I had a few questions after I blogged about the tombstone reanimation cmdlets last week, so here are a few quick answers:
- Yes, tombstone reanimation has its limitations – mainly it does not bring back most of the object attributes (including group membership – see the full list in Gil’s article here).
- Yes, there is a full set of cmdlets to comprehensive AD restores which don’t have the limitation.
The cmdlets come with Quest’s Recovery Manager for Active Directory. They allow you to do a lot of advanced stuff:
- Restore any AD object with all attributes or a subset of them.
- Compare any two backups and get a full list of what changed.
- Compare live directory against a backup.
- Perform all of this for AD or ADAM (ADLDS or whatever it is called these days).
- Manage the backups, backup schedules, and so on.
Here’s the full list of the cmdlets with a quick description:
Compare-RMActiveDirectoryObject – compare two backups or compare a backup against live directory.
Restore-RMActiveDirectoryObject – restore deleted or changed objects or any of their attributes.
Get-RMDeletedActiveDirectoryObject – enumerate deleted AD/ADAM objects
Restore-RMDeletedActiveDirectoryObject – reanimates a tomstone for selected AD/ADAM objects.
Start-RMReportViewer – display graphical window with comparison or restoration report.
Start-RMBackup – do a backup right now (as opposed to scheduled backups you manage with RMCollection cmdlets).
New-RMCollection – create a new collection of domain controllers or ADAM servers to do automated backups.
Get-RMCollection – enumerate currect backup collection settings.
Set-RMCollection – change backup settings for a collection (schedule, retention policy, credentials, and so on.)
Remove-RMCollection – deletes a backup collection.
Rename-RMCollection – obviously changes the collection name.
Add-RMCollectionItem – add another DC or ADAM instance to the collection.
Get-RMSession – get information on all or select backup sessions in the past, their results, and so on.
Get-RMBackup – enumerate backups allows you to find a backup to particular DCs/servers, get the latest one or a backup for a particular date, and so on.
Get-RMBackupContent – see what is in a specific backup.
Add-RMBackup – register a backup in Recovery Manager so it can be restored later on.
Import-RMBackup – allow you to move backup configurations between Recovery Manager installations.
Note that these cmdlets are not free. They require a license for Recovery Manager for AD which is a commercial software. You can get a trial license from the product web page, or apply for the MVP license (using the URL from microsoft.private.mvp.3rdpartyoffers, see the MVP Private Newsgroups instructions at https://mvp.support.microsoft.com/gp/mvpbenefits).