Full Server Backup for Active Directory in Windows Server 2022

By /

Listen to this Post

Backing up your Active Directory is a critical step in ensuring business continuity and protecting your organization from data loss or corruption. Performing a full server backup is the recommended approach, as it captures not only the AD database but also system state, configurations, and other critical components, making recovery seamless in case of failure.

Why Perform a Full Server Backup?

  • Safeguard the entire server, including the AD database, system state, and applications.
  • Restore your environment quickly without piecing together partial backups.
  • Protect against accidental deletions, corruption, or catastrophic failures.

You Should Know:

1. Using Windows Server Backup (WSB)

Windows Server Backup is a built-in tool for full server backups.

Steps to Perform a Full Backup:

  1. Install Windows Server Backup Feature (if not installed): 
    Install-WindowsFeature Windows-Server-Backup -IncludeManagementTools

2. Launch Windows Server Backup (`wbadmin.msc`).

  1. Select “Backup Once” or “Backup Schedule” for automated backups.

4. Choose “Full Server” backup option.

  1. Specify storage location (external drive, network share, or NAS).

6. Confirm and start the backup.

Verify Backup Integrity:

wbadmin get versions

#### **2. Command-Line Backup Using WBAdmin**

For scripted or automated backups:

wbadmin start backup -backupTarget:E: -include:C:,D: -allCritical -quiet

-backupTarget: Backup destination.
-include: Volumes to back up.
-allCritical: Ensures system state backup.

#### **3. Exporting Active Directory Objects (Optional)**

For granular AD object backup:

Export-ADDirectoryObject -Path "C:\AD_Backup\AD_Export.ldf" -Target "DC=example,DC=com"

#### **4. Restoring Active Directory from Backup**

**Non-Authoritative Restore (Standard Recovery):**

1. Boot into **Directory Services Restore Mode (DSRM)**.

2. Run:

wbadmin get versions 
wbadmin start recovery -version:<backup-version> -itemType:App -items:ActiveDirectory -recoveryTarget:C:

**Authoritative Restore (For Object Recovery):**

After a non-authoritative restore, mark objects as authoritative:

ntdsutil "activate instance ntds" "authoritative restore" "restore object CN=User,DC=example,DC=com"

#### **5. Automating Backups with Task Scheduler**

Create a scheduled task to run WBAdmin:

$action = New-ScheduledTaskAction -Execute "wbadmin.exe" -Argument "start backup -backupTarget:E: -allCritical -quiet" 
$trigger = New-ScheduledTaskTrigger -Daily -At 2AM 
Register-ScheduledTask -TaskName "AD_FullBackup" -Action $action -Trigger $trigger -User "SYSTEM"

### **What Undercode Say**

A full server backup is non-negotiable for Active Directory environments. Combining Windows Server Backup (WSB) with WBAdmin CLI ensures flexibility. For disaster recovery, always test restores in a lab. Additionally, consider Hyper-V/Veeam backups for virtualized AD servers.

🔗 Reference: Windows Server Backup Guide

### **Expected Output:**

  • A full backup of C:, D:, and system state.
  • Verified backup logs via wbadmin get versions.
  • Automated scheduled backups for consistency.

(Note: Telegram/WhatsApp URLs removed as per request.)

References:

Reported By: Ikibria Backup – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: