End-to-end Active Directory backup and disaster recovery: system state backups with wbadmin, automated daily schedules, bare metal backup testing, full BMR restore, the non-authoritative vs authoritative restore distinction, and the ntdsutil + DSRM walkthrough for bringing back deleted objects that survive replication.
6 articles • follow them in order
If you only ever do one Active Directory backup, it’s the system state backup. System state pulls everything AD needs to come back from scratch — the NTDS.DIT database, SYSVOL,…
Manual backups are practice. Scheduled backups are what actually saves you when a DC dies at 3 AM. Part 1 covered the one-shot system state backup; this post automates the…
An untested backup is not a backup. This post is the test. We’ll create a bare-metal backup of a disposable lab VM — not just system state, but the full…
The disaster: someone deleted the entire VM. Or the OS volume corrupted. Or a ransomware event encrypted the host. The procedure now is to bare-metal restore from the backup we…
Restoring a Domain Controller has two flavours. They use the same backup, the same DSRM boot path, the same wbadmin command — but a single decision afterward changes the entire…
This is the hands-on authoritative restore walkthrough — the procedure Part 5 set up conceptually. We simulate a real disaster: an OU with users is deleted from DC01, the deletion…
