This article is also available as a PDF download.
When it comes to server backups, the old adage still holds true:
Don’t put all your eggs in one basket. I’m not referring to backup media or
storage locations. I’m talking about backing up the different roles that can be
assigned to Windows Server 2003 servers.
Making a single tape backup of a domain controller that
hosts user data and, for example, acts as DHCP server, is a bad idea, and the
more roles you add, the worse it gets. (Domain controllers that serve in a
variety of roles are not that uncommon, especially in smaller domains and in
small to midsize enterprises.)
But why is a single backup of a domain controller that acts as data
server, DNS server, WINS server, DHCP server, print server, etc., such a bad
idea? For several reasons:
You have a single point of failure. If the
latest tape backup doesn’t work, you’ll have to rely on an older full backup to
restore everything. It can become much worse if you can’t restore from tape at
Because tape backups are slow, full backups tend
to be made less often. That means in case of a disaster, you might end up with
critical information like Active Directory data being relatively old.
Restoring from tape is slow. Restoring
everything from a single tape can become intolerable in a production
Resynchronization becomes a time-consuming
Performance of remaining Active Directory
servers will suffer, as they have to cope with the added workload.
In this article, I’ll show you how to make several
dedicated (role-specific) backups of a Windows Server 2003 server. A dedicated backup
involves backing up certain server roles separately. Doing so will make life
much easier for you when it matters most–when disaster strikes and you have to
restore one or more DCs. Restoring will be simpler
and faster. It will also be a lifesaver in a scenario where recovery from a
normal tape backup is problematic or not an option.
I suggest using removable media other than tape for these role-based
backups. I’ve found adding a big IDE drive to every server invaluable. I use it
to store many role-specific backups and all kind of useful utilities,
documentation, tips, and useful articles.
Let’s start with backing up Active Directory. As you know, if you back
up a DC’s System State data, your AD is backed up. (The System State data
includes the Active Directory database, system boot files, SYSVOL, and the
registry, among other things. The server’s role determines the content.) As you
can see in Figure A and Figure B, backing up the System State
data is straightforward.
|Backing up the System State data using the Ntbackup’s
|If you don’t use the wizard, just select the System State data from the left
As I mentioned in “Rescuing a
failed domain controller: Disaster recovery in action,” the important
thing to remember about backing up System State data is that you can’t restore
it if your backup is older than the tombstone age. The default tombstone
lifetime is 60 days. After that, AD suffers from memory loss, in a manner of
speaking. That’s because the tombstone lifetime determines how long a DC
“remembers” deleted objects. To prevent you from restoring data older
than the specified life, restoring from backups older than this lifetime isn’t allowed.
So check the tombstone lifetime setting for your DCs.
Shuddering at the thought of setting up DNS from scratch? Not to worry.
You can do it in a flash with the right backup procedure. First, back up the
registry settings pertaining to DNS:
- Stop the DNS service.
- Start the registry editor and go to
- Right-click the DNS folder and choose Export. You’ll
have to give the file a name. Let’s call it dnsreg1. Press [Enter].
- Navigate to
Server (Figure C).
- Right-click on the DNS Server folder and select Export.
Let’s name this file dnsreg2. Press [Enter].
- Save these two registry files to the storage medium of
- Install the DNS service.
- Copy all of those files with the .dns
extension you backed up to the same location you backed it up from, i.e.,
- Stop the DNS service.
- Now restore those two registry files you backed up. Just
double-click each one of them and confirm you want them installed.
- Restart the DNS service.
- Bring up the WINS console.
- Right-click on the relevant server and select Properties.
- Select the General tab (Figure D) and in the Default
Backup Path field, enter the path to the location you want to back up to. You
can also click Browse and navigate to a backup location. The default location
- Select Back Up Database During Shutdown. This will ensure
that backups are created whenever the WINS service is stopped.
- Click OK.
Second, back up all the files with the extension .dns
from the following folder on your server:
Back it up to where you have saved the DNS registry files. (You don’t
have to, but it makes sense to keep all your DNS eggs in one basket.)
Finally, restart the DNS service.
If you have an Active Directory-integrated zone, the DNS zone data
forms part of the System State data of your DNS server.
|The place in the registry where the DNS settings reside|
Now if your domain controller that’s hosting the DNS server role or
your dedicated DNS server gives up the ghost, restoring your DNS settings will
be a snap. Here are the steps to restore
it to its former pristine glory. (Let’s assume you have set up a new machine with
Windows Server 2003 and the same server name, DNS suffix, and IP address as the
Always have at least two DCs per domain. This
will enable you to restore a failed DC through reinstallation–your only option
if your backup set fails or, owing to a disaster, isn’t available. Restoring
through reinstallation entails Active Directory replication, so you’ll need a
functioning DC in the same domain. (Again, see “Rescuing a
failed domain controller: Disaster recovery in action” for such a
Losing your DHCP server (or DHCP server role together with the DC it
was on) can be more then a mere mishap, as you’ll have to configure the scopes,
reservations, and classes from scratch. Not a nice thought while you’re
recovering from a disaster in the middle of the night! Fortunately, backing up
and restoring your DHCP settings is simple. You can back it up from the command
line with a single command:
netsh dhcp server dump
(The > dhcpback.txt part of the command will save the output
to a file named dhcpback.txt. You can, of course, choose another filename and
specify a location.)
To restore your DHCP configuration after a meltdown, you just need the
following command (after installing the DHCP server service):
netsh exec dhcpback.txt
Backing up WINS is an often neglected task. Remember that WINS is not
backed up by default, so you won’t be able to restore a corrupt WINS database.
Yet configuring automatic WINS backups is a breeze:
You can also manually backup WINS by right-clicking on the relevant
server and selecting Back Up Database.
Make screen shots of settings (e.g., DNS and DHCP) just in case of the
absolutely worst case scenario!
|Backing up WINS|
Let’s cover one last role: that of print servers. I’ll cut to the chase:
Just use Microsoft’s free tool, Print Migrator. To quote Microsoft: “Print
Migrator provides complete backup, restore and migration operations for Windows
NT-based operating systems from Windows NT 4 to Windows 2003.” You can get
Windows Print Migrator (and more information about it) from the Microsoft Download Center.