Grafvision - Fotolia

Can I use third-party tools to back up Active Directory?

Although Windows Server has a built-in backup tool, third-party tools offer useful capabilities, such as reporting and alerting features, to help admins back up Active Directory.

In addition to the native Windows Server Backup tool, there are several third-party tools that can help administrators back up Active Directory. For example, Veeam Explorer (part of Veeam Backup), Dell's Recovery Manager for Active Directory and Acronis Backup Advanced for Active Directory can restore individual Active Directory objects from backups.

The scope of features can vary between products, but there are some worthwhile capabilities to consider. Restoration options are some of the most valuable abilities for an Active Directory backup tool. Granular file, object, organizational unit, or attribute restoration -- such as user accounts or group memberships -- without the need to restart domain servers is preferable compared to a complete system state or even full system backup restoration.

Consider reporting and alerting features in tools that can compare the current Active Directory state with existing backups and recommend the most effective backup options. Auditing capabilities can report on changes to AD objects, when changes occurred and who made them; this can be crucial for organizations responsible for compliance and auditing. Look for alerting and notification features to ensure backups are successful or errors get addressed quickly.

Also look for tools that seamlessly interact with native Windows Server tools, such as Active Directory Recycle Bin, to save time and trouble -- or eliminate the need to develop scripts to provide this integration. Look for scheduling flexibility so AD backups can be performed during off-peak traffic hours and backups can be replicated off-site when bandwidth demands are lower.

Considering the importance of domain controllers and support, it's critical to evaluate prospective AD backup tools in a lab environment and through limited proof-of-principle projects before making a purchase commitment or rolling the tool out to a production environment. Admins should also follow good backup practices and manage AD backups for every domain and location across the enterprise.

Next Steps

Active Directory backup and restoration methods

Leaving Active Directory for cloud management services

Third-party Active Directory audit tools

Dig Deeper on Windows systems and network management