test the System State backup to confirm it contains all Directory Services components even when they are located on volumes other than C:

    This PowerShel forum question can be closed since my answer is actually in the Directory Services forum.


    George Perkins

    Monday, November 12, 2018 4:18 PM