You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/active-directory-backup-restore.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Back up and restore Active Directory
3
3
description: Learn how to back up and restore Active Directory domain controllers.
4
4
ms.topic: conceptual
5
-
ms.date: 08/09/2023
5
+
ms.date: 08/20/2024
6
6
author: AbhishekMallick-MS
7
7
ms.author: v-abhmallick
8
8
ms.custom: engagement-fy24
@@ -19,6 +19,8 @@ This article outlines the proper procedures for backing up and restoring Active
19
19
20
20
## Best practices
21
21
22
+
Before you start protection of Active Directory, check the following best practices:
23
+
22
24
- Make sure at least one domain controller is backed up. If you back up more than one domain controller, make sure all the ones holding the [FSMO (Flexible Single Master Operation) roles](/windows-server/identity/ad-ds/plan/planning-operations-master-role-placement) are backed up.
23
25
24
26
- Back up Active Directory frequently. The backup age should never be older than the tombstone lifetime (TSL) because objects older than the TSL will be "tombstoned" and no longer considered valid.
@@ -38,13 +40,13 @@ This article outlines the proper procedures for backing up and restoring Active
38
40
>
39
41
>For information about performing an authoritative restore of SYSVOL, see [this article](/windows-server/identity/ad-ds/manage/ad-forest-recovery-authoritative-recovery-sysvol).
40
42
41
-
## Backing up Azure VM domain controllers
43
+
## Back up Azure VM domain controllers
42
44
43
45
If the domain controller is an Azure VM, you can back up the server using [Azure VM Backup](backup-azure-vms-introduction.md).
44
46
45
47
Read about [operational considerations for virtualized domain controllers](/windows-server/identity/ad-ds/get-started/virtual-dc/virtualized-domain-controllers-hyper-v#operational-considerations-for-virtualized-domain-controllers) to ensure successful backups (and future restores) of your Azure VM domain controllers.
46
48
47
-
## Backing up on-premises domain controllers
49
+
## Back up on-premises domain controllers
48
50
49
51
To back up an on-premises domain controller, you need to back up the server's System State data.
50
52
@@ -54,7 +56,7 @@ To back up an on-premises domain controller, you need to back up the server's Sy
54
56
>[!NOTE]
55
57
> Restoring on-premises domain controllers (either from system state or from VMs) to the Azure cloud is not supported. If you would like the option of failover from an on-premises Active Directory environment to Azure, consider using [Azure Site Recovery](../site-recovery/site-recovery-active-directory.md).
56
58
57
-
## Restoring Active Directory
59
+
## Restore Active Directory
58
60
59
61
Active Directory data can be restored in one of two modes: **authoritative** or **nonauthoritative**. In an authoritative restore, the restored Active Directory data will override the data found on the other domain controllers in the forest.
60
62
@@ -65,7 +67,7 @@ During the restore, the server will be started in Directory Services Restore Mod
65
67
>[!NOTE]
66
68
>If the DSRM password is forgotten, you can reset it using [these instructions](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc754363(v=ws.11)).
67
69
68
-
### Restoring Azure VM domain controllers
70
+
### Restore Azure VM domain controllers
69
71
70
72
To restore an Azure VM domain controller, see [Restore domain controller VMs](backup-azure-arm-restore-vms.md#restore-domain-controller-vms).
71
73
@@ -78,7 +80,7 @@ If you're restoring the last remaining domain controller in the domain, or resto
78
80
>[!NOTE]
79
81
> Virtualized domain controllers, from Windows 2012 onwards use [virtualization based safeguards](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100#virtualization-based-safeguards). With these safeguards, Active directory understands if the VM restored is a domain controller, and performs the necessary steps to restore the Active Directory data.
80
82
81
-
### Restoring on-premises domain controllers
83
+
### Restore on-premises domain controllers
82
84
83
85
To restore an on-premises domain controller, follow the directions in for restoring system state to Windows Server, using the guidance for [special considerations for system state recovery on a domain controller](backup-azure-restore-system-state.md#special-considerations-for-system-state-recovery-on-a-domain-controller).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments