For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Recovery Manager for Active Directory Disaster Recovery Edition

Back up Active Directory and quickly recover AD from any disaster. Ransomware is a clear and present risk to every organization. You need to ensure you can get your business back up and running as quickly and securely as possible. With Quest® Recovery Manager for Active Directory Disaster Recovery Edition, you can prepare for and quickly recover AD from any mistakes, corruption or cyberattacks.

69%

Suffered a ransomware attack in 2020

8%

That paid ransom got all their data back

21days

Average downtime due to ransomware

Prepare and Recover from any Active Directory catastrophe 02:02

Following a ransomware attack, you must restore AD first before anything else. According to Gartner, “The restore process from many well-documented ransomware attacks has been hindered by not having an intact Active Directory restore process.”

With Recovery Manager for Active Directory Disaster Recovery Edition, you can easily back up Active Directory, and you’ll have multiple recovery options to fit the needs of your business continuity plan. It’s like an insurance policy for your AD that you just can’t afford not to have.

Key Benefits

Adaptable to any disaster

Handle any AD recovery scenario, from attribute changes to SYSVOL corruption to full AD forest disasters.

Automated AD forest recovery

Automate the entire AD forest recovery process, including the 40+ steps outlined in Microsoft's AD forest recovery best practices.

Flexibility and choice

Choose the best method for your situation, whether that’s phased recovery, restoring AD to a clean OS or bare metal recovery.

Malware-free recovery

Eliminate the risk of malware re-infection throughout your AD recovery, scanning for malware and minimizing its hiding places.

Secure AD backups

Protect your backups from malware to withstand the next ransomware attack.

Battle-tested

Quest has specialized in AD recovery as long as AD has been around, helping thousands of customers, including 50% of the Fortune 100.

"The restore process from many well-documented ransomware attacks has been hindered by not having an intact AD restore process." - Gartner

Streamlined AD Recovery from Ransomware

When a crisis strikes, nothing can be recovered until AD is functional again. Quest delivers unmatched flexibility and options, and complete AD backup and recovery at the attribute and object level, directory level and operating system level across the entire forest.

Reliable AD backups

Back up exactly what you need to recover AD. By omitting extraneous and risky components like boot files and the IIS Metabase, Recovery Manager reduces backup bloat, makes the backup process more efficient and minimizes the places where malware can hide.

Phased recovery to shorten RTO

After you back up Active Directory, you can shorten recovery time objectives with a phased AD recovery approach. Quickly restore key DCs, enabling sign-in and business-critical functions as soon as possible. Then dramatically accelerate recovery of remaining DCs with automated repromotion methods.

Flexible AD recovery options

Choose the Active Directory disaster recovery method that works best in a given situation, whether that’s phased recovery, restoring to a clean OS to minimize the risk of malware reinfection or bare metal recovery. You can restore AD to a clean OS on any machine, whether it’s a physical machine, on-prem virtual machine or a cloud-hosted VM.

Clean OS recovery to the cloud

During an attack, you need to restore to a new machine you can trust. Quickly and easily create Microsoft Azure resources including virtual machines during a forest recovery. This enables you to recover AD to a readily available, secure and cost-effective machine that you can trust is clean from malware.

Malware detection

Eliminate the risk of malware re-infection throughout your AD disaster recovery process. Implement the added safety of regularly checking files for viruses after the backup file is created, during storage when updates are added and before a restore is started with integrated Microsoft’s Defender capabilities.

Secure storage

Protect AD backups from malware infection with Secure Storage, a hardened server that is isolated according to IPSec rules with regular checks to confirm backup integrity. Even if you lose your DCs, Tier 1 storage and even your Recovery Manager server, you still have the Secure Storage backup that is hardened and secure to withstand the ransomware attack.

Operating system recovery

Quickly restore your domain controller’s operating system without depending on others. Recovery Manager for Active Directory Disaster Recovery Edition gives AD admins more control of the recovery process, saving time and resources by eliminating dependencies on cross-departmental teams.

Virtual test lab

After you back up Active Directory, you can demonstrate and validate your AD disaster recovery plan by building a separate virtual forest test lab with production data to test disaster scenarios and safely test prior to making changes in the production. Automatically generate detailed, time-stamped reports of the recovery process including before/after state of the organization and actions applied to domain controllers.

