Active Directory is a very important part of any IT infrastructure. It stores information about how computers are managed in your network, how they connect to each other, and how they authenticate users. A good backup strategy for Active Directory will protect this data against accidental deletion or corruption. This blog post provides you with background on Active Directory backup best practices, the different types of backups that can be made, and how it can be done using tools like Windows Server Backup.
Do I Need to Back Up Active Directory
There’s a school of thought among administrators that if you have multiple domain controllers dispersed across diverse geographic areas, you don’t need to backup your AD at all. This isn’t always the case. In fact, if you only have one domain controller and it’s located in a single physical location, then your AD is more vulnerable to a disaster than if you had multiple domain controllers.
A good backup strategy for Active Directory will protect your data against accidental deletion or corruption. It’s important to remember that your AD database contains the entire directory infrastructure of your company, including all users, groups, organizational units (OUs), and computer objects. If this data is lost or corrupted, it can be difficult – or even impossible – to recover.
What you should know
You need to know some things first before attempting an Active Directory backup and restoration.
- The first thing you need to know is how your Active Directory is structured. You need to understand the layout of your domain, including which domains and forests it’s a part of, and how the objects are organized within those domains.
- The second thing you need to know is what data needs to be backed up. Not everything in Active Directory needs to be backed up – only the data that you will require if you have to rebuild your directory from scratch. This includes user accounts, groups, OUs, computer objects, and any other data that is specific to your organization.
Methods for backing up Active Directory
There are several methods for backing up Active Directory:
- Using Windows Server Backup (WSB)
- Using a third party tool
- Creating and manually swapping offline media (backup tapes or disks)
WSB is included with Windows Server 2008 R/O, Windows Server 2012, and newer. It’s the most widely used method for backing up Active Directory because it comes preinstalled on all of those operating systems. WSB has several backup options that you can choose from: Full server (all volumes), System state only, Critical volume(s). However there are some limitations to how you use this software – read more about them here.
Third party tools like Altaro Backup make things easier by allowing users to back up multiple servers simultaneously and store backups in one central location (the cloud or your own network share).
Another solution is to use a freeware software called NTOP. It’s written in C++ and allows you to view real-time performance data of your domain controllers, backup the Active Directory database (ntds.dit), list all login sessions, etc.
Backing Up an Active Directory with Windows Server Backup
Windows Server 2012 includes the Windows Server Backup tool, which provides a simple way to back up an Active Directory. To use Windows Server Backup, you’ll need to install the role service on a server running Windows Server 2012.
The first step is to create a backup job. In the Windows Server Backup console, right-click on the name of your server and select “Backup”. The next screen will ask how you want to back up your data. Select “Active Directory”, then click “Next”.
On the next screen, you’ll be asked where to store your backups. You can choose any location that meets your needs, but it’s important to remember that the backups must be accessible from all domain controllers in your forest. For this reason, we recommend storing them on a network share or an external hard drive.
Click “Next” and then “Start Backup”. The backup process will begin. You’ll see a progress bar that indicates how much of the data has been backed up. When the backup is complete, you’ll receive a notification telling you so.