Windows Server 2008 R2 Domain Controller Backup
I am looking to backup my Domain Controller with Bacula. I figure for this I probably want to use Windows Backup to create a local backup of the critical data locally and then have bacula grab that bkf file (or whatever it is these days).
However the instructions from MS here dsy there is an option for critical volumes or a "Enable system recovery checkbox". However, I only see:
- System State
- Bare Metal
- The various drives in the system
I can I back up the critical AD and DNS data without backing up the entire server?
As Massimo says, you'll need to perform a System State backup and then cover that backup with Bacula.
The standard way of performing such a backup file-level backup of the system state on prior versions of Windows was to use ntbackup
to write out a BKF file with the system state and cover that file with backup.
Windows Server 2008 removes ntbackup
and adds the "Windows Backup" functionality. You can do a system state backup with wbadmin start systemstatebackup -quiet -backuptarget:X:
, replacing X:
with a destination volume. You'll get a folder hierarchy in that volume, "X:\WindowsImageBackup", that will contain the backup set.
Beware, though-- if you attempt the backup on to the "C:" volume you'll receive a "ERROR - The location for backup is a critical volume" in a stock W2K8 install. You can send the backup to some other volume or you can set a flag to work around this "feature". Microsoft has an article describing how to override this behavior, which basically amounts to creating a REG_DWORD value named "AllowSSBToAnyVolume" set to "1" at "HKLM\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup".
Historically, Active Directory backup/restore has always been associated with full system state backups; this is in my opinion a very unfortunate design choice by Microsoft, particularly pre-Windows 2008, when a system state backup could only be restored on the very same hardware where the backup was created.
So, in order to take a full AD backup on a domain controller, you'll have to take a full system state backup, as per the article you linked; DNS data will be automatically included if your DNS zones are AD-integrated (they should). In the unlucky case in which they are not, then you should also backup the DNS zone files (which by default reside in the system directory, so are usually included anyway).