locked
How to backup Active Directory when D:\Windows\NTDS folders are not on C: volume (no longer part of System State)? RRS feed

  • Question

  • Our architect specified servers for new AD forest and domain. ADDS is to be installed to D:\Windows\NTDS (not the default C:\Windows\NTDS). These are VMs and a cloud provider will be backing up the VMs by snapshot. I suspect the backups of the VMs will be trustworthy (but "suspect" is not good enough in my estimation), so I always like to have my own Microsoft-specified and Microsoft-supported backup in my back pocket for when the complete disaster arrives - so I'm still covered, even if the cloud provider fails.

    In the past I've used the usual Windows Server Backup, ran a scripted backup that performs a System State Backup of C: (which would have contained C:\Windows\NTDS, the registry, and all of Active Directory's components on the DC). But now I have to also back up D:\Windows\NTDS and System State Backup will not be backing up D:.

    What is the recommendation?

    Here is the essential working section from the scripted backup:

    WBADMIN Delete SystemStateBackup -KeepVersions:1 -Quiet >> %MyLogFile% 
    WBADMIN Start Backup -BackupTarget:E: -SystemState -Quiet >> %MyLogFile% 

    Notice that my script cleans up the destination backup volume E: to minimize the size of the backup and to ensure there is free space prior to starting the backup. WBADMIN does not have an equivalent "Delete" option for non-SystemStateBackup backups. The E; volume is then picked up as a file system backup and archived, so I always have multiple generations of backup history.

    So what does Microsoft's Active Directory team recommend for a good solid backup of the DC?

    P.S. I had already asked this question in the Windows Server  > Backup – Windows and Windows Server  forum, but that moderator recommended I ask here.


    George Perkins

    Wednesday, October 31, 2018 1:23 PM

All replies

  • Hi,

    So what does Microsoft's Active Directory team recommend for a good solid backup of the DC?

    If you want a solid backup of domain controller , you should in this case create a FULL backup on virtual domain controller.

    System backup can be enough if all active directory folder on C drive. On you case you should create a full backup to be sure that you have a valid backup.

    It's recommended to have a backup of 2 domain controllers at least on each domain.

    it's also recommended to choose virtual domain controller for the backup in order to avoid driver issue on physical machine.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Wednesday, October 31, 2018 9:09 PM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Julie 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 2, 2018 12:31 PM
  • I am aware of this generalized approach but it does not get at the need to automate the backup and automate the maintenance of the destination backup location (prune old backups). When the backup method is only the system state backup,  WBADMIN provides a method to remove prior backups and only keep current fresh backups in the destination backup location. But WBADMIN does not provide a pruning mechanism for a FULL backup of all volumes on the Domain Controller as you propose .

    Back in the "Windows Server  > Backup – Windows and Windows Server" forum, the moderator response there  provided a link to backups <https://docs.microsoft.com/en-us/windows/desktop/ad/backing-up-an-active-directory-serverwhich contains C++ library functions to perform a backup. However, what I need from Microsoft Directory Services is the equivalent of a script or backup module which uses those same C++ library functions (or WBADMIN or PowerShell equivalent) to perform a complete Directory Services backup regardless of what disk volume the components are located on AND the ability to prune the backup history to maintain a small disk footprint in the destination backup location.

    Can you help with this request?


    George Perkins

    Friday, November 2, 2018 1:17 PM
  • Hi,<o:p></o:p>

    Thank you for your reply.<o:p></o:p>

    Per your issue, we suggest you post your request to PowerShell forum for getting more professional support.<o:p></o:p>

    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell<o:p></o:p>

    Best regards<o:p></o:p>

    Julie <o:p></o:p>



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 9, 2018 7:48 AM
  • I guess this question is a hot potato. I'll see if the PowerShell forum can come up with a good answer.  Here is a link to that question: PowerShell Question

    George Perkins


    • Edited by George Perkins Friday, November 9, 2018 4:49 PM added hyperlink
    Friday, November 9, 2018 4:36 PM
  • The best option is what Thameur Bourbita said and it's a full backupof the DC.

    That being said, if you only want a system state with Active Directory, just select the System State component in the Backup selection and it will backup Active Directory even if the NTDS.dit is on another drive.  This also apply for the SYSVOL folder.

    hth


    This posting is provided AS IS without warranty of any kind

    Saturday, November 10, 2018 4:54 AM
  • That is good news. I will setup a test scenario to confirm system state picks up the D:\Windows\NTDS (when not on C:\) and post back to this thread.

    George Perkins

    Monday, November 12, 2018 3:57 PM
  • Hi,

    Thank you for your reply. We are looking forward to your reply, if anything else we could do for you. 

    Best regards

    Julie 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 13, 2018 1:48 AM