Was it a rogue script? Was it a functional script that just contained bad logic? Or maybe you were distracted and did it yourself? We’ve all been there—the unwanted modification or deletion of an Active Directory User or Computer. Traditionally, performing authoritative restores was the method of bringing the object back into the realm of Active Directory. 

For those of us who have had the pleasure of moving through this recovery scenario (aren’t we lucky?), we know that performing authoritative restores can be a daunting task involving entering Directory Services Restore Mode and executing confusing ntdsutil commands. It’s the equivalent of performing an entire image-level backup just to retrieve a single file. It wastes both time and resources, all the while affecting our end users’ access to crucial company resources.

Thankfully, with the new Rubrik Active Directory (AD) Object Recovery Tool, there is a better way. The Rubrik AD Object Recovery Tool provides the ability to roll back or restore these unwanted changes on an object-level basis and is crucial to preventing productivity interruptions and providing access to critical organizational resources. This means that rather than restoring a complete image-level backup of our Active Directory domain, we only extract the objects we’d like to restore. This includes Users, Computers, and even gets as granular as individual attributes on the objects themselves. In true Rubrik fashion, simplicity and ease of use were top priorities during the design of the Rubrik AD Object Recovery Tool. Let’s dive in and see how it works.

Granular Active Directory Restore with the Rubrik AD Object Recovery Tool

After downloading and installing the Rubrik AD Object Recovery Tool, the configuration process is handled through a wizard-driven approach. Simply provide FQDN/IP and credentials to the Rubrik cluster and select a domain controller from the list of VMs presented, using the search functionality to quickly narrow the choices.

The tool then ensures that an active directory database exists on the system, at which point, we select the desired database and point-in-time recovery. Next, the database will be extracted to the requested recovery path (a local folder) for processing and mounting.

Once imported, a screen similar to the Active Directory Users and Computers snap-in will appear. As shown, we can manually browse through our Active Directory hierarchy, filtering by Name, Type, or Description or we can simply search for the object we are looking for. Rubrik analyzes and detects any differences between the point-in-time database selected along with what is currently configured within the production Active Directory domain. Any discrepancies between the two can be quickly identified by the tombstone icon beside the object. In the example below, we can see that the ttoffoli user has been deleted from Active Directory yet exists within the recovery point selected.

Double-clicking on any object will bring up a list of its Active Directory attributes. Again, any attribute level discrepancies are easily spotted as they are highlighted in red. As seen below, the telephoneNumber attribute on the pbyron user has been modified.

Recovering a deleted object is as simple as right-clicking and selecting the desired recovery option, be it exporting to an LDIF file for manual import or restoring directly back to the production Active Directory domain.

Bulk recovery of multiple objects are processed at the same time by adding them to the “cart” and then processing the cart as a whole.

The Rubrik AD Object Recovery Tool provides a fast and efficient way to restore individual active directory objects to their original location or exported to an LDIF file to be imported into a new domain. By running through a simple guided wizard, customers are able to leverage the tool to ensure their environment is back up and running as quickly as possible, all while minimizing the impact to the organization and ensuring productivity loss is minimal.

Searching for more data protection and data recovery resources? Check out FORWARD on-demand, the #1 event defining the future of data management and data protection. Hear from customers, partners, and other industry leaders about best practices in securing and managing business data.