Tag Archives: Active Directory

Active Directory and Veeam


in this post you will find more and more information`s of how to protect Active Directory with Veeam.

For the start let me share the following 3 things with you:

Veeams Userguide for Veeam Explorer for ActiveDirectory:

To be able to restore a user account or machine account back to original place, you need a existing thumbstone in you AD for it.
A very good Thumbstone documentation including all kind of version/lifetime settings can be found in the following article.
Yes, it is in German, but you will get the point by just have a look at the lists and reg keys.
https://www.faq-o-matic.net/2006/07/28/das-geheimnis-der-tombstone-lifetime/ (German)
http://www.microsofttranslator.com/bv.aspx?from=de&to=en&a=http://www.faq-o-matic.net/2006/07/28/das-geheimnis-der-tombstone-lifetime/ (Google Translation)


When you install your first Active Directory Server it will as well create the recovery certificate for Windows EFS encryption. It is used for all domain members. It will be automatically placed on the c: drive. In any way protect this certificate with multiple backups.  Without it you can not renew the certificate (default lifetime is 3 year) or restore EFS encrypted data.  You can configure the certificate renew process by RSOP.msc and browse to Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Encrypting File System