Is it necessary to backup the Active Directory domain controller?

Many say that if you have multiple domain controllers that are distributed across different geographic locations, then you needn’t take a backup of the Active Directory. Because with multiple DCs you have provided domain fault tolerance.

That is when the simultaneous failure of all DCs tends to 0. And when one of the domain controllers fails then we can quickly deploy a new one on the same site. Then remove the old one using ntdsutil.

But, we have seen many situations where all the domain controllers failed. So it is necessary to take a backup of the AD.

Here at Bobcares, we have seen several such Active Directory related queries as part of our Server Management Services for web hosts and online service providers.

Today we’ll see how to backup active directory domain controller using Windows Server Backup and with PowerShell.

Get Last Active Directory Domain Controller Backup Date

Here is the command that we run to check when the current Active Directory domain controller was backed up.

repadmin /showbackup

Also, we can get the backup status for all the DCs in the domain. For that, we run the below command.

repadmin /showbackup *

Backing Up AD Domain Controller Using Windows Server Backup

Now let’s take a look at how our Support Engineers take the backup of the Active Directory.

We make use of the built-in Windows Server Backup tool. When we backup the Domain Controller using WSB, it will create a System State backup. The System State includes the Active Directory database (NTDS.DIT), Group Policy Objects, SYSVOL directory contents, the registry, the IIS metadata, the AD CS database, and other system files and resources. Moreover, this backup is created through the Volume Shadow Copy Service (VSS).

We confirm the installation of Windows Server Backup by running the below command.

Get-WindowsFeature Windows-Server-Backup

In case, if the WSB is not installed, we add it with Powershell by executing the command:

Add-Windowsfeature Windows-Server-Backup –Includeallsubfeature

Or else, we can also install it through Server Manager -> Features.

Active Directory Backup with PowerShell

Now let us try to take a backup of a domain controller using the Powershell. We are going to store each backup copy in a separate directory so that we can keep multiple levels of AD backup copies. Also, we are setting the date of backup creation as the folder name.

Import-Module ServerManager
[string]$date = get-date -f 'yyyy-MM-dd'
$path=”\\mun-back1\backup\dc1\”
$TargetUNC=$path+$date
$TestTargetUNC= Test-Path -Path $TargetUNC
if (!($TestTargetUNC)){
New-Item -Path $TargetUNC -ItemType directory
}
$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"
Invoke-Expression $WBadmin_cmd

We run the PowerShell script. As a result, the wbadmin console appears. It will display the information of the backup process.

If the backup has been successful, you will see the following messages in the log:

The backup operation successfully completed.
The backup of volume (C:) completed successfully.
The backup of the system state successfully completed [01.01.2021 09:52].

We run the below command to check the time of the last DC backup. It must show the current date.

repadmin /showbackup

[Need any further assistance to take a backup of the active directory? – We are here to help you]

Conclusion

Today, we saw how our Support Engineers backup active directory domain controller.