Restore-VEADItem

In this article

    Short Description

    Restores backed-up Active Directory objects and containers.

    Syntax

    This cmdlet provides parameter sets that allow you to:

    • Restore backed-up Active Directory objects.

    Restore-VEADItem -Item <VEADItem[]> -Server <String> -Credential <pscredential> [-UseSSL][-RestoreChangedObjects] [-RestoreDeletedObjects] [-ChangePasswordAtLogon] [-MergeAttributes] [-NewPassword <securestring>] [-GcServer <string>] [-TargetContainer <VEADADContainer>] [-AccountState {SameAsInBackup | Enabled | Disabled}] [-PasswordRestoreAction {OriginalPassword | NoPassword | NewPassword}]  [<CommonParameters>]

    • Restore backed-up Active Directory containers.

    Restore-VEADItem -Container <VEADContainer> -Server <String> -Credential <pscredential> [-UseSSL][-RestoreChangedObjects] [-RestoreDeletedObjects] [-ChangePasswordAtLogon] [-MergeAttributes] [-NewPassword <securestring>] [-GcServer <string>] [-TargetContainer <VEADADContainer>] [-AccountState {SameAsInBackup | Enabled | Disabled}] [-PasswordRestoreAction {OriginalPassword | NoPassword | NewPassword}]  [<CommonParameters>]

    Detailed Description

    This cmdlet restores backed-up Active Directory objects and containers.

    Parameters

    Parameter

    Description

    Type

    Required

    Position

    Accept Pipeline Input

    Accept Wildcard Characters

    Item

    For restore of Active Directory objects.

    Specifies an array of Active Directory objects. The cmdlet will restore these objects.

    Accepts the VEADItem[] object. To get this object, run the Get-VEADItem cmdlet.

    True

    Named

    True (ByValue)

     

    Container

    For restore of Active Directory containers.

    Specifies an Active Directory container. The cmdlet will restore that container.

    Accepts the VEADContainer object. To get this object, run the Get-VEADContainer cmdlet.

    True

    Named

    True (ByValue)

     

    Server

    Specifies the target server. The cmdlet will restore Active Directory objects and containers to this server.

    String

    True

    Named

    False

     

    Credential

    Specifies credential records that Veeam Explorer for Microsoft Active Directory will use to connect to the LDAP server.

    Accepts the PSCredential object. To get this object, run the Get-Credential cmdlet.

    True

    Named

    False

     

    RestoreChangedObjects

    Defines whether changed Active Directory objects will be restored.

    If you provide this parameter, Veeam Explorer for Microsoft Active Directory will restore backed-up Active Directory objects. If the object is deleted, the cmdlet will skip this object.

    Note: To run the cmdlet, you must provide either this or the RestoreDeletedObjects parameter.

    Switch

    False

    Named

    False

     

    RestoreDeletedObjects

    Defines whether deleted Active Directory objects will be restored.

    If you provide this parameter, Veeam Explorer for Microsoft Active Directory will restore deleted Active Directory objects. If the object is not deleted, the cmdlet will skip this object.

    Note: To run the cmdlet, you must provide either this or the RestoreChangedObjects parameter.

    Switch

    False

    Named

    False

     

    UseSSL

    Defines whether Veeam Explorer for Microsoft Active Directory will establish a secure SSL connection to the target server.

    If you provide this parameter, Veeam Explorer for Microsoft Active Directory will connect over SSL to the target server. Otherwise, Veeam Explorer for Microsoft Active Directory will connect to the target server using a non-secure connection.

    Switch

    False

    Named

    False

     

    GcServer

    Specifies a Global Catalog server FQDN or IP address. Veeam Explorer for Microsoft Active Directory will use this server to look for the linked attributes of the objects in the AD domain tree.

    If you do not provide this parameter, Veeam Explorer for Microsoft Active Directory will try to detect the Global Catalog server automatically.

