I had a few questions after I blogged about the tombstone reanimation cmdlets last week, so here are a few quick answers:
- Yes, tombstone reanimation has its limitations - mainly it does not bring back most of the object attributes (including group membership - see the full list in Gil’s article here).
- Yes, there is a full set of cmdlets to comprehensive AD restores which don’t have the limitation.
The cmdlets come with Quest’s Recovery Manager for Active Directory. They allow you to do a lot of advanced stuff:
- Restore any AD object with all attributes or a subset of them.
- Compare any two backups and get a full list of what changed.
- Compare live directory against a backup.
- Perform all of this for AD or ADAM (ADLDS or whatever it is called these days).
- Manage the backups, backup schedules, and so on.
Here’s the full list of the cmdlets with a quick description:
Compare-RMActiveDirectoryObject - compare two backups or compare a backup against live directory.
Restore-RMActiveDirectoryObject - restore deleted or changed objects or any of their attributes.
Get-RMDeletedActiveDirectoryObject - enumerate deleted AD/ADAM objects
Restore-RMDeletedActiveDirectoryObject - reanimates a tomstone for selected AD/ADAM objects.
Start-RMReportViewer - display graphical window with comparison or restoration report.
Start-RMBackup - do a backup right now (as opposed to scheduled backups you manage with RMCollection cmdlets).
New-RMCollection - create a new collection of domain controllers or ADAM servers to do automated backups.
Get-RMCollection - enumerate currect backup collection settings.
Set-RMCollection - change backup settings for a collection (schedule, retention policy, credentials, and so on.)
Remove-RMCollection - deletes a backup collection.
Rename-RMCollection - obviously changes the collection name.
Add-RMCollectionItem - add another DC or ADAM instance to the collection.
Get-RMSession - get information on all or select backup sessions in the past, their results, and so on.
Get-RMBackup - enumerate backups allows you to find a backup to particular DCs/servers, get the latest one or a backup for a particular date, and so on.
Get-RMBackupContent - see what is in a specific backup.
Add-RMBackup - register a backup in Recovery Manager so it can be restored later on.
Export-RMBackup and Import-RMBackup - allow you to move backup configurations between Recovery Manager installations.
Note that these cmdlets are not free. They require a license for Recovery Manager for AD which is a commercial software. You can get a trial license from the product web page, or apply for the MVP license (using the URL from microsoft.private.mvp.3rdpartyoffers, see the MVP Private Newsgroups instructions at https://mvp.support.microsoft.com/gp/mvpbenefits).
Tags: AD, AD cmdlets, Active Directory, PowerShell, cmdlets
Subscribe by email
0 Responses to “Full AD Recovery Cmdlets”