Active Directory data backups

I am also confused by this.

So if I read the documentation correctly, you need 3 jobs to fully backup an AD server:

1. File system backup

2. VSS backup for BMR

3. VSS backup for AD?

If anyone can clear this up that would be great.  I would also like to see granular restore capabilities on the AD data, but I hope to think that it's on the road map for future releases,  if not it might be a sticking point for some companies.

Is there any harm with leaving that option checked?

You should have a non-DR backup of at least one of your Domain Controllers in case you need to perform an Active Directory restore.

Ian Anderson wrote: The "Disaster Recovery" checkbox invokes the Automated System Recovery (ASR) writer when performing a system state backup. Backups generated using the ASR writer can only be restored offline (i.e. by booting from a suitable WinPE image) so they are not suitable for restoring Active Directory (which must be done online) and vice-versa.

key sentence, that helps. All of our domain controllers are VMs so in addition to file system/VSS backup they will also be backed up at VM level backup. That should remove the requirement for BMR and for that option to be checked.

@sconstable_illumina is asking a good question, do we need to break up AD controllers backup into two datasets:

Dataset #1 - file system backup only

Dataset #2 - VSS backup only

Thank you Ian very much

ok, so you are saying for physical DC we would need 3 datasets:

Dataset #1 - file system backup only

Dataset #2 - VSS backup only

Dataset #3 - VSS with "Create Disaster Recovery Backup" option checked"

Dataset #1 could be used to restore individual files (let's say someone deleted something from sysvol)

Dataset #2 could be used to restore Active Directory when the server is still up and running (but let's say major corruption in AD)

Dataset #3 could be used in case of total datacenter meltdown, we order brand new servers and restore from Dataset #3 (using BMR/WinPE CD)

Am i on the right track Ian ?

Thank you

I don't imagine there are many instances where you'd need to run a file restore on a Domain Controller but I guess you never know.

If file level backup and restore is required for physical DCs, you would need multiple datasets -- the DC would have to be protected using regular file system backups in addition to the non-DR VSS backup (and the DR VSS backup if enabled). For VMs, you have more options. If you're already protecting these systems at an image level, you could use VMware File Level Restore (FLR) in place of agent-level file system backup and restore. FLR has limitations on the number and size of files so make sure you test it and confirm that it meets your needs.

You're welcome!

Any issues with combining Dataset #1 and Dataset #2 into one Dataset?

Shouldn't be a problem since they're using two different plug-ins.

That's the idea, yes.

ok, so let's say there are multiple, geographically dispersed DC in ones organization where Dataset #3 will never be needed. Any issues with combining Dataset #1 and Dataset #2 into one Dataset ?

my backups are "DR enabled" in Avamar

when I need to recover a crashed Machine - which indeed is a DR situation,

will I be able to bring back the system with AD online? I read that AD can be recovered only if ASR /DR is not enabled.