How to create a fully discreet backup of the AD/LDAP Domain

I just recently started using UCS as an Domain Controller (fresh install, fresh domain).

I wanted an Active Directory Domain Controller, but hate MS Licensing, and love Linux/Open Source.

In the past I have a lot of experience using Mac OS X Server (back when that was an actual thing). Apple’s server software was far from perfect, and far from the point and click (it just works) consumer side marketing, but if you were one of the very few people who actually knew how it worked in detail (I worked directly with Apple as a Engineering sub-contractor), you could use it reliably.

Anyway, one of the things I often did, was create full backups of our Open Directory (OpenLDAP based domain controller) server. Without going into all the steps, if you made careful note of specific hostname, DNS (forward and reverse), and other configuration options, you could make an archive of the entire LDAP, and later, install a new server from scratch, and restore in a backup of the domain, including all the user group memberships, GUIDs, even account passwords and computer objects (the archive scripts used slapd/etc. to make and restore these archives).

Regarding UCS, I’ve been using it as a our main directory services server, I have some Windows servers and workstations bound to it as if it were an AD domain controller, and have also integrated some web apps/etc via basic LDAP.

I’ve seen information on creating replica or backup servers (one of which can be prompted to a master), but I can’t seem to find info on how to create a FULL backup of just the users/groups/etc. where I could build a whole new replacement server from scratch and get back my users, group memberships, GUIDs and even passwords. Is that possible? I’ve been hesitant to pretend it was an OpenLDAP server and back it up that was, as I don’t understand exactly the relationship between the Samba and OpenLDAP parts of UCS.

Anyone understand what I’m asking, and have info they can point me towards?

Thanks in advance.