Permissions

The following table lists the user account permissions necessary to launch Veeam Explorer for Microsoft Active Directory and restore Microsoft Active Directory data.

Operation	Required Roles and Permissions
Veeam Explorer for Microsoft Active Directory launch	The account used to run Veeam Explorer for Microsoft Active Directory must meet the following requirements: The account must be a member of the local Administrators group. The account must have the Veeam Backup Administrator or Veeam Restore Operator role on the backup server.
Restore	The account used to restore Microsoft Active Directory data must be a member of the following groups: Domain Admins Exchange Organization Management Membership in this group is required only for restore of Exchange attributes.

Operation

Required Roles and Permissions

Veeam Explorer for Microsoft Active Directory launch

The account used to run Veeam Explorer for Microsoft Active Directory must meet the following requirements:

The account must be a member of the local Administrators group.
The account must have the Veeam Backup Administrator or Veeam Restore Operator role on the backup server.

Restore

The account used to restore Microsoft Active Directory data must be a member of the following groups:

Domain Admins
Exchange Organization Management

Membership in this group is required only for restore of Exchange attributes.

Assigning Role with PowerShell

To assign the Organization Management role using PowerShell, run the following cmdlet.

Add-RoleGroupMember “Organization Management” –Member “<user_name>”