-
Resources
- Forums
-
Disaster Recovery for Identity
Minutes matter. Fast and secure AD and Entra ID recovery is vital following a ransomware attack. The longer these critical identity services are down, the longer your business is down. But when disaster strikes, you can recover 90% faster with Quest while saving millions in downtime and mitigation costs.
Disaster Recovery for Identity protects AD and Entra ID from a single cloud platform, delivering secure, malware-free recovery with high availability and instant restoration.
Key Benefits
Rapidly recover from AD disasters
Deploy proven automation and flexibility in recovery options, malware protection, and other best-in-class disaster recovery capabilities that slash recovery time.
Protect identities with immutable backups
Reduce attack surface and keep backups readily available with immutable cloud storage for AD identities, objects and configurations
Improve security and compliance
Satisfy regulatory and internal security requirements with validated supply chain risk management practices that exceed industry standards.
Maximize availability
Instantly start recovery of on-prem Active Directory when on-prem systems are compromised or unavailable.
Reduce footprint and lower costs
Operate world-class AD backup and disaster recovery from the cloud, satisfying SaaS-only strategies.
Streamline operations
Control Active Directory and Entra ID backup and recovery from a single console and common interface to reduce training and admin costs.
FAQ
In the event of a scorched earth attack — i.e., your entire on-premises environment is compromised by something like ransomware — even the most robust on-premises recovery solution will require hardware provisioning and installation before starting recovery procedures. Not to mention getting access to on-premises backups, if you can at all. When the cost of downtime can exceed $1M/hour, having an immediately-available SaaS solution with cloud backups allows you to instantly start recovery, saving not only money but brand reputation.
With Microsoft-provided tools and manual processes, Active Directory forest recovery is a difficult, time-consuming and error-prone process. In fact, Microsoft’s Active Directory Forest Recovery Guide outlines 40 high-level steps that must be performed correctly and in the proper sequence — on each DC. In addition, many of the steps aren’t operations that AD administrators are familiar with; they are tedious, often command-line based steps, so it’s very easy to make mistakes that can re-corrupt your directory and require you to start over. Quest reduces risk by automating every one of these manual steps.
VM snapshots are no substitute for an enterprise AD disaster recovery solution. Using snapshots for forest recovery will almost always result in data consistency problems that are difficult to resolve. Since the data on DCs is constantly being updated and the replication process takes time, snapshots of different DCs almost always contain inconsistent information. Snapshots can also include malware, which gets restored with everything else on the DC. Plus, if you store your VM snapshots in the default location, they’re an obvious target for ransomware encryption, which can render them useless. There’s also a logistical issue. Usually, control over VM snapshots resides with the virtualization operations team, which complicates the AD team’s job during the recovery operation. Finally, the virtualization team might not even know that the AD snapshots are an essential part of the organization’s disaster recovery strategy, so they might not protect the AD snapshots appropriately.
An immutable backup is a duplicate copy of data that cannot be altered or removed for a specified timeframe. It’s another method your organization can use to protect valuable data from threats ranging from cyberattacks to accidental removal. When it comes to Active Directory security, Quest solutions provide multiple storage locations for AD backups, with many organizations choosing to have a dedicated backup location for their identity team that does not rely on traditional backup teams (since traditional backup teams often rely upon Active Directory for authentication). While some organizations can choose to store backups inside enterprise backup storage, you should validate that there are authentication capabilities to retrieve those backups that do not require Active Directory. Because we’ve seen physical destruction, as well as loss of connectivity to the internet, we recommend that your backups are air-gapped or on immutable storage.