    String

    False

    Named

    False

     

    MergeAttributes

    Defines whether multi-valued attributes of Active Directory objects will be merged.

    If you provide this parameter, Veeam Explorer for Microsoft Active Directory will merge existing multi-valued attributes of Active Directory objects with multi-valued attributes from a backup file. Otherwise, the production multi-valued attributes will be replaced with multi-valued attributes from a backup file.

    Switch

    False

    Named

    False

     

    PasswordRestoreAction

    Specifies options for restoring user passwords. You can specify one of the following options:

    • OriginalPassword - To restore Active Directory objects with original user passwords.
    • NoPassword - To restore Active Directory objects without restoring user passwords.
    • NewPassword - To restore Active Directory objects with new passwords for users.
      Note: For this option, you must specify a new password in the NewPassword parameter.

    Switch

    False

    Named

    False

     

    ChangePasswordAtLogon

    For the PasswordRestoreAction parameter.

    Defines whether users must restore the password after the restore completes. If you provide this parameter, users must change the password at next logon.

    Switch

    False

    Named

    False

     

    NewPassword

    For the PasswordRestoreAction parameter.

    Specifies new passwords for users. Veeam Explorer for Microsoft Active Directory will restore Active Directory objects with this password.

    Securestring

    False

    Named

    False

     

    TargetContainer

    For restore to a different container.

    Specifies the target container. Veeam Explorer for Microsoft Active Directory will restore objects and containers to this container.

    Accepts the VEADADContainer object. To get this object, run the Get-VEADADContainer cmdlet.

    False

    Named

    False

     

    AccountState

    Specifies a state of an Active Directory account. You can specify one of the following states:

    • SameAsInBackup - to keep an Active Directory account state the same as in a backup.
    • Enabled - to restore an Active Directory account with the enabled state.
    • Disabled - to restore an Active Directory account with the disabled state.

     

    False

    Named

    False

     

    <CommonParameters>

    This cmdlet supports Microsoft PowerShell common parameters. For more information on common parameters, see the About Common Parameters section of Microsoft Docs.

    Examples

    Restoring Objects

    Restore-VEADItemExample 1. Restoring Active Directory Object to Server

    This example shows how to restore an Active Directory object to the ADSrv2045 server.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $container = Get-VEADContainer -Domain $domain

    $ADitem = Get-VEADItem -Container $container[3] -LDAPQuery "(cn=SalesMailboxe8e8782f639e4a24898b93c325d8ed9d)"

    $creds = Get-Credential

    Restore-VEADItem -Item $ADitem -Server "ADSrv2045" -Credential $creds -RestoreChangedObjects

    Perform the following steps:

    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $container variable.
    3. Run the Get-VEADItem cmdlet. Set the $container[3] variable as the Container parameter value. Specify the LDAPQuery parameter value. Save the result to the $ADitem variable.
    4. Run the Get-Credential cmdlet. Enter credentials that will be used to authenticate against the LDAP server. server. Save the result to the $creds variable.
    5. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Set the $ADitem variable as the Item parameter value.
    • Specify the Server parameter value.
    • Set the $creds variable as the Credential parameter value.
    • Provide the RestoreChangedObjects parameter.

    Restore-VEADItemExample 2. Restoring Active Directory Object to Different Container

    This example shows how to restore an Active Directory object to a different container. The Active Directory object will be restored with the following options:

    • User passwords will be changed with a new password.
    • Users must change their password at next logon.
    • Active Directory accounts will be enabled after restore completes.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $container = Get-VEADContainer -Domain $domain

    $ADitem = Get-VEADItem -Container $container[3] -Id "2687bd4b-1028-47e7-b720-6bf065179452"

    $containercreds = Get-Credential

    $targetcontainer = Get-VEADADContainer -Server 172.16.8.223 -Credential $containercreds