Additional Features

Online granular restore

Restore individual attributes, such as account settings, group memberships and binary attributes, even when the object itself has not been deleted. This enables you to restore only the required attributes without restarting domain controllers.

Comparison reporting

Highlight changes made since the last backup by comparing the online state of AD with its backup or by comparing multiple backups. Accelerate recovery by quickly pinpointing deleted or changed objects or attributes. And with Change Auditor you can easily identify who made the changes.

AD management and health validation

Inspect AD for warning signs of possible issues before they become disasters by checking DC accessibility, replication, trusts and user authentication.

Recovery console fault tolerance

With Recovery Manager for Active Directory Disaster Recovery Edition, you can share persistent configuration data between several instances of your recovery consoles so that you can quickly resume the last restore operation in case it was unexpectedly interrupted.

Recovery roadmap

After you back up Active Directory, you can generate a detailed recovery process report, including an overview of every stage of the recovery, to gain a better understanding and more control over the project.

Hybrid AD and Azure AD recovery

A solid on-premises AD recovery plan alone isn’t sufficient since so many organizations are making greater use of cloud-only objects such as Azure AD groups, Azure B2B/B2C accounts, conditional access policies and more. With On Demand Recovery, you can quickly and securely back up and recover Azure AD.

FAQs – Active Directory Disaster Recovery

With Microsoft-provided tools and manual processes, AD forest recovery is a difficult, time-consuming and error-prone process. In fact, Microsoft’s “Active Directory Forest Recovery Guide” outlines 40 high-level steps that must be performed correctly and in the proper sequence — on each DC. In addition, many of the steps aren’t operations that AD administrators are familiar with; they are tedious, often command-line based steps, so it’s very easy to make mistakes that can re-corrupt your directory and require you to start over.
VM snapshots are no substitute for an enterprise AD disaster recovery solution. Using snapshots for forest recovery will almost always result in data consistency problems that are difficult to resolve. Since the data on DCs is constantly being updated and the replication process takes time, snapshots of different DCs almost always contain inconsistent information. Snapshots can also include malware, which gets restored with everything else on the DC. Plus, if you store your VM snapshots in the default location, they’re an obvious target for ransomware encryption, which can render them useless. There’s also a logistical issue. Usually, control over VM snapshots resides with the virtualization operations team, which complicates the AD team’s job during the recovery operation. Finally, the virtualization team might not even know that the AD snapshots are an essential part of the organization’s disaster recovery strategy, so they might not protect them appropriately.
Most data protection tools simply do not suffice for Active Directory disaster recovery. As noted above, in a forest recovery, you must coordinate the configuration effort across multiple DCs. Failure to do so can run the risk of USN rollback, RID bubbles, RID re-use, lingering objects in the Global Catalog and other issues that can cause serious issues with Active Directory functionality. But most traditional data protection solutions simply focus on getting individual DCs to a “healthy” state — and leave all the coordination work to you.

Tour

Flexible recovery methods
Bare metal backup
Malware detection
Progress monitor
Recovery project plan
Pick Restore Active Directory on Clean OS - Active directory disaster recovery

Flexible recovery methods

Flexible recovery methods include restoring AD to a clean OS and a Microsoft-compliant bare metal recovery.

Specifications

Before installing Recovery Manager for Active Directory, ensure that your system meets the following minimum hardware and software requirements.

NOTE

  • Recovery Manager for Active Directory supports only IPv4 or mixed IPv4/IPv6 networks.
  • Recovery Manager for Active Directory Forest Edition can backup and restore domain controllers that are running on virtual machines in Amazon Web Services (AWS) or Microsoft Azure. Note that such domain controllers cannot be restored with the Bare Metal Active Directory Recovery method because there is no way to boot them from an ISO image.
Processor

Minimum: 1.4 GHz

Recommended: 2.0 GHz or faster

Memory

Minimum: 1 GB

Recommended: 2 GB

These figures apply only if the Active Directory domains managed by Recovery Manager for Active Directory include 1 million objects or less. Increase RAM size by 512 MB for every additional 1 million objects.

