Menu

The System State

What is the System State?

The System State consists of the core files and registry settings that are used by the Windows Server operating system.

The System State includes the following information:

• The boot files
• The system registry settings
• The system protected files. These are the critical files needed to run Windows. For example KERNEL32.DLL and NTDLL.DLL.
• The Active Directory data files
• The shared system volume (SYSVOL)
• The COM+ Component Services database
• The Certificate Services database (if installed)

You can back up the System State with the console command wbadmin start systemstatebackup. (We recommend instead you use wbadmin start backup -allCritical. See below.)

---

The System State is insufficient for moving Active Directory

The System State backup is generally insufficient to recover Active Directory on a different computer. We do not recommend that you create a System State backup for use in disaster recovery of AD. We recommend instead that you back up the entire C: disk using the -allCritical option.

U-Move can restore AD on the same computer using only the System State. However, the System State alone is generally insufficient to move AD to a different computer. Additional data files are required to move AD to a different computer.

The System State omits certain fixed settings and encryption keys that are established very early during the installation of Windows Server and never change during the life of the computer. The System State also omits the data files for DNS, DHCP, WINS, and the IIS MetaBase, Active Directory Certificate Services (AD CS), and Active Directory Federation Services (AD FS), all located in \Windows\*. If these files are not copied then Active Directory on your replacement DC will not operate correctly.

Windows Server 2012: Microsoft changed the System State backup to include many additional files, including the fixed encryption keys, the DNS zone files, DHCP, WINS, and the IIS MetaBase (over 80,000 files total). This is roughly 70% of the typical Microsoft content of the C: disk. However, it is still insufficient for moving Active Directory to another computer (see below).

Windows Server 2016-2022: Microsoft changed the System State backup to include even more files (more than 100,000), which includes over 85% of the typical Microsoft content of the C: disk. However, it is still insufficient for moving Active Directory to another computer.

The System State backup in Windows Server still omits some critical databases and settings related to AD. Examples include the Active Directory Web Services settings and the Active Directory Federation Services (AD FS) policy configuration file. For this reason we still do not support moving AD to another computer using only the System State. To move AD to another computer you need to back up the entire C: disk using the -allCritical option (see below).

Back up all critical data

To reliably move Active Directory to a different computer you need to back up all critical data using the -allCritical option. This will back up the entire C: disk.

Or you can use an AD-clone utility like U-Move to back up the minimum required files to recover Active Directory on a different computer. The size of the backup file is typically quite small, usually less than 2% of the files on the C: disk, which makes daily backups practical.

Problem: Restoring the System State overwrites all device drivers and all system settings

A major problem with restoring the entire System State is that it will replace all of the installed device drivers and system settings on the computer. The device drivers loaded by the System State might be incompatible with the hardware (or VM settings) of the new replacement computer.

Problem: Restoring the System State overwrites installed applications

Restoring the System State will overwrite the installed applications in C:\Program Files and C:\Program Files (x86). This includes any third-party applications that you might have installed.

The System State backup runs slowly

The System State backup is created with a slow file-based backup procedure, where tens of thousands of of files must be individually located and copied one by one. Because it is a file-based backup process (and not block-based) it takes significantly longer to create a System State backup than to simply create a block-based snapshot of the entire C: disk.

U-Move creates the minimum backup set for moving Active Directory

When U-Move creates the AD snapshot, it will copy only the minimum set of files that are required to move AD to a different computer, avoiding the need to copy the entire C: disk (-allCritical). U-Move will typically copy only 2% of the files on the C: disk.

Best practice: Run U-Move on the source computer to create a small, safe, and reliable backup of Active Directory on a daily or weekly schedule for robust disaster recovery.