How to back up and restore domain controllers with Windows Server Backup
Learn how to back up and restore domain controllers with Windows Server Backup in this backup tip by Brien Posey.
What you will learn in this tip: When Microsoft created Windows Server 2008, the company did away with NTBackup and provided a new data backup application called Windows Server Backup. Windows Server Backup is very different from NTBackup. One of the things that's changed the most is the process of backing up and restoring domain controllers. You will learn about some of these changes in this tip.
As was the case with Windows Server 2003, if you want to back up the Active Directory database in Windows Server Backup, you will have to perform a system-state backup (a backup file for critical system-related components). But the similarities end there. As you may know, NTBackup allowed you to perform a system-state backup through the GUI. Once created, the backup existed as a BKF file. In Windows Server 2008, however, the method for creating a system-state backup requires entering the following command:
Wbadmin start systemstatebackup --backuptarget:E:
When you run the command shown above, there are two things that you will notice. First, it takes longer to create a system-state backup with Windows Server 2008 than it did with Windows Server 2003. That's because Windows Server Backup includes some system files as part of a system-state backup that were not included with backups made using NTBackup.
The other thing that you will notice is that when you create the backup, Windows creates a .VHD file rather than a .BKF file.
Keep in mind that the command line is not the only mechanism for creating a system-state backup. You can create a system state backup from the GUI by selecting the "Enable System Recovery" option. But doing so will simply include the system state within a regular backup. It does not back up only the system state.
Performing a restoration in Windows Server Backup
The method that you will use to restore a domain controller varies depending on whether or not you need to perform an authoritative restoration. A non-authoritative restoration is just a normal restore. In other words, you perform a normal system-state restoration and then boot the server. Upon doing so, the other domain controllers on your network populate the newly restored domain controller with any missing objects.
An authoritative restore is a restoration in which you actually revert the entire Active Directory to a previous state. This is useful if you have accidentally deleted an object and need to get it back. Performing a non-authoritative restore will not work in these types of situations because even though the missing object will be restored, the remaining domain controllers will tell the newly restored domain controller that the object was supposed to have been deleted.
To perform a system-state restoration of a domain controller, you will have to boot the domain controller into Directory Services Restore Mode. The method for doing so has changed since the days of Windows Server 2003 because the boot.ini file that was previously used no longer exists. Instead, you must enter the following command in a command prompt window:
C:\> bcdedit /set safeboot dsrepair
After doing so, you must reboot the server. Once the server reboots, you will have to figure out which backup you want to restore. You can perform a system-state restoration by using a full system backup (a backup of the critical system volumes) or a system state backup. In any case, you need to determine which backups are available to you. To do so, open an elevated command prompt (An elevated command prompt is a command prompt that has been run as an administrator. By default, many versions of Windows block administrative actions from being performed through a command prompt unless you elevate the command prompt first.) window and enter the following command:
Wbadmin get versions
When you enter this command, Windows will display each backup that is available for restoration. Each backup that's listed has a version identifier (a date and timestamp). Make note of the version identifier for the backup that you want to restore.
The actual command that you will use to perform the restoration depends on whether you want to perform an authoritative or a non-authoritative restoration. For the sake of demonstration, let's assume I wanted to restore a backup with a version identifier of 07/26/2010-12:00. If I wanted to perform a non-authoritative restore, I could do so by using the following command:
Wbadmin start systemstaterecovery --version:07/26/2010-12:00
To do an authoritative restoration, I would use the same command, but I would append the authsysvol switch. The end result would look something like this:
Wbadmin start systemstaterecovery --version:07/26/2010-12:00 -AUTHSYSVOL
When the recovery process completes, you will most likely have to configure Windows to boot normally (as opposed to booting in Directory Service Restore Mode). To do so, enter the following command:
C:\> bcdedit /deletevalue safeboot
As you can see, the process of restoring a Windows Server 2008 domain controller is quite a bit different from the procedure used to restore a Windows Server 2003 domain controller. The Wbadmin command supports a number of options, including the ability to restore data to a remote server. For more information, you can read this article on Microsoft's website about all of the available system-state recovery options.
About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Exchange Server, Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. You can visit Brien's personal website at www.brienposey.com.