Automated AD Forest Recovery
When identity goes down, we can help bring it back fast. Rapidly recover Active Directory and Entra ID environments from ransomware, operational mistakes, and insider threats to keep your business moving.
demo VIDEO
Automate and accelerate Active Directory recovery
See how Commvault facilitates the restoration of clean, trusted Active Directory services to help enable secure and scalable access.
how we do it
Keep your identity infrastructure resilient. Restore access fast.
Secure, automated protection and recovery of AD and Entra ID environments.
Comprehensive coverage
Automated and frequent daily backups of attributes and objects.
Automated AD forest recovery
Automate and accelerate recovery of the AD forest to a pre-attack state.
Granular object and attribute-level restore
Fast, granular, and accurate recovery of missing, damaged, or misconfigured objects and attributes. Restore users, groups, app registrations, roles, and more.
Interactive comparison reporting
Identify all changes in the AD domain or Entra ID tenant and recover affected data quickly, directly from the report.
AD recovery testing
Regularly test and validate recovery of AD in non-production environments.
Unified protection for hybrid identity environments
Protect Active Directory and Entra ID in hybrid environments with a single, unified solution.
Commvault Cloud Backup & Recovery for AD
Strengthen your identity foundation
Commvault® Cloud helps provide continuous availability of Active Directory services to minimize downtime and maintain business operations.
Automate AD forest recovery
Reduce the time to recover AD after cyberattacks
Accelerate recovery and minimize downtime with automated forest-level recovery for AD. Interactive forest topology visualization and customizable runbooks simplify and guide the recovery process for enhanced accuracy and control.
Accelerate investigations
Quickly identify and roll back changes to the directory
Interactive comparisons identify all changes in the domain between two points in time, allowing you to quickly recover deleted objects or roll back overwritten attributes across the entire directory, right from the report.
Enhance cyber readiness
Support frequent disaster and cyber recovery testing
Easily practice your AD disaster and cyber recovery plans regularly in a non-production lab environment during the good times to prepare for the bad times.
Backup & Recovery for Active Directory pricing
Active Directory
| Standard | Enterprise | |
|---|---|---|
Starting at $0.75 / enabled user / month | Starting at $1.25 / enabled user / month | |
Recover AD users, groups, computers, OUs, contacts, sites, and configuration | Yes | Yes |
Interactive, domain-wide comparisons of all objects and attributes | Yes | Yes |
Protect Group Policies, including settings, links, and security | Yes | Yes |
Rollback overwritten attributes across thousands of objects at once | Yes | Yes |
Recover Entra ID users, groups, licenses, conditional access, and role assignments | Yes | Yes |
Automated forest recovery for AD | No | Yes |
Simplify recovery planning with visual AD topology | No | Yes |
Automated forest recovery for AD | No | Yes |
Orchestrate the 50 – 100+ steps involved including AD restores, DC promotions, and critical AD hygiene tasks | No | Yes |
Support regular disaster recovery testing with interactive runbooks | No | Yes |
Standard
Starting at $0.75 / enabled user / month
Recover AD users, groups, computers, OUs, contacts, sites, and configuration
Interactive, domain-wide comparisons of all objects and attributes
Protect Group Policies, including settings, links, and security
Rollback overwritten attributes across thousands of objects at once
Recover Entra ID users, groups, licenses, conditional access, and role assignments
Enterprise
Starting at $1.25 / enabled user / month
Recover AD users, groups, computers, OUs, contacts, sites, and configuration
Interactive, domain-wide comparisons of all objects and attributes
Protect Group Policies, including settings, links, and security
Rollback overwritten attributes across thousands of objects at once
Recover Entra ID users, groups, licenses, conditional access, and role assignments
Automated forest recovery for AD
Simplify recovery planning with visual AD topology
Automated forest recovery for AD
Orchestrate the 50 – 100+ steps involved including AD restores, DC promotions, and critical AD hygiene tasks
Support regular disaster recovery testing with interactive runbooks
eBook
Protecting the Crown Jewels: Securing Active Directory Against Cyber Threats
Your organization’s digital identity infrastructure is under siege, and traditional backup and recovery methods for AD are no longer sufficient. Learn why these approaches fall short and discover how you can build true identity resilience with Commvault.
