Active Directory Forest Recovery icon

Active Directory Forest Recovery

Cyber-First Disaster Recovery for AD See it live

Active Directory is in attackers’ crosshairs

Widespread attacks exploiting Active Directory have crippled businesses in recent years. When a ransomware or wiper attack takes out domain controllers, recovering your forest can drag on for days or even weeks, risking malware re-infection in the process. But with Semperis Active Directory Forest Recovery (ADFR), you can get your business back in business—in less than an hour.

Let us prove it
Fastest. Automate the entire forest recovery process, avoid human errors, and cut downtime by 90%.
Safest. Eliminate the risk of malware re-infection that system-state and bare-metal recoveries can introduce.
Easiest. Recover to alternate hardware—virtual or physical—on premises or in the cloud.

Was your AD backup built for a bygone era?

What do you do when a cyberattack annihilates your entire Active Directory infrastructure? Microsoft provides a lengthy technical guide that details the 28-step multi-threaded manual process required to recover an AD forest. Or you could use a third-party AD backup tool that relies on bare-metal recovery (BMR). But be warned: Recovery from system-state or bare-metal backups can re-introduce the infection all over again. Don’t worry. Semperis has a solution built for the post-NotPetya world. The risk model for AD recovery has changed. So should your AD recovery plan.

Cyber-First Checklist

The extinction event is real.

If Active Directory is down, business stops. Period. With malware running rampant, the threat of an AD disaster is greater than ever. In many cases, domain controllers are weaponized to spread ransomware and encrypt thousands of machines at once. Opportunistic attackers often compromise targeted networks several weeks before deploying ransomware, waiting to monetize their attacks until they see the most financial gain. It’s impossible to stop every attack, especially as remote workforces rapidly expand the attack surface. But you can control how resilient you are. Your business depends on it.

By 2031
every 2 seconds Ransomware will attack a business
$265 billion In ransomware global damages

Lack of testing tops the list of AD recovery concerns.

In a widespread outage, you must recover Active Directory before you can recover your business. But only one in five organizations have a tested plan in place for recovering AD after a cyberattack.

Download the report

Purpose-built to
combat cyber disasters

Remember when Active Directory outages were limited to natural disasters or operational mistakes? Now, cyberattacks inflict more damage and strike more frequently than natural disasters. Does your disaster recovery playbook address cyber disasters? Semperis ADFR does.

  • Malware-proof your backups
  • Automate forest recovery
  • Remove hardware dependencies
  • Stress-test disaster preparedness
  • Malware-proof your backups

    Confidently restore to your most recent backup, even if domain controllers were infected when backups were taken. Semperis’ patented technology decouples Active Directory from the underlying operating system to prevent malware re-infection. No need for trial-and-error restores in search of clean backups. No rebuilding AD from scratch. Minimize the impact of AD outages and get back to business—fast.

    Learn More
  • Automate forest recovery

    Recover an entire Active Directory forest with just a few clicks. Automate every aspect of forest recovery, including cleaning up metadata, rebuilding the Global Catalog, and restructuring site topology. Avoid human errors and reduce downtime to minutes instead of days or even weeks. Avert costly business interruption. In short: Be a hero.

    Learn More
  • Remove hardware dependencies

    ADFR is the fastest, most flexible, and surest way to recover Active Directory after a cyberattack. Recover AD to any hardware—virtual or physical. Cut the cost of maintaining spare equipment, avoid the scramble to procure new hardware, quickly set up a recovery environment, and leverage the cloud as a readily available, cost-effective disaster-recovery site.

    Learn More
  • Stress-test disaster preparedness

    Regularly test your disaster-recovery plan by effortlessly spinning up an exact copy of your production Active Directory forest in a lab environment. Save the resources typically required to build and maintain test environments. Assess your gaps, implement technology and process improvements, and validate effectiveness to prove your business SLAs.

    Learn More

Restore with confidence

Back in 2015, Microsoft estimated that 95 million Active Directory accounts were under attack every day. Fast forward to today, and the idea of having to recover AD from scratch is no longer theoretical. A full AD forest recovery now must be a critical part of incident response planning.

Anywhere Recovery

Restore AD to any hardware—virtual or physical—on premises or in the cloud.

Clean Restore

Prevent re-introduction of rootkits and other malware by starting with a clean Windows operating system and restoring only what’s needed for the server’s role (domain controller, DNS server, and so on).

