ActiveDirectory

Nakivo 6.1 Backup and Restore Active Directory

In enterprise environments today, Microsoft’s Active Directory (AD or ADDS) is by far the most widely used authentication engine that provides identity management as well as access to resources and objects.  According to Microsoft’ own statistics, over 90% of businesses around the world and 95% of the Fortune 1000 use Active Directory.  With that being said, Microsoft’s family of products over the years have grown even more tightly integrated with Active Directory infrastructure.  So, the health of the enterprise AD structure can affect many if not all systems in the enterprise.  Maintaining Active Directory as well as thinking about disaster recovery can take center stage if corruption occurs or if AD objects are deleted either accidentally or intentionally.

Granted, Active Directory in its latest iterations has grown more robust in the ability to recover from failures, deletions and other events.  However, in thinking about disaster recovery and backups, active directory infrastructure often gets missed as being the critical part of business infrastructure that it is.

We have taken a look at a review of Nakivo’s Backup & Replication 6.1 product in a previous post.  It is a powerful backup and replication tool that offers a lot of value to enterprise environments.  In this post, we will delve deeper into NBR 6.1’s ability to backup and recover Active Directory objects and the process to do this with the NBR 6.1 appliance.  Nakivo Backup & Replication 6.1 enables browsing, searching, and recovering Microsoft Active Directory objects directly from your backups.  This is an agentless feature that is included with the application aware abilities of the software.  Let’s take a look at Nakivo 6.1 Backup and Restore Active Directory.

Nakivo 6.1 Backup and Restore Active Directory

The first thing that we need to do is start out with a backup of our domain controller with the application aware processing in place (which is turned on by default).

nbr_ad01

 

As you can see below, in the Job options the App-aware mode is set to enabled.

nbr_ad02

After we have taken a backup of the Domain Controller virtual machine, we can now access the application aware restore that can read Microsoft Active Directory objects.  Simply select Recover >> Granular Recovery >> Microsoft Active Directory objects to begin the Active Directory restore wizard.

nbr_ad03

This opens the very intuitive restore wizard that allows us to start out by selecting the VM that we want to initiate the restore on.  Also, you will notice at the bottom of the wizard screen the Automatically locate application databases is selected.  This means Nakivo Backup & Replication will automatically search for supported application databases.

nbr_ad04

As you proceed with the wizard, the recovery point is searched for supported application databases.

nbr_ad05

In step 2, we will select the application items to recover which in the Active Directory restore, will be objects that we want to recover, including user objects.  Notice the Active Directory database, ntds.dit is found and is now browseable.

nbr_ad06

As mentioned, we can browse the backup of the ntds.dit database now the same as we can in Active Directory Users and Computers.

nbr_ad07

We can now select the container and objects we want to take a look at/restore.  Below we have three user accounts in a TestOU container.

nbr_ad08

From here we can select which objects we want to work with in the restore process by simply placing a check by the objects themselves in the application items to recover screen.  Notice we have the Download button and Recovery Settings available.

nbr_ad09

The recovery settings option opens the options for Recovery of user object which allows us to choose how the user object is restored – user will be disabled or user must change password at next logon.

nbr_ad10

The Download option actually downloads the restorable ldif package that we can use to import the deleted object/user.  If change password at next logon is selected, Nakivo Backup & Replication will automatically generate a new password for each recovered user object.  The passwords.txt file will be added to the .zip archive along with the recovered objects and contains the new passwords.

nbr_ad10b

As you can see below, we only have a user2 and user3 account.  We no longer have a user1 account as it has been accidentally deleted.

nbr_ad11

We simply copy over the zip recovery file which contains our restorable ldif file and run the ldifde command to import the object back into Active Directory.

To do this over a secure connection we run the command:  ldifde -i -t 636 -f filename.ldif -k -j logfolder, where “filename.ldif” is the path to the recovered ldif file, and “logfolder” is the path to the folder where import logs will be saved.  The secure connection requires a self signed certificate to enable secure connectivity to Active Directory.  You can also connect and import over the standard port without encryption but isn’t recommended.

In a lab environment, we have simply used an insecure connection to import.  The command is ldifde -I -f filename.ldif -k -j logfolder.

nbr_ad12

When we run the command, the object along with attributes are imported back into Active Directory.

nbr_ad13

Now as soon as we refresh the container containing our user accounts, we now see user1 back in place, albeit disabled due to the options we chose in the wizard.

nbr_ad14

We can also now enable the object and make it active.

nbr_ad16

Also, we have the log file that is created with the successful import of the object that is very useful in seeing exactly what happened with the object import.  The log is defined by the logfolder parameter that is passed in with the ldifde command.

Thoughts

With Microsoft’s Active Directory being at the heart of most organizations identity management and resource access, it is imperative for organizations to consider their strategies for backing up and restoring Active Directory objects.  Whether it is an accidental or intentional deletion, the ramifications for not being able to properly restore the objects back into service quickly can be costly to enterprises.

Nakivo Backup and Replication 6.1 provides an easy way to restore deleted objects back into service via the intuitive interface.  The agentless and application aware processing that is included with the way the Nakivo Backup and Replication appliance works out of the box, makes this functionality immediately accessible on backing up domain controllers for the first time.

Active directory is a critical component of keeping today’s infrastructure up and running, and enterprises must consider it in any disaster recovery plan.  Nakivo 6.1 Backup and Restore Active Directory makes this possible.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.