Hard Disk Space

Full installation including the prerequisite software: 2.7 GB of free disk space

In case all the prerequisite software is already installed: 260 MB of free disk space

NOTE Additional storage space is required for a backup repository, at least the size of the backed-up Active Directory database file (Ntds.dit) and the SYSVOL folder plus 40MB for the transaction log files

Operating System
  • Machine that hosts the Recovery Manager for Active Directory console must have same or higher version of Windows operating system than the processed domain controllers. Otherwise, the online compare and object search in a backup during the online restore operation may fail.
  • 32-bit operating systems are not supported.

Installation

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2 with or without any Service Pack
  • Microsoft Windows Server 2012 with or without any Service Pack
  • Microsoft Windows 10 x64
  • Microsoft Windows 8.1 x64 with or without any Service Pack

Targets for backup, restore, or compare operations

  • Microsoft Windows Server 2019 including Server Core installation
  • Microsoft Windows Server 2016 including Server Core installation
  • Microsoft Windows Server 2012 R2 with or without any Service Pack (including Server Core installation)
  • Microsoft Windows Server 2012 with or without any Service Pack (including Server Core installation)

The Windows Server Backup feature is supported for Windows Server 2012 R2 or higher. Make sure that the feature is installed on all domain controllers in your environment.

Microsoft .NET Framework

Microsoft .NET Framework version 4.5.2 or higher

Microsoft .NET Framework version 4.7.2 or higher is required for use of Microsoft Azure virtual machines with Restore Active Directory to Clean OS recovery method

Microsoft SQL Server and its components

Microsoft SQL Server versions

Microsoft SQL Server is required for the following Recovery Manager for Active Directory features: Comparison Reporting, Forest Recovery Persistence and Recovery Manager Portal.

Supported SQL Server versions:

  • Microsoft SQL Server 2019 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2017 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2016 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2014 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition) Quest Recovery Manager for Active Directory Disaster Recovery Edition 10.2 – Release Notes 13
  • Microsoft SQL Server 2012 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)

Microsoft SQL Server components

Microsoft System CLR Types for SQL Server 2012

If this component is not installed, it will be installed automatically by the RMAD setup.

Microsoft SQL Server Reporting Services

To display reports, Recovery Manager for Active Directory can integrate with Microsoft SQL Server Reporting Services (SRSS) 2016, 2017 and 2019.

Microsoft Operations Manager

Supported Microsoft Operations Managers for the RMAD Management Pack for Microsoft Center Operations Manager (SCOM):

  • Microsoft System Center Operations Manager 2016
  • Microsoft System Center Operations Manager 2012 R2
  • Microsoft System Center Operations Manager 2012 SP1
  • Microsoft System Center Operations Manager 2012
Microsoft Windows PowerShell

Microsoft Windows PowerShell version 5.0 or later

Microsoft Windows Installer

Microsoft Windows Installer 4.5

Microsoft Management Console

Microsoft Management Console 3.0

Integration with Change Auditor for Active Directory

Supported versions of Change Auditor for Active Directory: from 6.x to 7.x.

If any prerequisite software is not installed, the Setup program automatically installs it for you before installing Recovery Manager for Active Directory. If the prerequisite software to be installed is not included in this release package, it is automatically downloaded.

Continuous recovery: From version 10.0.1, Recovery Manager for Active Directory together with Change Auditor can restore the deleted object(s) and continuously restores the last change (if any) that was made to the object attributes after creating the backup, using the data from the Сhange Auditor database.

Antivirus software that is supported for backup antimalware checks

The anti-virus checks are performed on the Forest Recovery Console machine running Windows Server 2016 or higher by means of antivirus software installed on the machine.

  • Microsoft Defender
  • Symantec Endpoint Protection 14.x
  • Broadcom Endpoint Security (former name: Symantec Endpoint Protection 15)
Supported server management systems
  • Integrated Dell Remote Access Controller (iDRAC) 8 and 9
  • HP ProLiant iLO Management Engine (iLO) 3, 4 and 5
  • VMware vCenter/ESX Server 6.0, 6.5, 6.7 and 7.0
  • Microsoft Hyper-V Server 2012 or higher
Memory

256 MB (1 GB recommended)

Hard disk space

2 GB or more

Operating System

One of the following operating systems:

  • Microsoft Windows Server 2019 including Server Core installation
  • Microsoft Windows Server 2016 including Server Core installation
  • Microsoft Windows Server 2012 R2 with or without any Service Pack (including Server Core installation)
  • Microsoft Windows Server 2012 with or without any Service Pack (including Server Core installation)
Prerequisite software

Microsoft Windows Installer 4.5 or later must be installed.

