Few days back Veeam announced the public beta availability of new cool utility which allows item-level recovery of AD objects. Veeam Explorer for Active Directory (VEAD) allows exploring the objects by “mounting” directly the ntds.dit – the AD database. The cool thing is that in fact you not only restoring the objects, but also the passwords, without the need to re-join the computers back to the domain. (Even if you can rejin a computer without double-reboot via this tip when the trust relationship fails).
This Veeam's utility is especially useful for older versions of AD without Recycle bin for AD introduced by Microsoft with Windows Server 2008 R2. VEAD is not the first utility of this kind from Veeam. Remember the Veeam Explorer for Exchange, Veeam explorer for Sharepoint or Veeam explorer for SAN Snapshots!
You might be interested in the fact that you can use VEAD with Veeam Backup & Replication Free Version as well. Just download the trial and play with full version during 30 days. After 30 days it transforms itself into a free version…
The process works as follows:
1. With Veeam Free version locate the full backup of your AD server and initiate Guest files restore wizard.
2. Locate the ntds.dit file which is your AD database. Usually at c:/windows/NTDS/ntds.dit
3. Do a right click > explore
4. This opens an explorer window of the mounted backup where you can copy the path to the file. Then start VEAD and Add this path to the Add Database window when clicking the button Add Database.
5. Click Recover to explore this Active directory database. You should see a window like mine:
Very simple and quite awesome, no ?
Veeam Explorer for Active Directory (VEAD) – Which objects are supported for search and restore?
- Users
- Groups,
- Computer accounts
- Contacts
Individual attributes or the whole objects can be restored. You can also restore whole OUs (Organizational Units). So if your AD does not have the Recycle bin enabled you're able to use Veeams VEAD to save you day and restore from backup.
Quite cool to note that VEAD also supports restoring passwords!
See Anton's note on the forums:
Imagine accidentally deleting the entire OU with all your users. Without this feature, each user will be prompted to set the new password upon first logon, which is very disruptive and insecure. But this feature will come even more handy if you lose an OU with computer accounts! If you simply restore those back, computers will not be able to logon to the domain because of computer account password mismatch. Now, just imagine the nightmare of going to each computer, switching it into workgroup, and then joining it back into the domain… hundreds of times! This is when you will really appreciate this feature.
Download Veeam Explorer for Active Directory (VEAD) from Veeam's forum here.
Just download the trial and play with full version during 30 days. After 30 days it transforms itself into a free version…
Source: Niel's Blog -:)
