Welcome back to Windows Server 2012 Active Directory with the series: Maintaining Business Continuity.
In the previous series about Sites, ADC, FSMO, you see that a backup doesn't simply play roles as its name; you processed it in tasks like IFM AD promotion, manipulations on snapshots, etc. without clearly awarenesses about it.
So today we will explore the main functions of backups in our Active Directory environment.
In general, a backup will help you save a state of things so that you can recover objects/entire container later.
In Active Directory domain/forest network, "a state" can mean DC OS system state, disk volumes; and things are files, folders, NTDS database, AD users/OUs, etc.
Since Active Directory on top of Windows Server is the ultimate solution from Microsoft rules whole of your corporation environment by providing management solution, operation controlling; data and components are associated with this service need cares in advanced.
In the scope of this video, I will use a backup maker called Windows Server Backup, which is bundled with Windows Server 2012 as an installable Role, do demonstrate practical usages of the backup in a real scenario.
So that accidental deletions, hardware failures, OS errors and AD havocs were yesterday!
[00:23] Windows Server Backup Overview" – technet.microsoft.com
[00:35] Let's create an Organizational Unit firstly, with a user account then simulate an accidental deletion of this OU.
And we will use Windows Server Backup to recovery this OU.
[00:55] Protecting objects from accidental deletion" – documents.software.dell.com
Windows Server Backup consists of a Microsoft Management Console (MMC) snap-in, command-line tools, and Windows PowerShell cmdlets that provide a complete solution for your day-to-day backup and recovery needs.
It's just a normal Feature of WS that you can install through Server Manager's Add Roles and Features Wizard easily, though I early had it taken place.
[01:27] Server 2012 – Installing Windows Server Backup" – itnotes.eu
[01:34] Remember to install it alongside with Network Load Balancing feature to make WBADMIN.MSC is available from the Administrative Tools as well as Server Manager.
[01:35] How To Restore the Missing Windows Server 2012 R2 Backup Console" – blog.zubairalexander.comhttps:/blog.zubairalexander.com/missing-windows-server-2012-r2-backup-snap-in-module/” target=”_new”>>https://blog.zubairalexander.com/missing-windows-server-2012-r2-backup-snap-in-module/____
[01:50] In fact, you just need to have an account member of the Administrators group or Backup Operators group to do the backup remotely rather than use Windows Server Backup locally.
By utilizing the MMC technology, wbadmin is now a snap-in that we have a familiar and consistent experience for managing your backups.
In addition to that, we can also manage remote machines, included Server Core DCs.
[01:56] We will use Windows Server Backup feature to back up the "system state" of this WS 2012 Domain Controller which includes Active Directory state.
[02:03] Select the Backup Once option from the Local Backup node.
[02:09] Choose "Different options" from the Backup Options page to specify a location or items for this backup.
[02:12] Windows Server Backup Step-by-Step Guide for Windows Server 2008" – technet.microsoft.comhttps://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770266(v=ws.10)” target=”_new”>>https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770266(v=ws.10)
[02:16] Choose Custom to select the System State only (custom volumes, files if needed) on that Select Backup Configuration.
A backup should be stored on a safe location to avoid a local machine's failure can delete it.
We will simulate the process of saving a backup to a dedicated hard drive (removable), which is wired to that machine.
Let's create a VMware Hard Disk for this Virtual Machine!
[03:07] Now, let's initialize this HDD with MBR partition style, then format it with NTFS, a drive letter, a memorable name, of course.
[03:42] Reopen this WSB console to make the new disk is available.
[03:57] Choose "Different options" from the Backup Options page to specify a location or items for this backup.
[04:12] Verify that the Total space/Free space in the backup destination is eligible in the Select Backup Destination page.
Thanks to the Backup Progress page, we have an overview about how the backup is being built under the hood: files found to include in the system state backup, disk usages, Data transferred, jobs are broken into sections.
You may close this wizard, and the backup operation will continue to run in the background.
Another cool thing about WSB is that, since Windows Server 2008 R2, Microsoft constantly adds a bunch of improvements to augment this built-in tool.
One of that is the integration with VSS; you see that this Wizard is "Creating a shadow copy of backup destination."
Windows Server Backup uses Volume Shadow Copy Service (VSS) and block-level backup technology to back up and recover your operating system, files and folders, and volumes.
[04:28] Furthermore, it is the ability to recover applications. Windows Server Backup uses VSS functionality that is built into applications like Microsoft SQL Server to protect application data.
[04:35] The one-time System state backup completed with 7.37 GB of data.
[04:39] You can also view the status of backups in the main interface of WSB: Last Backup time, Next Backup schedules, etc.
You AD domain network in the virtual lab may run smoothly; however, deployment of it in the real scenario is another story.
You must take care of physical conditions, traffic overloads, etc. as well as human factors.
One of that is the accidental deletion.
Let's make that mistake with the Organizational Unit IT.
[04:54] Protect container from accidental deletion" – technet.microsoft.com
[04:55] Though WS has confirmation mechanisms to prevent that: "Protect container from accidental deletion," deletion prompts, etc. this situation still can happen.
This deletion is related to Subtree Deletion, that this object IT contains other objects; you may delete all the objects it contains with one click.
If you cancel the running deletion, the objects deleted thus far will not be recovered!
The worst scenario of this fault is that admins who " Delete Subtree server control," and they end up with all objects within the subtree, including all delete-protected objects, will be deleted, and the deletion cannot be canceled!!!
[05:07] Can't delete Active Directory object" – serverfault.com
[05:11] Of course, this deletion will be replicated to other ADC in that domain SnoOpy.com
Let's verify the DC SnoOpy-Server-2 has acknowledged this action.
[05:18] Force the synchronization with the master DC happens immediately through the procedure "Replicate configuration from the selected DC" of the Active Directory Sites and Services console.
[05:34] You see that?, the IT OU vanished as intent.
Fortunately, we have a System state backup from the master DC, which includes the AD DS database so that we can continue with part 2 to recover this OU, which can hold hundreds of child objects in the real life!
On a daily basis, you must take care on which things will be backed up not to lose WSB main function by choosing unnecessary objects, also, reduce disk/time usages.