Windows Server Backup Complete Reference
NTBackup is a built-in backup application introduced with Microsoft Windows NT. NTBackup was designed to allow small and mid-sized organizations back up their servers without procuring third-party backup software. NTBackup becomes less reliable as the volume of data increases.
Hence Microsoft introduced a utility called Wbadmin which is command line and GUI based tool to backup and restore the Windows operating system, drive volumes, computer files, folders and other programs. It is built in Windows Vista, 7, 8, 10 and Windows Server 2008, 2008 R2, 2012, etc. which replaces NTBackup (a built-in backup utility in previous versions of Windows, Microsoft Windows NT backup) and enables to create full and incremental backups, schedule backup, system state backup, bare metal backup and restore and other restore operations.
In order for you to use it, to backup or restore, you have to be a member of the Administrator group or Backup Operators Group.
This article covers how to use the wbadmin with detailed explanation of its commands and sub commands.
Command | Explanation |
WBADMIN <command> /? | Displays help or details about wbadmin usage |
WBADMIN ENABLE BACKUP | Creates or modifies a daily backup schedule |
WBADMIN DISABLE BACKUP | Disables the scheduled backups. |
WBADMIN START BACKUP | Runs a one-time backup |
WBADMIN STOP JOB | Stops the currently running backup or recovery operation. |
WBADMIN GET VERSIONS | Lists details of backups that can be recovered from a specified location. |
WBADMIN GET ITEMS | Lists items contained in a backup. |
WBADMIN GET STATUS | Reports the status of the currently running operation. |
WBADMIN DELETE BACKUP | Deletes one or more backups. |
The Enable backup command is used to configure or schedule the daily or monthly backup schedule and it is also used to modify the existing backup schedule configured. This command-let is also having its own set of options where you can specify the specific conditions like target location, exclusions, etc...
Syntax: WBADMIN ENABLE BACKUP
The below table explains the structure of it sub-commands with short explanation.
Command | Explanation |
-addtarget:<BackupTarget> | Specifies the location where you want to save the backup
( disk,UNC Path of share folder,etc..) |
-include:<ItemsToInclude> | Helps to include the list of items needs to backup.
You can include multiple files,folders,volumes,UNC path or GUID-based volume names. If you use a GUID-based volume name, it should be terminated with a backslash (\). You can use the wildcard character (*) in the file name when specifying a path to a file. |
-nonRecurseInclude:<ItemsToInclude> | Specifies the non-recursive, comma-delimited list of items to include in the backup. You can include multiple files, folders, or volumes. Volume paths can be specified using volume drive letters, volume mount points, or GUID-based volume names. If you use a GUID-based volume name, it should be terminated with a backslash (\). You can use the wildcard character (*) in the file name when specifying a path to a file. Should be used only when the -backupTarget parameter is used. |
-exclude:<ItemsToExclude> | Specifies the comma-delimited list of items to exclude from the backup. You can exclude files, folders, or volumes. Volume paths can be specified using volume drive letters, volume mount points, or GUID-based volume names. If you use a GUID-based volume name, it should be terminated with a backslash (\). You can use the wildcard character (*) in the file name when specifying a path to a file. |
-nonRecurseExclude:<ItemsToExclude> | Specifies the non-recursive, comma-delimited list of items to include in the backup. You can include multiple files, folders, or volumes. Volume paths can be specified using volume drive letters, volume mount points, or GUID-based volume names. If you use a GUID-based volume name, it should be terminated with a backslash (\). You can use the wildcard character (*) in the file name when specifying a path to a file. Should be used only when the -backupTarget parameter is used. |
-allCritical | Creates a backup that includes all critical volumes (critical volumes contain the operating system files and components) in addition to any other items that you specified with the -include parameter. This parameter is useful if you are creating a backup for bare metal recovery. |
-vssFull | -vssCopy | Performs a full backup using the Volume Shadow Copy Service (VSS). Each file's history is updated to reflect that it was backed up. If this parameter is not used WBADMIN START BACKUPmakes a copy backup, but the history of files being backed up is not updated.
