DEV Community

Thiyagarajan Thangavel
Thiyagarajan Thangavel

Posted on

AD Backup and Recovery

  1. INTRODUCTION Active Directory (AD) is a vital component in most enterprise networks. It manages authentication, authorization, and directory services. Ensuring reliable backup and restore procedures for AD is crucial for business continuity and disaster recovery. 3.1. OBJECTIVE This white paper presents a detailed, task-specific, step-by-step execution plan for restructuring Active Directory (AD) domain and trust relationships. Using a practical example with domain and server names, it guides administrators through assessment, planning, migration, and validation.

3.2. AUDIENCE
This document does not cover the details for other dependent technologies.

  1. IMPORTANCE OF ACTIVE DIRECTORY BACKUPS A corruption or accidental deletion in AD can result in a complete halt of IT operations. Regular backups ensure: • Disaster recovery readiness

Disaster recovery readiness is about possessing the resilience to maintain reliable access to the business's digital data, whatever happens.

• Protection against accidental or malicious deletions

Regularly back up important files to separate locations, ensuring there's a fallback if data is accidentally lost or corrupted. A regular backup schedule is crucial for protecting essential files from accidental modifications or deletions

• Quick recovery of critical identity infrastructure

To ensure a quick recovery of critical identity infrastructure within Active Directory (AD), organizations should implement comprehensive backup and recovery strategies, including automated forest recovery and granular object restoration. This involves utilizing tools and techniques that enable rapid restoration of AD to a functional state following a cyberattack or another outage.

  1. TYPES OF BACKUPS IN ACTIVE DIRECTORY • System State Backup: A System State Backup in Active Directory (AD) creates a copy of critical components to allow for recovery of domain controllers and the entire AD environment in case of a disaster or system failure. This backup includes the AD database, system files, registry, SYSVOL folder, and other essential data. It's crucial for restoring domain controllers, recovering from failures, and ensuring the overall resilience of the AD infrastructure.

• Full Server Backup:
A full server backup copies all data on a server to another storage location. This comprehensive backup method ensures a complete point-in-time snapshot of the server, making it ideal for disaster recovery scenarios where minimizing downtime is crucial. While it provides the fastest recovery times, it also requires the most storage space and resources. Includes OS, files, and system state

• Bare Metal Recovery:

Bare metal recovery (BMR), also known as bare metal restore or bare metal backup, is a data recovery process that allows you to restore a computer system to a usable state from a backup, even if the system's original operating system or other software is corrupted or missing. Essentially, it involves restoring the entire system, including the operating system, applications, and data, to a new or empty (bare metal) hard drive.

  1. PERFORMING A SYSTEM STATE BACKUP

6.1.1. STEPS:

Open Run Dialog

• Press Windows + R or search for Run in the Start menu.
• Type wbadmin.msc and hit Enter.

Launch Windows Server Backup Utility
• In the utility window, click Backup Once in the right-hand Actions panel.
• Click Next.

Select Backup Configuration
• Choose Full server to back up everything (recommended for first-time backups).
• Or select Custom to choose specific files, volumes, or applications.
• Click Next after selection.

Configure Volume Shadow Copy Options (for Custom backups only)
• Select between VSS full back up or VSS copy backup if applicable.
Choose Backup Destination
• Select either Local drives or Remote shared folder.
• If Local, specify the destination drive.
• If Remote, enter the shared folder path and credentials if prompted.
• Click Next.

Confirm and Start Backup
• Review your settings.
• Click Backup to initiate the process.

  1. RESTORE SERVER BACKUP USING WINDOWS SERVER BACKUP

Below steps proved to restore the server backup.
7.1 STEPS FOR SERVER RECOVERY

  1. Open the Backup Utility
    • Launch Server Manager
    • Navigate to Tools → Windows Server Backup

  2. Initiate Recovery
    • In the Actions pane (right side), click Recover

  3. Select Backup Location
    Choose the location of the backup:
    • This server – if the backup is stored locally
    • Another location – for network share or external drive
    • Click Next

  4. Choose Backup Date and Time
    • Select the specific backup instance by date and time
    • Click Next

  5. Specify Recovery Type
    • Choose what to recover:
    • Files and folders
    • Volumes
    • System state
    • Bare metal recovery

  6. Set Recovery Options
    • Select the recovery destination:
    • Original location – overwrites existing data
    • Alternate location – restores to a new location
    • Adjust additional settings if required

  7. Confirm and Start Recovery
    • Review all configurations
    • Click Recover to begin restoration

  8. BEST PRACTICES FOR AD BACKUP & RECOVERY

Best Practice Description
Daily System State Backups Automate with task scheduler
Off-site Backup Storage Protect against ransomware and local disasters
Document DSRM credentials Store securely in a vault
Periodic Restore Testing Ensure backups are valid and restorable
Use Backup Software with Reporting Track backup success and failures

  1. TESTING AND VALIDATING BACKUP AND RESTORE

• Perform quarterly restore drills
• Validate restored data (OU, user accounts)
• Test login, replication, DNS services post-restore
• Document steps and any issues found

  1. COMMON ISSUES AND TROUBLESHOOTING

Issue Solution
DSRM password unknown Reset using NTDSUTIL
Backup fails due to VSS Restart Volume Shadow Copy service
Slow restore Use faster storage or network for backups
Missing backups Confirm schedule, permissions, and storage space

  1. APPENDIX Active Directory is central to IT operations. With proper backup and tested recovery procedures, organizations can mitigate outages and resume operations quickly during an incident. APPENDIX: DIAGRAMS AND POWERSHELL COMMANDS +------------------+ Backup +--------------------+ | Domain Controller| ------------> | Backup Target | +------------------+ | (Disk/Remote Share)| | +--------------------+ | ^ | System State Recovery | +------------------------------------+ | v +------------------------------+ | Boot into DSRM, Restore AD | | Authoritative if necessary | +------------------------------+

Diagram: AD Backup and Restore Workflow

Sample PowerShell Commands:

Install backup feature

Install-WindowsFeature Windows-Server-Backup

Manual system state backup

wbadmin start systemstatebackup -backupTarget:D: -quiet

List available backup versions

wbadmin get versions

Restore from backup

wbadmin start systemstaterecovery -version: -backupTarget: -quiet

11.1. ACRONYMS, ABBREVIATIONS, TERMS AND DEFINITIONS

Abbreviation
Definition Abbreviation
Definition
AD Active Directory DC Domain controller
ADDT Active Directory Domain and Trust

DNS Domain name space

Table 3. Abbreviations
11.2. REFERENCE LINKS

https://www.manageengine.com/products/ad-manager/sem/windows-active-directory-administration-tool.html?camid=19561812382&adgid=146774103722&kwd=active%20directory%20software&matchtype=p&adid=644736381298&network=g&adposition=&loc=9148438&placement=&target=&gad_source=1&gad_campaignid=19561812382&gbraid=0AAAAAChA-cv3RHe7xnorgTuO97Y-HrtaQ&gclid=Cj0KCQjwyIPDBhDBARIsAHJyyVj_URlnu4k9hLi9eu7hrfjms9CIm8lM3atsVy8d7X7NcgDSikEdusgaAoTwEALw_wcB

https://learn.microsoft.com/en-us/windows/win32/ad/backing-up-and-restoring-an-active-directory-server

https://blog.netwrix.com/how-to-backup-active-directory

11.3. LIST OF TABLES
Table 1. Version History 3
Table 2. Trademarks 4
Table 3. Abbreviations 9

Top comments (0)