Considerations and Limitations
This section lists considerations and known limitations of Veeam Explorer for Microsoft Active Directory.
- When Veeam Explorer for Microsoft Active Directory is installed on a server on which both Veeam Backup & Replication and Veeam Backup for Microsoft Office 365 are installed, the notification settings will be inherited from the Veeam Backup & Replication Global Notification settings.
- Veeam Explorer for Microsoft Active Directory does not support restore using PowerShell Direct, VIX API or vSphere Automation API.
- Data can only be restored back to the original domain. Cross-domain restore is not supported.
- Veeam Explorer for Microsoft Active Directory supports restore of both mailbox-enabled objects (including hard-deleted items and Online Archives), and mail-enabled objects for the following Microsoft Exchange versions: Microsoft Exchange Server 2019, Microsoft Exchange Server 2016, Microsoft Exchange Server 2013, Microsoft Exchange Server 2010 SP1 and higher. For other Microsoft Exchange versions, restore of mailbox-enabled objects is not supported (only mail-enabled objects can be restored).
- To restore passwords, Veeam Explorer for Microsoft Active Directory uses the registry database. To restore passwords, make sure the System registry hive is available. The default location of the hive is %systemroot%\System32\Config. When restoring an Active Directory database from the Active Directory backup using Veeam file-level restore, the registry hive will be located automatically. When restoring from an imported backup or from VeeamZIP backups, make sure that the system registry hive and the .dit file are located in the same directory.
- If you plan to restore database items from an Active Directory Domain Services server running Microsoft Windows ReFS, consider that the Veeam backup server or management console must be installed on a machine that runs Microsoft Windows Server 2012 or later.
To restore from a server running Microsoft Windows ReFS 3.x, the Veeam backup server or management console must be installed on a machine that runs Microsoft Windows Server 2016 or later, and the ReFS version must be supported on this machine.
- Restore of Group Policy objects, AD-integrated DNS records and objects from the Configuration partition is supported in the Enterprise and Enterprise Plus editions only.
- Veeam Explorer for Microsoft Active Directory does not restore object attributes such as objectSID and objectGUID from the backup. To restore deleted Active Directory objects, Veeam Explorer uses existing tombstone objects on the target Active Directory server or objects in the AD Recycle Bin. In this case, the restored object will have its original objectSID and objectGUID. If an object you want to restore does not exist in the tombstone container or recycle bin in the target domain, Active Directory will assign new objectSID and objectGUID attributes to the restored object.
- To restore business-critical objects for which the tombstone object is missing, you can perform authoritative restore of the entire domain from the old DC backups. For more information on tombstone objects, see this Microsoft article.
- Always use backups that are newer than the tombstone lifetime interval for the Active Directory forest. To determine a tombstone lifetime interval, you can use ADSIEdit or Dsquery. For more information. see this Microsoft article.
- When you move an object from one domain to another within a forest (for example, using the Movetree.exe utility or any other 3rd party tool), no tombstone for this object will remain in the source Active Directory; such an object cannot be fully recovered to the original domain.
- Veeam uses Lightweight Data Interchange Format to save Active Directory objects and containers to .ldf files. You can make an .ldf file available to the Active Directory Domain Services server by importing it with the ldifde utility. For more information. see this Microsoft article.
- Veeam Explorer for Microsoft Active Directory does not support exporting passwords.