Menu

The System State

What is the System State?

The System State consists of the core files and registry settings that are used by the Windows Server operating system.

The System State includes the following information:

• The boot files
• The system registry settings
• The system protected files. These are the critical files needed to run Windows. For example KERNEL32.DLL and NTDLL.DLL.
• The Active Directory data files
• The shared system volume (SYSVOL)
• The COM+ Component Services database
• The Certificate Services database (if installed)

You can back up the System State with the console command wbadmin start systemstatebackup. (We recommend instead you use wbadmin start backup -allCritical. See below.)

---

The System State is insufficient for moving Active Directory

The System State backup is generally insufficient to recover Active Directory on a different computer. We do not recommend that you create a System State backup for use in disaster recovery of AD. We recommend instead that you back up the entire C: disk using the -allCritical option.

U-Move can restore AD on the same computer using only the System State. However, the System State alone is generally insufficient to move AD to a different computer. Additional data files are required to move AD to a different computer.

The System State backup is created using a slow file-based copy method. Windows Server 2022 backs over 100,000 files, and Windows Server 2025 backs up almost 200,000 files. This is over 85% of the typical Microsoft content of the C: disk.

While the System State backup is sufficient for restoring AD on the same computer, it omits certain data files required for cloning AD to another computer. For this reason, we do not support moving AD to another computer using only the System State. To move AD to another computer you need to back up the entire C: disk using the -allCritical option (see below).

Back up all critical data

To reliably move Active Directory to a different computer you need to back up all critical data using the -allCritical option. This will back up the entire C: disk.

You can use an AD-clone utility like U-Move to back up the minimum required files to recover Active Directory on a different computer. The size of the backup file is typically quite small, usually less than 2% of the files on the C: disk, which makes daily backups practical.

---

Problem: Restoring the System State overwrites all device drivers and all system settings

A major problem with restoring the entire System State is that it will replace all of the installed device drivers and system settings on the computer. The device drivers loaded by the System State might be incompatible with the hardware (or VM settings) of the new replacement computer.

Problem: Restoring the System State overwrites installed applications

Restoring the System State will overwrite the settings for installed applications in C:\Program Files and C:\Program Files (x86). This includes any third-party applications that you might have installed.

The System State backup runs slowly

The System State backup is created with a slow file-based backup procedure, where over 100,000 files must be individually located and copied one by one. Because it is a file-based backup process (and not block-based) it takes significantly longer to create a System State backup than to simply create a block-based snapshot of the entire C: disk.

Windows Server 2025 Bug

There is a bug in Windows Server 2025 when using 8k page mode. If you try to create a System State backup, the backup will contain corrupt data. If you attempt to restore the DC from the System State backup, it will cause a Blue Screen of Death (BSOD) with error code 0xC00002e2 (STATUS_DS_INIT_FAILURE).

---

U-Move creates the minimum backup set for moving Active Directory

When U-Move creates the AD snapshot, it will copy only the minimum set of files that are required to move AD to a different computer, avoiding the need to copy the entire C: disk (-allCritical). U-Move will typically copy only 2% of the files on the C: disk.

Best practice: Run U-Move on the source computer to create a small, safe, and reliable backup of Active Directory on a daily or weekly schedule for robust disaster recovery.