Can't remember well how it was in v8, but today this should not be a problem. For example, see here https://helpcenter.veeam.com/docs/backu ... tml?ver=95
to recover AD objects where you can specify a particular username / pwd to connect to your AD for restore. Do note however that your networking must allow this so look at the requirements for ports also.
On the backup repository. I tend to use a specific account to connect to the backup repository. An account that isn't used for something else. Ransomware tends to run in a user context (the user that it used to start its bad things) so if that account is not used, it won't succeed in encrypting your backup files. Please don't forget to store that account / pwd somewhere in a safe (preferred outside the company premises) so that in worse case you have access to the files