Commvault automates Microsoft Active Directory reforestation
Commvault's latest offering enables the Microsoft AD forest to sprout back from disasters or ransomware through new automation and visualization tools.
Backup specialist Commvault will soon offer automated restoration for Microsoft Active Directory forests, maintaining the complex web of permissions and rules for identity and access following a recovery.
Commvault Cloud Backup and Recovery for Active Directory Enterprise Edition, expected to launch in early 2025, is built off Commvault's existing AD Backup and Recovery capability.
Enterprise Edition, first unveiled in October at the vendor's Shift conference, enables an administrator to recover an AD forest automatically without needing to manually restore permissions and access or perform other user identity actions.
Commvault's latest offering brings needed speed to enterprise AD recovery, according to Krista Case, an analyst at The Futurum Group. AD restorations have become more involved for IT teams since recovery offerings tend to only provide a record of the user data and do not reconstruct the web of software and cloud user permissions, she said.
Businesses cannot afford downtime or data loss for weeks.
Krista CaseAnalyst, The Futurum Group
"[Enterprise IT] is becoming more complex and more granular, with multi-hybrid cloud environments adding to that complexity," Case said. "Businesses cannot afford downtime or data loss for weeks. The ability to not only execute recovery, but to test that with automation can help accelerate [the process]."
Commvault Cloud Backup and Recovery for Active Directory Enterprise Edition will be priced per user when it launches, according to the vendor.
See the forest for the trees
An AD forest is the highest organizational level within the Active Directory software, Microsoft's identity and access management (IAM) platform.
Forests are composed of Active Directory trees, or domains within a Microsoft Active Directory network that define what resources a given user and their cohorts within an organization can access or see.
The forest model provides a centralized tool for managing an organization's IAM, including security or group policies such as password length. Larger organizations might build multiple AD forests for different departments or divisions.
AD and Entra ID, Microsoft's cloud IAM service formerly known as Azure Active Directory, have a significant presence within enterprise IT operations for core functionalities, according to Brent Ellis, an analyst at Forrester Research. Backup and recovery vendors often highlight the speed and comprehensiveness of their AD restoration capabilities since an outage can be damaging to an organization, he said.
"Backup vendors are competing with how well they support Entra ID [and AD] backups," Ellis said.
Commvault's new AD Enterprise Edition includes automated forest recovery through runbook generation, completing the dozens of steps suggested by Microsoft for a complete recovery. Step-by-step views of the recovery are available for admins to tailor workloads with visual topologies as well, according to Commvault.
Compared with recovering other data sets and dependencies such as Microsoft 365, which can take hours or minutes, AD forest recoveries done manually can take weeks to months, Ellis said. While Commvault's offering might expedite some of the tedious duties in front of a command line, users -- especially those working in large organizations -- should still expect the process to take days to ensure a complete recovery.
"With something as far-reaching [in the organization] as Active Directory, you'll want to make sure it's working right before you're restoring [more than] 50,000 accounts," Ellis said.
The Enterprise Edition offering will supplant the prior AD protection for most organizations, according to Shawn Barker, product manager of SaaS solutions at Commvault.
"We expect customers to choose AD Enterprise going forward as we've packaged it in such a way that AD Enterprise includes all AD protection capabilities," he said. "The only reason a customer would choose the existing AD option is if their organization was small enough that automated AD forest recovery wasn't a concern for them."
Tim McCarthy is a news writer for Informa TechTarget covering cloud and data storage.
