Forest Recovery icon

Active Directory Forest Recovery

See it live

Active Directory is in the attackers’ crosshairs

Widespread attacks exploiting Microsoft Active Directory have crippled businesses in recent years. When a ransomware or wiper attack takes out your domain controllers, recovering your forest can drag on for days or even weeks and risk malware re-infection in the process. But with Semperis Active Directory Forest Recovery (ADFR), you can get your business back in business in less than an hour. Soup to nuts.

Let us prove it
Fastest. Automate the entire forest recovery process, avoid human errors, and cut downtime by 90%.
Safest. Eliminate the risk of malware re-infection from system state and bare-metal recovery.
Easiest. Recover to alternate hardware – virtual or physical – on premises or in the cloud.

Was your AD backup built for a different era?

So, what do you do when a cyberattack annihilates your entire Active Directory infrastructure? Well, Microsoft provides a lengthy technical guide that details the 28-step multi-threaded manual process required to recover an AD forest. Or, you could use a third-party AD backup tool that relies on bare-metal recovery (BMR). But be warned: Recovery from system state or bare-metal backups can re-introduce the infection all over again. Yikes! Don’t worry, Semperis has a solution built for the “post-NotPetya” world. The risk model for AD recovery has changed. So should your AD recovery plan.

Cyber-First Checklist

The extinction event is real.

If Active Directory is down, business stops. Period. With malware running rampant, the threat of an AD disaster is greater than ever. In many cases, domain controllers are being weaponized to spread ransomware and encrypt thousands of machines at once. And opportunistic attackers are compromising targeted networks several months before deploying the ransomware, waiting to monetize their attacks until they see the most financial gain. It’s impossible to stop every attack, especially as remote workforces rapidly expand the attack surface. But you can control how resilient you are. Your business depends on it.

By the end of 2021
every 11 seconds Ransomware attacks a business
$20 billion In ransomware global damages

Lack of testing tops list of AD recovery concerns.

In a wide-spread outage, you must recover AD before you can recover your business. But only one in five organizations have a tested plan in place for recovering AD after a cyberattack.

Download the report

Purpose-built to
combat cyber disasters

In the good old days, Active Directory outages were limited to natural disasters or operational mistakes. Considering that cyberattacks inflict more damage and strike more frequently than natural disasters, it’s time to think “cyber-first.” Does your disaster recovery playbook address this reality? Semperis does.

  • Malware-proof your backups
  • Automate forest recovery
  • Remove hardware dependencies
  • Stress-test disaster preparedness
  • Malware-proof your backups

    Confidently restore to the most recent backup, even if domain controllers were infected when backups were taken. Patented technology de-couples Active Directory from the underlying operating system to prevent OS malware re-infection. No need for trial-and-error restores in search of clean backups. No rebuilding AD from scratch. Minimize the impact of AD outages.

    Learn More
  • Automate forest recovery

    Recover an entire Active Directory forest with just a few clicks. Automate every aspect of forest recovery, such as cleaning up metadata, rebuilding the Global Catalog, and restructuring site topology. Avoid human errors and reduce downtime to minutes instead of days or even weeks. Avert costly business interruption. Be a hero.

    Learn More
  • Remove hardware dependencies

    The fastest, most flexible, and surest way to recover Active Directory after a cyberattack. Recover AD to any hardware, virtual or physical. Cut the cost of maintaining spare equipment, avoid the scramble to procure new hardware, and leverage the cloud as a readily available, cost-effective disaster recovery site.

    Learn More
  • Stress-test disaster preparedness

    Effortlessly spin up an exact copy of your production AD forest in a lab to regularly test your disaster recovery plan. Save the resources typically required to build and maintain test environments. Assess your gaps, implement technology and process improvements, and validate effectiveness. Prove business SLAs.

    Learn More

Restore with confidence

Back in 2015, Microsoft estimated that 95 million AD accounts were under attack every day. Fast forward to today, and COVID-19 has dramatically changed the workplace. The idea of having to recover AD from scratch is no longer theoretical. It now must be a critical part of incident response planning.

Anywhere Recovery

Anywhere Recovery: Restore AD to any hardware, virtual or physical – on premises or in the cloud.