Caution: Do not use this parameter if you are using a product other than Windows Server Backup to back up applications that are on the volumes included in the current backup. Doing so can potentially break the incremental, differential, or other type of backups that the other backup product is creating. |
-user:<UserName> | Specifies the user with write permission to the backup storage destination (if it is a remote shared folder). The user must be a member of the Administrators group or Backup Operators group on the computer that is getting backed up. |
-password:<Password> | Specifies the password for the user name provided by the parameter -user. |
-quiet | Silently run the commands given without prompting the user or without user intervention. |
-allowDeleteOldBackups | Overwrites the existing backups found before upgrade. |
-removetarget:<BackupTarget> | Specifies the storage location that you want to remove from the existing backup schedule. |
-schedule:<TimeToRunBackup> | Configures at what time the backup has to run. |
To disable any previously configured backup we can use this command
Syntax: WBADMIN DISABLE BACKUP [-quiet]
-Quiet is an optional parameter when it is included it runs the command with no prompts to the user.
Note: If you stop the scheduled backups, the disks where you saved the backups cannot be used again to store backups till they are reformatted (so that all existing backups are deleted).
Example:
WBADMIN DISABLE BACKUP –quiet
WBADMIN START BACKUP
WBADMIN STOP JOB
WBADMIN GET VERSIONS
WBADMIN GET ITEMS
WBADMIN GET STATUS
WBADMIN DELETE BACKUP
System State & BMR backup
Contents of System State backup:
The system state contains a number of items:
Domain member: Boot files, COM+ class registration database, System Registry, IIS Metabase.
Domain controller: Active Directory (NTDS), boot files, COM+ class registration database, registry, system volume (SYSVOL).
Machine running cluster services: Additionally backs up cluster server metadata.
Machine running certificate services: Additionally backs up certificate data.
To perform a system state backup through command line, you must use the following Wbadmin command syntax:
Note : You must run the command prompt in elevated credentials (Run As Administrator)
To initiate a system state backup, you must use the following Wbadmin command syntax:
wbadmin start systemstatebackup -backuptarget:<targetDrive> -quiet
Example:
wbadmin start systemstatebackup -backuptarget: D: -quiet
In above example the system state backup will be saved in D drive.
Note : Before you initiate system state backup make sure that the drive where you are storing the system state data is having sufficient space to complete the operation and the user account is having the write permissions to the target.
Complete Backup
Data or file Backups
Incremental Backups
Scheduling Backup Jobs
Data Restoration Procedures
BMR /System state restore
To restore the system state from command line:
Open a command prompt with administrator privileges. Type “CMD” in the search box, right-click Command Prompt in the search results, and then click Run as administrator.
Type in a command based on the following syntax and press Enter to run a system state restore.
wbadmin start systemstaterecovery -version:versionIdentifier --backupTarget:Backup Destination location –machine:server name –quiet
If you do not know the backup version, you can run the command “wbadmin get versions” to show the version identifier. The backup destination location can be a drive letter, a volume GUID-based path, or a remote shared folder path. If there are multiple computers backed up to a same location, you can use “-machine” switch to specify the server to be recovered. The “-quiet” switch means to run the backup without prompt.
For example, to restore a system state backup taken at 01:09 A.M. on 11/09/2019 that is saved on the shared folder \<UNCPAth>\backup, use the following command:
wbadmin start systemstaterecovery -version: 11/09/2019 -01:09 -backupTarget: \<UNCPAth>\backup -quiet
Data restore
This article explained about the Windows server backup utility (wbadmin), the options to use the commands with detailed explanation. Also we learned the ways to use this tool.
Thanks for reading this content please leave your feedback.
Item | Description |
GUI | Graphical User Interface |
NTDS | Windows NT Directory Services |
COM+ | Component Object Model |
IIS | Internet Information Services |
SYSVOL | System Volume |
UNC | Universal Naming Convention |
VSS | Volume Shadow copy Services |