With so many tools available in the “admin toolbox”, overlooking the best tool for the job is easy, especially when it comes to restoring data. We all need to keep in mind that the process or tool used “because we’ve always done it this way” may not be the best one, especially when you have Veeam at your disposal.
I was talking to a friend of mine who was not necessarily complaining, but expressing a mild distaste in regards to the process of restoring a deleted Active Directory account. Though I’m not going to go into the full details of the conversation, the seemingly complicated restoration process that was described sounded, to me, as something like this MS Support post…and who wants to do all that to restore an AD account?
Through the pain in his voice, I heard an unspoken question, “Is there an easier way to do this?” I answered the silent plea with a spoken question, “Why not use the Veeam AD restore wizard?” I found his answer of “The what?…” surprising and enlightening. Why? I installed Veeam for this company years ago and just assumed my basic knowledge transfer routine was sufficient training for operating Veeam to its full capacity. Obviously it wasn’t.
My friend is a member of a small IT team with large responsibilities. In addition to backup, his team supports thousands of end-user and production devices across multiple locations, they must maintain the wired and wireless networks, ensure the phones work, manage existing and deploy new servers, answering help desk calls, on-board new users and off-board (??) old ones, while keeping a constant eye on security, etc., etc. His is a big and busy job that provides precious little free time to explore the advanced features of every system they support and use. So this post is primarily for you, the crazy busy, wearer of many hats, IT administrator. I simply want to introduce you to the “advanced” application restoration features available to you within Veeam while also showing you an easier way to restore an Active Directory account.
Application Restoration Capabilities in Veeam
When performing a restore, you have the following options at your disposal. As you can see, Veeam provides the ability to easily restore several application items.
- Entire VM restore – restore an entire VM or its virtual disks
- Guest files restore – restore individual guest files
- Application items restore – restore individual application items such as
- Microsoft Active Directory
- restore users, groups, computer accounts, GPOs, DNS records, and configuration partition objects
- Microsoft Exchange
- restore individual mailbox items to a mailbox or PST file
- Microsoft SharePoint
- restore individual documents, libraries, or entire sites
- Microsoft SQL Server
- restore individual databases, tables, or stored procedures to original or different SQL server
- Oracle Database
- restore Oracle databases to the original or different server
- Other applications
- restore application data using a Virtual Lab
- Microsoft Active Directory
Restoring an Object using Veeam Explorer for AD
1. When performing a restore, select Restore from Backup/Replica | Application items restore.
2. On the Application Items Restore screen, click Microsoft Active Directory.
3. On the Machines screen, select a domain controller to restore from and click Next.
4. On the Restore Point screen, select a restore point which contains the AD object you wish to restore and click Next.
5. On the Reason screen, enter a Restore reason and click Next.
6. On the Summary page, verify the appropriate domain controller and restore point are displayed and click Finish.
7. The Veeam Explorer for Microsoft Active Directory window will launch and mount the restore point. Wait for that process to complete.
8. When the AD OU Structure is displayed, select the object you wish to restore and then click Restore Objects | then restore the object to the original or different location
9. When the AD object has been restored successfully, click OK on the Restore Summary screen.
10. At this point, I suggest resetting the user password and test login. Assuming success, set a generic password and force the user to change the password at next logon.
A Couple Neat Tidbits on Restoring AD Objects….
As you are selecting items to restore, notice that you have the options to Compare with Production and Compare Object Attributes on the Veeam Explorer for AD Toolbar. You may find these useful when trying to discern if a given object has changed since the backup you are exploring was taken.
- Compare with Production compares the object state in the backup to what exists in the production environment. If you click Compare with Production, the ITEM STATE within Veeam Explorer will display Changed if the backup of the object is different than what exists within the production environment.
- To see more detailed information on the specific difference(s), highlight a changed object and click Compare Object Attributes. You will be presented with a list of attributes that are different between the backup and production AD objects. You can use the Compare Object Attributes screen, to restore specific object attributes as opposed to restoring the object in its entirety.
The biggest takeaway I hope to leave you with here is that if you are using Veeam to backup data, it provides you with an extraordinary set of capabilities should you need to restore data whether that be a VM, a virtual disk, a file, an Active Directory object (or a specific attribute), a database, a table, etc. I know you’re busy, my friend certainly is, but I hope this post helps you at least a little bit to better understand ways to use Veeam to help ease the burden imposed by any non-Veeam and very manual data restoration tasks.