At work, we have a Microsoft Small Business Server 2011 server that's doing AD for the company. There are multiple Windows client machines that are part of the domain, but that server is the only domain controller in the AD. Keeping track of users and groups is pretty much the only thing the AD was doing for us – it has no GPOs configured, no exchange server, and nothing else that we need to worry about.
After years of running good, the server started crashing. We figured out that the hard drive on it had bad sectors, and we are going to be switching out the hard drive. While we are doing that, management wants us to actually reinstall the SBS server and import the AD users and groups rather than do a bare metal restore from our backups.
My question is this: how can we backup users and groups from the currently running server (it's still running with a bad drive for now) so that we can restore them when we reinstall SBS? We need a way to backup all user information, group membership, and to make sure that all user SIDs and RIDs remain the same so that any permissions that are setup on our Windows clients don't need to be reconfigured (from what I understand, that's how that works).
PS. Yes, we should really have more than one domain controller in case one dies as this one did, and yes, we will be using RAID in the future.
Best Answer
A system state backup will back up AD. You can do this for free with the Windows Server Backup software that comes with your server.
The command line for that is:
The only "gotcha" is that the backup disk has to be something that the install DVD can see while booting, so I use things like 2TB external USB drives. (If it refuses one drive, it probably dislikes the partition size or block size. Try another.)
Once you have a system state backup, you can then restore the SBS server by booting off the install media, choosing recovery, and following the wizard. (You might want to test this process with a non-networked VM first.)
Good luck!