Active Directory is the most used directory server among the companies. All the users, all the computers that are part of the company require Active Directory to authenticate and are able to complete their jobs. What happens if a server hosting Active directory fails? I don’t think that is good. That means that users and computers can’t authenticate. If they can’t authenticate, they can’t login to the Windows desktop. If they can’t login to the Windows desktop, they can’t work. In addition to local problems remote workers can’t authenticate via VPN as well.
What happens if we loose an object in Active directory, like a user or a computer? If the object is lost, then a user or a computer will not be able to log in. If we lose a computer, we can manually remove a computer from a domain and add the computer to a domain once it restarts. But if loose a user, then things get a bit more complicated. All the permissions assigned to folders are lost. If we have a policy mapped to the users, yes, it’s lost as well.
So many complications we can avoid by having a good and working backup. Nakivo Backup & Replication has support for backing up Active directory and has the ability to restore objects which is essential. Nakivo protects two type of scenarios. If a server fails, we can boot the server straight from the backup and operate normally. The second scenario is when an object is lost in AD. For example, a colleague may delete a user by mistake. This is where Nakivo will help as well.
Setup Active Directory backup with Nakivo Backup & Replication
To set up a backup job which will protect our Active directory is easy like everything in Nakivo. On the first step, we have to select Active Directory server. Click on the next button to proceed to the next step.
Select Backup repository. Click on the Next button.
Now we have to specify a job schedule. When you start a new backup job, you can choose to run a schedule on demand, or just set up an automated schedule.
Now, the best part starts in the last step, where we have to select an App-aware mode. That means that Nakivo knows that it is backing up an application. You can click on Finish or Finish and Run to start a backup job immediately.
When the backup is running, you can monitor Speed and Transfer data, live, straight on the dashboard.
Now that the backup was completed, I can delete an object from AD. I have deleted a user named audit.
How to recover AD object with Nakivo Backup & Replication
To start an Active Directory recovery, we have to click on a Recover and select Microsoft Active Directory objects.
Select a backup and a recovery point. Click Next.
Since I have deleted Active Directory user, I have to find that user in the backup. I go to the OU where it was located and I have to select it. You can also use a search on top. It’s faster if you don’t know an object location.
Once we find an object that we want to restore we have two options. Forward Selected or Download Selected. Forward selected means that we can email the objects via email. Download selected means that objects are downloaded to our computer.
I ‘ve selected deleted user audit. Now that the object is selected, I will download the objects, so I click on Download selected. There are two options, for increased security: User will be disabled or User must change password at tnext logon.
I have selected to download the object. A file is a compressed ldiff file which you can use to manually restore data.
Importing User Objects protected with Nakivo Backup & Replication
If you are set to import user objects to Active Directory, you have to follow a simple procedure to import the user objects in AD:
- On your Active Directory server, run a command prompt with Administrator rights (right-click on Command prompt, run as Administrator)
- You have to enable a secure LDAP connection on the Active Directory server
- Paste the following command in the cmd: ldifde -i -t 636 -f filename.ldif -k -j logfolder, note that “filename.ldif” is the path to the recovered ldif file, and “logfolder” is the path to the folder where import logs will be saved.
- When you import one or more users, you may need to verify password options as sometimes you may run into the group membership problems.
You can find useful instructions on the Nakivo product pages manual.
Importing User Objects protected with Nakivo Backup & Replication
If you have to restore non-user Active directory objects you can follow simple procedure below.
- On your Active Directory server, run a command prompt with Administrator rights (right click on Command prompt, click on run as Administrator).
- Paste the following command: ldifde -i -k -f filename -j logfolder, where “filename.ldif” is the path to the recovered ldif file, and “logfolder” is the path to the folder where import logs will be saved.
In my case, I have easily restored a deleted user called audit.
Conclusion
Nakivo Backup & Recovery is very simple to use. To create a backup or replication job you don’t have to be a rocket scientist and can easily set up backup without reading the manual. When it comes to Active Directory objects restore, you can rest assured that you can recover quickly and that you can count on restore as the tools used are a standard Microsoft import tools.
Leave a Reply