AD Backup & Restore

Wins Adds Backup & Restore

Full backup

Microsoft Windows Server offers the possibility to perform a ‘Full’ backup or a ‘System State’ backup. A Full backup makes a copy of the system drives of a physical or a virtual machine, including applications, operating systems, and even the System State. This backup can be used for bare metal recovery—this allows you to easily reinstall the operating system and use the backup to recover.

System State backup

System State backup on the other hand creates a backup file for critical system-related components. This backup file can be used to recover critical system components in case of a crash. Active Directory is backed up as part of the System State on a domain controller

The System State includes the following list plus some additional items depending on the roles that are installed:

  • Domain controller: Active Directory DC database files (NTDS.DIT), boot files & system protected files, COM+ class registration database, registry, system volume (SYSVOL)
  • Domain member: Boot files, COM+ class registration database, registry
  • A machine running cluster services: Additionally backs up cluster server metadata
  • A machine running certificate services: Additionally backs up certificate data

Configure the Volume Shadow Copy Service (VSS)

It is important to ensure that the AD database is backed up in a way that preserves database consistency. One way to preserve consistency is to back up the AD database when the server is in a powered-off state. However, backing up the Active Directory server in a powered-off state may not be a good idea if the server is operating in 24/7 mode.

For this reason, Microsoft recommends the use of Volume Shadow Copy Service (VSS) to back up a server running Active Directory. VSS is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. VSS writers create a snapshot that freezes the System State until the backup is complete to prevent modifying active files used by Active Directory during a backup process. In this way, it is possible to back up a running server without affecting its performance.

VSS

Go to properties click on shadow and enable it

Click yes and okay

Go to setting and select no limit and press ok.

Install the Windows Server backup feature

Click to server manager and select the option once features option display select windows server backup

Once the server backup opens, click on Backup Once

 Select Backup Destination screen you can choose the actual partition where you want to store the backup. Once you are done, click Next to proceed to the next

Restore

Boot in DSRM

Start the restore process by booting your server in Directory Services Restore Mode (DSRM). To do this,

  • Reboot the server.
  • In the boot menu, press F8 for advanced options.
  • Scroll down and select the Directory Services Restore Mode.
  • Press Enter, and this will reboot the computer in a safe mode. It won’t start the directory services.

The other option is, run msconfig and select Safe Boot > Active directory repair in the boot tab. Finally, restart your server, and it will start in the DSRM mode.

Run your DC in Safe mode

Type win+r and msconfig

Click to boot option

Running server in safe mode and AD Repair mode

if cannot login in safe mode try with .\administrator whatever Server admin username

Log into the server with the local administrator account. The domain services will not be available so the local account will be the only account available.

Open Windows Server Backup.

Select Recover.

Select This Server for where the backup is stored.

Select the backup you want to restore then click next.

Select “System state” and click next.

Select Original Location You need to consider if an authoritative restore of Active Directory is needed. If you have other sites that contain healthy domain controllers then you may not need an authoritative restore. In this example, I have one site so I want to reset all replicated content.

When the restore is complete, reboot and log into the server as normal. You should get a command line showing that the restore was completed. Mine says it was completed with errors but everything seems to be working fine now

So, now have Uncheck safe mode

and restart server

so now I can check restoration done successfully  

One thought on “AD Backup & Restore

  • July 16, 2023 at 8:39 pm
    Permalink

    Spot on with this write-up, I really assume this website needs way more consideration. I抣l in all probability be once more to learn way more, thanks for that info.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *