Home ACTIVE DIRECTORY Backup Full Server (Bare Metal), Group Policies, Group Policy Links, DNS and Distinguished Name of Objects with PowerShell

Backup Full Server (Bare Metal), Group Policies, Group Policy Links, DNS and Distinguished Name of Objects with PowerShell

by Cengiz Kuskaya

Description

A PowerShell script to make a full server backup of a Domain Controller, all Group Policies, all Group Policy Links, all Distinguished Names of Objects and Active Directory integrated DNS.

The PowerShell Script can be downloaded from the TechNet Script Repository too.

Complete AD Disaster Backup Script
http://gallery.technet.microsoft.com/Domain-Controller-Backup-3d14d2fe

#*********************************************************************************
 # BareMetalADDisasterBackupScript.ps1
 # Version 1.0
 # Date: 8/03/2013
 # Author: Cengiz KUSKAYA 
 # Description: A PowerShell script to make a full server backup of a Domain Controller,
 # all group policies, all group policy links,
 # all Distinguished Name of objects and AD integrated DNS.
#*********************************************************************************
 # Requirements:
 # Create a folder named "C:\Script" prior executing the Script and a BATCH file 
 # named C:\Script\DNSBackup.bat . Copy and paste the following commands 
 # into the BATCH file.
 # dnscmd /enumzones > C:\Script\AllZones.txt
 # for /f %%a in (C:\Script\AllZones.txt) do dnscmd /ZoneExport %%a Export\%%a.dns
 # Additionaly, create a Text file named C:\Script\Script.txt.
 # Paste the following command into the text file "delete shadows all".
 # It will delete all full server backup shadow copies for efficient disk space management.
#*********************************************************************************

#Import required PowerShell Modules
Import-Module ActiveDirectory
Import-Module GroupPolicy

#Backup systemstate and delete all backups except last 4 copies.START
wbadmin start backup -backuptarget:D: -allCritical -vssfull -quiet
diskshadow.exe /s C:\Script\Script.txt
#Backup systemstate and delete all backups except last 4 copies.END

#Backup all Group Policies.START
$Computer = gc env:computername
$date = Get-Date -format H.m.d.M.yyyy
$GPOPath = "D:\WindowsImageBackup\GPOAll"
$DestGPO = "D:\WindowsImageBackup\GPOAll\" + $Computer + "-" + $date
$DestDelGPO = "D:\WindowsImageBackup\GPOAll\*"
Test-Path -Path $GPOPath -PathType Container
if ( -Not (Test-Path $GPOPath))
{
$null = New-Item -Path $GPOPath -ItemType Directory
}
else
{
#Do Nothing
}
New-Item -Path $DestGPO -ItemType Directory
Get-GPO -all | Backup-GPO -path $DestGPO
Get-ChildItem $DestDelGPO | where {$_.Lastwritetime -lt (date).adddays(-2)} | Remove-Item -force -recurse -Confirm:$false
#Backup all Group Policies.END

#Backup all Group Policy Links.START
$GPLinkAllPath = "D:\WindowsImageBackup\GPLinkAll"
$DestGPLinkAllPath = "D:\WindowsImageBackup\GPLinkAll\" + $Computer + "-" + $date
$DestGPLinkAllDelPath = "D:\WindowsImageBackup\GPLinkAll\*"
Test-Path -Path $GPLinkAllPath -PathType Container
if ( -Not (Test-Path $GPLinkAllPath))
{
$null = New-Item -Path $GPLinkAllPath -ItemType Directory
}
else
{
#Do Nothing
}
New-Item -Path $DestGPLinkAllPath -ItemType Directory
Get-ADOrganizationalUnit -Filter 'Name -like "*"' |
foreach-object {(Get-GPInheritance -Target $_.DistinguishedName).GpoLinks} |
export-csv $DestGPLinkAllPath\GPLinkBackup.csv -notypeinformation -delimiter ';'
Get-ChildItem $DestGPLinkAllDelPath | where {$_.Lastwritetime -lt (date).adddays(-5)} | Remove-Item -force -recurse -Confirm:$false
 #Backup all Group Policy Links.END

#Backup all Distinguished Name of Objects in the Root Domain.START
$DNFolderPath = "D:\WindowsImageBackup\DNAll"
$DNFolderDelPath = "D:\WindowsImageBackup\DNAll\*"
Test-Path -Path $DNFolderPath -PathType Container
if ( -Not (Test-Path $DNFolderPath))
{
$null = New-Item -Path $DNFolderPath -ItemType Directory
}
else
{
#Do Nothing
}
$DNFileName = "DNBackup_$(get-date -Uformat "%Y%m%d-%H%M%S").txt"
$DNFilePath = "D:\WindowsImageBackup\DNAll\$DNFileName"
$DNList_command = "dsquery * domainroot -scope subtree -attr modifytimestamp distinguishedname -limit 0 > $DNFilePath"
Invoke-expression $DNList_command
Get-ChildItem $DNFolderDelPath | where {$_.Lastwritetime -lt (date).adddays(-10)} | Remove-Item -force -recurse -Confirm:$false
#Backup all Distinguished Name of Objects in the Root Domain.END

#Backup DNS.START
$DNSBackupFolderPath = "D:\WindowsImageBackup\DNSBackup"
$DNSDestFolderPath = "D:\WindowsImageBackup\DNSBackup\" + $Computer + "-" + $date
$DNSOldLogDelPath = "D:\WindowsImageBackup\DNSBackup\*"
$TempFolderPath = "C:\Script"
$DNSExportFolderPath = "C:\Windows\System32\DNS\Export"
Test-Path -Path $DNSBackupFolderPath -PathType Container
if ( -Not (Test-Path $DNSBackupFolderPath))
{
$null = New-Item -Path $DNSBackupFolderPath -ItemType Directory
}
else
{
#Do Nothing
}
Test-Path -Path $DNSExportFolderPath -PathType Container
if ( -Not (Test-Path $DNSExportFolderPath))
{
$null = New-Item -Path $DNSExportFolderPath -ItemType Directory
}
else
{
#Do Nothing
}
C:\Script\DNSBackup.bat
New-Item -Path $DNSDestFolderPath -ItemType Directory
Copy-Item "C:\Windows\System32\DNS\Export\*" $DNSDestFolderPath
Get-ChildItem $DNSOldLogDelPath | where {$_.Lastwritetime -lt (date).adddays(-5)} | Remove-Item -force -recurse -Confirm:$false
#Backup DNS.END

#Send an e-mail message after the backup operation
$smtp = "smtpserver.com"
$from = "FROM <from@example.com>"
$to = "TO <to@example.com>"
$body = "Your message inside the body of your mail. Date: $date Server Name: $server"
$subject = "Backup at $date on $Computer"
#Send eMail
send-MailMessage -SmtpServer $smtp -From $from -To $to -Subject $subject -Body $body -BodyAsHtml

Good luck !