Backup DFS NameSpaces with PowerShell

How to backup Domain DFS Roots using PowerShell:  DFS (Distributed File System) provides a virtual namespace in front of your file servers, allowing you to provide a path to your shared data that is not tied to a server name.  Domain DFS roots are DFS namespaces whose configuration is stored in Active Directory, and can be hosted by multiple servers who share that configuration stored in AD.  The Object in AD holds the list of namespace servers as well as servers that host the linked folders within the namespace.  Eh, perhaps I'm not doing a very good job of explaining this, but that's not the point of the article.  The point is, that anyone who uses DFS knows that if you acidentally delete a DFS namespace (which is all too easy to do), it's gone.  Kaplooey.

Traditionally, The DFS objects are backed up along with the rest of your Active Directory, during a System State backup.  To restore one, you have to restore AD and do an authoritative restore of the DFS object in question.  I know, there are various ways to recover objects, but again that's not the point.

The point is, there's an easy way to backup your DFS namespaces, using dfsUtil.

DfsUtil is a command line utility that comes with Windows server.  To use it to backup a namespace, you simply type:

dfsUtil root export \\domain\rootname rootname.xml

The configuration of the namespace and all its links will be stored to an XML file.  Then to restore it, you create a new root, then import the xml file again like so:

dfsUtil root addDom \\servername\rootname
dfsUtil root import set \\domain\rootname rootname.xml

Where servername is the name of one of the servers to host the namespace (and must have a share with the same name as the root to be created).

Anyway, I said PowerShell didn't I?  Well, I haven't found a good way (yet) to do the whole thing in PowerShell (all my DFS code is currently in C++), but what we can do is use PowerShell to gather all of the DFS roots in our Active Directory and use dfsUtil to back them up.

The following script enumerates the domains in the forest, and for each domain, enumerates the domain DFS roots.  For each one, it calls dfsUtil to backup the namespaces.  The script creates a subfolder for each domain and places the backup files in the correct folder.

Before you complain about my coding style, please be aware that I intentionally leave scripts pretty bare bones, and I avoid hard-to-read piplines, because I want the reader to be able to understand the script.  So I'm sure there are plenty of improvements you could make to pretty up the output, catch errors, etc.  Feel free.

$configurationContainer = ([adsi] "LDAP://RootDSE").Get("ConfigurationNamingContext")
$partitions = ([adsi] "LDAP://CN=Partitions,$configurationContainer").psbase.children
foreach($partition in $partitions)
{
 if($partition.netbiosName -ne ""){
  $partitionDN=$partition.ncName
  $dnsName=$partitionDN.toString().replace("DC=",".").replace(",","").substring(1)
  $domain=$partition.netbiosName
  "`n$domain"
  md c:\scripts\powershell\dfsbackup\$domain
  $dfsContainer=[adsi] "LDAP://cn=Dfs-Configuration,cn=System,$partitionDN"
  $dfsRoots = $dfsContainer.psbase.children
  foreach($dfsRoot in $dfsRoots){
   $root=$dfsRoot.cn
   "`n$root"
   dfsutil root export "\\$dnsName\$root" "c:\scripts\powershell\dfsbackup\$domain\$root.xml"
  }
 }
}

2 comments:

Jeremy said...

Hi, It's a good article and has given me some ideas, but it doesn't address the issue posted here when the actual root is broken

Brian said...

Actually it does address it, by recreating the namespace using dfsutil root addDom before restoring the namespace as mentioned above. Now if the namespace is all messed up due to problems with the Active Directory objects, then you may need to do some cleanup of that, but that's beyond the scope of this article.

Post a Comment

Related Posts Plugin for WordPress, Blogger...