What is the perfect Backup policy for Domain

Symantec Products can be used as it is most reliable and easy to use, for more info you can visit there site.

http://www.symantec.com/business/backup-exec-for-windows-servers

As most of the organization uses this product for backup and recovery.

Doesn't matter which DC you want to backup, it's always good to have a recent backup os System State. Do it regularly for each DC and you will be secured in case that any of your DC would crash. As AD database content changes everyday, I would suggest to do System State backup daily and store it for 60 days (default Tombstone lifetime). After that time backup is useless because Tombstone lifetime was reached and object(s) cannot be restored.

System State backup allows you also to restore deleted object from a domain. For that you need to perfomr authoritative restore. Check this MS article at
http://support.microsoft.com/kb/241594
http://technet.microsoft.com/en-us/library/cc779573%28WS.10%29.aspx

or visit Sandesh blog and see his article at
http://sandeshdubey.wordpress.com/2011/10/09/authoritative-non-authoritative-restore-in-windows2008/

Regards,
Krzysztof

WHat happens if the backup is older than 60 dayys and I try to restore?

I see, I missed one more line in my previous comment :)

You can also use free tool called ADRESTORE to restore deleted object (but only when tombstone lifetime didn't expire) When it expired, you need to use the recent System State backup to restore the object.

ADRESTORE can be downloaded from
http://technet.microsoft.com/en-us/sysinternals/bb963906

according to your question, when tombstone lifetime expires then AD permanenty removes object from its database. For couple of deleted object you are able to restore that authoritatively and they will exist. But when you restore tombstone lifetime expired domain controller, you would have a lot of lingering objects and problem with AD replication

Krzysztof

We use a product called Nordic backup, it automates the process of backups.  We back up the data stored on the server on a daily basis, including our SQL databases, then I have it set to once a month do a system state backup to an external hard drive only. This way I'm not using the space on the backup server and paying for it, but I have a system state that is never more than 30 days old.  
   If we have a lot of changes, for instance a lot of new members added to the domain, then I can do a manual system state backup at that time. AFter backing up to the external, I just remove it and put it in the fire safe.

isiek Are you saying restoring a file larger than tombstone doesnt have any issues except Deleted objects restoration and replication??

Guys I'm not asking for softwares..>I'm asking what to backup for safe restoration?

When tombstone lifetime expires, then you cannot restore an object from AD database because is deleted permanently by garbage trash collector. Then you have to perform "Authoritative restore" from a backup. But if your DC will fail and its tombstone lifetime expires, you cannot restore it from that backup because other DCs don't know anything about it anymore. When you still want to restore that DC and you do that, many lingering objects will show in your domain and that "wrongly" restored DC may causes issues with AD replication within your network.

So, this is very important for Domain Controller restoration then it does matter if tombstone lifetime has expired. For other objects there is no problem but when you restore user from 60 days old backup probably its group membership will be not up-to-date :) and many other attributes

Krzysztof

Other than system state or there any other things to backup?

Thanks

You're welcome :)

Krzysztof