    $newpassword = Read-Host -Prompt "Enter your password" -AsSecureString

    Restore-VEADItem -Item $ADitem -TargetContainer $targetcontainer[2] -NewPassword $newpassword -ChangePasswordAtLogon -PasswordRestoreAction NewPassword -AccountState Enabled -RestoreDeletedObjects -Server "172.16.8.223" -Credential $containercreds -RestoreChangedObjects

    Perform the following steps:

    1. Get the Active Directory object:
    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $container variable.
    3. Run the Get-VEADItem cmdlet. Set the $container[3] variable as the Container parameter value. Specify the Id parameter value.
    1. Get the target Active Directory container:
    1. Run the Get-Credential cmdlet to create a credential object. Enter credentials that will be used to connect to the target server. Save the result to the $containercreds variable.
    2. Run the Get-VEADADContainer cmdlet. Specify the Server parameter value. Set the $containercreds variable as the Credential parameter value. Save the result to the $targetcontainer variable.
    1. Run the Read-Host cmdlet with the Prompt and AsSecureString parameters. Save the result to the $newpassword variable.
    2. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Set the $ADitem variable as the Item parameter value.
    • Set the $targetcontainer[2] variable as the TargetContainer parameter value.
    • Set the $newpassword as the NewPassword parameter value.
    • Specify the ChangePasswordAtLogon parameter.
    • Set the NewPassword property as the PasswordRestoreAction parameter value.
    • Set the Enabled property as the AccountState parameter value.
    • Provide the RestoreDeletedObjects parameter.
    • Specify the Server parameter value.
    • Set the $containercreds variable as the Credential parameter value.
    • Provide the RestoreChangedObjects parameter.

    Restore-VEADItemExample 3. Restoring Active Directory Object with Custom Restore Options

    This example shows how to restore an Active Directory object with the following restore options:

    • Deleted objects will be restored.
    • Changed objects will be restored.
    • Existing multi-valued attributes will be merged with multi-valued attributes from a backup file.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $container = Get-VEADContainer -Domain $domain

    $ADitem = Get-VEADItem -Container $container[3] -LDAPQuery "(cn=SalesMailboxe8e8782f639e4a24898b93c325d8ed9d)"

    $credentials = Get-Credential

    Restore-VEADItem -Item $ADitem -Server "ADSrv2045" -Credential $credentials -RestoreChangedObjects -RestoreDeletedObjects -MergeAttributes

    Perform the following steps:

    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $container variable.
    3. Run the Get-VEADItem cmdlet. Set the $container[3] variable as the Container parameter value. Specify the LDAPQuery parameter value. Save the result to the $ADitem variable.
    4. Run the Get-Credential cmdlet to create a credential object. Enter credentials that will be used to connect to the target server. Save the result to the $credentials variable.
    5. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Provide the Server parameter value.
    • Set the $credentials variable as the Credential parameter value.
    • Provide the RestoreChangedObjects parameter.
    • Provide the RestoreDeletedObjects parameter.
    • Provide the MergeAttributes parameter.

    Restoring containers

    Restore-VEADItemExample 4. Restoring Active Directory Container to Different Server

    This example shows how to restore an Active Directory container to a different server.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $parentcontainer = Get-VEADContainer -Domain $domain

    $container = Get-VEADContainer -Container $parentcontainer[8]

    $credentials = Get-Credential

    Restore-VEADItem -Container $container[3] -Server "dldc.dim.local" -Credential $credentials -UseSSL -GcServer "DLCD.dim.local"

    Perform the following steps:

    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $parentcontainer variable.
    3. Run the Get-VEADContainer cmdlet. Set the $parentcontainer variable as the Container parameter value. Specify the ordinal number of the parent container. Save the result to the $container variable.
    4. Run the Get-Credential cmdlet to create a credential object. Enter credentials that will be used to connect to the target server. Save the result to the $credentials variable.
    5. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Set the $container[3] variable as the the Container parameter value.
    • Specify the Server parameter value.
    • Set the $credentials variable as the Credential parameter value.
    • Provide the SSL parameter.
    • Provide the GcServer parameter value.

