Nakivo: Restore Active Directory Objects

Active Directory object recovery is the Nakivo’s feature that starting from a “simple” VM backup is able to recover Active directory objects. The only prerequisite is the licensing level: only Pro Essentials and Enterprise Essentials edition are supporting this kind of restore (just check here prices and features).

In this post I’ll show how to restore AD objects inside my Windwos 2012 Primary Domain Controller.

Simple LAB

For this test I use my new lab with this deployment:

The whole environment reside in a single physical host with two nested hosts. To avoid inefficient overheads and to separate backup solution form production environment, I deployed Nakivo Appliance directly into the physical host.

On my Active Directory domain called linoproject.lan, is living the user Lino Telera. I will use this element to test this recovery feature.

In order to protect Active Directory elements inside the VM, it’s necessary create a simple backup job (I add also screenshot verification feature) and run the backup job.


After backup how to restore Active directory User

Since the backup process is the same for every workload running in the virtual infrastructure, the granular restore is what makes the difference for every virtual machines. In fact the core of the AD object restore resides into the archived data that could be used to extract single elements contained from the saved vmdk. It’s time to restore a single AD user.

  • In Nakivo UI click Recover then select “Microsoft Active Directory objects”

  • Choose the AD server then the restore point (in my case the last available), then click Next
  • in the routing tab choose the Transporter (if the files are restored by the local and one Nakivo instance, only the onboard transporter will be used). Click “Next”

  • Then choose the element to restore… in my case Lino Telera

  • Choose Download or Forward Item if you’ve configured a valid SMTP server. A zipped ldif file will be received in your client PC or MAC.
  • Note it is possible choose 2 restore options:
    • User will be disabled: restore the single elements or an entire tree but users will be disabled
    • User must change the password at next logon

Now you can restore single or multiple elements simply copying the ldif file into AD server and issuing the following shell command with Administrator privileges:

Where downloaded_file.ldif is the recovered file (a set of ldap instructions) and logfolder is the folder to store the log of the import to check warning and issues during the real restore process.

Wrap UP

This feature is very useful to restore an accidentally deleted user/group in the AD without replacing the whole VM. Handling the restore by the downloaded (or forwarded) file give also the ability to make changes or move/transfer/replicate the elements into another environment.

NAKIVO, Inc. is a privately-held company founded in 2012. NAKIVO develops a fast, reliable, and affordable data protection solution for VMware, Hyper-V, and cloud environments.

Download Free Trial here:

This post is sponsored by Nakivo, Inc. Thoughts and experiences come from my own.









   Send article as PDF