This post is also available in: Italian
Granular restore of application is usually a complex and long task that may require also good knowledge of the application itself. This because most backup programs just restore the application files and then using specific application procedures you can restore specific objects from those recovered files.
This also apply when you have to restore some object from a Microsoft Active Directory Domain Controller where you have to follow Microsoft directives on how handle Active Directory Backup and Restore. Of course you can enable the AD Recycle Bin and minimize the needs of granular restore, but you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2 in order to enable this function.
Using Veeam Backup & Replication you can use Active Director Application Item Recovery (AD-AIR), but you need at least the Enterprise edition and also you need to deploy Enterprise Manager (although it’s technically possible also without it) and the Virtual Lab environments.
Also if it’s completely wizard driver it takes time in order to make the request, bring up the lab and the VM and then restore the objects.
For recent version of Exchange and SharePoint Veeam has introduced a simple way that use a Veeam Explorer modules similar to a common file explorer (or the Backup Explorer used to restore at file level).
But seems that another tool will soon added: Veeam Explorer for Active Directory is a new tool that extends the functionality of Veeam Backup & Replication, allowing you to browse Active Directory database and recover the necessary items (objects and containers) and their attributes from domain controller backup into production. For that, you do not need to fully restore and start the virtual machine hosting the domain controller. Instead, you can use Veeam Backup & Replication data recovery options to quickly extract the necessary Active Directory database file (.DIT) from the virtualized DC image-level backup, and then use Veeam Explorer for Active Directory to find and restore the required objects.
Actually there is a beta version of Veeam Explorer for Active Directory that is available in the download site:
You will download a standalone product (actually is not integrated with the v7 of the product, but note that it requires Veeam Backup & Replication 7.x already installed, also the free edition could be fine). Then unzip the file and run the installation and follow the wizard.
Also the usage it’s really simple and like the others Veeam Explorers: just run the application, select your AD database files (by default in C:\Windows\NTDS) and start using it.
You can browse your entire AD and restore single objects (or also entire containers) or by exporting them in a LDIF file, or directly by restoring in the existing Active Directory (in this case of course the Veeam machine must be domain joined and you must use a user with the right permissions). You can see also object attributes (but this is not different from what you can do with an LDAP explorer).
Actually there isn’t a release notes, so it’s not clear on which version of AD database could work, but I’ve tested with a 2003 and 2008 R2 database and seems work fine.
Note: Database files created by domain controller running on Microsoft Windows Server 2012 or Microsoft Windows Server 2012 R2 can be open only if Veeam Explorer for Active Directory is installed on machine with the same OS or with Microsoft Windows 8.x operating system.
Note that this can only manage AD object stored in the LDAP directory. Group policy objects (GPO) actually cannot be managed, but, at least, the file part could be restored as usual with the Backup Browser at file level. Several information could be obtained by the online product help, with also some useful hints on how restore the account password.