![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello {AK},
Thank you for posting in Microsoft Community forum.
For backing up one domain controller, you can follow the steps below.
Non-authoritative restore:
Use this process to restore AD DS to its state at the time of the backup, and then allow Active Directory replication to update the restored domain controller to the current state of AD DS (Non-authoritative restore is the default method when performing a restore of Active Directory).
If you have more than one Domain Controllers in one domain or forest, you can perform the steps on every domain controller one by one.
- Install Windows Server Backup (open Server Manager-> Add roles and features->Features -> Windows Server Backup)
- Start->Server Manager->tools-> Windows Server Backup->Local Backup->Action->Backup once
- Back up options: Scheduled backup options or Different options
- Select backup configuration: Full server (recommended) or Custom
- Select items to back up: System state
- Specify destination type: Local drive or remote shared folder
- On the confirmation screen, click Backup.
This is non-authoritative restore above. If you want to restore any object in the domain, you should perform the process of authoritative restore.
The process of authoritative restore:
- Enter DSRM: Start->Administrative Tools->System Configuration->Boot tab->Boot options->Safe boot->Active Directory repair->click OK->In the System Configuration->click Restart.
-or-
Start or restart the DC, press F8 to enter the safe mode and then select “Directory Services Restore Mode”.
- Logon the DC with DSRM Administrator account (ComputerName\Administrator or .\Administrator) and password.
- Perform the AD DS standard recovery procedure, that is an unauthoritative restore.
- Start-> Server Manager->tools-> Windows Server Backup->Recover
- Select the location where the backup is stored: This server or A back stored on another location
- Select the backup date which should not before the system Tombstone Lifetime, and the default value is 180 days.
- Select “System state” in the Select Recovery Type.
- Select location for system state recovery:
Original location with the option “Perform an authoritative restore of Active Directory files”. By default, we do not select this check box.
Alternate location
- Click “Next”, please DO NOT select the check box “Automatically reboot the server to complete the recovery process”.
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou