4 Things to Consider with Active Directory Protection

April 07, 2021

By Lance Boley – Senior Manager, Product Marketing

Windows Domain Administrators spend their workday interfacing and using Microsoft Active Directory (AD) for security and access control to network users and resources. It is a powerful tool that enables businesses to grant or restrict access to systems through log-on authentication methods. User account attributes like names, addresses, phone numbers, passwords and more are grouped together providing administrators with simplified control over user access. All attributes and objects are critical to business operations and are stored in AD, but what happens when an object gets deleted, corrupted, or worse – encrypted by ransomware? Users will be unable to login, systems will lose connections to resources, and productivity stops – that all leads to unplanned downtime of production services.

With Active Directory at the center of secure authentication and services, keeping this data protected and secure is of critical importance for businesses today. Having the ability to know what has changed in the environment and reverting those changes is paramount.

A data protection solution for Active Directory can save your organization the pain of data loss and quickly get your business back online.

Here are four things to consider when keeping your Microsoft Active Directory data secure and protected:

Frequent backups

Best practices shouldn’t just apply to company data and databases – but AD as well. Frequent, automated backups save you the agony of having to deal with lost domain information and more. Using tombstone for deleted item recovery may save you in the short term before the tombstone timelines expire, but best practices suggest not testing these limits. Having a full and frequent backup of the entire Active Directory is best. Backup as a Service is an excellent solution that allows for frequent backups, off-site secure storage, and simplified management – with built-in best practices around long-term retention.

Building your own – can vs. should

Sure, there are ways to script and other installable services that help you protect Microsoft Active Directory, but should you build it? Building a solution may seem rewarding, but can be time-consuming with maintenance, additional patching and just the added burden on IT. Instead consider a solution built on enterprise-grade and secure data protection delivered as SaaS. Nothing to build, nothing to support, just a few clicks and you can be fully protected in minutes with simplified management, layered security with encryption and protection from ransomware.

Recovering attributes

Admins can spend a considerable amount of time organizing an Active Directory structure, making sure the right items are in the correct Organizational Unit (OU) and with the right permission. Having this level of granularity of a directory object is critical to a finely tuned IT organization. Without a data protection solution for Microsoft Active Directory, admins would be left rebuilding and reorganizing all the OUs from scratch. With a dedicated data protection solution with granular recovery, the ability to recover only the missing, damaged or misconfigured object attribute can be a huge time saver. This granular ability can get the business systems or users back online quickly without the need for a full restore of an entire Active Directory environment.

Ransomware happens

Companies need to plan for the worst-case scenario. AD is often overlooked because it is on-premises and behind a firewall. Ransomware can get in through users downloading software applications, or clicking on a link in an email, to steal admin credentials from the inside as well as outside the organization. As data theft and backup deletions by cybercriminals increased by 400% since the start of the pandemic, no business is immune.1 In fact, the cost of a data breach in the US increased 46% in 2020 compared to 2019, reaching an average cost of $8.64M. Globally, the top three sectors with the highest cost per average data breach cost $7.3M, followed by energy with $6.39M, then financial services with a $5.85M per breach.2 Combatting ransomware takes a multi-layered approach to data security, with recovery readiness playing an increasingly important role.

How about a Metallic security insurance policy?

When cyber hijacking attacks happen, you need a solution that lets you understand the deltas in user account permissions, access, and other attributes of your Active Directory data.  Determine what changed between now and when the attack happened and roll back to that known good state.

With Metallic you get a turn-key Microsoft Active Directory protection solution that provides an air-gapped copy of your data with ransomware protection and layered security.  All from a single user interface that safeguards the business and reduces risks of business productivity downtime.

Get Metallic and enjoy hassle-free management, unlimited flexibility, and robust security.  Make sure your Active Directory is safe and secure.

Contact your Metallic representative and get your databases and Active Directory protected – Today!


  1. Entrepreneur April 2020. “FBI Sees Cybercrime Reports Increase Fourfold During COVID-19 Outbreak.”
  2. Ponemon Institute 2020. “Cost of Data Breach Report 2014-2020.”

It’s a good day for a test drive

Through SaaS, Metallic is easy to try before you purchase, with a simple UX that walks you through setup