In the age of cloud, dependency on Active Directory (AD) is rapidly growing — and so is the attack surface. The threat to AD from ransomware and wiper attacks is generally understood, but the complexity of forest recovery is not. In “the good old days,” AD recovery meant recovering AD from natural disasters and operational errors. But cyberattacks changed all that. Today, it’s quite likely that every domain controller (DC) will be encrypted or completely wiped out in a matter of minutes.

So, what to do you when a cyber-attack wipes out your DCs? Microsoft provides a lengthy technical guide that details the manual-intensive process required to recover an AD forest. There’s no indication if you do something wrong until the end, at which point you have to start over. Third-party backup tools can automate the process, but they were only built to address recovery from IT operational issues, where AD is affected but host servers are not.

With AD becoming a prime target for widespread, business-crippling attacks, it’s time to think “cyber-first.” In this technical workshop, you’ll learn the dos and don’ts of recovering AD from a cyber disaster.


  • Recover AD even if domain controllers are infected or wiped
  • Restore AD to alternate hardware (virtual or physical)
  • Eliminate reinfection of malware from system state backups
  • Automate the entire recovery process and reduce downtime