Reduce backup recovery time and costs to reduce user impact
External Id
126
PD_Domain
Platform Management
PD_SolutionArea
Management
PD_Segment
Management
PD_ProductFamily
RMAD / FE
Productline
Recovery Manager
ProductType
Product
SalesOpsSfdcId
a0v30000000fmMyAAI
SalesOpsProuctGroupSfdicId
a0t30000001APRNAA4
ProductHierarchyId
a0u30000000z0KjAAI
Recover 90% faster with Quest Recovery Manager
Thinking Semperis? Think again.
25-year Microsoft partner. 37B Entra ID objects protected. Learn why thousands choose Quest for AD/Entra ID recovery.
Granular recovery
Restore individual
attributes, even when the object itself has not been deleted, without
rollback.
Flexibility and choice
Choose the best method
for your situation, whether that’s phased recovery, restoring AD to a
clean OS or bare metal recovery.
Transparency
Generate detailed recovery process reports, including an overview of every stage of the recovery, to gain understanding and control.
Clean, malware-free recovery
Eliminate the risk of
malware re-infection throughout your AD forest recovery, scanning for
malware and minimizing its hiding places.
Integrated AD and Entra ID recovery
Integrate recovery
across AD and Entra ID from a single console.
24/7 assurance
Award-winning global
support and always-available incident response in the face of disasters.
Must-have capabilities
Quest Advantage
Recovery Manager
Clean OS recovery
Bare metal recovery
Malware-free recovery
Immutable backups
Supply chain security
Air-gapped storage
Global 24x7 support
Integrated AD and Entra ID recovery
Recovery project visbility
Does not use risky boot files
Password restore
What our customers are saying
Questions to ask when evaluating AD disaster recovery solutions
Quest is extremely mindful of the increased attacks on supply chains and takes great lengths to protect it, with mature supply chain risk management practices and an airgap-secured assembly process that exceeds industry standards. Quest performs no development in countries of security concern.
While other vendors may advertise being cyber-first, be sure to validate supply chain risk management practices, and ensure that your leadership is comfortable with the locations/countries where development is performed.
We provide both automated disaster recovery and granular, object-level recovery within a single solution, ensuring comprehensive protection without the need for schema modifications. Be careful of vendors who pitch automated remediation (which is really just rollback) as a replacement for granular recovery.
We provide a transparent and visible recovery plan with specific, proven steps, progress indicators, and detailed difference reports to ensure effective communication and swift recovery.
Some vendors suggest that clean OS recovery is good enough on its own and that malware detection is not needed to prevent malware re-introduction. But that’s not enough. We ensure AD backups are protected from compromise and malware reinfection with secure storage, clean and efficient backup files, and robust malware detection and removal.
We provide multiple secure storage options for AD backups, recommend air-gapped or immutable storage, and ensure backups can be retrieved without relying on AD authentication.
Make sure your vendor omits boot files in their AD backups, since they present a high risk of malware reinfection. We enhance backup efficiency and minimize malware risks by omitting boot files and other extraneous components from our AD backups.
We offer award-winning technical support with 24/7/365 availability, 1-hour response times for Level 1 cases, and a Premier Support option to reduce SLA times by half.
Quest has the most AD experience in the industry
You won’t find this platform coverage anywhere else. There are other point solutions that claim a lot of things, but Quest is the only single-vendor provider that delivers comprehensive solutions for:
Reduce costly downtime and recover faster
Recovery Manager for Active Directory
Backing up Active Directory and restoring down to object and attribute levels is a lot easier when you have the right Active Directory backup tools. Quest® Recovery Manager for Active Directory is like an insurance plan for your AD environment. It not only enables you to back up Active Directory (AD) at the object and attribute level, but also helps you pinpoint changes to your AD environment at the same granular level. Know what happened, who is impacted and what to roll back. Quickly compare a backup to pinpoint differences at the object level and instantly recover.
Mistakes happen. Your AD environment can be damaged when an administrator accidentally deletes something or makes a mass update that goes wrong. This can negatively impact your productivity for hours or even days, and as a result, cost your company revenue and its reputation. When this happens, you need a disaster recovery plan and Active Directory backup tools to restore your AD environment and get your AD back up and running quickly. Recovery Manager for Active Directory helps you do exactly that, all while reducing recovery time and costs to reduce user impact.
Key Benefits
Reduce downtime
Restore any object in AD and get affected users back to work quickly without restarting domain controllers.
Accelerate recovery
Quickly pinpoint deleted or changed objects or attributes.
Granular restore
Restore only the required attributes without restarting domain controllers with Active Directory backup tools that give you deep restore flexibility.
55%
Of data breaches caused by insiders
95M
AD accounts under attack daily
14sec
Another ransomware attack occurs
Comprehensive recovery
When you have the right Active Directory backup tools, you can restore any object in AD, including users, attributes, organizational units (OUs), computers, subnets, sites, configurations and Group Policy Objects (GPOs). Recovery Manager not only helps you back up Active Directory faster, but also significantly reduces downtime so you can get affected users back to work quickly without restarting domain controllers. You’ll be able to eliminate downtime as well as negative impact on network users.
Hybrid AD and Azure AD recovery
Whether you’re running a hybrid AD environment with Azure AD Connect, or have cloud-only objects or attributes that aren’t synchronized, it’s critical for security and compliance purposes that you have Active Directory backup tools to ensure the availability, integrity and recovery of both on-premises AD as well as Azure AD. Quest On Demand Recovery provides a single recovery dashboard to differentiate hybrid and cloud-only objects, run difference reports between production and real-time backups, and restore all changes, whether on premises or in Azure AD.
Integration with IT Security Search
Use IT Security Search to discover which AD objects have changed, including before and after values, and restore them to a previous state with a few clicks.
Comparison reporting
Highlight changes made since the last Active Directory backup by comparing the online state of AD with its backup or by comparing multiple backups. Accelerate recovery by quickly pinpointing deleted or changed objects or attributes. And with Change Auditor you can easily identify who made the changes.
Recovery console fault tolerance
Share persistent configuration data between several instances of your recovery consoles so that you can quickly resume the last restore operation in case it was unexpectedly interrupted.
Recovery roadmap
Generate a detailed recovery process report. This overview of every recovery stage and operation allows you to gain a better understanding and more control of every aspect of Active Directory backup and recovery.
Delegated recovery
Assign restore tasks to specific users to cut down on recovery timelines and senior-level resource requirements.
Specifications
Before installing Recovery Manager for Active Directory, ensure that your system meets the following minimum hardware and software requirements.
NOTE
- Recovery Manager for Active Directory supports only IPv4 or mixed IPv4/IPv6 networks.
- Recovery Manager for Active Directory Forest Edition can backup and restore domain controllers that are running on virtual machines in Amazon Web Services (AWS) or Microsoft Azure. Note that such domain controllers cannot be restored with the Bare Metal Active Directory Recovery method because there is no way to boot them from an ISO image.
- Processor
Minimum: 2.0 GHz
Recommended: 2.0 GHz or faster
CPU Cores
Minimum: 2 CPU cores
Recommended: 4 CPU cores
Memory
Minimum: 4 GB
Recommended: 8 GB
These figures apply only if the Active Directory domains managed by Recovery Manager for Active Directory include 1 million objects or less. Increase RAM size by 512 MB for every additional 1 million objects.
- Hard Disk Space
Full installation including the prerequisite software: 2.7 GB of free disk space
In case all the prerequisite software is already installed: 260 MB of free disk space
NOTE Additional storage space is required for a backup repository, at least the size of the backed-up Active Directory database file (Ntds.dit) and the SYSVOL folder plus 40MB for the transaction log files.
- Operating System
- Machine that hosts the Recovery Manager for Active Directory console must have same or higher version of Windows operating system than the processed domain controllers. Otherwise, the online compare and object search in a backup during the online restore operation may fail.
- 32-bit operating systems are not supported.
Installation
- Microsoft Windows Server® 2022, 2019, and 2016
- Microsoft Windows 11, 10 x64, 8.1 x64
Targets for backup, restore, or compare operations
- Microsoft Windows Server® 2022, 2019, and 2016 (including Server Core installation
- Microsoft .NET Framework
Microsoft .NET Framework version 4.8 or higher is needed on the console system.
- Microsoft SQL Server and its components
Microsoft SQL Server versions
Microsoft SQL Server® is required for the following Recovery Manager for Active Directory features: Comparison Reporting and Forest Recovery Persistence.
Supported SQL Server versions:
- Microsoft SQL Server® 2022, 2019, 2017, 2016, and 2014 (Enterprise, Business Intelligence, Standard, Express, Web, or Developer Edition)
- Microsoft Windows PowerShell
Microsoft Windows PowerShell version 5.0 or later
- Integration with Change Auditor for Active Directory
Supported versions of Change Auditor for Active Directory: from 6.x to 7.x.
If any prerequisite software is not installed, the Setup program automatically installs it for you before installing Recovery Manager for Active Directory. If the prerequisite software to be installed is not included in this release package, it is automatically downloaded.
Continuous recovery: From version 10.0.1, Recovery Manager for Active Directory together with Change Auditor can restore the deleted object(s) and continuously restores the last change (if any) that was made to the object attributes after creating the backup, using the data from the Сhange Auditor database.
- Antivirus software that is supported for backup antimalware checks
The anti-virus checks are performed on the Forest Recovery Console machine running Windows Server 2016 or higher by means of antivirus software installed on the machine.
- Microsoft Defender
- Symantec Endpoint Protection 14.x
- Broadcom Endpoint Security (former name: Symantec Endpoint Protection 15)
- Supported server management systems
- Integrated Dell Remote Access Controller (iDRAC) 8 and 9
- HP ProLiant iLO Management Engine (iLO) 3, 4 and 5
- VMware vCenter/ESX Server 6.0, 6.5, 6.7 and 7.0
- Microsoft Hyper-V Server 2012 or higher
NOTE: Microsoft .NET 4.8 is not required to be installed on the systems where the Forest Recovery and Backup agents are to be installed. The Secure Storage Agent does use .NET and it is recommended to install 4.8 on the Secure Storage system, but the agent will work with older versions.
Microsoft SQL Server components
Microsoft System CLR Types for SQL Server® 2014
If this component is not installed, it will be installed automatically by the RMAD setup.
Microsoft SQL Server Reporting Services
To display reports, Recovery Manager for Active Directory can integrate with Microsoft SQL Server® Reporting Services (SRSS) 2016, 2017, 2019, and 2022.
- Memory
1 GB (2 GB recommended)
- Hard disk space
2 GB or more
- Operating System
One of the following operating systems:
- Microsoft Windows Server® 2022, 2019, and 2016 (including Server Core installation)
Secure Storage Server
- Processor
Minimum: 2.0 GHz
Recommended: 2.0 GHz or faster
CPU Cores
Minimum: 2 CPU cores
Recommended: 4 CPU cores
Memory
Minimum: 4 GB
Recommended: 8 GB
- Operating system: Microsoft Windows 2016 or higher
- A stand-alone server to be used as your Secure Storage server. This server should be a workgroup server and not joined to an Active Directory domain.
- An account that will be used to deploy the Storage Agent on the Secure Storage server. This account must also be a local Administrator on the Secure Storage server.
- Physical access to the Secure Storage server. Once the server is hardened access with regular methods will be disabled.
- Sufficient storage space on the Secure Storage server for all backup files. For one backup file, the space required is at least the size of the backed-up Active Directory database file (Ntds.dit) and the SYSVOL folder plus 40MB for the transaction log files.
- Cloud Storage
- Internet access available on the Recovery Manager for Active Directory console. A standard outbound HTTPS port 443 is used to upload data to Azure Blob and Amazon Web Services S3 Storage.
- Azure and Amazon Web Services subscription(s) to create and manage Azure and Amazon Web Services S3 Storage accounts and containers.
- A method of creating and managing Azure and Amazon S3 Storage accounts, containers, and policies for the storage account (lifecycle, immutability and replication policies).
You can only use the Password and SIDHistory Recoverability Tool if Microsoft's Active Directory Recycle Bin is not enabled in your environment.
Recovery Manager for Active Directory Disaster Recovery Edition is upgradeable from version 10.0 or later.
FAQs - Active Directory Backup and Recovery
Window Server 2008 R2 included a particularly welcome enhancement, AD Recycle Bin restore, which enables restore of some recently deleted Active Directory objects. To facilitate object recovery in cloud-based environments, Microsoft provides the Azure AD Recycle Bin, which offers similar but not identical functionality to its on-premises sibling.
The Active Directory and Azure AD Recycle Bins are extremely valuable in certain situations. If an AD object, such as a user account, has been mistakenly deleted, for instance, you might be able to restore the object from the AD or Azure AD Recycle Bin. However, the Microsoft Recycle Bin is not, and was never intended to replace Active Directory backup tools. Check out this Active Directory and Azure AD Recycle Bin FAQ and feature comparison to learn exactly what each can do and explore the key limitations.