-
Resources
- Forums
-
Recovery Manager for Active Directory
Backing up Active Directory and restoring down to object and attribute levels is a lot easier when you have the right Active Directory backup tools. Quest® Recovery Manager for Active Directory is like an insurance plan for your AD environment. It not only enables you to back up Active Directory (AD) at the object and attribute level, but also helps you pinpoint changes to your AD environment at the same granular level. Know what happened, who is impacted and what to roll back. Quickly compare a backup to pinpoint differences at the object level and instantly recover.
Mistakes happen. Your AD environment can be damaged when an administrator accidentally deletes something or makes a mass update that goes wrong. This can negatively impact your productivity for hours or even days, and as a result, cost your company revenue and its reputation. When this happens, you need a disaster recovery plan and Active Directory backup tools to restore your AD environment and get your AD back up and running quickly. Recovery Manager for Active Directory helps you do exactly that, all while reducing recovery time and costs to reduce user impact.
Key Benefits
Reduce downtime
Accelerate recovery
Granular restore
55%
Of data breaches caused by insiders
95M
AD accounts under attack daily
14sec
Another ransomware attack occurs
Comprehensive recovery
When you have the right Active Directory backup tools, you can restore any object in AD, including users, attributes, organizational units (OUs), computers, subnets, sites, configurations and Group Policy Objects (GPOs). Recovery Manager not only helps you back up Active Directory faster, but also significantly reduces downtime so you can get affected users back to work quickly without restarting domain controllers. You’ll be able to eliminate downtime as well as negative impact on network users.
Hybrid AD and Azure AD recovery
Whether you’re running a hybrid AD environment with Azure AD Connect, or have cloud-only objects or attributes that aren’t synchronized, it’s critical for security and compliance purposes that you have Active Directory backup tools to ensure the availability, integrity and recovery of both on-premises AD as well as Azure AD. Quest On Demand Recovery provides a single recovery dashboard to differentiate hybrid and cloud-only objects, run difference reports between production and real-time backups, and restore all changes, whether on premises or in Azure AD.
Integration with IT Security Search
Use IT Security Search to discover which AD objects have changed, including before and after values, and restore them to a previous state with a few clicks.
Comparison reporting
Highlight changes made since the last Active Directory backup by comparing the online state of AD with its backup or by comparing multiple backups. Accelerate recovery by quickly pinpointing deleted or changed objects or attributes. And with Change Auditor you can easily identify who made the changes.
Recovery console fault tolerance
Share persistent configuration data between several instances of your recovery consoles so that you can quickly resume the last restore operation in case it was unexpectedly interrupted.
Recovery roadmap
Generate a detailed recovery process report. This overview of every recovery stage and operation allows you to gain a better understanding and more control of every aspect of Active Directory backup and recovery.
Delegated recovery
Assign restore tasks to specific users to cut down on recovery timelines and senior-level resource requirements.
Tour
Intuitive interface
Specifications
Before installing Recovery Manager for Active Directory, ensure that your system meets the following minimum hardware and software requirements.
NOTE
- Recovery Manager for Active Directory supports only IPv4 or mixed IPv4/IPv6 networks.
- Recovery Manager for Active Directory Forest Edition can backup and restore domain controllers that are running on virtual machines in Amazon Web Services (AWS) or Microsoft Azure. Note that such domain controllers cannot be restored with the Bare Metal Active Directory Recovery method because there is no way to boot them from an ISO image.
- Processor
Minimum: 2.0 GHz
Recommended: 2.0 GHz or faster
CPU Cores
Minimum: 2 CPU cores
Recommended: 4 CPU cores
Memory
Minimum: 4 GB
Recommended: 8 GB
These figures apply only if the Active Directory domains managed by Recovery Manager for Active Directory include 1 million objects or less. Increase RAM size by 512 MB for every additional 1 million objects.
- Hard Disk Space
Full installation including the prerequisite software: 2.7 GB of free disk space
In case all the prerequisite software is already installed: 260 MB of free disk space
NOTE Additional storage space is required for a backup repository, at least the size of the backed-up Active Directory database file (Ntds.dit) and the SYSVOL folder plus 40MB for the transaction log files.
- Operating System
- Machine that hosts the Recovery Manager for Active Directory console must have same or higher version of Windows operating system than the processed domain controllers. Otherwise, the online compare and object search in a backup during the online restore operation may fail.
- 32-bit operating systems are not supported.
Installation
- Microsoft Windows Server® 2022, 2019, and 2016
- Microsoft Windows 11, 10 x64, 8.1 x64
Targets for backup, restore, or compare operations
- Microsoft Windows Server® 2022, 2019, and 2016 (including Server Core installation
- Microsoft .NET Framework
Microsoft .NET Framework version 4.8 or higher is needed on the console system.
