A backup of Active Directory requires backup of the database and
backup of the transaction logs. This topic provides a walkthrough
of how a backup application backs up Active Directory.
The caller of these backup functions must have the
SE_BACKUP_NAME privilege. You can use the DsSetAuthIdentity function to
set the security context under which the directory backup/restore
functions are called.
To backup Active
Directory, perform the following steps
Call the DsIsNTDSOnline
function to determine if Active Directory is running.
If Active Directory is running, call the DsBackupPrepare function to
initialize a backup context handle. If Active Directory is not
running, it cannot be backed up and the backup application must
fail the backup operation.
For each name in the returned list of files, call the DsBackupOpenFile function
followed by repeated calls to the DsBackupRead function until the
entire file has been read. When you have finished reading the file,
call the DsBackupClose
function to close it.
After all database files are backed up, call the DsBackupGetBackupLogs
function to get a list of transaction logs. This list is handled
just like the list of database files.
When you have finished backing up the transaction log, call the
function to delete all committed transaction logs that were backed
Save the contents of the expiry token provided by the
DsBackupPrepare function. This can be saved in a file or
some other persistent memory. This token must be passed to the
to initiate a restore operation.
Free the memory for the expiry token by passing the token
pointer to the DsBackupFree function.
Finally, call the DsBackupEnd function to release all
resources associated with the backup context handle.