Legacy “NTBACKUP” – file-based, automatically installed with Windows
Scheduled task short-cut: taskschd.msc (Windows 2008 & above)
New “Windows Server Backup” Tool
-
-
Block-based (more efficient, integrated with Volume Shadow Copy). Take image and mount as a volume in a virtual machine to perform browse / restore functions.
-
Installation command for Windows 2008: # servermanagercmd -install Backup-Features
-
Installation for Windows 2012: Run Windows Server Add Roles and Features Wizard – select Installation type as Role-based or feature-based – click Next – select server from the list – click Next – Skip role selection by clicking Next – put a check mark at Windows Server Backup – click Next – press Install
-
-
Command Line Usage: # wbadmin enable backup –addtarget:G:-include:c:,d: -schedule:21:00
-
How to disable scheduled backups: # wbadmin disable backup
-
MMC method:
-
-
-
-
Configure the snap-in to include Backup Services
-
Specify backup time, source, and destination
-
-
Active Directory Snapshots
-
Create: # ntdsutilsnapshotactivate instance ntdscreatequitquit
-
-
Mount snapshot as read-only: # ntdsutilsnapshotlist all1: {something here}2: {something here 2}3: {something here 3}snapshot: mount {index number}quitquit
-
Delete old snapshots: # ntdsutilsnapshotlist all1: {something here}2: {something here 2}3: {something here 3}snapshot: delete {snapshot number}quitquit
-
Recover data from AD snapshots:
-
-
-
-
Command to mount on BACKUP server: # dsamain –dbpath c:\$snap_201504301136_volumed$\windows\ntds\dit\ntds.dit -ldapport 20000
-
Connect to the AD snapshot:
-
-
-
Open Active Directory Users and Computers (ADUC) – right-click top-level node – select Change Domain Controller – select This Domain Controller or AD LDS Instance – Specify value as “BACKUP:20000”
-
Search for the accidentally deleted user, OU, or container – copy such content back into the production ADUC container
To schedule a task to create AD DS or AD LDS snapshots
-
Log on to a domain controller as a member of the Enterprise Admins group or the Domain Admins group.
-
Click Start, click Administrative Tools, and then click Task Scheduler.
-
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
-
Click Action, and then click Create task.
-
On the General tab, type a name for your task, and then select the appropriate security options to run the task.
-
On the Triggers tab, click New.
-
In New Trigger, select the appropriate settings for the task, and then click OK.
-
On the Action tab, click New.
-
In New Action, type the name or browse to the file path that contains Ntdsutil.exe and in Add arguments (optional), type the following command, and then press ENTER:ntdsutil “activate instance ntds” snapshot create quit quit
-
On the Conditions tab and the Settings tab, select any additional settings that you want to apply to the task, and then click OK.
-
If you are prompted, enter the password for a member of the Enterprise Admins group or the Domain Admins group, and then click OK.
Recovery Procedure:
-
-
Boot from Windows Server 2012 CD with the Repair Option
-
Choose “Windows Complete PC Restore”
-
How to selectively restore deleted OU
-
-
-
Boot the server into Directory Services Restore Mode (DSRM)
-
-
-
-
Reboot with this command: # bcdedit /set safeboot dsrepair
-
Remove DSRM booting mode with this command: # bcdedit /deletevalue safeboot
-
Command to create a DSRM boot option: bcdedit /copy {default}/d “Directory Service Repair Mode”
-
-
-
-
-
-
bcdedit /set {<GUID obtained from result of previous command>}safeboot dsrepair
-
-
-
-
-
-
Restore the Active Directory Domain Services (ADDS) database to an earlier state
-
-
-
-
Identify backups available for recovery
-
-
-
-
Command: # wbadmin get versions
-
-
-
-
-
-
Copy the version date (i.e. 04/29/2015-12:15)
-
Recovery command: # wbadmin start systemstaterecovery–version:04/29/2015-12:15
-
-
-
Recover data from AD snapshots:
-
Command to mount on BACKUP server: # dsamain –dbpathc:\$snap_201504292010_volumed$\ntds\dit\ntds.dit -ldapport 10000
-
Connect to the AD snapshot:
-
Open Active Directory Users and Computers (ADUC) – right-click top-level node – select Change Domain Controller – select This Domain Controller or AD LDS Instance – Specify value as “BACKUP:10000”
-
Search for the accidentally deleted user, OU, or container – copy such content back into the production ADUC container
-
-
-
REM maintainSnapshots.bat
@echo off
REM Logs Location (Used for manage retention). The folder have to contain only the text files of this batch.
set mypath=C:\ADSnapshots\
if not exist %mypath% mkdir %mypath%
REM Setup of the retention of snapshots in seconds (1 Day = 86400, 30 Days = 2592000)
set retention=2592000
REM (Time in seconds since 1970-01-01 for Sun Jul 4 12:00:00 1976 GMT)
for /f %%x in ('wmic path win32_utctime get /format:list ^| findstr "="') do (set %%x)
set /a z=(14-100%Month%%%100)/12, y=10000%Year%%%10000-z
set /a mydate=y*365+y/4-y/100+y/400+(153*(100%Month%%%100+12*z-3)+2)/5+Day-719469
set /a mydate=mydate*86400+100%Hour%%%100*3600+100%Minute%%%100*60+100%Second%%%100
REM Creation of the snapshot
echo Snapshot in progress
ntdsutil snapshot "activate instance ntds" create quit quit > %mypath%%mydate%.txt
REM Get the ID of the Snapshot and save it into the log file
for /f "tokens=1,2,3,4,5 delims= " %%a in ('findstr /i /c:"{" "%mypath%%mydate%.txt"') do @echo %%c > %mypath%%mydate%.txt
REM Removing old snapshot
echo Removing old snapshot
for /f "tokens=1,2 delims=." %%a in ('dir %mypath% /b') do call :CalcRetention %%a
goto end
:CalcRetention
set val=%1
set /a result=%mydate%-%retention%
IF %val% LSS %result% (
for /f "tokens=1,* delims= " %%a in ('findstr /i /c:"{" "%mypath%%val%.txt"') do call :removeSnapshot %%a %val%
)
goto end
:removeSnapshot
set guid=%1
set filename=%2
ntdsutil snapshot "delete %guid%" quit quit
del /S "%mypath%%filename%.txt"
goto end
:End
Categories: