In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

 Objective 

To enable and configure Active Directory backup, recovery, and archive settings in ADAudit Plus for safeguarding AD objects and restoring them when needed.

 Prerequisites 

• You must have an account with administrative privileges in ADAudit Plus.

• The ADAudit Plus server must have continuous network connectivity to the domain controllers.

• Sufficient storage space should be allocated to store backup and archive data.

• Ensure the ADAudit Plus service account has the required permissions to access the domain controllers and the configured backup path.

 Steps to follow 

 Step 1: Configure backup settings 

1. Log in to the ADAudit Plus web console using an account with administrative privileges.

2. Navigate to AD Backup tab → Backup and Recovery → Backup Summary.

3. Select the domain for which you want to enable backups from the Domain Name drop-down box.

4. In the backup path field, specify the location where backup data will be stored.

5. Click the + icon in the organizational units section to select all or specific OUs to back up.

6. From the list of OUs displayed, select the desired OUs.

7. Expand a parent OU node to view and select its child OUs.

8. To back up only the parent OU contents and exclude nested containers, enable the exclude child ou(s) option located in the lower-right corner.

9. In the object types field, click the add icon.

10. In the pop-up that appears, select the objects and attributes you wish to back up.

11. If any custom attribute is missing, click the add attributes link and search for the attribute by its LDAP name.

12. In the full backup scheduler field, specify the date and time the backup should run each month.

13. In the incremental backup scheduler field, specify whether the backup should run daily or weekly.

14. Select the day you want the backup to run using the take backup on dropdown.

15. Set the backup time in the select backup time field.

16. Enter the number of backups you want to retain.

17. Click advanced settings to configure the following:

18. In the deleted objects validity field, enter the number of years to retain deleted AD objects.

19. Enable the use paexec to backup gpos option to back up group policies using PAExec.

20. Enable auto-start interrupted backup to restart backups automatically if interrupted.

21. Enable force replication to replicate domain controller changes before backup.

22. Enable backup disabled objects if you want to back up disabled user and computer objects.

23. Click save to complete the backup configuration.

 Step 2: Configure recovery settings 

Recovery settings help you configure the restore and recycle options on the objects in the domain that you wish to recover. Using the settings in this section, you can perform the following operations while recovering AD objects:

• Use default password

• Preserve object password

• Force replication

• Recover tombstone expired objects

 Default passwords   

This option allows you to set a default password when you restore deleted user accounts.

To enable this feature,

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Recovery Settings.

2. Click Show Password option to view the default password for recycled user accounts.

3. To change the default password, click the icon located in the Action column of the relevant domain, click [Change] and then type in the new password.

4. Click Save to save the changes.

 Preserve object password   

Select this option if you want to retain a user's last set password in the AD. This helps in restoring the last set password along with the user account during restoration.

To enable this feature,

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Recovery Settings.

2. Click the icon located in the Action column of the relevant domain and mark the checkbox against Preserve Object Password.

3. Click Save.

Note: ADAudit Plus does not store user passwords. When this option is selected, ADAudit Plus modifies the AD schema to instruct Active Directory to retain the unicode-pwd attribute when a user is deleted. When deleted users are restored, the unicode-pwd attribute is also recovered along with the other attributes of the user, thereby restoring the user's last set password.

 Force replication   

Enabling this setting will immediately replicate any Restore/Rollback changes to all other domain controllers in the domain.

To enable force replication,

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Recovery Settings.

2. Click the icon located in the Action column of the relevant domain and mark the checkbox against Force Replication.

3. Save the changes.

 Recover tombstone lifetime expired objects   

To enable recovery of tombstone lifetime expired objects,

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Recovery Settings.

2. Click the icon located in the Action column of the relevant domain and mark the checkbox against Recover Tombstone Expired Objects.

3. Save the changes.

 Step 3: Configure archive settings
 Backup archiving involves creating copies of backup files for long-term retention. The archiving process helps prevent losing backups after a certain period and ensures that data remains available and accessible in case of data loss, system failures, or disasters.

Indexed data

1. This backup data can easily be recovered and is available for performing restorations.

2. Backup retention for indexed data is set to six months by default.

3. You can manually specify the period for which the indexed data should be available for performing restorations.

4. The minimum retention period for indexed data is three months, and the maximum is 12 months.

Archived data

1. This is the backup data which has been archived for storage. You can index archived data at any time to perform restorations.

2. After one full backup is completed, there will be a snapshot of the previous full backup in the archive repository, but the latest full backup will not be archived.

3. Archive backup retention is set to 24 months by default.

4. You can also manually specify the period for which the archived data should be available in the storage.

5. The minimum retention period for archived data is 12 months, and the maximum is 60 months.

Configure archive settings

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Archive Settings.

2. Specify the number of months for which archived data has to be retained in the Retain archived data for field.

3. Specify the number of months for which the indexed data has to be retained in the Retain indexed data for field.

4. Click Save.

 Indexing and de-indexing   

1. Login to ADAudit Plus and navigate to AD Backup tab → Settings → Archive Settings.

2. Click Show Archives at the top-right corner. The information below will be displayed on the page:

• No. of Archives: The total number of backup archives in the archive repository.

• Total Archives Size: Total space occupied by the archived data.

• No. of Indexed Archives: The total number of indexed archives available for performing restorations.

• Total Indexed Archive Size: Total space occupied by the indexed data.

3. Select the archive(s) you wish to index and click the Index Archive button. Similarly, select the archive(s) you wish to de-index and click the Deindex Archive button.

Validation and confirmation

• Verify that backup snapshots are created automatically based on the configured schedule.

• Check that archive files appear in the designated archive path according to the archive schedule.

• Test restoring a backup of a sample object to confirm recovery settings are functioning correctly.

Tips

• Monitor available disk space regularly to ensure backups and archives do not fail due to insufficient storage.

• Use incremental backups to optimize storage usage and reduce backup duration.

• Test recovery operations periodically in a controlled environment.

Related topics and articles

• How to use the Revert AD Changes feature in ADAudit Plus.