The first thing I would do in implementing an Active Directory backup strategy is to install Windows Server Backup via the Server Manager console. Alternatively, this can be done via the command line assuming you have already installed the Windows PowerShell, or are running Windows Server 2008 in which it is included. This backup will be created to a CD or DVD and cannot be done to magnetic tapes or dynamic volumes. I would set up a scheduled backup, as opposed to a manual backup, using the Windows Server Backup utility. Again, this can be done via the command line using Wbadmin, but optimally, I’d stick to the Windows interface. It is important to note that these backups format this scheduled backup will format the drive to which it is writing the backup so one should use a local drive that does not host any critical files.
The information this automatic backup would backup is:
The system volume, including bootmgr.exe and the Boot Configuration Data
The boot volume, which hosts the Windows OS and the Registry The SYSVOL volume
The Ntds.dit that hosts the Active Directory Database.
The volume containing Active Directory Log Files
The volume that one writes this backup to must be at least 1MB larger than the critical volumes one is backing up.
I would ensure that replication exists between each domain controller in the forest. This replication would ensure fault tolerance, as well as availability and accessibility. I would use WBadmin to restore the database to its last known good configuration via a non-authoritative restore. Following this restoration method, replication will update information on all other domain controllers. If the Administrator fears that a mistake has already been written to other Domain Controllers via replication, an authoritative restore can be done through the NTDSutil command line utility that would mark that restored database as authoritative and thus overwrite the erroneous