Solved

How often do you really need to backup AD, and what part of AD is dynamic?

Posted on 2007-11-19
5
175 Views
Last Modified: 2010-04-21
I am curious as to how often I really need to backup Active Directory server. If I am a small company of 10-15 people, and I never touch the AD server except when I need to add a new user, is DATA on AD changing? Is there a reason to make a backup of AD on a weekly/monthly/daily basis?

Or am I safe by just making a backup after the occasional employee leaves or/and joins on and I have to modify the AD server?

0
Comment
Question by:nichiaiinc
  • 2
  • 2
5 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 50 total points
Comment Utility
You need to back it up as often as it changes - in any case you need to back it up at least twice within the tombstone period (60 days) otherwise restores from the backup will not work.

Remember that AD chnages all the time - not just when you add a user or change a password. Computers for example on a domain will change their password (yes the computers just like users have passwords), every 30 days or so - but they won't all do it on the same day.

In your situation then I would go for a full (normal) dialy backup - you can set it to run overnight without intervention so its not going to be that demanding - at the very outside go for once a week.
0
 
LVL 22

Expert Comment

by:cj_1969
Comment Utility
As pointed out, things are changing on a regular basis behind the scenes.
You need to decide how important the changes that YOU make are and how much work is accepatable after a restore in comparison to doing the amount of time and tape space it takes to do the backups.

KCTS recommended daily ... this is probably the best and safest ... BUT ...
If it is a small network and things do not change very often and you hae a lot of data to backup on a nightly basis then you might want to weight the work involved in fixing some out-of-date account info against the time saved by just running a weekly full backup on the weekend or something when it won't affect the users and you can still get your full data backup.
0
 

Author Comment

by:nichiaiinc
Comment Utility
Thank you for your responses, but I'm still unclear as to what exactly changes. Could you give me some examples such as the computer password thing KCTS mentioned. What would happen if the computer password changed and I restored the backup. Or if there is a list of things that change or a resource I can view that would be helpful.

0
 
LVL 22

Accepted Solution

by:
cj_1969 earned 200 total points
Comment Utility
A lot of things are dynamic but account information people, services, passwords and last updated times, such as DNS renewals are stored in AD and change on a regaular basis.

Most DNS issues would show up as an IP address already in use message on the client workstations ... just do an ipconfig /release then ipconfig /renew and it should obtain a new address and clear up the problem.

For the account information ... a user might change their password ... they will end up locking their account and you will have to unlock it, change the password and let them reset it.

If you created any new accounts they will have to be recreated.  If you used them anywhere, such as for a service on another machine, you will have to reset the logon information as the underlying identifier will have changed and despite the same display name the "account" that the service is configured with will not exist.

For machine accounts/passwords ... these problems will manifest themselves as machine not being able to log into the domain or not able to connect to network resources.  The fix for this will most lilely be just going to the machine, removing it from the domain in the local settings and then adding it back in .... you might want to remove it from the domain from the server side before doing this just to prevent any possible problems with the account already existing.



0
 

Author Closing Comment

by:nichiaiinc
Comment Utility
Great job and very informative. Thank you! I now have confidence in knowing when and how many backups I should make. Thank you once again!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now