Active Directory Backup

From SWKLS WIKI
Revision as of 17:47, 21 September 2020 by Unknown user (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

AD Backup Notes

Find Role Holders

Get the list of domain controllers with FSMO roles using this command:

netdom query fsmo

Check last Backup

Check when the current Active Directory domain controller was backed up last time using the repadmin tool:

repadmin /showbackup

Get the backup status for all DCs in the domain using this command:

repadmin /showbackup *


Backing Up AD Domain Controller Using Windows Server Backup

Check / Install Server Backup

Check if Windows Server Backup is installed using the Get-WindowsFeature PowerShell cmdlet:

Get-WindowsFeature Windows-Server-Backup

If WSB is not installed, you can add it with PowerShell:

Add-Windowsfeature Windows-Server-Backup Includeallsubfeature

Powershell Backup Script

Back up a domain controller using PowerShell. To keep multiple levels of AD backup copies, we will store each backup copy in a separate directory with the date of backup creation as the folder name.

Import-Module ServerManager
[string]$date = get-date -f 'yyyy-MM-dd'
$path="\\server\backup\dc1\"
$TargetUNC=$path+$date
$TestTargetUNC= Test-Path -Path $TargetUNC
if (!($TestTargetUNC)){
New-Item -Path $TargetUNC -ItemType directory
}
$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"
Invoke-Expression $WBadmin_cmd

If the backup has been successful, you will see the following messages in the log:

  • The backup operation successfully completed.
  • The backup of volume (C:) completed successfully.
  • The backup of the system state successfully completed [01.06.2020 09:52].

Check the time of the last DC backup:

repadmin /showbackup

If there are multiple DCs in Active Directory, you do not need to back up all of them. To save the space, it is enough to periodically backup the Active Directory database — ntds.dit file. To do it, use these commands in the above script (replace last two lines):

$WBadmin_cmd = "wbadmin start backup -backuptarget:$path -include:C:\Windows\NTDS\ntds.dit -quiet"
Invoke-Expression $WBadmin_cmd

The size of such a backup will be only 50-500MB depending on the AD database size.

Task Scheduler

For a daily AD domain controller backup, create the following task:

$Trigger= New-ScheduledTaskTrigger -At 02:00am -Daily
$User= "NT AUTHORITY\SYSTEM"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\Backup_AD_DC.ps1"
Register-ScheduledTask -TaskName "BackupAD-DC-daily" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest Force

Category:SWKLS Tech