Full AD Recovery Cmdlets « Dmitry’s PowerBlog: PowerShell and beyond

I had a few questions after I blogged about the tombstone reanimation cmdlets last week, so here are a few quick answers:

Yes, tombstone reanimation has its limitations – mainly it does not bring back most of the object attributes (including group membership – see the full list in Gil’s article here).
Yes, there is a full set of cmdlets to comprehensive AD restores which don’t have the limitation.

The cmdlets come with Quest’s Recovery Manager for Active Directory. They allow you to do a lot of advanced stuff:

Restore any AD object with all attributes or a subset of them.
Compare any two backups and get a full list of what changed.
Compare live directory against a backup.
Perform all of this for AD or ADAM (ADLDS or whatever it is called these days).
Manage the backups, backup schedules, and so on.

Here’s the full list of the cmdlets with a quick description:

Compare-RMActiveDirectoryObject – compare two backups or compare a backup against live directory.

Restore-RMActiveDirectoryObject – restore deleted or changed objects or any of their attributes.

Get-RMDeletedActiveDirectoryObject – enumerate deleted AD/ADAM objects
Restore-RMDeletedActiveDirectoryObject – reanimates a tomstone for selected AD/ADAM objects.

Start-RMReportViewer – display graphical window with comparison or restoration report.

Start-RMBackup – do a backup right now (as opposed to scheduled backups you manage with RMCollection cmdlets).

New-RMCollection – create a new collection of domain controllers or ADAM servers to do automated backups.
Get-RMCollection – enumerate currect backup collection settings.
Set-RMCollection – change backup settings for a collection (schedule, retention policy, credentials, and so on.)
Remove-RMCollection – deletes a backup collection.
Rename-RMCollection – obviously changes the collection name.
Add-RMCollectionItem – add another DC or ADAM instance to the collection.

Get-RMSession – get information on all or select backup sessions in the past, their results, and so on.

Get-RMBackup – enumerate backups allows you to find a backup to particular DCs/servers, get the latest one or a backup for a particular date, and so on.

Get-RMBackupContent – see what is in a specific backup.

Add-RMBackup – register a backup in Recovery Manager so it can be restored later on.

Export-RMBackup and Import-RMBackup – allow you to move backup configurations between Recovery Manager installations.

Note that these cmdlets are not free. They require a license for Recovery Manager for AD which is a commercial software. You can get a trial license from the product web page, or apply for the MVP license (using the URL from microsoft.private.mvp.3rdpartyoffers, see the MVP Private Newsgroups instructions at https://mvp.support.microsoft.com/gp/mvpbenefits).