Can you outline some typical challenges people face with an Active Directory restore? Is there anything you can do to mitigate them when creating backups?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Performing an Active Directory restore is often tricky, and sometimes your recovery options are limited by the way in which the backup of a domain controller was created.
One example of such a situation is that Symantec offers an Active Directory Recovery Agent for Backup Exec. This agent allows backup administrators to back up their Active Directory and to restore all or part of the Active Directory database if necessary. However, the way in which the backup is created makes a difference. Administrators must open the Backup Job Properties dialog box, select the Microsoft Active Directory node, and verify the "Enable the Restore of Individual Objects from Active Directory Backups" checkbox is selected. Otherwise, it is impossible to restore individual Active Directory objects.
It is also worth noting that some backup applications do not natively support the granular recovery of individual Active Directory objects. So what can an administrator do if they are using such a product and need to recover a user account or some other Active Directory object?
If the object in question has been deleted, then the simplest course of action might be to recover the object from the Deleted Objects container. You can do so by using the Get-ADObject and the Restore-ADObject PowerShell cmdlets.
If an Active Directory object has not been deleted, but rather has been incorrectly modified, and a granular recovery is not possible, then a bit more creativity is required. To recover the object, you will need to perform a full restoration of the domain controller to a physical or virtual server that is isolated from the rest of the network. Once the restore operation is complete, you will need to use a utility such as DSDE to export the object from the isolated domain controller and then import it into a production domain controller.
Dig Deeper on Backup and recovery software
Related Q&A from Brien Posey
PowerShell can unlock a lot of management capabilities for IT, but it is also a potential security gap. Put Group Policy to work to fill in the hole.continue reading
Is a converged or hyper-converged deployment the best option for you? While both infrastructures are similar, there are key differences in use cases ...continue reading
Licensing is a critical component of VDI. VMware offers two main licensing options with Horizon View; a per user model and a per concurrent ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.