- Microsoft SQL Server and its components
Microsoft SQL Server versions
Microsoft SQL Server® is required for the following Recovery Manager for Active Directory features: Comparison Reporting and Forest Recovery Persistence.
Supported SQL Server versions:
- Microsoft SQL Server® 2022, 2019, 2017, 2016, and 2014 (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
- Microsoft Windows PowerShell
Microsoft Windows PowerShell version 5.0 or later
- Integration with Change Auditor for Active Directory
Supported versions of Change Auditor for Active Directory: from 6.x to 7.x.
If any prerequisite software is not installed, the Setup program automatically installs it for you before installing Recovery Manager for Active Directory. If the prerequisite software to be installed is not included in this release package, it is automatically downloaded.
Continuous recovery: From version 10.0.1, Recovery Manager for Active Directory together with Change Auditor can restore the deleted object(s) and continuously restores the last change (if any) that was made to the object attributes after creating the backup, using the data from the Сhange Auditor database.
- Antivirus software that is supported for backup antimalware checks
The anti-virus checks are performed on the Forest Recovery Console machine running Windows Server 2016 or higher by means of antivirus software installed on the machine.
- Microsoft Defender
- Symantec Endpoint Protection 14.x
- Broadcom Endpoint Security (former name: Symantec Endpoint Protection 15)
- Supported server management systems
- Integrated Dell Remote Access Controller (iDRAC) 8 and 9
- HP ProLiant iLO Management Engine (iLO) 3, 4 and 5
- VMware vCenter/ESX Server 6.0, 6.5, 6.7 and 7.0
- Microsoft Hyper-V Server 2012 or higher
NOTE: Microsoft .NET 4.8 is not required to be installed on the systems where the Forest Recovery and Backup agents are to be installed. The Secure Storage Agent does use .NET and it is recommended to install 4.8 on the Secure Storage system, but the agent will work with older versions.
Microsoft SQL Server components
Microsoft System CLR Types for SQL Server® 2014
If this component is not installed, it will be installed automatically by the RMAD setup.
Microsoft SQL Server Reporting Services
To display reports, Recovery Manager for Active Directory can integrate with Microsoft SQL Server® Reporting Services (SRSS) 2016, 2017, 2019, and 2022.
- Memory
1 GB (2 GB recommended)
- Hard disk space
2 GB or more
- Operating System
One of the following operating systems:
- Microsoft Windows Server® 2022, 2019, and 2016 (including Server Core installation)
Secure Storage Server
- Processor
Minimum: 2.0 GHz
Recommended: 2.0 GHz or faster
CPU Cores
Minimum: 2 CPU cores
Recommended: 4 CPU cores
Memory
Minimum: 4 GB
Recommended: 8 GB
- Operating system: Microsoft Windows 2016 or higher
- A stand-alone server to be used as your Secure Storage server. This server should be a workgroup server and not joined to an Active Directory domain.
- An account that will be used to deploy the Storage Agent on the Secure Storage server. This account must also be a local Administrator on the Secure Storage server.
- Physical access to the Secure Storage server. Once the server is hardened access with regular methods will be disabled.
- Sufficient storage space on the Secure Storage server for all backup files. For one backup file, the space required is at least the size of the backed-up Active Directory database file (Ntds.dit) and the SYSVOL folder plus 40MB for the transaction log files.
- Cloud Storage
- Internet access available on the Recovery Manager for Active Directory console. A standard outbound HTTPS port 443 is used to upload data to Azure Blob and Amazon Web Services S3 Storage.
- Azure and Amazon Web Services subscription(s) to create and manage Azure and Amazon Web Services S3 Storage accounts and containers.
- A method of creating and managing Azure and Amazon S3 Storage accounts, containers, and policies for the storage account (lifecycle, immutability and replication policies).
You can only use the Password and SIDHistory Recoverability Tool if Microsoft's Active Directory Recycle Bin is not enabled in your environment.
Recovery Manager for Active Directory Disaster Recovery Edition is upgradeable from version 10.0 or later.
FAQs - Active Directory Backup and Recovery
Window Server 2008 R2 included a particularly welcome enhancement, AD Recycle Bin restore, which enables restore of some recently deleted Active Directory objects. To facilitate object recovery in cloud-based environments, Microsoft provides the Azure AD Recycle Bin, which offers similar but not identical functionality to its on-premises sibling.
The Active Directory and Azure AD Recycle Bins are extremely valuable in certain situations. If an AD object, such as a user account, has been mistakenly deleted, for instance, you might be able to restore the object from the AD or Azure AD Recycle Bin. However, the Microsoft Recycle Bin is not, and was never intended to replace Active Directory backup tools. Check out this Active Directory and Azure AD Recycle Bin FAQ and feature comparison to learn exactly what each can do and explore the key limitations.