oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
Windows Server Hacks

Role-Specific Backup Strategies for Windows Servers

by Mitch Tulloch, author of Windows Server Hacks

When you install Windows Server 2003 on a machine and log on for the first time, you're confronted with Manage Your Server, a tool for adding and removing roles for your server. Common server roles include those of:

  • file server
  • print server
  • application server
  • remote access/VPN server
  • domain controller
  • DNS server
  • DHCP server
  • WINS server

When you add some roles, they can significantly alter the configuration of your server. For example, adding the domain controller role installs Active Directory on your server, which installs new services, a directory database, a SYSVOL share, and new administrative tools. On the other hand, adding the file server role has no effect at all--in fact, if you simply share a folder on your server, the file server role is automatically added and displayed in Manage Your Server.

Click for larger view
Figure 1. Manage your server roles with Manage Your Server. (Click on the screenshot to open a full-size view.)

How you maintain a server depends greatly on the roles the server plays on your network. For example, backing up a domain controller is different than backing up a file server. Ensuring the integrity of the system state information (Active Directory database, SYSVOL, Registry, and the like) on a domain controller can be critical for your network, so backing up the system state regularly on domain controllers is an important part of your overall backup strategy. With file servers, on the other hand, you care about only the data and not the operating system, so regularly backing up your data volumes (D, E, and so on) on your file servers is another key part of your backup strategy.

Why not just back up everything on every server on your network? This simplistic solution has some flaws:

  • It may require more resources (tape drives, tapes, network bandwidth, backup window) than your budget or operations allow.
  • It can slow down the recovery process considerably, especially when restoring a single folder or file can resolve the problem.

Related Reading

Windows Server Hacks
100 Industrial-Strength Tips & Tools
By Mitch Tulloch

A good backup strategy should be role-specific--that is, plan carefully as to what and how and when you back up for each server on your network, in order to minimize your resource usage while maximizing speed and ease of recovery. Let's look briefly at some backup strategies for different server roles.

File Servers

Weekly full backups and daily incremental or differential backups of each data volume on your server are fundamental to maintaining file servers. But if your servers are running Windows Server 2003, you have an additional step you can perform: enabling volume shadow copy on each data volume. Doing this has two benefits:

  • It lets you back up open files on the server.
  • It lets users access previous versions of files stored in shared folders on the server, which means fewer support calls asking for restores from backups.

For more info on shadow copies, see KB 304606; also check out my article Windows Server Hacks: Restoring Shadow Copies Using the Command Line, published previously on WindowsDevCenter.

Print Servers

To ensure printer availability, you can use Print Migrator, a free tool from Microsoft that can be used to migrate printers from one server to another. Use this tool to back up the printer configuration on your print servers each time a change is made, such as adding or removing a print device or changing the configuration of a printer. Backing up the printer configuration creates a .cab file that you can store on a file server (which is itself backed up regularly). Then if your print server crashes, you can remove it from the network and use Print Migrator to restore the backed-up .cab file to a different server. Then change the IP address of your new print server to that of the old, and your clients will be able to continue printing as if nothing had happened. For more information on using Print Migrator, see my article Upgrading and Migrating Print Servers, also on WindowsDevCenter.

DHCP Servers

The DHCP database %SystemRoot%\System32\Dhcp on DHCP servers contains information about DHCP leases and reservations. By default, this database is automatically backed to %SystemRoot%\System32\Dhcp\Backup every 60 minutes. What you need to back up, however, is the configuration of your DHCP server, so that if the server bites the dust you can restore this configuration to a replacement DHCP server. To back up the configuration of a DHCP server, use the netsh command:

netsh dhcp server dump > dhcpconfig.dmp

This creates a netsh script called dhcpconfig.dmp, which you can copy to your replacement server and run to configure this server by:

netsh exec dhcpconfig.dmp

WINS Servers

WINS servers also have their own database, but this is not backed up by default the way the DHCP database is. To configure a WINS server to perform automatic backups of its WINS database, use the WINS to open the properties of your WINS server, and on the General tab select "Back up database during shutdown" and specify a backup folder path. You can also manually back up your WINS server anytime by right-clicking on the server node and selecting Back Up Database.

DNS Servers

Since most enterprises that have Active Directory deployed use AD Integrated zones, there's no need to back up DNS zone information separately; it's stored in Active Directory, so normal domain controller backups take care of that. If you're still using standard zones, however, then whenever you modify resource records in a primary zone, a backup of the zone file stored in %SystemRoot%\System32\DNS is created in the %SystemRoot%\System32\DNS\backup folder.

Domain Controllers

Backing up domain controllers involves backing up the system state on these machines:

Click for larger view
Figure 2. Backing up the system state on a domain controller. (Click on the screenshot to open a full-size view.)

For guidance on which domain controllers to back up in your forest, see KB 216899, and for help on how to perform an authoritative restore see KB 241594. Note that backups of Active Directory have a 60-day useful lifetime; see KB 216993.

Group Policy

One of the cool things about the new Group Policy Management Console (GPMC) is that you can use it to back up all (or selected) Group Policy Objects (GPOs) in a domain. This is something you couldn't do using the standard Group Policy tools of Windows 2000/2003. To back up all GPOs in a domain, right-click on the Group Policy Objects folder and select Back Up All:

Click for larger view
Figure 3. Backing up all GPOs in a domain. (Click on the screenshot to open a full-size view.)

Backing up your GPOs is a really good idea if you make extensive use of Group Policy for managing your forest, so do it regularly.

Final Tips

Finally, make sure you periodically perform Automated System Recovery (ASR) backups of all your key servers and create boot disks for them as well. Then if the worst happens, you won't find yourself rebuilding your servers from scratch.

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to