- Permanently delete a Key Vault in Azure using PowerShell - Fri, Feb 4 2022
- Restore Azure Files with PowerShell - Fri, Jan 28 2022
- Bulk restore deleted Azure AD users - Wed, Dec 29 2021
Recovery Service vault ^
The Recovery Service vault on Azure is responsible for securely storing various types of data, such as Azure VMs, SQL databases, and Azure file shares. So, it acts like a central data station where all your backed-up data and recovery points are stored. To protect backup data, Azure Recovery Services uses encryption with platform-managed keys by default, but it also allows you to go with your own RSA keys.
To start using Recovery Services, first we need to register the Microsoft.RecoveryServices resource provider using the following command:
Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"
Once the service provider has been registered, we can create a new Recovery Service vault with the following command:
New-AzRecoveryServicesVault -Name "testvault" -ResourceGroupName "restoreAzureFileShares" -Location "West US"
Now we can create a new backup protection policy with the "AzureFiles" workload type, which we will be using to enable backup on the Azure storage account file share. Retention and schedule policy objects are also needed to create a backup protection policy. With these policy objects, we define the backup schedules and how long the data will be retained in recovery service vaults. There are also workload types other than AzureFiles, such as SAPHanaDatabase, AzureVM, and MSSQL, that are supported by Recovery Services.
Get-AzRecoveryServicesVault -Name "testvault" | Set-AzRecoveryServicesVaultContext $vaultID = Get-AzRecoveryServicesVault -ResourceGroupName "restoreAzureFileShares" -Name "testvault" | select -ExpandProperty ID $retentionPolicy = Get-AzRecoveryServicesBackupRetentionPolicyObject -WorkloadType AzureFiles $schedulePolicy = Get-AzRecoveryServicesBackupSchedulePolicyObject -WorkloadType AzureFiles New-AzRecoveryServicesBackupProtectionPolicy -Name "NewAzureFileSharePolicy" -WorkloadType "AzureFiles" -RetentionPolicy $retentionPolicy -SchedulePolicy $schedulePolicy -VaultID $vaultID
Enabling backup of Azure file shares ^
We can run the following commands to enable the backup feature on an Azure file share:
$azureFileSharePolicy = Get-AzRecoveryServicesBackupProtectionPolicy -Name NewAzureFileSharePolicy Enable-AzRecoveryServicesBackupProtection -StorageAccountName "restoretest0001" -Name "fileshare01" -Policy $azureFileSharePolicy
To manually create a backup on an Azure file share, we will use the following commands:
$azureFileShareContainer = Get-AzRecoveryServicesBackupContainer -ContainerType AzureStorage -Status Registered -FriendlyName "restoretest0001" -VaultId $vaultID $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer -WorkloadType "AzureFiles" -VaultId $vaultID
First, check the backup state without initiating the manual backup job.
$azureFileShareBackupItem | fl *
Now, we can trigger the backup job and see the backup details, such as LastBackupStatus and LastBackupTime, once the backup process is done.
$backupJob = Backup-AzRecoveryServicesBackupItem -Item $azureFileShareBackupItem $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer -WorkloadType "AzureFiles" -VaultId $vaultID $azureFileShareBackupItem | fl *
After this action, we can also confirm the backup of the file share in Azure Portal.
Restoring deleted files ^
We now have a backup that we can use to restore when needed. So let's delete a file from the file share and try to restore it using the newly created backup.
With the following commands, we will:
- Delete the file "file01.txt"
- Set the recovery point to define from which backup the data will be restored
- Restore the file to the original location (alternative location is also supported)
$strAccount = New-AzStorageContext -StorageAccountName "restoretest0001" ` -StorageAccountKey "****STRACCKEY****” Remove-AzStorageFile -Path "file01.txt" ` -ShareName "fileshare01" ` -Context $strAccount $startDate = (Get-Date).AddDays(-1) $endDate = Get-Date $recoveryPoint = Get-AzRecoveryServicesBackupRecoveryPoint ` -Item $azureFileShareBackupItem ` -VaultId $vaultID ` -StartDate $startdate.ToUniversalTime() ` -EndDate $enddate.ToUniversalTime() $recoveryPoint | fl # restore to the original location Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint ` -SourceFileType File -SourceFilePath ` "file01.txt" -ResolveConflict Overwrite Get-AzStorageFile -ShareName fileshare01 -Path file01.txt -Context $strAccount ### restore to an alternate location Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint -TargetStorageAccountName "TargetStrAcc01" -TargetFileShareName "fs01" -TargetFolder "folder1" -ResolveConflict Overwrite Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint -TargetStorageAccountName "TargetStrAcc01" -TargetFileShareName "fs02" -TargetFolder "folder1" -SourceFileType File -SourceFilePath "file01.txt" -ResolveConflict Overwrite
If you need to restore multiple files or folders rather than a single file, you can use the following options:
# multiple directories $dirs = ("Dir1","Dir2") Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint -MultipleSourceFilePath $dirs -SourceFileType Directory -ResolveConflict Overwrite -VaultId $vault.ID -VaultLocation $vault.Location # multiple files $recoveryPoint = Get-AzRecoveryServicesBackupRecoveryPoint -Item $BackupItem -VaultId $vault.ID $files = ("file01.txt", "file02.jpg") Restore-AzRecoveryServicesBackupItem -RecoveryPoint $recoveryPoint -MultipleSourceFilePath $files -SourceFileType File -ResolveConflict Overwrite -VaultId $vault.ID -VaultLocation $vault.Location
Disabling the backup and deleting the Recovery Vault ^
If you try to delete the Recovery Service vault before unregistering containers or deleting the private endpoints, you'll get the following error message:
To unregister the backup container, we first need to disable and delete the existing backup items from the vault. To do so, we'll run this script:
$vaultID = Get-AzRecoveryServicesVault -ResourceGroupName ` "restoreAzureFileShares" ` -Name "testvault" ` | select -ExpandProperty ID $azureFileShareContainer = Get-AzRecoveryServicesBackupContainer -ContainerType ` AzureStorage ` -Status Registered ` -FriendlyName "restoretest0001" ` -VaultId $vaultID $azureFileShareBackupItem = Get-AzRecoveryServicesBackupItem -Container $azureFileShareContainer ` -WorkloadType "AzureFiles" ` -VaultId $vaultID Disable-AzRecoveryServicesBackupProtection -item $azureFileShareBackupItem -VaultId $vaultID -RemoveRecoveryPoints -Force Unregister-AzRecoveryServicesBackupContainer -Container $azureFileShareContainer
Finally, we can delete the vault using the following:
Subscribe to 4sysops newsletter!
$vault = Get-AzRecoveryServicesVault -ResourceGroupName "restoreAzureFileShares" -Name "testvault" Remove-AzRecoveryServicesVault -Vault $vault
Files and folders in an Azure file share can easily be backed up and restored using a Recovery Service vault with flexible options. Backup and restore operations can be performed in Azure Portal or via PowerShell, the Azure CLI, or a REST API.