Backing Up Active Directory

A backup of Active Directory requires backup of the database and backup of the transaction logs. This topic provides a walkthrough of how a backup application backs up Active Directory.

The caller of these backup functions must have the SE_BACKUP_NAME privilege. You can use the DsSetAuthIdentity function to set the security context under which the directory backup/restore functions are called.

To backup Active Directory

1. Call the DsIsNTDSOnline function to determine if Active Directory is running.
2. If Active Directory is running, call the DsBackupPrepare function to initialize a backup context handle.
3. Call the DsBackupGetDatabaseNames function to get a list of files to back up. To release the memory returned by this function, call the DsBackupFree function.
4. For each name in the returned list of files, call the DsBackupOpenFile function followed by repeated calls to the DsBackupRead function until the entire file has been read. When you have finished reading the file, call the DsBackupClose function to close it.
5. After all database files are backed up, call the DsBackupGetBackupLogs function to get a list of transaction logs. This list is handled just like the list of database files.
6. When you have finished backing up the transaction log, call the DsBackupTruncateLogs function to delete all committed transaction logs that were backed up.
7. Finally, call the DsBackupEnd function to release all resources associated with the backup context handle.