Trying to recover specific attribute back to AD user

[mdiver]

We're trying to recover the attribute manager to a large number of users of a specific OU. I have a PS script ready, but struggle with two points in it.
The script is to be run on the VBR itself which is not member of the domain. From the GUI the process works flawlessly - but on a user per user basis, which is not feasible for the large amount of users needed.

Code: Select all

# Get credentials to query live AD as VBR is not member of the domain
$cred = Get-Credential

# Connect to Veeam Backup Server
Connect-VBRServer -Server "localhost"

# Get the application-aware restore point for the VM on July 9, 2025
$appRestorePoint = Get-VBRApplicationRestorePoint | Where-Object {
    $_.Name -eq "dc01.mydomain.local" -and
    $_.CreationTime.Date -eq (Get-Date "2025-07-09").Date
}

# Start the AD restore session
$session = Start-VEADRestoreSession -RestorePoint $appRestorePoint[0]

# Get the backed-up domain
$domain = Get-VEADDomain -Session $session

# Get the container (OU)
$container = Get-VEADContainer -Domain $domain -Recurse | Where-Object {
    $_.DistinguishedName -eq "OU=users,OU=company,DC=domain,DC=local"
}

# Get all user objects in the OU
$users = Get-VEADItem -Container $container | Where-Object { $_.Type -eq "user" }

foreach ($user in $users) {
    # Get the backed-up manager attribute
    $backupManager = $user.Attributes["manager"]

    # Get the current manager from live AD
    $liveUser = Get-ADUser -Identity $user.DistinguishedName -Properties manager -Server dc01.mydomain.local -Credential $cred
    $liveManager = $liveUser.manager

    # Compare and restore if different
    if ($backupManager -ne $liveManager) {
        Write-Host "Restoring manager for $($user.Name)...$($backupManager)->$($liveManager)"
        Restore-VEADItem -Item $user -MergeAttributes
    }
}

# End the session
Stop-VEADRestoreSession -Session $session

I currently struggle with two specific points of the script:

Code: Select all

$user.Attributes["manager"]

does not return the correct attribute. It seems the $user is fetched from the backup without this attribute. As stated, from the GUI it works - so the attribute is well kept in the backup.

Also with

Code: Select all

Restore-VEADItem -Item $user -MergeAttributes

to my understanding I would recover all attributes of the user. But I want to recover only the single attribute "manager" to speed things up and make sure not to manipulate other attributes. In the GUI it is possible to limit the recovery to a certain attribute.

Any help much appreciated.

Thanks,
Mike

[david.domask]

Hi mdiver,

I've not worked closely with the VEAD cmdlets, but doesn't look like the attributes get passed through with our Powershell here based on my quick lab tests.

I'm checking internally, and will update when I get more information on what's expected here.

[mdiver]

Thanks, David.