Backup and restore a domain

Overview

Managed Microsoft AD supports backing up and restoring your domains. You can create up to five on-demand backups, plus a read-only backup is also automatically created approximately every 12 hours. You can use either type of backup to perform an authoritative restore, which returns the domain to a previous point-in-time.

Backups are taken from the primary region domain controller. When restored, it is automatically replicated to all regions.

If a domain already contains five backups, you must delete one before you can create a new one.

Note that during a restore, your domain is down.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  7. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

  8. Make sure that you have created a Managed Microsoft AD domain.

Gather information

You need the following information to create or restore a backup:

  • Domain resource name: A full resource name for Managed Microsoft AD domain. The format of Resource Name is:
    projects/PROJECT_ID/locations/global/domains/DOMAIN_NAME
    
  • Backup name: The name for your backup name must follow these constraints:

    • Must start with a letter.
    • Must contain between 1-63 characters.
    • Must end with a number or a letter.
    • Must be unique within the domain.

Create a domain backup

To create a domain backup, run the following gcloud CLI command from the project where your Managed Microsoft AD domain was created. Replace the placeholder variables with the information that you gathered.

  gcloud beta active-directory domains backups create BACKUP_NAME
    --domain=DOMAIN_RESOURCE_NAME
    --project=DOMAIN_RESOURCE_PROJECT_ID
  

You receive the following response that indicates that backup creation has started:

  Create request issued for: [BACKUP_NAME]
  Waiting for operation [OPERATION_NAME] to complete...
  

It can take up to 15 minutes to create a backup. Alternatively, you can add the --async flag to execute the command in the background. Note that you can repeat this process to create up to five independent backups in a given domain.

Restore a domain from a backup

To restore the domain, run the following Google Cloud CLI command from the project where the Managed Microsoft AD domain was created. Replace the placeholder variables with the information that you gathered.

  gcloud beta active-directory domains restore DOMAIN_RESOURCE_NAME
    --backup=MY_BACKUP
    --project=DOMAIN_RESOURCE_PROJECT_ID
  

You receive the following response that indicates that the restore process has started:

  Request issued for: [DOMAIN_RESOURCE_NAME]
  Waiting for operation [OPERATION_NAME] to complete...
  

It can take up to two hours to restore a domain. Alternatively, you can add the --async flag to execute the command in the background. Note that your domain is down during the restore process.

Manage backups

To manage your backups, you can run the following Google Cloud CLI commands from the project where the Managed Microsoft AD domain was created. Replace the placeholder variables with the information you gathered.

  • Get backup

    gcloud beta active-directory domains backups describe BACKUP_NAME
    --domain=DOMAIN_RESOURCE_NAME
    --project=DOMAIN_RESOURCE_PROJECT_ID
    
  • List backups

    gcloud beta active-directory domains backups list
    --domain=DOMAIN_RESOURCE_NAME
    --project=DOMAIN_RESOURCE_PROJECT_ID
    
  • Delete backup

    gcloud beta active-directory domains backups delete BACKUP_NAME
    --domain=DOMAIN_RESOURCE_NAME
    --project=DOMAIN_RESOURCE_PROJECT_ID
    
  • Update backup

    gcloud beta active-directory domains backups update BACKUP_NAME
    --domain=DOMAIN_RESOURCE_NAME
    --project=DOMAIN_RESOURCE_PROJECT_ID
    --update-labels=l1=1