Comprehensive data protection for all workloads
Locked
Gostev
SVP, Product Management
Posts: 24092
Liked: 3280 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

[BETA] Veeam Explorer for Active Directory

Post by Gostev » Mar 16, 2014 9:40 pm

Please welcome the new addition to our Explorer family, Veeam Explorer for Active Directory (VEAD). Just like other Veeam Explorers, VEAD performs exports and in-place recoveries of AD objects by drilling directly into the AD database (ntds.dit file), without the use of Virtual Lab.

VEAD supports search and restore of all AD objects types, including users, groups, computer accounts and contacts. It can restore individual object's attributes, the entire objects, and even the whole organizational units (along with the hierarchy). Of course, the deleted objects do not have to be present in the Recycle Bin, as we will obtain all the data from backup where the objects are still present in AD. More importantly, unlike many other Active Directory recovery solutions, we do not require that the tombstone of the deleted object is still present in AD. VEAD is also fully Microsoft Exchange aware, so when restoring the user account, we will restore all Exchange-related attributes and reconnect the mailbox. As you will see, this is a very comprehensive solution.

But, there is one more thing. VEAD also has the unique ability to recover passwords! Imagine accidentally deleting the entire OU with all your users. Without this feature, each user will be prompted to set the new password upon first logon, which is very disruptive and insecure. But this feature will come even more handy if you lose an OU with computer accounts! If you simply restore those back, computers will not be able to logon to the domain because of computer account password mismatch. Now, just imagine the nightmare of going to each computer, switching it into workgroup, and then joining it back into the domain... hundreds of times! This is when you will really appreciate this feature.

Interested? Download beta now (requires B&R 7.0), and post your feedback in this thread!

[UPDATE] Cumulative patch that addresses all issues reported on the beta code as of May 5th > ftp://vead:gBs4953r@supportftp.veeam.com/

lp@albersdruck.de
Enthusiast
Posts: 81
Liked: 32 times
Joined: Mar 25, 2013 7:37 pm
Full Name: Lars Pisanec
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by lp@albersdruck.de » Mar 16, 2014 10:00 pm

Installed the beta.

I can only start the standalone application, I did not find a way to use it from B&R Console when selecting a backup of an AD controller.
Do I have to extract ntds.dit and logs manually to explore them, or is there another way?

Gostev
SVP, Product Management
Posts: 24092
Liked: 3280 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Gostev » Mar 17, 2014 12:19 am

You are quick!

There is no need to extract AD database file. Instead, just initiate file level recovery for a domain controller backup, and the guest file system will be mounted locally on the backup server to C:\veeamflr folder. After that, browse into that folder with VEAD and open ntds.dit .

Of course, once this becomes generally available as a part of v8, you will not perform these manual steps. It will "just work" as with other existing Explorers.

scott.anderson
Service Provider
Posts: 64
Liked: 8 times
Joined: Sep 14, 2011 6:48 am
Full Name: Scott Anderson
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by scott.anderson » Mar 17, 2014 12:40 am

Looks like the Windows version is going to be important.

I've tried the AD Explorer and its working nicely where

Our Veeam server is a 2008R2.

AD is 2008R2, and the DC that I'm running the recovery for is also 2008R2.

However we also have a 2012R2 DC as well. Recovery from this DC fails.

"The specified database cannot be opened on this OS version"

Does this mean that you need to match your Veeam server to the OS of your DC's?
What happens in a mixed OS DC setup?

lp@albersdruck.de
Enthusiast
Posts: 81
Liked: 32 times
Joined: Mar 25, 2013 7:37 pm
Full Name: Lars Pisanec
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by lp@albersdruck.de » Mar 17, 2014 6:45 am

Gostev wrote:You are quick!

There is no need to extract AD database file. Instead, just initiate file level recovery for a domain controller backup, and the guest file system will be mounted locally on the backup server to C:\veeamflr folder. After that, browse into that folder with VEAD and open ntds.dit .

Of course, once this becomes generally available as a part of v8, you will not perform these manual steps. It will "just work" as with other existing Explorers.
Just FYI: if you searched where to find this, take a look at registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters on your AD controller- the path to ntds.dit is there.

It seems to work so far. One small thingie: double clicking the top left icon of the window to close it does not work, it just maximizes/restores the window.

gkennedy
Influencer
Posts: 10
Liked: 10 times
Joined: Aug 01, 2013 3:48 am
Full Name: Gavin Kennedy
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by gkennedy » Mar 17, 2014 7:20 am 3 people like this post

I have just used this to restore a user to AD right now, which is insanely good timing. :)

Worked perfectly - what an awesome tool.

Cheers,
Gavin

Andreas Neufert
Veeam Software
Posts: 3478
Liked: 607 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Andreas Neufert » Mar 17, 2014 8:04 am

Is Win2003 SP2 in Win 2003 AD mode supported?
Is Win2012 R2 in Win2012R2 AD mode supported?

Templaar
Lurker
Posts: 1
Liked: 2 times
Joined: Mar 17, 2014 7:46 am
Full Name: Tomasz Czyz
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Templaar » Mar 17, 2014 8:32 am 2 people like this post

Works perfect on Windows 2012 AD.

Great job guys.

Vitaliy S.
Product Manager
Posts: 22448
Liked: 1443 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Vitaliy S. » Mar 17, 2014 9:01 am

scott.anderson wrote:Does this mean that you need to match your Veeam server to the OS of your DC's?
What happens in a mixed OS DC setup?
Not exactly, currently if you need to open a Windows 2012 R2 DC, then Explorer should be launched either on Windows 8.x or Windows 2012 R2 machine.
Andreas Neufert wrote:Is Win2003 SP2 in Win 2003 AD mode supported?
Is Win2012 R2 in Win2012R2 AD mode supported?
Both of these configurations should work fine.

Battlestorm
Veeam ProPartner
Posts: 20
Liked: 2 times
Joined: Feb 21, 2014 10:49 am
Full Name: Daniel Ely
Location: London, UK
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Battlestorm » Mar 17, 2014 9:02 am

Just opened a backup an ntds.dit from a Win2012R2 DFL/FFL domain on another box running 2012R2 so it opens 2012 R2

Kostya
Veeam Software
Posts: 104
Liked: 28 times
Joined: Jun 18, 2012 9:38 am
Full Name: Kostya Yasyuk
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by Kostya » Mar 17, 2014 9:04 am 1 person likes this post

scott.anderson wrote:Looks like the Windows version is going to be important.
...
However we also have a 2012R2 DC as well. Recovery from this DC fails.
"The specified database cannot be opened on this OS version"

Does this mean that you need to match your Veeam server to the OS of your DC's?
What happens in a mixed OS DC setup?
If you want to open Windows 2012 or Windows 2012 R2 AD database, you have to have Explorer for Active Directory installed on Windows 2012/8 or later.

TommyB
Expert
Posts: 122
Liked: 16 times
Joined: Aug 28, 2013 9:46 am
Full Name: Thomas Braun
Location: Germany.Europe.Terra.Sol.Milkyway.Localgroup.Virgo
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by TommyB » Mar 17, 2014 9:12 am

Very nice feature - already downloaded and try this sometimes this week...

Is there already any list of other features and enhancements for Veeam 8?

I'm especially interested in improvements regarding media handling for tape backup (e.g. more granular email notifications, eject on full tape)

v.eremin
Product Manager
Posts: 16232
Liked: 1325 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by v.eremin » Mar 17, 2014 9:16 am

No, there is no such a list at the moment.

As to your feature requests, you can post them in the corresponding tape subforum or in the existing topics regarding similar questions.

Thanks.

tdewin
Veeam Software
Posts: 1381
Liked: 454 times
Joined: Mar 02, 2012 1:40 pm
Full Name: Timothy Dewin
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by tdewin » Mar 17, 2014 10:24 am

lp@albersdruck.de wrote: Just FYI: if you searched where to find this, take a look at registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters on your AD controller- the path to ntds.dit is there.
Thanks for that , here is a powershell script to connect to your core instance :)

Code: Select all

$server = "ad02"
Invoke-Command -computer $server { Get-ItemProperty -path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\" }

DaveBristolIT
Influencer
Posts: 14
Liked: 1 time
Joined: Mar 17, 2014 11:06 am
Full Name: Dave Hamer
Contact:

Re: [BETA] Veeam Explorer for Active Directory

Post by DaveBristolIT » Mar 17, 2014 11:09 am

Hi Gostev,
This is possibly about to save our bacon. One of our technicians has deleted the entire tree: Configuration/Services/Microsoft Exchange instead of one of the sub trees. (http://www.msexchange.org/img/upl/image ... 813890.jpg)
I've installed VEAD, started a FLR and have mounted the database file successfully - but we can't see the "Configuration" section as it is hidden by default and there is no way of typing in what you'd like to open!
do you have a fix for this that we can apply in the next couple of hours, or should I return to the old UAIR wizard?

Many thanks;
Dave

Locked

Who is online

Users browsing this forum: Baidu [Spider] and 18 guests