• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Backing up AD zones

I have a WIN 2k3 AD environment. I am running some AD Integrated Zones( ADIZ) and some stub zones.  I need to create a backup of all the zones. When I go into the dns folder in  c:\WINDOWS\system32\dns i don't see my AD integrazed zones and some of my stub zones. I know ADIZ are part of ADm, but just want to make sure I get a backup of all them?
How can I accomplish this?

1 Solution
Chris DentPowerShell DeveloperCommented:

As implied, AD Integrated Zones are stored in the Active Directory Structure.

If you open up Active Directory Users and Computers, Select View and Advanced Features you will see a System container. Within that is another called MicrosoftDNS. Inside there are the zones. However, you'll notice that each is a dnsNode type record stored in LDAP, and they can't be exported directly.

All is not lost of course! There are at least three other options for getting the zone files (depending on what you want them for):

1. Select on of the AD Integrated zones and change the type to Standard Primary. Now you'll have the file in %systemroot%\System32\dns

The zone type can be changed back afterwards, making this great for one-off copies but no fun to keep up to date.

2. Backup System State on a Domain Controller - Not a particularly accessible solution but great if all you need it for is Disaster Recovery.

3. Create a Slave DNS Server / Zone (not AD Integrated) for your domain on a server. This should be setup to Transfer the zone from the a master.

To allow that hop back onto one of the AD Integrated DNS Servers, select the properties for your zone (inside DNS Manager) and select the Zone Transfers tab.

If your (AD) server is on an internal network and not at all open to the public then it's probably easiest to allow transfers to any server.

If it's a little more public than that then you don't want to allow just anyone to pick up the zone and either adding the Slave DNS to the Name Servers tab or just allowing transfers only to a specific IP.

This method is probably the best if you want a continually updated copy of the live DNS zone; you'll find the file in %systemroot%\system32\dns as usual.



Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now