AD DS: This directory partition on this domain controller should have been backed up within the last 8 days

  • Article

Updated: August 31, 2012

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Active Directory Domain Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2

Windows Server 2012

Product/Feature

Active Directory Domain Services (AD DS)

Severity

Warning

Category

Configuration

Issue

This directory partition on this domain controller has not been backed up within the last 8 days.

Impact

Restoring Active Directory Domain Services (AD DS) from infrequent backups can result in the loss of Active Directory data that was added, accidentally deleted, or modified since the last backup.

Resolution

To ensure that recent system state backups are available to recover Active Directory data that was recently added, deleted, or modified, perform daily backups of all directory partitions in your forest or keep the time between Active Directory backups to a maximum of 8 days.

Consider the following criteria when you determine the appropriate frequency of Active Directory backups in your environment:

  • Significance of changes to AD DS

    Significant changes can include changes to the schema, group membership, Active Directory replication or site topology, and policies. They can also include upgrades to operating systems, renaming of domain controllers or domains, and migration or creation of new security principals.

  • Effect on business operations if data in AD DS or SYSVOL is lost

    Lost data can include updates to passwords for user accounts, computer accounts, and trusts. It can also include updates to group membership, policies, and the replication topology and its schedules.

If you do not perform daily backups of AD DS, we recommend that you back up your Active Directory environment weekly—in other words, every 8 days. The recommended approach is to back up AD DS overnight, during times of decreased traffic.

Additional references

For more information about the known issues, best practices, general requirements, scenario overviews, and detailed steps for performing scheduled and unscheduled backups of AD DS, see AD DS Backup and Recovery Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkID=138501).