Backup of Active Directory

What is/are the best way(s) of backuping up the Active Directory on a regular basis?

Background: We have a small system with 2 Win2003 Domain controller. We have periodic backups of these machines, and daily backups of the important file share data.

Recently we had 2 failures that lead to a loss of about 2 weeks worth of Active directory, which was a major pain. One of the servers was wiped (by accident), so we recovered it, but a reboot of the other DC showed that the boot drive was corrupted, and rebooted to repeating BSOD. So we had to rely on the two week old backup.

Is NTBackup - System State the only / best method of backing up the AD?

We want a solution that if all the servers die, we can load up a fresh DC and load the AD to a configuration within an hour or two of failure; to minimize re-work and lost data.

Yes, backing up session state is the correct method.

You may want to bring up another DC if your hardware is that flaky. That way you have a DC running still.

When ever you do a lot of work within AD do a quick session state backup. They aren't that big, and shouldn't take very long unless your AD is huge, in which case you'll want more DCs anyway.

System state backup is the way to go. For a disaster recovery solution we had two VMed DCs which we had system state backups up running nightly (in addition to the physical DCs having nightly backups). That made recovery very easy.

Also consider looking at tools like Quest's AD Recovery Manager. It'll help track backups and allow you to do recovery of AD objects from a backup without having to do the typical object recovery mechanisms, which are a royal pain.

Finally, as Mr. Denny has pointed out, if you've got flaky hardware, get on something stable and quick. The last thing you need is further corruption.