Active Directory Forest Recovery

ADFR is the only backup and recovery solution purpose-built for recovering Active Directory from cyber disasters. ADFR fully automates the AD forest recovery process, reduces downtime, eliminates risk of malware reinfection, and enables post-breach forensics.

Most backup and recovery products target servers, and Active Directory is included in the backup process because it is a role on the server. But if a cyberattack hits your AD, you need a solution that removes AD from the operating system so you don’t reinfect AD with the malware as part of the recovery process. Semperis ADFR can get AD back online—on a new, trusted server—within minutes, not days, and without reintroducing malware as part of the process. 

Typically, warm sites contain the necessary hardware, but do not contain the most recent version of the production site. Since data is not being consistently replicated between the production and warm site, there is greater latency for failover. ADFR is capable of restoring to alternate hardware and provides IP mapping to create an exact replica (or clone) of your production AD forest in an isolated lab. ADFR reduces the time and effort required to set up and maintain your warm failover site, making it feasible to replicate the production site more often and reduce data latency issues.

ADFR validates each backup rule when it’s created to ensure it can be used to generate a valid forest backup set. By default, the ADFR backup validation process checks to ensure there is at least one DC hosting each partition in the backup set. The status of the backup rule validation process is displayed in the Backup Settings page of the ADFR Administration portal.

Data protection solutions do not offer a cyber disaster recovery solution for Active Directory. They offer backup and recovery of individual domain controllers (DCs) and files. This is an important distinction, and one that applies to other backup vendors as well. Backup vendors can back up a DC, and they can restore a DC. But none can orchestrate the many steps required to correctly and successfully restore an AD forest.

In contrast, ADFR offers a fully automated forest recovery solution that enables you to recover AD even if DCs are infected or wiped out. ADFR automates every aspect of forest recovery, including cleaning up metadata, rebuilding the Global Catalog, and restructuring site topology. Manually rebuilding AD following a cyber incident is a time-consuming, error-prone process that can takes days or weeks.

Bare metal recovery (BMR) can be a convenient way to restore a computer’s operating system and settings, for example, if an OS upgrade goes wrong, or if you want to move a user or an application to a new machine. However, if a DC has been infected or disabled by a cyberattack, the BMR backups will likely contain boot files, other executables, and OS files where malware can hide. If you restore a DC from a BMR backup, you might also restore any malware present in the backup.

When a backup set completes with an error or warning, ADFR automatically sends an email notification to designated recipients. In addition, you can opt into receiving email notifications for successful backups. The ADFR Administration portal also displays backup status information: 1) Dashboard provides a list of recent forest backup sets, showing both available and failed backups. 2) Backups Status & History page displays status details for each backup, including backups that failed and transfers of the backup to the distribution point that failed.

ADFR is purpose-built for AD and can support the recovery needs of even the most complex AD environments, including multi-organization and multi-forest deployments. Organizations with some of the largest and most complex ADs in existence rely on Semperis to implement a cyber-first approach to disaster preparedness and recovery.