Active Directory Backup: Difference between revisions

From SWKLS WIKI
Jump to navigation Jump to search
(Created page with "=AD Backup Notes= ==Find Role Holders== Get the list of domain controllers with FSMO roles using this command: netdom query fsmo Category:Active Directory Category:W...")
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
Get the list of domain controllers with FSMO roles using this command:
Get the list of domain controllers with FSMO roles using this command:


<syntaxhighlight lang="powershell">
netdom query fsmo
netdom query fsmo
</syntaxhighlight>


==Check last Backup==
Check when the current Active Directory domain controller was backed up last time using the repadmin tool:
<syntaxhighlight lang="powershell">
repadmin /showbackup
</syntaxhighlight>
Get the backup status for all DCs in the domain using this command:
<syntaxhighlight lang="powershell">
repadmin /showbackup *
</syntaxhighlight>
==Backing Up AD Domain Controller Using Windows Server Backup==
===Check / Install Server Backup===
Check if Windows Server Backup is installed using the Get-WindowsFeature PowerShell cmdlet:
<syntaxhighlight lang="powershell">
Get-WindowsFeature Windows-Server-Backup
</syntaxhighlight>
If WSB is not installed, you can add it with PowerShell:
<syntaxhighlight lang="powershell">
Add-Windowsfeature Windows-Server-Backup –Includeallsubfeature
</syntaxhighlight>
===Powershell Backup Script===
Back up a domain controller using PowerShell. To keep multiple levels of AD backup copies, we will store each backup copy in a separate directory with the date of backup creation as the folder name.
<syntaxhighlight lang="powershell">
Import-Module ServerManager
[string]$date = get-date -f 'yyyy-MM-dd'
$path="\\server\backup\dc1\"
$TargetUNC=$path+$date
$TestTargetUNC= Test-Path -Path $TargetUNC
if (!($TestTargetUNC)){
New-Item -Path $TargetUNC -ItemType directory
}
$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"
Invoke-Expression $WBadmin_cmd
</syntaxhighlight>
If the backup has been successful, you will see the following messages in the log:
* The backup operation successfully completed.
* The backup of volume (C:) completed successfully.
* The backup of the system state successfully completed [01.06.2020 09:52].
Check the time of the last DC backup:
<syntaxhighlight lang="powershell">
repadmin /showbackup
</syntaxhighlight>
If there are multiple DCs in Active Directory, you do not need to back up all of them. To save the space, it is enough to periodically backup the Active Directory database — ntds.dit file. To do it, use these commands in the above script (replace last two lines):
<syntaxhighlight lang="powershell">
$WBadmin_cmd = "wbadmin start backup -backuptarget:$path -include:C:\Windows\NTDS\ntds.dit -quiet"
Invoke-Expression $WBadmin_cmd
</syntaxhighlight>
The size of such a backup will be only 50-500MB depending on the AD database size.
===Task Scheduler===
For a daily AD domain controller backup, create the following task:
<syntaxhighlight lang="powershell">
$Trigger= New-ScheduledTaskTrigger -At 02:00am -Daily
$User= "NT AUTHORITY\SYSTEM"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\Backup_AD_DC.ps1"
Register-ScheduledTask -TaskName "BackupAD-DC-daily" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force
</syntaxhighlight>





Latest revision as of 17:47, 21 September 2020

AD Backup Notes

Find Role Holders

Get the list of domain controllers with FSMO roles using this command:

netdom query fsmo

Check last Backup

Check when the current Active Directory domain controller was backed up last time using the repadmin tool:

repadmin /showbackup

Get the backup status for all DCs in the domain using this command:

repadmin /showbackup *


Backing Up AD Domain Controller Using Windows Server Backup

Check / Install Server Backup

Check if Windows Server Backup is installed using the Get-WindowsFeature PowerShell cmdlet:

Get-WindowsFeature Windows-Server-Backup

If WSB is not installed, you can add it with PowerShell:

Add-Windowsfeature Windows-Server-Backup Includeallsubfeature

Powershell Backup Script

Back up a domain controller using PowerShell. To keep multiple levels of AD backup copies, we will store each backup copy in a separate directory with the date of backup creation as the folder name.

Import-Module ServerManager
[string]$date = get-date -f 'yyyy-MM-dd'
$path="\\server\backup\dc1\"
$TargetUNC=$path+$date
$TestTargetUNC= Test-Path -Path $TargetUNC
if (!($TestTargetUNC)){
New-Item -Path $TargetUNC -ItemType directory
}
$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"
Invoke-Expression $WBadmin_cmd

If the backup has been successful, you will see the following messages in the log:

  • The backup operation successfully completed.
  • The backup of volume (C:) completed successfully.
  • The backup of the system state successfully completed [01.06.2020 09:52].

Check the time of the last DC backup:

repadmin /showbackup

If there are multiple DCs in Active Directory, you do not need to back up all of them. To save the space, it is enough to periodically backup the Active Directory database — ntds.dit file. To do it, use these commands in the above script (replace last two lines):

$WBadmin_cmd = "wbadmin start backup -backuptarget:$path -include:C:\Windows\NTDS\ntds.dit -quiet"
Invoke-Expression $WBadmin_cmd

The size of such a backup will be only 50-500MB depending on the AD database size.

Task Scheduler

For a daily AD domain controller backup, create the following task:

$Trigger= New-ScheduledTaskTrigger -At 02:00am -Daily
$User= "NT AUTHORITY\SYSTEM"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\Backup_AD_DC.ps1"
Register-ScheduledTask -TaskName "BackupAD-DC-daily" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest Force

Category:SWKLS Tech