    Restore-VEADItemExample 5. Restoring Active Directory Container to Different Container

    This example shows how to restore an Active Directory container to a different container. The Active Directory container will be restored with the following options:

    • User passwords will be changed with a new password.
    • Users must change their password at next logon.
    • Active Directory accounts will be enabled after restore completes.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $container = Get-VEADContainer -Domain $domain

    $containercreds = Get-Credential

    $targetcontainer = Get-VEADADContainer -Server 172.16.8.223 -Credential $containercred

    $newpassword = Read-Host -Prompt "Enter your password" -AsSecureString

    Restore-VEADItem -Container $container[3]  -Server "172.16.8.223" -Credential $containercreds -TargetContainer $targetcontainer[2] -NewPassword $newpassword -ChangePasswordAtLogon -PasswordRestoreAction NewPassword -RestoreDeletedObjects -AccountState Enabled

    Perform the following steps:

    1. Get the Active Directory object:
    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $container[3] variable.
    1. Get the target Active Directory container:
    1. Run the Get-Credential cmdlet to create a credential object. Enter credentials that will be used to connect to the target server. Save the result to the $containercred variable.
    2. Run the Get-VEADADContainer cmdlet. Specify the Server parameter value. Set the $containercred variable as the Credential parameter value. Save the result to the $targetcontainer variable.
    1. Run the Read-Host cmdlet with the Prompt and AsSecureString parameters. Save the result to the $newpassword variable.
    2. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Set the $container variable as the Container parameter value.
    • Set the $targetcontainer[2] variable as the TargetContainer parameter value.
    • Set the $newpassword as the NewPassword parameter value.
    • Provide the ChangePasswordAtLogon parameter.
    • Set the NewPassword property as the PasswordRestoreAction parameter value.
    • Set the Enabled property as the AccountState parameter value.
    • Provide the RestoreDeletedObjects parameter.
    • Set the $containercreds as the Credential parameter value.

    Restore-VEADItemExample 6. Restoring Active Directory Container with Custom Restore Options

    This example shows how to restore an Active Directory object with the following restore options:

    • Deleted objects will be restored.
    • Changed objects will be restored.
    • Existing multi-valued attributes will be merged with multi-valued attributes from a backup file.

    $session = Get-VEADRestoreSession

    $domain = Get-VEADDomain -Session $session[3]

    $container = Get-VEADContainer -Domain $domain

    $credentials = Get-Credential

    Restore-VEADItem -Container $container[3] -Server "dldc.dim.local" -Credential $credentials -RestoreChangedObjects -RestoreDeletedObjects -MergeAttributes

    Perform the following steps:

    1. Run the Get-VEADRestoreSession cmdlet. Save the result to the $session variable.

    The Get-VEADRestoreSession cmdlet will return an array of active restore sessions. Mind the ordinal number of the necessary restore session (in our example, it is the fourth restore session in the array).

    1. Run the Get-VEADDomain cmdlet. Set the $session variable as the Session parameter value. Save the result to the $domain variable.
    2. Run the Get-VEADContainer cmdlet. Set the $domain variable as the Domain parameter value. Save the result to the $container variable.
    3. Run the Get-Credential cmdlet to create a credential object. Enter credentials that will be used to connect to the target server. Save the result to the $credentials variable.
    4. Run the Restore-VEADItem cmdlet. Specify the following settings:
    • Set the $container[3] variable as the Container parameter value.
    • Specify the Server parameter value.
    • Set the $credentials variable as the Credential parameter value.
    • Provide the RestoreChangedObjects parameter.
    • Provide the RestoreDeletedObjects parameter.
    • Provide the MergeAttributes parameter.

    Related Commands

    I want to report a typo

    There is a misspelling right here:

     

    I want to let the Veeam Documentation Team know about that.