Continue with this section to learn more about restoring Active Directory objects and containers.
Consider the following:
- Veeam Explorer for Microsoft Active Directory does not support restore via PSDirect, VIX or Sphere API.
- Data can only be restored back to the original domain from which it was backed up. Cross-domain restore is not supported.
- Veeam Explorer for Microsoft Active Directory supports restore of both mailbox-enabled objects (including hard-deleted items and Online Archives), and mail-enabled objects for the following Microsoft Exchange versions: Microsoft Exchange Server 2019, Microsoft Exchange Server 2016, Microsoft Exchange Server 2013, Microsoft Exchange Server 2010 SP1 and higher. For other Microsoft Exchange versions, restore of mailbox-enabled objects is not supported (only mail-enabled objects can be restored).
- To restore passwords, Veeam Explorer for Microsoft Active Directory uses the registry database. To restore passwords, make sure the System registry hive is available. The default location of the hive is %systemroot%\System32\Config. When restoring an Active Directory database from the Active Directory backup using Veeam file-level restore, the registry hive will be located automatically. When restoring from an imported backup or from VeeamZIP backups, make sure that the system registry hive and the .dit file are located in the same directory.
- If you plan to restore database items from an Active Directory Domain Services server running Microsoft Windows ReFS, consider that a Veeam backup server or a management console must be installed on Microsoft Windows Server 2012 or higher. To restore from a server running Microsoft Windows ReFS 3.x, a Veeam backup server or a management console must be installed on Microsoft Windows Server 2016.
- Restore of Group Policy objects, AD-integrated DNS records and objects from the Configuration partition is supported in the Enterprise and Enterprise Plus editions only.
- To restore security attributes such as objectSID and objectGUID, Veeam uses existing tombstone objects on the target Active Directory server. Make sure that the AD Recycle Bin feature is disabled in the target domain. If no tombstone objects exist, Veeam will create them anew setting all the attributes for such created objects as they are in the backup file.
- To restore business-critical objects for which the tombstone object is missing, you can perform authoritative restore of the entire domain from the old DC backups. For more information on tombstone objects, see this Microsoft article.
- Always use backups that are newer than the tombstone lifetime interval for the Active Directory forest. To determine a tombstone lifetime interval, you can use ADSIEdit or Dsquery. For more information. see this Microsoft article.
- When you move an object from one domain to another within a forest (for example, using the Movetree.exe utility or any other 3rd party tool), no tombstone for this object will remain in the source Active Directory; such an object cannot be fully recovered to the original domain.
In This Section