Is there any reason to backup Active Directory if you have more than one domain controller?

In one site there are 3 domain controllers. There are an additional 3 domain controllers for 3 remote sites.

My question: Is there any reason why you should still backup Active Directory?

If one of the domain controllers fails, you could deploy another server and allow it to replicate with the others.

Solution 1:

Absolutely. What happens if someone does something silly and deletes all the accounts, or deletes a critical OU, or does a mass-reset of some attribute with a script and gets it wrong?

You might just actually restore the state of the AD to some previous point in time. This is know as an Authoritative Restore.

Usually a full backup is not required to get the AD data. The Active Directory is part of a System State backup. You probably don't need to backup every single domain controller, to get a good backup of the AD you only really should have to backup one of the Domain controllers. If you require event log data or other things that are only on an individual server, then you might want to get that.

People also commonly install other services like DHCP on domain members. You will almost certainly want to be able to recover that. If you only have 3 servers I suspect this is true in your case. It seems likely that you have some other seemingly minor services also running on those boxes. You will want to back those up as well if you don't have them replicated somewhere else.