recovery-manager-for-AD-disaster-recovery
Read whitepaper

Recovery Manager

Automate and accelerate Active Directory recovery. Ransomware is today's most disruptive cyberthreat, and Active Directory is increasingly in its crosshairs. Recovery Manager for Active Directory Disaster Recovery Edition slashes AD forest recovery time from days or weeks to just hours, giving you peace of mind that an AD disaster will not become a business disaster.

Request pricing
Free trial

Accelerates recovery from cyberattacks

Simplify, automate, and accelerate Active Directory forest recovery with unmatched security, flexibility, and options to meet the needs of your business continuity and disaster recovery plans.

Adapts to any disaster - Handle any Active Directory disaster recovery scenario, from attribute changes to SYSVOL corruption to full AD forest disasters.

Automates AD forest recovery - Automate the Active Directory forest recovery process, including the 40+ steps outlined in Microsoft's AD forest recovery best practices.

Provides flexibility and choice - Choose the best method for your situation, whether that’s phased recovery, restoring AD to a clean OS, or bare metal recovery.

Delivers clean, malware-free recovery - Eliminate the risk of malware reinfection throughout your AD forest recovery with scanning for malware and minimizing its hiding places.

Active Directory is a prime attack target

69
%

Organizations impacted by ransomware

21
days

Average downtime due to ransomware

25
B

Attempted attacks on Entra ID accounts

More than 20 years of Active Directory recovery expertise

Quest Software has helped companies recover Active Directory for almost the entire history of AD. Trust the industry leader to get you through AD outages, whether they’re caused by human error or ransomware cyberattacks. Fast and secure Active Directory forest recovery is vital following a cyberatta
  • Efficient and reliable AD backups: Back up exactly what you need to recover AD. By omitting extraneous and risky components like boot files and the IIS Metabase, Recovery Manager reduces backup bloat, makes the backup process more efficient and minimizes the places where malware can hide.
  • Secure storage: Protect AD backups from malware infection with Secure Storage, a hardened server that is isolated according to IPSec rules with regular checks to confirm backup integrity. Even if you lose your DCs, Tier 1 storage, and even your Recovery Manager server, you still have the Secure Storage backup that is hardened and secure to withstand the ransomware attack.
  • AD backups in the cloud: Recovery Manager ensures your AD backups are always available in case of disaster with the flexibility to store backups in secure cloud locations such as immutable Azure Blob Storage and Amazon Web Services (AWS) S3 storage. 
  • Phased recovery to shorten RTO: After you back up Active Directory, you can shorten recovery time objectives with a phased Active Directory recovery approach. Quickly restore key DCs, enabling sign-in and business-critical functions as soon as possible. Then dramatically accelerate recovery of remaining DCs with automated repromotion methods.
  • Flexible AD recovery options: Choose the AD disaster recovery method that works best in a given situation, whether that’s phased recovery, restoring to a clean OS to minimize the risk of malware reinfection, or bare metal recovery. You can restore AD to a clean OS on any machine, whether it’s a physical machine, on-prem virtual machine, or a cloud-hosted VM.
  • Clean OS recovery to the cloud: Restore to a new machine you can trust during an attack. Quickly and easily create Microsoft Azure resources, including virtual machines during an AD forest recovery. This enables you to recover AD to a readily available, secure, and cost-effective machine that you can trust is clean from malware.

FAQ

Active Directory Recovery is the process of restoring Active Directory (AD) services and data after a catastrophic failure or cyberattack, such as ransomware. It involves rebuilding domain controllers, restoring AD databases, and reestablishing forest-wide services to bring the AD environment back to a functioning state. Active Directory recovery is critical because AD is the backbone of most organizations' IT infrastructure and identity services, controlling user authentication, access to resources, and application functionality.

Active Directory recovery encompasses several types of operations, ranging from granular object restoration to full forest recovery. For minor issues, online granular restore allows you to recover individual attributes or objects without restarting domain controllers. This is useful for correcting accidental changes or deletions. For more severe scenarios, there are multiple options for full recovery. Bare metal recovery (BMR) allows you to recover all volumes of a domain controller to new or different hardware. Restore to clean OS enables you to restore AD onto a new Windows Server while reducing the risk of reinfection. Phased recovery lets you prioritize the restoration of critical domain controllers to get essential services running quickly.

With Microsoft-provided tools and manual processes, Active Directory forest recovery is a difficult, time-consuming, and error-prone process. In fact, Microsoft’s “Active Directory Forest Recovery Guide” outlines 40 high-level steps that must be performed correctly and in the proper sequence – on each DC. In addition, many of the steps aren’t operations that AD administrators are familiar with; they are tedious, often command-line based steps, so it’s very easy to make mistakes that can re-corrupt your directory and require you to start over. Quest Software reduces risk by automating every one of these manual steps. In fact, ESG Research validated that Recovery Manager can restore AD at least five times faster than the manual AD forest recovery process.

Most data protection tools simply do not suffice for AD disaster recovery. As noted above, in an AD forest recovery, you must coordinate the configuration effort across multiple DCs. Failure to do so can run the risk of USN rollback, RID bubbles, RID reuse, lingering objects in the Global Catalog, and other issues that can cause serious issues with Active Directory functionality. But most traditional data protection solutions simply focus on getting individual DCs to a “healthy” state – and leave all the coordination work to you.

VM snapshots are no substitute for an enterprise AD disaster recovery solution. Using snapshots for forest recovery will almost always result in data consistency problems that are difficult to resolve. Since the data on DCs is constantly being updated and the replication process takes time, snapshots of different DCs almost always contain inconsistent information. Snapshots can also include malware, which gets restored with everything else on the DC. Plus, if you store your VM snapshots in the default location, they’re an obvious target for ransomware encryption, rendering them useless. And logistically, control over VM snapshots resides with the virtualization team, complicating the AD team’s recovery operation. The virtualization team may not know the AD snapshots are an essential part of the disaster recovery strategy and may not protect them appropriately.

Ready to take the next step?

Request pricing
Free trial

Knowledge Center

Explore all resources