Microsoft’s Active Directory (AD) is a key network service in many organizations; without it, those organizations‘ entire networks would come to a grinding halt. For that very reason, AD administrators need to be prepared for the various disasters that might strike their AD forest.
Microsoft provides native solutions to back up and restore domain controllers in case they crash. But there are more than a few caveats when it comes to using them to restore your AD environment.
This blog will look at all the usual shortcomings of the native tools, keeping you informed about the problems you might face while using them.
1. Doesn’t support granular restoration.
Microsoft’s native backup and recovery tool doesn’t allow you to restore individual objects or specific attributes of an object. It can only restore your entire AD from bare metal backups. If just a handful of users or OUs were deleted, restoring an entire domain controller isn’t efficient, even though it might solve your problem.
2. No incremental backups.
Active Directory’s native backup tool doesn’t support incremental backups, meaning you can’t just back up the changes made to your AD after the last backup. That means you have to completely back up your AD at every cycle, which drastically increases the size of your stored backups. With larger backups you’ll need more storage space, meaning higher costs to keep your AD domain secure.
3. Inability to back up all versions of objects.
Typically, organizations perform full backups once or twice a month. Even if objects undergo multiple changes in the time between backups, only the last change before the backup is stored. This puts administrators at a disadvantage when they want to roll back an AD object to a past state.
4. No backup retention policy.
The native backup and recovery tool doesn’t allow administrators to systematically delete older backups. Since backups taken using the native tool are full backups, administrators have to periodically discard older backups to manage storage space.
5. Lack of restart-free recovery.
When performing a restoration of any scale using the native tool, you’ll have to restart your domain controllers. Until the restart is complete, your domain remains offline, which might impact your organization’s productivity.
RecoveryManager Plus is a web-based Active Directory backup and restoration solution that can help overcome all the above shortcomings of the native AD backup tools. It can perform bare metal restorations of domain controllers and granular restorations of individual objects or even specific attributes. RecoveryManager Plus also supports incremental backups, giving you the option to periodically capture each change made to AD objects, store those changes as a separate backup, and restore any object to a past state in just a single click. Don’t believe it? Try it out for yourself.