Clean Restore

To prevent re-introduction of rootkits and other malware, ADFR starts with a clean Windows operating system and only restores what’s needed for the server’s role as a DC, DNS server, etc.

Advanced Automation

Automates the entire recovery process, including restoring DCs, rebuilding the Global Catalog, cleaning up metadata and the DNS namespace, restructuring the site topology, re-promoting DCs, and more.

Zero Maintenance

Eliminates the need to develop and maintain scripts or manually update configuration information – and the recovery failures that occur when these things don’t get done.

Backup Integrity

Checks each backup set to verify that it contains all the data necessary to successfully recover your forest, and that this data was successfully written to one or more locations. Also notifies you of any gaps in backup jobs.

Share Nothing Architecture

Runs independent of AD – with no reliance on Windows authentication, DNS, or other AD services – so you can recover immediately even if AD is completely down.

Easy DR Testing

Spin up an exact replica of the production AD forest, using available servers, in an isolated lab to effortlessly test recovery procedures and document results for compliance with internal and external regulations.

Lightweight AD Backups

Backs up only the AD components. This results in smaller backups, which means less data to retrieve, process, and transfer – and less time to perform these operations during restore.

Multi-Forest Support

Manage backup and recovery of multiple AD forests using a single management server and web portal, simplifying setup and ongoing administration.

PowerShell Support

Includes PowerShell commands for automating Semperis ADFR management, providing easier management of backup groups, backup rules, agents, and distribution points.

Distributed Backup Failover

Leverages distribution point servers to store backups close to domain controllers, reducing network traffic as well as backup and recovery times.

Take back the keys to your kingdom

Request a demo
Lightning Speed 10X faster forest recovery. Learn More
Semperis is exactly what I hoped for in an AD recovery tool. Over the years, I’ve had numerous concerns about forest recovery, and Semperis addresses them all.
InfoSec Identity and Directory Lead Global 500 Retailer
Everything starts with an ID and password. First thing you need to recover is credentials to do any other type of recovery.
Kerry Kilker Former CISO | Walmart
The Semperis platform helped El AI reach a point where we are sure that we can overcome any Active Directory outage.
Deputy Director of Infrastructure EI AI Airlines
Battle Tested 54,967,674 IDENTITIES PROTECTED

Semperis delivers security and business wins.

  • Cyber-First

    We built the market’s only backup and recovery solution capable of cleanly restoring AD from cyber disasters like ransomware and wiper attacks – even if domain controllers are infected or wiped out completely.

  • Simple & Powerful

    When your business is down, every second counts and complexity is your enemy. With end-to-end automation, you say goodbye to resource-intensive and error-prone recovery processes. Save precious time and resources.

  • Cost-Effective

    Traditional AD recovery burns time and money. We don’t just save you from costly outages – we also shrink your overhead with advanced automation, anywhere recovery, and easy DR testing capabilities.

How can Semperis help me?


Malware encrypts or wipes all of your domain controllers. Active Directory no longer exists in your environment and must be restored from backup.


A hacker gains access to your network, and the extent of the damage is unknown. As part of a comprehensive response that includes resetting passwords, all domain controllers must be restored from backup to eliminate rootkits and other malware.

Schema extension gone wrong

A schema extension corrupts the forest, and Active Directory is no longer responding to requests. The schema change is irreversible, so the forest must be restored from backup.

Errant script

An errant script deletes a large number of sites and subnets, and you need to authoritatively restore the Configuration partition from backup.

Rogue administrator

A rogue administrator removes read permissions on the root level of the domain, and Active Directory is unresponsive. You need to recover a partition or the entire forest.

Site disaster

An individual site is taken out by a fire, flood, power outage, or another disaster, and recovery from backup is the fastest way to restore its domain controllers.

Lab Setup

You can also use Semperis ADFR to spin up a copy of production domain controllers in the lab, significantly reducing the time required to set up and maintain dev/test, staging, training, and support environments.

Industry Honors

We help our customers be heroes.

Deloitte Fast 500
CyberSecurity Excellence Awards 2021
2021 Globee® Business Awards
CISO Choice Awards
 2021 Global InfoSec Awards
Unlock cyber resilience. Get a demo