Rollback is the process of restoring Active Directory (AD) objects to an earlier state. Any modification or loss of data can be undone by using the rollback functionality.
To roll back any object to any of its past state,
- Navigate to Active Directory → Active Directory → Rollback.
- Click Start New Rollback button located at the top-right corner of the tab.
- Select the domain in which you wish to execute the rollback process in the Domain field.
- In the Select Rollback Point field, click on the icon to select the rollback point. Select the time period in which the backup to which AD has to be rolled back is present. From the available rollback points, select the required rollback point and click OK.
- In the OU field, select the OUs that you wish to rollback by clicking on the <+/-> icon.
- In the Object Type field, select the object types that you wish to rollback from the drop-down box. You can also rollback particular attributes of the object types. To roll back individudal attributes, click on the object type to view all the attributes. Mark the check-box against the attribute by which you wish to filter.
- In the Object Name field, enter the name of the object and choose the value from the instant option listed. If you are not sure of the name, then you can make use of the filters such as Contains, Starts With, Ends With, and Equals.
- Click Identify Changes.
- The next screen shows the number of objects that have been found to match the given criteria.
- Select Review & Rollback to review the objects and attributes that will be rolled back.
- Click Rollback to complete the process.
Note: If you have configured RecoveryManager Plus with a service account instead of a domain administrator account, you’ll be prompted to provide the credentials of a user who can write to Active Directory. If the account used to configure RecoveryManager Plus can write to Active Directory, select Use default domain credential and click Yes. If not, unselect Use default domain credential, and provide the credentials of a user who can write to Active Directory and click Yes.