Also, I have a few customers that use these scripts on a scheduled basis to just keep track of changes in Active Directory or even backup before another implementor is allowed to add or change data in their directory.
I have two scripts - a backup script and a restore script.
Backing upThe backup script basically reads the objects that I want to backup from Active Directory and saves these objects in XML files - one file for each object, typically users and groups. The script takes two parameters, the LDAP filter and the backup directory where you want to save the XML files. So to backup all users with accountname starting with A, use the script like this -
.\backup-object.ps1 -filter '&(objectclass=user)(samaccountname=a*))' -backupdir 'c:\adbackup'
RestoringIf at sometime, you would want to restore any attributes on any of the backed up Active Directory objects, you can use the restore script. The restore script takes two parameters as well, a list of attributes that you want restore and a path to the backup directory containing the XML files that you previously backuped up.
The restore script expects you to feed it the usernames of the users to restore through the pipeline. So to restore the 'givenName' and 'sn' attributes on Bill Gates and Steve Ballmer, use the restore script like this -
"billg", "steveb" | .\restore-object.ps1 -attributes 'givenName', 'sn' -backupdir 'c:\adbackup'
If you want the scripts, you can get them here.