The following are considerations and known limitations of Veeam Explorer for Microsoft Active Directory:
- Veeam Explorer for Microsoft Active Directory does not support restore via PSDirect, VIX or Sphere API.
- Restore of Group Policy objects, AD-integrated DNS records and objects from the Configuration partition is supported in the Enterprise and Enterprise Plus editions only.
- To restore security attributes such as objectSID and objectGUID, Veeam uses existing tombstone objects on the target Active Directory server. Make sure that the AD Recycle Bin feature is disabled in the target domain. If no tombstone objects exist, Veeam will create them anew setting all the attributes as they are in the backup file.
- To restore business-critical objects for which the tombstone object is missing, you can perform authoritative restore of the entire domain from the old DC backups. For more information on tombstone objects, see this Microsoft article.
- Always use backups that are newer than the tombstone lifetime interval for the Active Directory forest. To determine a tombstone lifetime interval, you can use ADSIEdit or Dsquery. For more information. see this Microsoft article.
- When you move an object from one domain to another within a forest (for example, using the Movetree.exe utility or any other 3rd party tool), no tombstone for this object will remain in the source Active Directory; such an object cannot be fully recovered to the original domain.