Skip to main content

Articles in this section

Print

Configure a backup plan

  • Updated

Content: 

Summary

This article describes some of the best practices for Backup Plan management.

Review the Forest Recovery: Create and run backup plans article and make sure that backup plans were properly configured in Cayosoft Guardian to protect your Active Directory forest from forest-wide failures. A Backup Plan is a job with a schedule, a list of domain controllers to back up, and connected Backup Locations to which backups will be copied. 

Cayosoft Guardian uses agents to back up and recover domain controllers in the Active Directory forest. The agent is a Cayosoft Guardian component deployed automatically on managed machines, such as the machines in the recovery site or domain controllers to be backed up. The Agents Management node shows agents that previously communicated with the Cayosoft Guardian Server. 

Learn more about agent management in the following article: Manage agents

Domain controllers can be added to a backup plan

According to Microsoft's best practices, at least two domain controllers in each domain should be backed up regularly. 

Important! Cayosoft Guardian requires only one valid backup of an Active Directory domain controller to recover a domain. Still, it is strongly recommended that at least two domain controllers be backed up for redundancy. 

Domain controllers holding PDC FSMO roles are prioritized for backups because they usually contain the most up-to-date information in their Active Directory database. This prioritization does not affect the recovery process. During recovery, the first restored domain controller will seize the FSMO roles, and a backup from any domain controller can be utilized.

Note: Cayosoft Guardian automatically excludes RODC(s) (read-only domain controllers) from the backup plan.

 

To edit the list of domain controllers in the backup plan:

  1. Open the Cayosoft Guardian web portal.
  2. Expand Forest Recovery node.
  3. Click on the Backup Plans node.
  4. Select your Backup plan and click Properties.
  5. Switch to the Domain Controllers tab.
  6. Use Add and Delete actions to select domain controllers to be backed up.

    BackupPlansAddDC.png

Frequency of backing up domain controllers

When devising a backup plan for Active Directory, several changes and factors must be considered. In most cases, it is recommended to perform daily backups of domain controllers.

Use the following criteria to determine the frequency of your backups:

  1. Small environments with a single domain controller in the forest or domains that exist in a single physical location (that is, domains with a single point of failure): create backups at least daily.
  2. Medium (10 to 49 domain controllers) and large environments (50 to 1,000 or more domain controllers): Create backups of each unique directory partition in the forest on two different computers at least daily with an emphasis on backing up application directory partitions, empty root domains, domains in a single geographic site, and sites that have large populations of users or that host mission-critical work.
  3. Make backups with increasing frequency until you are confident that losing the objects created or modified since the last backup will not disrupt your operations. Major environmental changes should always be immediately followed by a new system state backup.
  4. Consider using the continuous data protection feature in Cayosoft Guardian to afford to back up less frequently and restore from Change History.

 

Managing the advanced settings of a backup plan

Advanced settings of a backup plan allow fine-tuning of your backup plan.

Use Controllers to back up in parallel to change the number of simultaneously backed-up domain controllers to optimize network bandwidth and backup process duration or to meet network storage requirements related to many allowed connections.  

Use Agent deployment settings to change how agents will be deployed or updated within a backup plan execution. Learn more about agent management in the following article: Manage agents

  1. Open the Cayosoft Guardian web portal.
  2. Expand Forest Recovery node.
  3. Click Backup Plans.
  4. Select your Backup plan and click Properties.
  5. On the Settings tab, select Backup AD DC action in the Workflow steps table.

    BackupPlansADDCNav.png

  6. Edit settings if necessary.

    BackupPlansADDC.png

Using backup encryption

Prerequisites

The BitLocker feature must be enabled on all domain controllers in the backup plan. The following Microsoft article explains how to install BitLocker on a Windows Server: Install BitLocker on Windows Server.

Cayosoft Guardian automatically enables BitLocker Drive Encryption on domain controllers if it is disabled. If a backup plan execution history contains a specific error related to BitLocker Drive Encryption, you might need to reboot your domain controllers to complete the installation.

 

Configure backup plan

Cayosoft Guardian allows protecting backup files at rest using BitLocker. By default, encryption is enabled, and users are now required to input the backup password. This password will be used to encrypt backups with BitLocker. To simplify the recovery process, it is recommended to use the same password in all backup plans. For security reasons, after leaving this form, you cannot access the password's value. Copy the password and save it in a secure location, as it will be needed to access your backups in a disaster recovery scenario.

 

During the backup plan execution, Cayosoft Guardian creates a Hard Disk Image File (.vhdx) on the specified backup location and encrypts it using BitLocker technology.  

Learn more about BitLocker technology in the following Microsoft article: BitLocker - Device encryption.

 

NOTE: Store your passphrase securely. Without it, you cannot access your backups or perform a recovery. Learn more about BitLocker passphrases in the following article: How Cayosoft Guardian manages BitLocker passphrases.

To disable backup encryption in the backup plan:

  1. Open the Cayosoft Guardian web portal.
  2. Expand Forest Recovery node.
  3. Select the Backup plans node.
  4. Select your backup plan.
  5. Click Properties.
  6. Click the Configure encryption button and disable the Enable backup encryption checkbox.

    BackupPlansDisableEncryption.png

Assigning a managed host to a backup plan

In some environments, you may encounter machines with the same name managed by Cayosoft Guardian.

For example, if a machine named DC1 was originally in a source test lab environment and then recovered to a remote recovery site in Azure, Cayosoft Guardian will not continue to back up DC1. This will cause the backup plan to fail with an error. To back up managed hosts with the same name, you must manually assign these hosts to the backup plan.

To assign a managed host to a plan perform the following steps:

  1. Open the Cayosoft Guardian web portal.
  2. Expand Forest Recovery node.
  3. Click Backup Plans.
  4. Select your Backup plan and click Properties.
  5. Select a domain controller on the Domain Controllers tab and click Properties.

    BackupPlansSourceHostNavigate.png

  6. Browse for Source Host

    BackupPlansSourceHost.png

 

 

© Copyright 2013-2025 Cayosoft Inc. All rights reserved.

Was this article helpful?
2 out of 3 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.