AD Rollback

Cygna Auditor enables you to rollback unwanted Active Directory changes, such as changes to group membership, user properties, and other AD attributes. Empowered with this feature, you can not only detect security issues but also fix them in a fraction of second and with a highest precision (up to individual attributes!).

If you are looking for a way to recover deleted AD objects, see AD Recovery.

Note: If the object was deleted, you cannot roll back changes to its attributes. You have to restore the object with Recovery.

To add events to rollback queue:

  1. On the Cygna Auditor home page, click the Active Directory tile and then drill-down to Rollback.
  2. On the Events tab, review recent changes. Apply filters to search for specific changes.
  3. Select changes you want to rollback and then click — these changes will be added to a queue.
  4. Click .
  5. In the Configure Rollback Queue wizard, review the items you are about to rollback and click Next. To remove an event from the queue, click on a recycle bin next to it.
  6. Select the snapshot — Cygna Auditor will rollback changes and revert objects to the state they were at the moment of the snapshot creation. You can use the most recent snapshot or a snapshot taken on a certain date. Select Compare changes to see the before and after values.
  7. On the next step, provide administrator credentials and verify them.
  8. Provide an email address if you want to send a rollback status email.

To see pending rollbacks and status:

It may take a while to roll back changes.

  • Go to the Pending Rollbacks tab to see the rollback queue, with details and status for each change. To remove a change from a queue and cancel its rollback, click on the recycle bin icon next to it.

Alternatively, you can roll back changes to specific attributes right in the Global Search.