• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

How often do you really need to backup AD, and what part of AD is dynamic?

I am curious as to how often I really need to backup Active Directory server. If I am a small company of 10-15 people, and I never touch the AD server except when I need to add a new user, is DATA on AD changing? Is there a reason to make a backup of AD on a weekly/monthly/daily basis?

Or am I safe by just making a backup after the occasional employee leaves or/and joins on and I have to modify the AD server?

0
nichiaiinc
Asked:
nichiaiinc
  • 2
  • 2
2 Solutions
 
KCTSCommented:
You need to back it up as often as it changes - in any case you need to back it up at least twice within the tombstone period (60 days) otherwise restores from the backup will not work.

Remember that AD chnages all the time - not just when you add a user or change a password. Computers for example on a domain will change their password (yes the computers just like users have passwords), every 30 days or so - but they won't all do it on the same day.

In your situation then I would go for a full (normal) dialy backup - you can set it to run overnight without intervention so its not going to be that demanding - at the very outside go for once a week.
0
 
cj_1969Commented:
As pointed out, things are changing on a regular basis behind the scenes.
You need to decide how important the changes that YOU make are and how much work is accepatable after a restore in comparison to doing the amount of time and tape space it takes to do the backups.

KCTS recommended daily ... this is probably the best and safest ... BUT ...
If it is a small network and things do not change very often and you hae a lot of data to backup on a nightly basis then you might want to weight the work involved in fixing some out-of-date account info against the time saved by just running a weekly full backup on the weekend or something when it won't affect the users and you can still get your full data backup.
0
 
nichiaiincAuthor Commented:
Thank you for your responses, but I'm still unclear as to what exactly changes. Could you give me some examples such as the computer password thing KCTS mentioned. What would happen if the computer password changed and I restored the backup. Or if there is a list of things that change or a resource I can view that would be helpful.

0
 
cj_1969Commented:
A lot of things are dynamic but account information people, services, passwords and last updated times, such as DNS renewals are stored in AD and change on a regaular basis.

Most DNS issues would show up as an IP address already in use message on the client workstations ... just do an ipconfig /release then ipconfig /renew and it should obtain a new address and clear up the problem.

For the account information ... a user might change their password ... they will end up locking their account and you will have to unlock it, change the password and let them reset it.

If you created any new accounts they will have to be recreated.  If you used them anywhere, such as for a service on another machine, you will have to reset the logon information as the underlying identifier will have changed and despite the same display name the "account" that the service is configured with will not exist.

For machine accounts/passwords ... these problems will manifest themselves as machine not being able to log into the domain or not able to connect to network resources.  The fix for this will most lilely be just going to the machine, removing it from the domain in the local settings and then adding it back in .... you might want to remove it from the domain from the server side before doing this just to prevent any possible problems with the account already existing.



0
 
nichiaiincAuthor Commented:
Great job and very informative. Thank you! I now have confidence in knowing when and how many backups I should make. Thank you once again!
0

Featured Post

 Email signature solution for Office 365

Easily set up a company-wide email signature in Office 365 that works with every email client. Add personalized email signatures to every email in your company. Let users preview their server-level signature in Outlook.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now