To backup a domain controller with powershell. Use the script below to place it on the network. This scripts requires the Windows Server Backup Feature and can be scheduled

Import-Module ServerManager
[string]$date = get-date -f 'yyyy-MM-dd'
$TestTargetUNC= Test-Path -Path $TargetUNC
if (!($TestTargetUNC)){
New-Item -Path $TargetUNC -ItemType directory
$WBadmin_cmd = "wbadmin.exe START BACKUP -backupTarget:$TargetUNC -systemState -noverify -vssCopy -quiet"
Invoke-Expression $WBadmin_cmd

If an error occurs:

Detailed error: The filename, directory name, or volume label syntax is incorrect. The backup of the system state failed 

Make sure all drivers are set correct. In my case changing the path of vsock did the trick. How to find the driver path? Open an elevated prompt and execute the following commands:

DiskShadow /L writers.txt
list writers detailed

Check the directories, in my case the string which was found was the following:

File List: Path = c:\windows\\systemroot\system32\drivers, Filespec = vsock.sys

To correct the path, open the Registry Editor and go to reg key HKLM\SYSTEM\CurrentControlSet\Services\vsock

Change the ImagePath value from


Run the backup again, it should say:

The backup operation successfully completed.
The backup of volume (C:) completed successfully.
The backup of the system state successfully completed [01.06.2020 09:52].


Optimizing NTLM authentication flow in multi-domain environments




  1. Client (GUYTEWKS) sends username (EMEA\guyte) to
  2. FILESRV01 generates NTLM challenge and sends it back to the client
  3. The client sends NTLM response, containing the encrypted user password hash, to FILESRV01
  4. FILESRV01 passes the authentication request to a DC in the domain it is member of to which it has a secure channel active ( in our case)
  5. The USDC01 DC sees that the authentication request is not for its own domain and consults the trust information. AMERICAS domain does not have a direct trust with EMEA domain, but the forest root domain does, hence the DC in AMERICAS domain decides to rout the request to a DC in ROOT domain
  6. USDC01 passes the authentication request to a DC in ROOT domain to which it has an active secure channel (
  7. ROOTDC01 receives the request, but can not authenticate it locally. Fortunately ROOT domain has a trust with EMEA domain and ROOTDC01 routs the request to a DC in EMEA domain
  8. ROOTDC01 passes the authentication request to a DC in EMEA domain to which it has an active secure channel (
  9. EUDC01 sees that it can authenticate the request locally and verifies the credentials.
  10. We are going all the way back (the way we came from) to FILESRV01 to tell it whether the authentication attempt was successful

Read the webpage in PDF:[wpdm_file id=79 title=”true” ]