How important is it to backup the Active Directory domain controller?

You will learn more here.

Many say that if you have multiple domain controllers that are distributed across different geographic locations, then you needn’t take a backup of the Active Directory. Because with multiple DCs you have provided domain fault tolerance.
That is when the simultaneous failure of all DCs tends to 0. And when one of the domain controllers fails then we can quickly deploy a new one on the same site. Then remove the old one using ntdsutil.
But, we have seen many situations where all the domain controllers failed. So it is necessary to take a backup of the AD.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Active Directory related queries.
In this context, we shall look into how to backup active directory domain controller using Windows Server Backup and with PowerShell.

Get Last Active Directory Domain Controller Backup Date

Here is the command that we run to check when the current Active Directory domain controller was backed up:

repadmin /showbackup

Also, we can get the backup status for all the DCs in the domain. For that, we run the below command:

repadmin /showbackup *

How to Back up AD Domain Controller Using Windows Server Backup ?

Here, we will look into the process to take the backup of the Active Directory.

We make use of the built-in Windows Server Backup tool. When we backup the Domain Controller using WSB, it will create a System State backup. The System State includes the Active Directory database (NTDS.DIT), Group Policy Objects, SYSVOL directory contents, the registry, the IIS metadata, the AD CS database, and other system files and resources. Moreover, this backup is created through the Volume Shadow Copy Service (VSS).

We confirm the installation of Windows Server Backup by running the following command:

Get-WindowsFeature Windows-Server-Backup

In case, if the WSB is not installed, we add it with Powershell by executing the command:

Add-Windowsfeature Windows-Server-Backup –Includeallsubfeature

Or else, we can also install it through "Server Manager -> Features".

Active Directory Backup with PowerShell

Now let us try to take a backup of a domain controller using the Powershell. We are going to store each backup copy in a separate directory so that we can keep multiple levels of AD backup copies. Also, we are setting the date of backup creation as the folder name:

Import-Module ServerManager

[string]$date = get-date -f 'yyyy-MM-dd'

$path=”\\mun-back1\backup\dc1\”

$TargetUNC=$path+$date

$TestTargetUNC= Test-Path -Path $TargetUNC

if (!($TestTargetUNC)){

New-Item -Path $TargetUNC -ItemType directory

}

$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"

Invoke-Expression $WBadmin_cmd

We run the PowerShell script. As a result, the wbadmin console appears. It will display the information of the backup process.
If the backup has been successful, you will see the following messages in the log:

The backup operation successfully completed.

The backup of volume (C:) completed successfully.

The backup of the system state successfully completed [01.01.2021 09:52].

We run the below command to check the time of the last DC backup. It must show the current date.

repadmin /showbackup

[Need urgent assistance to take a backup of the active directory? – We are here to help you. ]