There are two types of backup that you can perform to back up Active Directory Domain Services on a domain controller. A System State backup or a critical-volumes backup:
MS Windows System State backup :
When performing system state backup, the system components that are included in the system state data depend on the server roles that are installed on the computer. A system state backup includes at least the following data, plus additional data, depending on the server roles that are installed:
- COM+ Class Registration database
- Boot files
- Active Directory Certificate Services (AD CS) database
- Active Directory database (Ntds.dit)
- SYSVOL directory
- Cluster service information
- Microsoft Internet Information Services (IIS) metadirectory
- System files that are under Windows Resource Protection
MS Windows System backup :
With the MS Windows System backup module, you can backup all critical volumes, rather than only backing up system state data, this module backs up the selected volumes entirely.
When you backup the critical volumes on a domain controller with the MS Windows System backup module, the backup includes all data that resides on the volumes that include the following:
The volume that hosts the boot files, which consist of the Bootmgr file and the Boot Configuration Data (BCD) store
The volume that hosts the Windows operating system and the registry
The volume that hosts the SYSVOL tree
The volume that hosts the Active Directory database (Ntds.dit)
The volume that hosts the Active Directory database log files
A volume is considered critical if any system state file is reported on that particular volume.
More information on system state and system backup / bare-metal backup (BMR) can be found in this Microsoft document.