Tutorial: AD Recovery

Follow this tutorial to learn how to recover AD objects and revert changes up to specific attributes.

Before You Begin

Make sure you have configured agent-based Active Directory auditing and set backup interval to "3" minutes. Also, set up SMTP settings under Configuration / System / Email.

Test Changes

Perform the following test actions that represent a typical AD administrator’s workflow. Wait at least 3 minutes between each step.

1. Create a user, e.g. Emma Red.
2. Update user properties, e.g., set user's job title to "Manager", department to "Marketing", and company to "ExampleCo".
3. Update user properties — change the department to "Advertising".
4. Delete this user.

If you navigate to Home / Active Directory / Search, you will see the following changes:

Recover User

Let's say, it turned out that the AD object "Emma Red" was deleted by mistake. Use Cygna Auditor's Recovery feature to restore the user.

1. Go to Home / Active Directory / Recovery.

2. Locate the change related to your user, select it, and then click Recover.

   

3. In the pop-up dialog, confirm that you want to recover this object.

4. Choose the latest snapshot and review the attributes the object will be recovered with. You may notice that the latest snapshot has the department attribute set to "Advertising".

   

5. Provide administrator credentials, verify them, and then click Recover. You will get a notification saying that the object has been recovered.

Check Recovery Results

Now, you can go to Active Directory Users and Computers and see it there. The user is disabled by default. Check user properties to verify that user's department is set to "Advertising".

Then navigate to Cygna Auditor / Home / Global Reporting / Global Search and inspect the changes. You will see multiple a single Restore user action followed by multiple Modify user actions. These records represent an AD user recovery and attributes changes.