Our Reach
Supporting more than 100,000 companies
“We used to manually engineer redundancy to avoid data loss. Commvault provides the needed flexibility and granularity for fast restores.”
“Commvault gives us confidence that our data is safe, and our important services can be up and running quickly.”
“With a long retention strategy, our cloud storage costs were accelerating quickly. Commvault Cloud gave us a way to dramatically lower those costs and keep them predictable, while simultaneously providing us with the data resilience needed to keep our business running.”
Whitepaper
Active Directory forest recovery
Active Directory forest recovery is foundational to maintaining continuous business after a cyberattack. This whitepaper provides an in-depth overview of AD forest recovery, highlighting essential considerations for planning your recovery strategy.
Protect Active Directory from data loss threats
Active Directory protection
Securing the core
Frequently Asked Questions
Why is it essential to protect Active Directory?
Active Directory is a significant target for cybercriminals, especially ransomware. It plays a central role in managing identities and access to network resources, making it a lucrative entry point. Active Directory is a complex system that often has overprivileged accounts, misconfigured security policies, and other vulnerabilities that adversaries can exploit.
- 95 million Active Directory accounts are attacked daily
- 68% of Active Directory attacks involve ransomware
- Attacks can breach Active Directory in about 16 hours
Should an attacker delete or alter Active Directory data, the importance of having recent backups cannot be overstated. These backups allow for a swift restoration to the last known good configuration, helping to remove any vestiges of an attack.
¹ Firmus, Active Directory Security: Fortifying the Heart of Your IT Infrastructure, Feb 2025
² Sophos, The 2023 Active Adversary Report for Tech Leaders
What key benefits does Backup & Recovery for Active Directory deliver?
Automated AD Forest Recovery
Automated forest-level recovery for AD that includes the auto-generation of custom runbooks and point-and-click simplicity to recover complex AD environments in hours, rather than days or weeks.
Interactive Domain Comparisons
Compare all changes in the AD domain or Entra ID between two points in time, quickly identify the data that needs to be recovered or reverted, and restore it quickly, directly from the report.
Fast, Granular Recovery
Flexible, granular recovery allows administrators to quickly recover only the missing, damaged, or misconfigured object attributes and get business systems or users back online quickly without fully restoring an entire Active Directory environment.
Unified protection for AD and Entra ID
Protect hybrid Active Directory and Entra ID environments with a single enterprise-grade solution for use with on-premises or cloud applications like Microsoft 365, Microsoft Dynamics 365, endpoints, and VMs.
SaaS-based control plane for recovery when AD is down
Access your recovery console anytime, even during catastrophic events like ransomware attacks, thanks to Commvault’s SaaS-delivered control plane that operates independently of your Active Directory environment.
How is Active Directory licensed?
Active Directory Backup covers both Active Directory and Entra ID from a single platform. The licenses you purchase cover both workloads. If you have both Active Directory and Entra ID, you only need to license the total number of enabled user accounts in the Active Directory domains managed with the product.
Once you have purchased sufficient licenses, they allow the full functionality for protecting both Active Directory and Entra ID. It’s important to note that no separate licenses are required, simplifying the process further.
When you subscribe to Active Directory Backup, are there any capacity limitations?
Active Directory has no capacity limitations. You get unlimited retention of your backup data, and you can sign up for a free trial to get started today!
Do I have to pay for storage separately?
For AD backups, cloud storage options are BYOS in Azure or Air Gap Protect. If you store backups in Air Gap Protect, you must license the Air Gap Protect storage capacity separately. AD Backup sizes are relatively small compared to other workloads protected by Commvault Cloud.
Ready to get started?
Experience Commvault Cloud for Active Directory
Request a demo today
