Forest Recovery Overview

Cayosoft Guardian provides automated recovery of an entire Active Directory forest in the event of a disaster. With Cayosoft Guardian, you can:

• Restore the full forest to a clean, healthy state.

• Recover directory services to new or existing (pre-created) virtual machines.

• Validate recovery plans through test recovery operations.

Types of forest recovery

You can recover your Active Directory forest in two main ways:

• Recover to automatically created virtual machines - provisions new VMs according to the recovery plan.

• Recover to pre-created virtual machines - reuses existing infrastructure or VMs you’ve provisioned manually.

To learn more about the feature, see Forest Recovery: Create, configure, verify and run forest recovery plan.

 

Recovering to pre-created virtual machines

If you want to recover your forest to pre-created virtual machines, certain additional steps are required. This process ensures that Guardian connects to and uses these VMs correctly during recovery.

1. Manually prepare your recovery site by creating clean virtual machines for each domain controller that will be restored. Learn more in: Prepare recovery site manually

2. Ensure the operating system versions and patch levels match your requirements. Learn more in: software requirements

3. Configure networking so these VMs are isolated (to prevent accidental replication with production). Learn more in: Manage Backup Locations and Backups.

4. Adjust recovery plan settings in Guardian to map each virtual machine to its target DC role. Learn more in: Forest Recovery Settings.

5. Verify prerequisites like IP settings, DNS, and firewall rules are set to allow the recovery. Learn more in: Required ports for Cayosoft Guardian

Scenarios

Cayosoft Guardian Forest Recovery supports the following scenarios:

1. Create encrypted backups of domain controllers on a network share or on an Azure file share. Backups must be created in advance, so they can be used for any recovery scenario. Learn more in: Back up to Azure or Amazon S3 storage.

2. Recover an Active Directory container. Use this option if many AD objects were modified or deleted. For individual object restores, use the rollback feature in the Change History. Learn more in: Forest Recovery: Create and run AD DC recovery plan.

3. Ensure an accurate and consistent recovery of your Active Directory forest, Cayosoft Guardian collects forest-wide metadata during the backup phase. Learn more in: How Cayosoft Guardian collects forest metadata from Domain Controllers.
4. Restore a domain controller. Learn more in: Configure an AD DC recovery plan to recover the selected AD DC non-authoritatively.
5. Recover an Active Directory domain. Learn more in: Create and configure an AD DC recovery plan to recover the whole domain authoritatively.
6. Create a recovery site in Azure and recover an Active Directory forest. Learn more in: Forest Recovery: Create a cloud recovery site for Forest Recovery plan.
7. Set up a scheduled creation of standby recovery sites. Learn more in: Forest Recovery: Recovery plan for standby forest.