Manage Learn to apply best practices and optimize your operations.

Tips for Active Directory DC backups

A rundown of different methods administrators can use to back up their Active Directory domain controllers.

Backups are important. Without a backup, you have no means to recover lost or damaged files. Backups must be performed regularly and tested often. Without testing (i.e. restoring files from backup media), you won't know if your backup solution is viable. Every important file on your network should be protected by a backup. This includes your Active Directory domain controllers. Just imagine, years of work, the entire design and structure of your enterprise network lost because of an unplanned power failure that damaged the drives of all of your domain controllers.

As your network expands, as does your company's reliance on your network, having a solid backup solution will become essential. The process you employ to backup a desktop system is not adequate to provide true loss prevention protection for servers, much less an AD domain controller. Your selected backup solution should be sufficient to provide recovery capabilities for your data files as well as your Active Directory database.

As you make your decision about what software backup solution to deploy and which hardware devices to use, consider the following concepts:

  1. Server mirroring – a real-time backup system that creates an exact duplicate copy of your data onto duplicate hardware. This can be accomplished with a RAID 1 system or with complete mirrored server hardware boxes. The backup is usually local, but the backup is in real-time. This type of solution would allow you to support fail-over mechanisms for domain controllers in order to quickly switch traffic over to the mirror in the event of a failure of the primary system.
  2. Electronic vaulting – a backup solution where changed files are collected and then periodically transmitted to an offsite backup location. This is also known as batch processing. The backup is offsite, but the backup is not real-time. This type of solution offers you a modest means to recover you AD network in the event your primary work site is severely damaged.
  3. Remote journaling – a backup solution where the deltas (elements of change) rather than the entire changed files are transmitted to an offsite backup location in real time. This backup is offsite and the backup is in real-time. This type of solution offers you a solid solution to recover your AD network in the event your primary work site is severely damaged.
  4. Database shadowing – a combination of server mirroring and remote journaling where multiple local and multiple offsite backups are created. This backup is local and offsite and is in real-time. This is usually the most expensive solution to implement. This type of solution offers you the most options in terms of AD recovery in the event of any events affecting your DCs.

No matter what backup solution you select. You must ensure that the backup media, whether tape, optical, or hard drive has sufficient capacity for your current and short term future needs. It is not uncommon for the AD database size to grow significantly on a weekly basis. Plan ahead so you will run out of storage space on the backup media.

You must also ensure that the communications pipeline(s) between your primary data source and the backup media is sufficient to support your backup data transmission size. Real-time backups need 100% availability and uptime with sufficient bandwidth to allow for near instantaneous transmission of changes. The act of performing the backup may interfere with the productivity of your network. This may require the deployment of a secondary network dedicated to backup functions. This will be especially true on networks which are active 24/7 and which employ a high level of AD interaction.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.