Microsoft System Center Virtual Machine Manager (SCVMM) 2012 R2, 2016 or 2019

Software that must be installed on the Active Directory Virtual Lab computer:

  • Microsoft SCVMM Console (supplied with the SCVMM version you plan to use)

Software that is installed on the source computer by Active Directory Virtual Lab console:

  • Disk2vhd v2.01 utility

For for more details, see the Working with SCVMM 2012 R2 or higher section in User Guide.

Supported operating systems for the Hyper-V host:

  • Microsoft Windows Server 2012 R2 or higher.
VMware vCenter/ESX Server 6.0, 6.5, 6.7 and 7.0
  • Active Directory Virtual Lab does not support conversion of Windows Server 2019 Domain Controllers using VMWare ESXi/vCenter server.
  • Active Directory Virtual Lab does not support VMware ESXi 6.0.
  • vCenter Converter 6.2 must be installed in your environment using the Client-Server installation setup option.
  • vCenter Converter must be accessible to the Active Directory Virtual Lab.
  • If the TLS 1.0 protocol is disabled on vCenter Converter and vCenter servers, then switch to TLS 1.2 on the ADVL server. For more details, see the following KB articles
Processor

1 GHz or faster

Memory

512 MB or more

Hard disk space

2 GB or more

Operating System

You can install the Recovery Manager Portal on a computer running one of the following x64 operating systems:

  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2 with or without any Service Pack
  • Microsoft Windows Server 2012 with or without any Service Pack
Supported Web Browsers
  • Microsoft Internet Explorer
  • Google Chrome
Microsoft .NET Framework

Microsoft .NET Framework version 4.5.2 or higher

Microsoft Internet Information Server (IIS)

Microsoft Internet Information Services (IIS) 8.5 or higher

Microsoft SQL Server and its components

Microsoft SQL Server versions

One of the following versions is required:

  • Microsoft SQL Server 2019 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2017 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2016 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2014 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
  • Microsoft SQL Server 2012 with or without any Service Pack (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)

Required Microsoft SQL Server components

  • Microsoft System CLR Types for SQL Server 2012

If this component is not installed, it will be installed automatically by the RMAD setup.

You can only use the Password and SIDHistory Recoverability Tool if Microsoft's Active Directory Recycle Bin is not enabled in your environment.

Recovery Manager for Active Directory Disaster Recovery Edition is upgradeable from version 10.0 or later.

Resources

Datasheet

Recovery Manager for Active Directory Disaster Recovery Edition

Complete AD disaster recovery at the object, directory and OS level across the entire forest
White Paper

Be Prepared for Ransomware Attacks with Active Directory Disaster Recovery Planning

Reduce your organization’s risk with an effective Active Directory recovery strategy.
White Paper

Lessons learned from a recent ransomware recovery

Discover how a global manufacturing organization recovered AD quickly from a ransomware attack with Quest solutions.
On Demand Webcast

Colonial Pipeline Ransomware and MITRE ATT&CK Tactic TA0040

Ransomware attacks are exploiting Active Directory. This security-expert-led webcast explores a 3-prong defense against them.
Video

How Often Should You Test Your Active Directory Disaster Recovery Plan?

Hear from Quest AD DR experts discuss why, how often, and how to test an Active Directory Disaster Recovery plan.
Technical Brief

The Varied History of System State Backups and Why You Don’t Need Them for AD Recovery

Learn how Recovery Manager for Active Directory protects your DCs with backups that take less time, occupy less space and incur...
E-book

7 Question Quiz - How good is your AD Backup and Recovery Solution?

Is your AD backup and recovery solution ready for today’s challenges?
White Paper

How Active Directory Recovery Strengthens Cyber Resilience

Active Directory (AD) is a primary mechanism for authenticating users and accessing data. This report reveals how to strengthen...

Get Started Now

Be prepared to quickly recover from any AD disaster.

Support & Services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Professional Services

Search from a wide range of available service offerings delivered onsite or remote to best suit your needs.