Advanced Automation

Automate the entire recovery process, including restoring and re-promoting domain controllers, rebuilding the Global Catalog, cleaning up metadata and the DNS namespace, restructuring the site topology, re-promoting DCs, and more.

Zero Maintenance

Eliminate the need to develop and maintain scripts or manually update configuration information —and the recovery failures that can result from human error.

Backup Integrity

Gain confidence that each backup set contains all the data you need to successfully recover your forest, successfully written to one or more locations, with backup verification and notification of any gaps.

Share-Nothing Architecture

Free AD backups from reliance on Windows authentication, DNS, or other AD services—so you can recover immediately, even if AD is completely down.

Easy D-Recovery Testing

Spin up an exact replica of the production AD forest in an isolated lab to effortlessly test recovery procedures and document results for compliance with internal and external regulations.

Lightweight AD Backups

Back up only AD components for smaller backups, which means less data to retrieve, process, and transfer—and faster restores.

Multi-Forest Support

Simplify setup and ongoing administration by using just one management server and web portal for backup and recovery of multiple AD forests.

PowerShell Support

Use built-in PowerShell commands to easily manage backup groups, backup rules, agents, and distribution points.

Distributed Backup Failover

Reduce network traffic and backup recovery times by using distribution point servers to store backups close to domain controllers.

Take back the keys to your kingdom

Request a demo

OS Provisioning Tool

Quickly set up a recovery environment using a PowerShell-based tool that prepares virtual machines for a full ADFR recovery.

Lightning Speed 10X faster forest recovery. Learn More
Semperis is exactly what I hoped for in an AD recovery tool. Over the years, I’ve had numerous concerns about forest recovery, and Semperis addresses them all.
InfoSec Identity and Directory Lead Global 500 Retailer
Everything starts with an ID and password. First thing you need to recover is credentials to do any other type of recovery.
Kerry Kilker Former CISO | Walmart
The Semperis platform helped El AI reach a point where we are sure that we can overcome any Active Directory outage.
Deputy Director of Infrastructure EI AI Airlines
"Cyberattacks have affected every industry, but in healthcare, the stakes are higher. With Semperis, our Active Directory recovery time improved dramatically. It changed from weeks to hours."
David Yancey Prime Healthcare Senior Systems Engineer
Semperis has unmatched experience in breach preparedness and incident response to Active Directory and other identity-based cyberattacks. Semperis' solution-based approach focuses not only on their premier technology to meet customer challenges but also best practices and guidance for people and processes, setting them apart from their competitors.
Sarah Pavlak Frost & Sullivan Industry Principal
Battle Tested 54,967,674 IDENTITIES PROTECTED

Semperis delivers security and business wins.

  • Cyber-First

    ADFR is the market’s only backup and recovery solution capable of cleanly restoring AD from cyber disasters like ransomware and wiper attacks—even when domain controllers are infected or wiped out.

  • Simple & Powerful

    When your business is down, every second counts. Complexity is your enemy. With ADFR's end-to-end automation, you can save precious time and resources and say goodbye to resource-intensive and error-prone recovery processes.

  • Cost-Effective

    Traditional AD recovery burns through time and money. We don’t just save you from costly outages; we also shrink your overhead with advanced automation, anywhere recovery, and easy disaster-recovery testing capabilities.

How can Semperis help me?


Malware encrypts or wipes all your domain controllers. Active Directory no longer exists in your environment and must be restored from backup.


A hacker gains access to your network, and the extent of the damage is unknown. As part of a comprehensive response that includes resetting passwords, all domain controllers must be restored from backup to eliminate rootkits and other malware.

Schema extension gone wrong

A schema extension corrupts the forest, and Active Directory is no longer responding to requests. The schema change is irreversible, so you must restore the forest from backup.

Errant script

An errant script deletes numerous sites and subnets, and you need to authoritatively restore the Configuration partition from backup.

Rogue administrator

A rogue administrator removes read permissions on the root level of the domain, and Active Directory is unresponsive. You need to recover a partition or the entire forest.

Site disaster

An individual site is taken out by a fire, flood, power outage, or another disaster. Recovery from backup is the fastest way to restore its domain controllers.

Lab Setup

Setting up an isolated recovery environment during an in-progress breach can be time-consuming and difficult. The new OS provisioning tool in ADFR lays the groundwork for a speedy AD recovery.



Industry Honors

We help our customers be heroes.

CyberSecurity Excellence Awards 2021
2021 Globee® Business Awards
 2021 Global InfoSec Awards
Unlock cyber resilience. Get a demo