64085: Acronis Cyber Protect, Acronis Cyber Backup: How to back up domain controller

Last update: 18-11-2022

Use application-aware backup for Active Directory

Introduction

Acronis Cyber Protect and Acronis Cyber Backup support application-aware backup for Active Directory services. This is a disk-level backup that also collects the applications' metadata. This means that a single solution and a single backup plan can be used for both disaster recovery and data protection purposes.

Prerequisites

1) Application-aware backup of Active Directory requires one of the following licenses or quotas:

(!) Workstation and Advanced Workstation licenses/quotas do not include application-aware backup, even if the application is installed on non-server system.

2) Physical machines: Agent for Active Directory must be installed

3) Ensure that The Active Directory writer for VSS is turned on.

4) If the applications run on virtual machines that are backed up by Agent for VMware, ensure that:

  • The virtual machines being backed up meet the requirements for application-consistent quiescing listed in this VMware knowledge base article
  • VMware Tools is installed and up-to-date on the machines.
  • User Account Control (UAC) is disabled on the machines. If you do not want to disable UAC, you must provide the credentials of a built-in domain administrator (DOMAIN\Administrator) when enabling application backup.

Solution

Backup

Backing up a physical machine: configure backup plan with the following parameters:

  • What to back up: Entire machine

    If backing up the entire machine will make the backup too large, you can exclude some data from backup using file filters in Backup Options.

  • Application backup: Enable application backup for Microsoft Active Directory. When enabling application backup, you will be prompted to enter credentials for accessing Active Directory. This account must be a domain administrator
  • In Backup options, make sure Volume Shadow Copy Service (VSS) option is enabled
  • Specify backup destination, schedule, and other parameters according to your needs.
Do not exclude *.log files from backup when backing up a machine with Active Directory. If such files are missing from backup, it can lead to BSOD during recovery.

Backing up a ESXi virtual machine: configure backup plan with the following parameters:

  • What to back up: Entire machine
  • Application backup: Enable application backup for Microsoft Active Directory. When enabling application backup, you will be prompted to enter credentials for accessing Active Directory. This account must be a domain administrator
  • In Backup options, make sure Volume Shadow Copy Service (VSS) for virtual machines option is enabled
  • Specify backup destination, schedule, and other parameters according to your needs.

Recovery

To recover a domain controller protected with application-aware backup, perform a recovery of the entire machine using web interface or using bootable media. You can also recover physical machine as virtual or recover to dissimilar hardware with Universal Restore.

If a domain contains more than one domain controller, and you recover one of them, a nonauthoritative restore is performed and a USN rollback will not occur after the recovery.

Tags: