Pagine

Veeam Explorer for Active Directory and Group policy Object Restore procedure

Today I would like to mention Veeam Explorer for Microsoft Active Director released with Veeam Backup & Replication versions v9 and 9.5

Veeam Explorer for Microsoft Active Directory was a part of Veeam Backup & Replication v8. Its initial functionality was intended to solve the most frequent cases administrators have with Active Directory: Granular objects and containers recovery (ok, password recovery also was included, as well as AD data export in LDIFDE format)

Starting from Veeam Backup & Replication v9, you can restore Group Policy Objects, and the process is very easy.

About domain controller backup you can review this veeam article:

https://www.veeam.com/blog/backing-up-domain-controller-best-practices-for-ad-protection.html


Group policy restore follow this step by step procedure:

The actual recovery procedure is very similar to one I described before:


  • Administrator starts application-item restore for Microsoft Active Directory from the main ribbon or via the backups hive
  • Then, the administrator selects an appropriate backup point with a known valid state
  • Veeam Backup & Replication mounts that restore point to the backup server, extracting the Active Directory database and SYSVOL catalog, and automatically opens them in Veeam Explorer for Microsoft Active Directory
  • If all prerequisites are met, the administrator should be able to find the Group Policy Objects container right below the Users and Computers container
  • Then, the administrator finds a desired GPO manually or by using the search, and performs either the restore or export procedure (figure 1)

Figure 1. Veeam Explorer for Microsoft Active Directory GPO options

Hint: As an option, the administrator can compare GPO attributes with the production state and see what exactly was changed (figure 2).

Figure 2. Veeam Explorer for Microsoft Active Directory Comparing backed up GPO with production

Additional improvements to Veeam Explorer for Microsoft Active Directory

Besides that, in the same version 9, Veeam Explorer for Microsoft Active Directory added support for the recovery of:
Active Directory-integrated DNS records (DNS integrated into Active Directory and replicated as a part of Domain Services replication)
Objects in Active Directory configuration partition (Native AD partitions containing forest-wide information about existing domains and sites available services, which come per forest and are replicated to all Domain Controllers)




Additional resources:
Note: Group Policy is a Windows Server feature (since Windows Server 2000) that allows an administrator to centrally manage the working environment of users and computers, allowing common policies to be configured from one place and then distributed at ease, while also controlling what users/computers can or cannot do.

https://www.veeam.com/blog/how-to-recover-group-policy-objects.html