Recovering deleted AD objects in an easy way and just in few seconds is now possible with the new Veeam Explorer for Active Directory.
Accidentally deleted objects from the directory need a tricky procedure to be recovered from backup or Active Directory Recycle Bin if enabled. Procedure that often takes time to complete leaving the deleted object unavailable to the network. Using Veeam Explorer everything is now simpler and very quick.
Veeam Explorer supports AD database files (.dit) created with the following Domain Controllers:
- Microsoft Windows Server 2012, 2012 R2, 2008, 2008 R2, 2003 SP2.
- Minimum supported domain and forest functional level is Windows 2003.
The following permissions must be granted to the account used for connection with target Domain Controller:
• Administrative rights for target Active Directory.
To create the scenario where Veeam Explorer can play its role, we’re going to delete some Active Directory objects using the tool Active Directory users and Computers.
Navigate to the OU to test.
Select some objects (i.e. users) to delete, right click and select Delete option.
Click Yes to confirm the deletion.
The selected accounts have been deleted from Active Directory.
The deleted user is no longer able to login because the account doesn’t exist in AD anymore.
Restore deleted objects
To restore successfully the deleted objects, we should have a reliable backup configured for application-aware processing (VSS) to guarantee the AD database consistency.
The use of VSS feature is enabled in the backup job configuration.
Open Veeam Backup and Replication 8, navigate to Backup & Replication section and select the Backups > Disk items. Expand the Job name containing the Domain Controller backup and right click the computer object.
Select Restore application items > Microsoft Active Directory objects options.
The Microsoft Active Directory Object Restore window opens showing the available restore points. Select the backup to use to restore the deleted object then click Next.
Optionally enter the Restore reason for the future reference then click Next.
Click Finish to exit the wizard and open Veeam Explorer for Active Directory.
Veeam Explorer for Microsoft Active Directory opens and automatically mount the database from the selected Domain Controller backup.
Navigate to the same OU where the objects were deleted. Click Compare with Production button to identifying the deleted accounts through their Status marked as Tombstone. A Tombstone is an object deleted from the directory but not yet removed from the database.
Select the objects to restore, right click and select the Restore to domain where domain identify your local domain name (i.e. nolabnoparty.local).
Veeam Explorer starts the restore process.
When completed, a Restore summary is shown. Click OK to close.
Recovered objects are no longer marked as Tombstone in the Status column.
Open Active Directory users and Computers tool and select Action > Refresh menu.
The previously deleted objects have been successfully restored and listed in the pane.
The restored user is now able to login again.
With Veeam Explorer, the restore process takes seconds and the functionality of the recovered object is immediate.