How to take Backup of the Current configured Domain, Active Directory

Question

I would like to know the best way to take a backup of the currently configured and running Domain, Active Directory, group policies, sysvol, and all users defined in the groups.

In my case, I want to take a complete backup of the Active Directory setup so that when I restore the backup on another machine with the same Windows Server 2008 R2 OS, it will restore the backup configuration and the operations running from that server will resume in less time.

Please guide me through the process if possible.

Answer 1

good one

Answer 2

Did I ask anything wrong?

Actually, I'm new to the job and I want to learn about AD. Before making any changes, I'd like to take a backup so we can recover if anything goes wrong.

Answer 3

Hello {AK},

Thank you for posting in Microsoft Community forum.

For backing up one domain controller, you can follow the steps below.

Non-authoritative restore:

Use this process to restore AD DS to its state at the time of the backup, and then allow Active Directory replication to update the restored domain controller to the current state of AD DS (Non-authoritative restore is the default method when performing a restore of Active Directory).

If you have more than one Domain Controllers in one domain or forest, you can perform the steps on every domain controller one by one.

1. Install Windows Server Backup (open Server Manager-> Add roles and features->Features -> Windows Server Backup)
2. Start->Server Manager->tools-> Windows Server Backup->Local Backup->Action->Backup once

3. Back up options: Scheduled backup options or Different options
4. Select backup configuration: Full server (recommended) or Custom
   
5. Select items to back up: System state
6. Specify destination type: Local drive or remote shared folder
7. On the confirmation screen, click Backup.

 

This is non-authoritative restore above. If you want to restore any object in the domain, you should perform the process of authoritative restore.

The process of authoritative restore:

1. Enter DSRM: Start->Administrative Tools->System Configuration->Boot tab->Boot options->Safe boot->Active Directory repair->click OK->In the System Configuration->click Restart.
       -or-
       Start or restart the DC, press F8 to enter the safe mode and then select “Directory Services Restore Mode”.

2. Logon the DC with DSRM Administrator account (ComputerName\Administrator or .\Administrator) and password.
3. Perform the AD DS standard recovery procedure, that is an unauthoritative restore.
4. Start-> Server Manager->tools-> Windows Server Backup->Recover
5. Select the location where the backup is stored: This server or A back stored on another location

6. Select the backup date which should not before the system Tombstone Lifetime, and the default value is 180 days.

7. Select “System state” in the Select Recovery Type.

8. Select location for system state recovery:
   Original location with the option “Perform an authoritative restore of Active Directory files”. By default, we do not select this check box.  
   Alternate location

9. Click “Next”, please DO NOT select the check box “Automatically reboot the server to complete the recovery process”.
   

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Daisy Zhou

Answer 4

Thank you for your reply.

Can you please guide me through the restoration process of the non -authoritative restore. I want to restore all in one.

I followed the steps to take the backup, but when I tried to restore it on another machine using the Windows Server Backup Tool's recovery option, it was unable to detect the backup file. I think I might be doing something wrong here.

Answer 5

Hello

Good day!

I have provided the steps about process of the non -authoritative restore above.

Best Regards,
Daisy Zhou ****