One of the most frequent question that my customers did is how to restore Group Policy Objects or Active Directory items when they are deleted. First of all, Microsoft has introduced the Recycle Bin for Active Directory since Windows Server 2008 R2 and this can help the IT admins to restore everything without use backup or do something of strange.
Figure 1 – Active Directory Recycle Bin
Another way to protect your GPO is create a backup of objects every time there’s a new rule created but this task require a manual activity. The backup gives you the possibility to restore the GPO in case, for some reason, you change the main configuration with a wrong one.
Figure 2 – Backup GPO
There’s a third way, that is use Microsoft Advanced Group Policy Management, a component member of MDOP, that allows to create advanced backup, make restore, compare the GPO and much more.
Veeam Restore for Active Directory
For who loves simple life, is possible use Veeam Backup & Replication to restore Active Directory items easily. Thanks to the full native integration, introduced with v8, we can, not only recovery users and groups, but also GPO and DNS Records. Keep in mind that, in order to allow the restore, is necessary backup your Domain Controller with Application-Aware Support enabled.
Figure 3 – Ripristino AD Objects
Recovery procedure is the same for the other objects, like file or database, so there will be the timeline to select in what kind of restore point use.
Figure 4 – Timeline
Figure 5 – Objects List
The available tasks are these:
- Restore su un Domain Controller
- Export
- Compare
The compare is probably my favorite one because can help all the IT admins not only to achive the goal, but also to detect and restore the single modified element. For example we could recovery only the security part (Delegation) because another user has removed all the targeting users without touch the policy settings. There’s no way to view the difference between old and new GPO, about the settings, but it’s a good starting point.
Figure 6 – GPO Compare
Conclusion
Veeam Backup & Replication, if you use all the features, it’s a good alliance not only to recovery file, database or virtual machine, but also the entire IT items. Thanks to the full integration with main services, is possible detect and restore the objects into the starting position without lose time and without generate too much disrupting.