The Acronis Agent for Active Directory allows Active Directory data to be restored without causing a USN rollback. It does not allow granular backup and restores of Active Directory objects and thus a full restore is needed.
How do I regain utility of Active Directory utilizing a restore from Acronis Cloud Backup?
To restore Active Directory to an earlier state, perform the following tasks:
1. Choose a domain controller with the least amount of affected services and data. This domain controller should have a valid, recent backup. Active Directory will return to the state that it was in on the day of the chosen backup. You must also know the AD DSRM password for this server.
2. Follow the steps to Restore an Active Machine to a Previous Backup on the domain controller. After the restore is completed but before the machine boots, disconnect the server from the local network to prevent AD replication from occurring.
- On a virtual machine, disconnect (don't remove) any vNICs temporarily
- On a physical machine, unplug the network cables or shutdown the switch port (requires physical access to machine or enterprise iDrac/iLO!)
3. Start the restored machine in AD Directory Services Restore Mode.
- Press F8 while booting and choose AD Directory Services Restore mode - or -
- In Windows, open System Configuration in Administrative Tools, click the Boot tab, and turn on Safe Mode with AD DSRM then restart.
4. Login with:
- Username: .\administrator
- Password: The server's AD DSRM Password
5. Once logged in, open a cmd prompt and run the following commands:
activate instance ntds
6. Run the command restore subtree <DistinguishedName> where <DistinguishedName> is the name of the organizational unit or object to restore.
restore subtree "OU=Staff,OU=Users,DC=cts,DC=local"
7. After all of the records have been marked as authoritative, reboot the server normally. Fix boot options in system configuration if needed.
8. Reconnect the machine to the network during the reboot process.
9. When the machine boots, open a cmd prompt and run the following command:
10. Check other domain controllers in the environment to make sure that the deleted items have returned as expected.
Kaseya Cloud Backup / Acronis Backup Cloud > Acronis Agent for Active Directory