Role-Specific Backup Strategies for Windows Serversby Mitch Tulloch, author of Windows Server Hacks
When you install Windows Server 2003 on a machine and log on for the first time, you're confronted with Manage Your Server, a tool for adding and removing roles for your server. Common server roles include those of:
When you add some roles, they can significantly alter the configuration of your server. For example, adding the domain controller role installs Active Directory on your server, which installs new services, a directory database, a SYSVOL share, and new administrative tools. On the other hand, adding the file server role has no effect at all--in fact, if you simply share a folder on your server, the file server role is automatically added and displayed in Manage Your Server.
Figure 1. Manage your server roles with Manage Your Server. (Click on the screenshot to open a full-size view.)
How you maintain a server depends greatly on the roles the server plays on your network. For example, backing up a domain controller is different than backing up a file server. Ensuring the integrity of the system state information (Active Directory database, SYSVOL, Registry, and the like) on a domain controller can be critical for your network, so backing up the system state regularly on domain controllers is an important part of your overall backup strategy. With file servers, on the other hand, you care about only the data and not the operating system, so regularly backing up your data volumes (D, E, and so on) on your file servers is another key part of your backup strategy.
Why not just back up everything on every server on your network? This simplistic solution has some flaws:
A good backup strategy should be role-specific--that is, plan carefully as to what and how and when you back up for each server on your network, in order to minimize your resource usage while maximizing speed and ease of recovery. Let's look briefly at some backup strategies for different server roles.
Weekly full backups and daily incremental or differential backups of each data volume on your server are fundamental to maintaining file servers. But if your servers are running Windows Server 2003, you have an additional step you can perform: enabling volume shadow copy on each data volume. Doing this has two benefits:
For more info on shadow copies, see KB 304606; also check out my article Windows Server Hacks: Restoring Shadow Copies Using the Command Line, published previously on WindowsDevCenter.
To ensure printer availability, you can use Print Migrator, a free tool from Microsoft that can be used to migrate printers from one server to another. Use this tool to back up the printer configuration on your print servers each time a change is made, such as adding or removing a print device or changing the configuration of a printer. Backing up the printer configuration creates a .cab file that you can store on a file server (which is itself backed up regularly). Then if your print server crashes, you can remove it from the network and use Print Migrator to restore the backed-up .cab file to a different server. Then change the IP address of your new print server to that of the old, and your clients will be able to continue printing as if nothing had happened. For more information on using Print Migrator, see my article Upgrading and Migrating Print Servers, also on WindowsDevCenter.
The DHCP database %SystemRoot%\System32\Dhcp on DHCP servers contains information about DHCP leases and reservations. By default, this database is automatically backed to %SystemRoot%\System32\Dhcp\Backup every 60 minutes. What you need to back up, however, is the configuration of your DHCP server, so that if the server bites the dust you can restore this configuration to a replacement DHCP server. To back up the configuration of a DHCP server, use the
netsh dhcp server dump > dhcpconfig.dmp
This creates a
netsh script called dhcpconfig.dmp, which you can copy to your replacement server and run to configure this server by:
netsh exec dhcpconfig.dmp
WINS servers also have their own database, but this is not backed up by default the way the DHCP database is. To configure a WINS server to perform automatic backups of its WINS database, use the WINS to open the properties of your WINS server, and on the General tab select "Back up database during shutdown" and specify a backup folder path. You can also manually back up your WINS server anytime by right-clicking on the server node and selecting Back Up Database.
Since most enterprises that have Active Directory deployed use AD Integrated zones, there's no need to back up DNS zone information separately; it's stored in Active Directory, so normal domain controller backups take care of that. If you're still using standard zones, however, then whenever you modify resource records in a primary zone, a backup of the zone file stored in %SystemRoot%\System32\DNS is created in the %SystemRoot%\System32\DNS\backup folder.
Backing up domain controllers involves backing up the system state on these machines:
Figure 2. Backing up the system state on a domain controller. (Click on the screenshot to open a full-size view.)
For guidance on which domain controllers to back up in your forest, see KB 216899, and for help on how to perform an authoritative restore see KB 241594. Note that backups of Active Directory have a 60-day useful lifetime; see KB 216993.
One of the cool things about the new Group Policy Management Console (GPMC) is that you can use it to back up all (or selected) Group Policy Objects (GPOs) in a domain. This is something you couldn't do using the standard Group Policy tools of Windows 2000/2003. To back up all GPOs in a domain, right-click on the Group Policy Objects folder and select Back Up All:
Figure 3. Backing up all GPOs in a domain. (Click on the screenshot to open a full-size view.)
Backing up your GPOs is a really good idea if you make extensive use of Group Policy for managing your forest, so do it regularly.
Finally, make sure you periodically perform Automated System Recovery (ASR) backups of all your key servers and create boot disks for them as well. Then if the worst happens, you won't find yourself rebuilding your servers from scratch.
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.
Return to WindowsDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.