Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
Veeam Explorers User Guide

Considerations and Limitations

This section covers considerations and known limitations of Veeam Explorer for Microsoft Active Directory.

  • Recovery of Group Policy objects, AD-integrated DNS records and objects from the Configuration partition is supported in the Enterprise and Enterprise Plus editions only.
  • If a tombstone object exists in target Active Directory, Veeam will use this object for recovery. This will allow you to recover security attribute values including objectSID and objectGUID for recovered objects, which is especially important for security principals (including User, Computer, inetOrgPerson and Group objects). To be able to restore from the tombstone objects, make sure that AD Recycle Bin feature is disabled in the target domain.
  • If no tombstone objects exist in the target Active Directory, Veeam will create a new object during the recovery process and set all attributes to the same values as in the corresponding object in the backup. However, these attributes, including security will be considered new, which may result in losing access rights.

Considerations and Limitations Note:

To restore business-critical objects for which a tombstone is missing, you can perform authoritative restore of the entire domain from the old DC backups. For more information on tombstone objects, see Scenario Overview for Restoring Deleted Active Directory Objects.

  • Always use backups that are newer than the tombstone lifetime interval for Active Directory forest.
  • When you move an object from one domain to another within a forest (for example, using the Movetree.exe utility or any 3rd party tool), no tombstone for this object will remain in the source Active Directory. Thus, such an object cannot be fully recovered to the original domain.
  • When Group Policy objects are restored from the backup, both Active Directory data (storing Group Policy Containers) and %Sysvol% data (storing Group Policy Templates) is involved. Therefore, for successful restore, data should be consistent in these two locations. Restore logic is implemented as follows: existing Group Policy objects are deleted from target while the new ones from the backup are going to be added.

Considerations and Limitations Tip:

To determine a tombstone lifetime interval, you can use ADSIEdit or Dsquery. For more information. see Determine the tombstone lifetime for the forest.

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions

Veeam Availability for Nutanix AHV

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation