I love seeing companies roll out features I can actually use. It’s even more impressive when I see it actually working. As of May 2014, Veeam Explorer for Active Directory (VEAD) is in beta. In this post I will quickly go over it’s capabilities, what the ntds.dit file is, the restore process, and in the end – my thoughts.
VEAD searches and restores all Active Directory objects:
- Users – VEAD will restore the user’s password too!
- Computers – VEAD will restore the computer’s password with the DC!
- Organizational Units (OUs)
VEAD restores objects by pulling that data from the ntds.dit file.
The ntds.dit is the database that stores Active Directory data. It stands for NT Directory Services. DIT stands for Directory Information Tree.
The ntds.dit file can be found in two locations:
- The database used by a domain controller. In recent Windows Servers you should find the ntds.dit file here.
- The distribution copy of the default directory that is used when you promote a Windows 2000 based computer to a domain controller.
The process to restore an Active Directory object is as follows:
1. Start restore job in Veeam Backup & Replication
2. Use Backup Browser to find ntds.dit file
3. Use Veeam Explorer for Active Directory to restore object
Install Veeam Explorer for Active Directory if you haven’t done so yet.
When you open VEAD you will have a sad empty window. Let’s open Veeam B&R first.
In Veeam B&R, click on Restore and select VMware.. (or Hyper-V if that’s your hypervisor)
Select the date and time of the backup you want to restore from which depends on how many restore points you maintain.
Veeam Backup Browser opens after you click on Finish. In this window, browse to the location of the ntds.dit file.
Location of ntds.dit file on my Windows Server 2008 server is C:WindowsNTDSntds.dit
During the restore process from Veeam Backup & Replication, it mounts the backup on the following path: C: VeeamFLRserver-name
Your path may be different.
Shift + Right-click the ntds.dit file and select Copy as path. We will use the path in Veeam Explorer.
Back in Veeam Explorer for Active Directory, click on Add Database and paste the path from the previous step into the Database file. Remove the quotes. The Logs folder path will automatically populate. If you keep the logs elsewhere, replace the path.
Once the recover process completes you will be able to browse the ntds.dit database. Find the object you need to restore and right-click to see the restore options. You have other options in the ribbon.
Right-click on the object and select View attributes to see Active Directory attributes for the object. As I said above, VEAD will recover a user’s password. Another neat recovery feature is that VEAD is Exchange aware. It will restore the Exchange attributes and reconnect it to his/her mailbox.
Although VEAD is in beta I am very impressed. Another exceptional product from Veeam. With Veam Explorer for Exchange and Active Directory, we have what we need to perform restores with ease.
I think the process can be streamlined beginning with Veeam B&R. These applications should be installed when you install B&R. When you initiate the restore process, there should be an option to restore AD, Exchange, or SQL. From there, open the Veeam Explorer window automatically and have it search for the ntds.dit file for you using the default paths. I think that would eliminate some of the manual process given you used the default paths.
It’s natural to compare Veeam to Backup Exec. I am convinced Veeam is a great replacement if your environment is fully virtualized.
My honest opinion is Veeam makes backup and restores so simple. Restoring shouldn’t be difficult and convoluted. We have many options for restore. Because Veeam is built into virtualization, it positions itself to be the obvious choice for backup, restores, and replication.
Next up in my trial is Veeam Explorer for SQL.
What do you think of the Veeam Explorers?