Active Directory : Automate Backup Success-Failure Notification
Introduction
We posted an article a few months back, where we prepared an Active Directory Backup Policy, and configured it. This is an end to end automated solution which includes AD Backup, version management, and space management. There is no human intervention required to perform these tasks.
Before you proceed, we would suggest to visit that article and understand how we have implemented the AD Backup Solution.
However, configuring and automating AD Backup is one part. Another part, which is equally important, is to monitor and ensure that the backup jobs are running as per the schedule, and more importantly, the backup is successful. Unlike the backup configuration, this is not a one-time task but daily or weekly; depending on your backup frequency.
Can we automate the backup monitoring task without using any third party tool? Can we receive an email notification after every backup job, indicating the success / failure status of the backup?
The answer is yes, we can automate this without using any additional tool, and using windows native solution.
The solution which I am going to propose here is tested, and we are running this in a production environment for last 1 year. Since then, we have got every single backup success and failure report without any slippage. It saved us a lot of time and effort, and I believe it would save a lot of your effort too, once you implement it.
Implementation Approach
The implementation approach would be as follows:
1) We have to prepare two PowerShell scripts :
• backup-success.ps1: Will be invoked after successful completion of a backup job. This script will send a pre-configured email informing the backup on a particular Domain Controller is successful. The emails would be delivered to a pre-configured list of recipients.
• backup-failure.ps1: Will be invoked if backup job fails. This script will send a pre-configured email informing the backup on a Domain Controller is NOT successful, and immediate attention is required. The emails would be delivered to a pre-configured list of recipients.
2) Backup success and failure status would be captured using Windows Event Log. Appropriate script (success or failure) would be invoked based on some specific codes in the event log.
Configuration of Backup Success Notification
Part 1: Create a New PowerShell Script
Our first task is to prepare a PowerShell script, which will send the backup successful notification. There are many parameters which are environment specific, so please put these values carefully in the below script:
$smtpServer: SMTP Server FQDN.
$msg.subject: Add a meaningful subject.
$bodyText: Email Message.
$msg.To.Add : Recipient email address / DL (For multiple email addresses add multiple lines of $msg.To.Add)
Part 2: Create a New task
We will now create a scheduled task on the same Domain Controller.
Go to start > Run > Compmgmt.msc > Task Scheduler > Task Scheduler Library.
Right Click > Create Task.
Carefully select the options as shown below.
Please note that the user account which will be used to run the task scheduler must have “Logon as a Batch Job” privilege, in order to execute the PowerShell script.
If you get below warning while saving the task, that means the account which you have specified does not have “Logon as a Batch Job” privilege on this computer (probably a Domain Controller). In that case, either change the user account or grant “Logon as a Batch Job” privilege to this account, through Group Policy - User Rights Assignments.
Without this privilege, the PowerShell script would not run and therefore you will not get any email notification.