Backing Up Active Directory Components

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Active Directory is backed up as part of Microsoft Windows system state. For more information about all Microsoft Windows system state components and Active Directory components, see Introduction to Administering Active Directory Backup and Restore.

Naming Backup Files

To ensure the proper use of backup files, the .bkf file should have a file name that includes the following information:

  • The fully qualified computer name that includes the domain name of the domain controller on which the backup was performed

  • Whether the backup domain controller is a global catalog server

  • Whether the backup domain controller contains MD5 checksum data to source the Sysvol tree

  • The date that the backup was performed

For example, you might use a file name format that is similar to the following:

X:\Fully_Qualified_Computer_Name.Build_Number.Service_Pack_Revision. [No]GC.[No]MD5.TSL.YYYYMMDD.bkf


  • Fully_Qualified_Computer_Name is the host name and the domain name of the domain controller. This must be the domain name of the domain where the system state was backed up.

  • Build Number is the build number of the operating system that was backed up.

  • Service_Pack_Revision is the service pack build number and the service pack version for the operating system that was backed up.

  • [No]GC indicates whether the backup originated from a global catalog or not.

  • [No]MD5 indicates whether the system state backup contains MD5 checksum data for the files and folders in the SYSVOL tree. For more information about the need for MD5 data, see Preparing a Server Computer for Shipping and Installation from Backup Media.

  • TSL is the value in days for the tombstoneLifetime attribute when the backup was performed. The tombstoneLifetime attribute for the forest determines both the useful life of a system state backup and how frequently garbage collection occurs. (Garbage collection removes tombstones from the directory permanently when their tombstone lifetime expires.)

  • YYYYMMDD is the year, month, and day that the backup was performed.

For example, suppose that you create a system state backup of a global catalog domain controller on July 1, 2005. The domain controller is in the domain, and its name is DC1. The value of the tombstone lifetime is 60 days, and MD5 data is included in the backup. In this scenario, you might use a file name that is similar to the following:


A system state backup that you make of DC1 on July 1, 2005, remains valid until August 29, 2005. For the next 60 days, you can use the backup to restore an existing domain controller or to install an additional domain controller in the domain.

You can save the .bkf file to a local volume or to a network share. The network share can be on a server computer that can be installed later as a domain controller by using the restored backup. For more information about using restored backup media for installing domain controllers, see Installing a Domain Controller in an Existing Domain Using Restored Backup Media.

Task requirements

The following tools are required to perform the procedures for this task:

  • Backup or Restore Wizard (Ntbackup)

  • Tape drive or other backup media

To complete this task, perform one of the following procedures, depending on your backup needs:

See Also


Installing a Domain Controller in an Existing Domain Using Restored Backup Media
Adding Domain Controllers in Remote Sites