Join Ed Liberman for an in-depth discussion in this video Backup of Active Directory, part of Windows Server 2012 R2: Configure and Manage Active Directory.
- A lot of time and effort goes into creating an Active Directory infrastructure. So one of the best ways to maintain the integrity of that infrastructure is to have a good backup and recovery system. So here I'd like to show you how you can backup Active Directory in Windows Server 2012. So in order to do this, we're going to jump over into DC-1. Here on DC-1, you'll notice if you go to the Tools menu in Server Manager, you have a tool built right in to Windows Server 2012.
Now there are a number of third-party tools that are also available, and they may be preferable to you depending on your environment. But you don't necessarily have to spend the money, especially if you're just looking to backup Active Directory, because Windows Server Backup can do the job for you. Now here's something interesting that I want you to see. When I select this, you'll see that it takes us right into the Windows Sever Backup tool only to show us that Windows Server Backup is not installed on this computer. It's a little bit quirky that way where it looks like it's there but it's not quite.
In order to do so, I have to go ahead and add the role or feature. So let's close out of the tool. Let's select Add Roles and Features. Here is our Before you begin screen that we always see, and we'll click Next. It is a role or feature-based installation so I will click Next. We are installing on DC-1. I will click Next. It is not a role that we are installing. It's actually a feature. So I can skip right past this Roles screen and click Next.
And it's here on the Features screen that if I scroll down, we will find Windows Server Backup. So I'll check that box. Click Next. I can select to restart if necessary, although I don't believe it is going to be necessary for this particular feature. This is just a warning box we always see when we say we're going to do an automatic restart. And I'll Select to install. Now, I happen to know that on many computers this feature is a pretty quick installation. It happens in just a matter of a few moments. Mine will be done almost instantly.
If yours is taking a while, then be sure to go ahead and pause and continue with me once yours is complete. But as you can see, mine is done. So I'm going to go ahead and click Close. And now, if I go back to the Tools menu and select Windows Server Backup, now we have a different screen. Now we have the actual tool. In order to perform the backup, we're going to select the local backup. And then we have a few options. Over here on the right, we can create a backup schedule.
So if we wanted to have a recurring backup, this is something that would be recommended. You don't want to do individual backups just whenever you feel like it. You should have some form of regular schedule. Or you can do an individual backup, which is what we're going to do right now for the sake of demonstration. So let's do a backup once. When you do a backup once, you'll see here that there is an option to follow your typical scheduled backup options. It's grayed out for me because I don't have a scheduled backup in place yet.
But if I did, I could choose to do my single backup right now using all the same options. Or you could choose to vary from your typical scheduled backup which is the only option we have right now since we don't have a scheduled backup. So I'll select the different options and click Next. I do not want to do a full server backup because I'm only looking to backup Active Directory. So I will select Custom. Click Next. We now need to add the items we want to backup.
And when it comes to backing up Active Directory, just as it always has been since the original creation of Active Directory, you back it up by selecting System State. So I'll check that box and click OK. And then I will click Next. Now it wants to know where are we going to store this backup. We have a couple of options. It could either be on a local drive if we have an extra drive that maybe we keep in this machine, specifically for the purposes of backup.
Or, it could be out in a remote location, which is what I'm going to select in this case. Now what I'm going to do is a little bit different than what you might do or what you typically would do in the real world. But let me show you what I mean by that. I'm going to click Next. The location where I'm going to put it is going to be \\dc-2\ and then you'll see here I have a shared folder called Backup out on that server. So I actually created that folder and shared it. The reason that I say this is a little different than what you might typically do is you don't normally take the system state from one domain controller and store it in a shared folder on another domain controller.
Usually you would have a dedicated file server of some sort that truly is your backup server. But I'm working with the machines that I have here with me today, so I'm going to use dc-2, and it does the job. You have a little bit of control here with permissions. And I'm just going to inherit which is the default setting where this backup will basically be accessible to anybody who has permissions to that remote folder. I'll click Next. And select to backup.
Now this process does take quite a bit of time. I do believe the last time I checked on my machine, it takes at least five, maybe ten minutes or so. So I will be back with you just as soon as this process is complete. Okay, as you can see here, my backup has completed. So all I have to do at this point is click Close and I can close out of the tool. And that completes the backup of Active Directory. So, as you can see, it's very convenient that Microsoft has given us a tool built right into Windows Server 2012 that allows us the opportunity to backup our Active Directory database.
Ed Liberman shows how to configure service authentication, domain controllers, and account policies, and maintain Active Directory so that it remains stable and secure. He'll cover virtualizing domain controllers, Active Directory backup and recovery, password policy management, and Kerberos policies and delegation.
- Installing read-only domain controllers
- Configuring virtual domain controllers
- Backing up Active Directory
- Recovering Active Directory
- Configuring account policies: password, lockout, and Kerberos
- Configuring service accounts
- Managing service accounts