Is Active Directory backup as flexible as OpenLDAPs or 389-ds’s?

With 389-ds I can export my entire directory using db2ldif and import it into a new directory server using ldif2db without any issues; even in catastrophic failure situations.

Now, the question is with Active Directory; can I do the same thing without taking a full system backup? I want to backup the directory and that’s it. Would stopping all AD services, and copying the NTDS files be sufficient?

Answer

This is a terrific idea! Terrifically bad!

You’ll need to backup your registry, SYSVOL folder, Ntds.dit, Edb.chk, Edb*.log, Res1.log and Res2.log. Oh, but that’s not all! If there are other domain controllers in the domain you’ll have to worry about non-authoritative versus authoritative restores. Just try doing that without a proper, “Microsoft Sanctioned” backup.

Let’s Have Some Fun!

Since no one should ever consider their backups to be good enough until they’ve performed a fully functioning restoration, you go ahead and back up your Active Directory the way that you proposed above. Then, try and restore it. Tell us how it went.

I mean, you’ll be performing full test restorations anyway, right?

We’ll wait for your return.

Attribution
Source : Link , Question Author : Community , Answer Author : Community

Leave a Comment