Back up and restore a ___domain

This topic shows you how to do the following tasks in Managed Service for Microsoft Active Directory:

  • Take a backup of your existing ___domain which saves the current state of your ___domain.
  • List the backups available for your ___domain.
  • Restore ___domain to a previous state using backup.
  • Get metadata information about a specific backup.
  • Update labels for your backup.
  • Delete backups which you no longer need.

Overview

Managed Microsoft AD supports backing up and restoring your domains. There are three types of backups available:

  • On-demand backup: You can take a backup of your ___domain on demand in Managed Microsoft AD at any time. You can create up to five on-demand backups. If a ___domain already contains five on-demand backups, you must delete an existing backup before you create a new one.
  • Scheduled backup: Scheduled backup is created every 12 hours automatically.
  • Schema extension backup: Managed Microsoft AD creates a backup automatically when you initiate schema extension. A ___domain can have a maximum of 10 schema extension backups at any point in time. If a ___domain already has 10 schema extension backups, when you initiate schema extension, Managed Microsoft AD deletes an existing schema extension backup in chronological order before it creates a new one.

You can use any of these backup types to perform an authoritative restore, which returns the ___domain to a previous point in time.

The backup operation takes backup from the primary region ___domain controller. When restored, it replicates automatically to all regions.

Note that during a restore, you cannot use your ___domain.

Before you begin

  1. Make sure that you have created a Managed Microsoft AD ___domain.

  2. Make sure that you have any one of the following IAM user roles:

    • Google Cloud Managed Identities Backup Admin (roles/managedidentities.backupAdmin)
    • Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)

    For more information, see Cloud Managed Identities roles.

    For more information about assigning an IAM role to user, see Granting access.

Gather information

You need the following information to work with backups:

  • Domain name: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.

  • Backup name: The name for your backup must follow these rules:

    • Must start with a letter.
    • Must contain between 1-63 characters.
    • Must end with a number or a letter.
    • Must be unique within the ___domain.

Work with on-demand backups

You can create an on-demand backup of your ___domain and update its labels. You can run the following gcloud CLI commands from the project where you created your Managed Microsoft AD ___domain.

Create an on-demand backup

To create an on-demand backup of your ___domain, run the following gcloud CLI command:

gcloud active-directory domains backups create BACKUP_NAME \
  --___domain=DOMAIN_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID

Replace the following:

  • BACKUP_NAME: A name for your on-demand ___domain backup. For example, my-___domain-backup.
  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.

You receive the following response that indicates that backup creation has started:

Create request issued for: [BACKUP_NAME]
Waiting for operation [OPERATION_ID] to complete...

It can take up to 90 minutes to create a backup. Alternatively, you can add the --async flag to execute the command in the background. Note that you can repeat this process to create up to five independent on-demand backups for a ___domain.

Update labels for an on-demand backup

To update labels for an on-demand backup, run the following gcloud CLI command:

gcloud active-directory domains backups update BACKUP_NAME \
  --___domain=DOMAIN_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID \
  --update-labels=KEY=VALUE

Replace the following:

  • BACKUP_NAME: The name of your on-demand ___domain backup. For example, my-___domain-backup.
  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.
  • KEY and VALUE: A key-value pair that you want to add to your ___domain backup. For example, backupcount=1.

Manage backups

To manage all types of backups, you can run the following gcloud CLI commands from the project where you created your Managed Microsoft AD ___domain.

List backups

You can list the backups created for a specific ___domain. Run the following gcloud CLI command:

gcloud active-directory domains backups list \
  --___domain=DOMAIN_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID

Replace the following:

  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.

Get backup information

You can retrieve all the information specific to a ___domain backup. Run the following gcloud CLI command:

gcloud active-directory domains backups describe BACKUP_NAME \
  --___domain=DOMAIN_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID

Replace the following:

  • BACKUP_NAME: The name of your ___domain backup. For example, my-___domain-backup.
  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.

Delete a backup

To delete a backup, run the following gcloud CLI command:

gcloud active-directory domains backups delete BACKUP_NAME \
  --___domain=DOMAIN_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID

Replace the following:

  • BACKUP_NAME: The name of your ___domain backup. For example, my-___domain-backup.
  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.

Restore a ___domain from a backup

You can restore a ___domain to a previous state using any of its backups.

Before you restore a ___domain, make sure you refer to these considerations.

To restore a ___domain, run the following gcloud CLI command from the project where you created your Managed Microsoft AD ___domain.

gcloud active-directory domains restore DOMAIN_NAME \
  --backup=BACKUP_NAME \
  --project=DOMAIN_RESOURCE_PROJECT_ID

Replace the following:

  • DOMAIN_NAME: The name of your Managed Microsoft AD ___domain. For example, my-___domain.example.com.
  • BACKUP_NAME: The name of your ___domain backup. For example, my-___domain-backup.
  • DOMAIN_RESOURCE_PROJECT_ID: The project ID of the ___domain resource project. For example, my-project.

You receive the following response that indicates that the restore process has started:

Request issued for: [DOMAIN_NAME]
Waiting for operation [OPERATION_ID] to complete...

It can take up to 90 minutes to restore a ___domain. Alternatively, you can add the --async flag to execute the command in the background.