Performing Backups for the Active Directory Application

Back up the data on your client computer.

Before You Begin

You must run the adLdapTool.exe on the client computer before you perform your first backup to enable restores of passwords for Users and Computers.

Use the following steps to run the adLdapTool.exe utility.

  1. Log on to client computer using the user account, which has administrative privileges for the domain and Active Directory Schema.
  2. Open the Command Prompt and go to the following location:

    <Install Directory>\Base

  3. Enter the following command:

    adLdapTool.exe <domain_name\domain_administrator_user_name> <password> -hostserver <fully_qualified_directory_host_server_name> -port 389 <LDAP_port_number> -setschema 1

    The adLdapTool sets following values to the searchFlags attributes of "Unicode-Pwd" and "SID-History" found under CN=Schema and Cn=Configuration:

    Value for Unicode-Pwd - 0x00000008

    Value for SID-History - 0x00000009

    Due to this setting, Active Directory will preserve these two attributes on deletion.


    If unicodepwd attribute is preserved, you can restore the last stored password before the user is deleted. Point-in-time restores are not supported as the password is not stored in Commvault backup operations. For more information, see Microsoft article unicodePwd.

To preserve unicodepwd attribute in tombstone, see Enabling Restore of Passwords.


  1. From the navigation pane, go to Protect > Applications > Active Directory.

    The Active Directory servers page appears.

  2. Click on the client computer.

    The client details page appears.

  3. In the Actions column for the subclient, click the action button action_button, and then click Backup.

    The Backup options dialog box appears.

  4. In the Backup options dialog box, choose the backup options:
    • Full: Backs up all of the data defined under Content.
    • Incremental: (default) Backs up the portion of the data that is new or that has changed since the last backup.
    • Differential: A differential backup contains only the data that is new or has changed since the last full backup. Like incremental backups, differential backups use less media and place less of a burden on resources than full backups.
    • Synthetic full: Creates a full backup from the most recent full backup and all subsequent incremental backups. The resulting synthetic full backup is identical to a full backup. A synthetic full backup does not transfer data from a device to the storage pool and does not use resources on the device.
  5. Optional: View the job details. Click the job ID.
  6. Click OK.
  7. To view the backup history, in the Actions column, click the action button action_button, and then click Backup history.

What to Do Next

You can control or view the job. For more information, see Jobs.

Last modified: 11/26/2019 10:30:01 PM