Now that you have a general idea about the architecture and capabilities of Blackbird recovery, I will give you an overview of how you can restore objects and attributes with the Active Directory backup software.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
Recover deleted Active Directory objects
Blackbird recovery offers three ways to restore deleted AD objects: the Recycle Bin in the Blackbird Management Suite console, the Recycle Bin in the Active Directory Users and Computers interface (ADUC), and through the Deleted Objects tab of the object properties in ADUC or right clicking on the object in ADUC.
Note that this Recycle Bin shouldn’t be confused with the new Recycle Bin feature in Windows Server 2008 R2. As you will see, Blackbird recovery's functionality goes far beyond this new Windows feature.
If you want to recover deleted objects in a certain container, you can do this via the OU's properties in ADUC. As mentioned in one of my earlier posts, the Blackbird Management Suite adds part of its functionality to Microsoft's Active Directory tools.
If you accidentally deleted an OU, you can recover the container with all its child objects through the Recycle Bin. It is also possible to recover single or selected objects this way.
After you decide which objects to recover, you have to choose if you want to use the audit data or the backup of one of the scheduled backups (collectors). The audit data contains the exact state of the object it had right before it was deleted (CDP).
If you restore a single object from a scheduled backup, you can view the object's attribute values first, before you rebuild the object. This is a useful feature if you are uncertain which of the backups you need.
Roll back Active Directory objects
You can also roll back an Active Directory object—that is, restore attribute values of a previous state. For this the object still has to exist in Active Directory. You can roll back AD objects in the Blackbird Management Suite console, either with Blackbird recovery or Blackbird auditor.
It is also possible to roll back objects in ADUC. The context menu of each object in ADUC offers a new Rollback function after you installed Blackbird RSAT extensions. Objects with child objects also have the "Rollback child objects" menu point.
Rollbacks through ADUC or the Blackbird recovery console only allow you to restore attribute values from scheduled backups. Very useful is here that you can compare the attribute values with the current state of the objects before you initiate the rollback.
If you want to roll back an object using audit data—that is, leverage Blackbird's CDP feature—you have to use Blackbird auditor in the Blackbird Management Suite console. The main purpose of Blackbird auditor is to monitor changes of AD objects. (For more information please read the article about auditor express.)
However, Blackbird auditor has this really cool feature that allows you to not only view in detail how a certain object was changed (for example, by whom) but also roll back the object to the state before it was modified if you don't like the modifications. And, best of all, you don't have to restore the whole object but only the attributes you need.
Rollback and recovery of Group Policy Objects (GPOs)
Restoring Group Policy Objects (GPOs) works similar to restoring common Active Directory objects. The main difference is that no CDP is supported for GPO backups at an individual setting level. Instead GPOs can be restored from scheduled backups or automatic versions created by Blackbird. Blackbird recovery senses changes made to GPOs and will automatically create a version for a GPO that has been opened for editing if there have been no changes for 10 minutes. These automatic versions and version created during a scheduled backup are available when performing a restore or rollback.
Deleted GPOs can be restored from the Recycle Bin in the Blackbird Management Suite console. It can be difficult to find the correct GPO because the names don't appear in the Recycle Bin. However, you can view the GPO settings from the backup if you are unsure which GPO to restore.
Rollbacks of GPOs can be launched from Microsoft's Group Policy Management console. Before you roll back a GPO you can compare it with the current state in Active Directory (see screenshot). This feature is not only helpful for restores, but it can also be very useful if you just want to find out how a GPO was configured in the past.
I did not describe all features of Blackbird recovery in this series. For example, I didn't cover Active Directory Schema and DNS data backups. However, the configuration of these features work similarly.
The tight integration of Blackbird recovery with Microsoft's management tools is not only very convenient but also helps you to learn how to use Blackbird recovery quickly. After a while it feels as if Blackbird recovery is just a new Windows feature.
I think it became clear in my review that Blackbird recovery offers many features that common Windows backup solutions lack. Blackbird recovery is a highly specialized Active Directory backup solution that ensures that no precious directory data is lost and can be restored easily and quickly. The integration with the other tools of the Blackbird Management Suite completes the powerful Active Directory backup software.
To participate in the competition for a chance to win a Blackbird recovery license, worth $1,800 USD, please send an email to:
with the subject line:
You can also use this contact form.
The deadline of this contest is August 31, 2010.
Want to write for 4sysops? We are looking for new authors.