Active Directory Backups

Recently I was tasked with doing an AD audit in which I ran a utility called Ping Castle which indicated that Active Directory NTDS should be backed up frequently. This would be so you can roll back AD to a consistent state should you need to recover deleted items or deleted attributes. Typically administrators would restore the entire server to a point in time, but with AD this can cause differences in AD between servers to become a problem. Having a backup of AD on all servers at the same time would be helpful in restoring AD back to a consistent state.

The process is actually very simple using ntdsutil.

Open an elevated CMD (as Administrator

ntdsutil

activate instance ntds

snapshot

create

That’s it – the manual process.

To autotmate this process Petri has a good article on the process: https://petri.com/automating-creation-active-directory-snapshots/

Basically create a batch file in your scripts folder called ad-snapshot.bat

@echo off

ntdsutil snapshot “activate instance ntds” create quit quit

exit

Use the Task Scheduler to create a job to fire this job once a week.

By admin|2022-11-11T08:59:09-08:00November 11th, 2022|Active Directory, Best Practices, Microsoft Server|Comments Off

About the Author: admin

An IT Specialist with humble beginnings at an ISP here in BC in 1996. Since then WiReDWoLF has expanded his knowledge and expertise in many areas of the IT field and is proficient with networking, applications, servers, and general application of all of the above.