This guide helps you to get started with Microsoft Active Directory data protection.
How should I get Microsoft Active Directory data protection enabled?
Druva can back up Microsoft Active Directory data for you if you have an Enterprise license. Or you can contact our support or sales team to enable Microsoft Active Directory data protection for your account.
Licensing Overview and Details
To begin using Druva to protect your Microsoft Active Directory data, you need to have an Enterprise license for Druva for Microsoft Active Directory. Please reach out to our support or sales team to enable Druva for Microsoft Active Directory data protection for your account.
How licensing works?
Druva licenses Microsoft Active Directory (AD) based on the number of active, unblocked, and undeleted AD user accounts.
Supported Microsoft Active Directory versions:
Windows Operating System
•Windows Server 2025 (64-bit)
•Windows Server 2022 (64-bit)
•Windows Server 2019 (64-bit)
Get started with Druva for Microsoft Active Directory
If you are ready to back up your Microsoft Active Directory data, here are the things that you need to get started.
Prerequisites
Before proceeding with the configuration, ensure the following conditions are met on the target Windows Server:
Identity and Directory Services
LDAP Configuration: Lightweight Directory Access Protocol (LDAP) must be fully set up and operational on the local machine.
DSRM Password: The Directory Services Restore Mode (DSRM) password must be set and documented. This is critical for booting into safe mode to repair Active Directory during Forest Recovery - System State Recovery.
Data Protection and Recovery
Active Directory Recycle Bin: This feature must be Enabled. Note that once enabled, it cannot be disabled; it allows for the recovery of deleted objects without restoring from backup.
Windows Server Backup (WSB): The WSB feature must be installed via Server Manager. This is the primary tool for creating system state backups.
Security and Encryption
SSL/TLS Certificate: A Self-Signed Certificate must be generated and bound to the server to secure LDAP traffic (LDAPS).
In addition, Druva recommends that Cloud Key Management is enabled for your account. For more information, see Configure Cloud Key Management.
1. Setup and Configuration
Before you can protect your environment, you must enable the service and register and add your domains. For more information, see Install and activate agent to register Domain.
2. Back up Microsoft Active Directory data
Druva ensures your data is clean and recoverable by automating the backup process.
If you have everything that you need and have completed Step 1, then you can Configure backup for Active Directory data.
3. Restore and Recovery Options
Druva simplifies complex recovery tasks into guided workflows. You can perform an In-Place Restore of Microsoft Active Directory data. For more information, see Restore Active Directory Data.
Use the table below to choose the right restore method for your situation.
Recovery Need | Feature to Use | Benefit |
Domain Users Domain Groups Domain Computers Domain Contacts Domain Organizational Units Container Users Container Computers Computer Builtins | Restore without restarting the Domain Controller (DC). | |
Ransomware/Total Failure/ System State Restore | A workflow to rebuild the entire AD forest(s). |
4. Monitor Microsoft Active Directory backup and restore
You can monitor the Microsoft Active Directory backup and restore activities using:
Audit Trails to monitor user and admin activities for audit and compliance purposes.
Here's a quick video tour that helps you get started with Microsoft Active Directory Data Protection.
Here's an infographic that provides an overview of Druva solution for Microsoft Active Directory data protection:
Summary of Key Terms
Forest: The highest level of AD organization, containing all domains.
Immutable Storage: Backup data that cannot be changed or deleted by ransomware.
GPO (Group Policy Object): Virtual named collection of security and configuration settings in Microsoft Active Directory used to manage user and computer environments. GPOs enable administrators to centrally enforce registry-based policies, security settings, folder redirection, and software installations across Windows domains, sites, or Organizational Units (OUs).