Active Directory at 25: The growing role of automation in recovery

Frequently referred to as the “backbone of enterprise IT,” Active Directory manages authentication for more than 610 million users worldwide and controls access to critical business systems. In doing so, it protects everything from workstation logins to physical building access, and if it goes offline, business operations can come to a halt.

According to a report by Frost & Sullivan, “The use of Active Directory is so common that approximately 90% of the Global Fortune 1000 companies use it as a primary method to provide seamless authentication and authorization.”

While this represents just one of many Microsoft success stories, cybercriminals are well aware of the potential Active Directory offers to breach network security and, unsurprisingly, it was the most targeted attack surface for ransomware in 2024, according to recent research. Once inside target networks, attackers don’t just want to snoop, they want to escalate; using Active Directory to move laterally, they want to elevate their access and quietly entrench themselves deeper into the network. What’s more, the endgame isn’t always about causing disruption – instead, it’s often focused on establishing prolonged invisibility or is focused on data theft.

The problems don’t end there, however. If an organisation is locked out of Active Directory, it becomes extremely difficult for employees to get into the network to attempt to resolve the situation. And even once they do regain access, rebuilding the system can be extremely complex. In one well-known case, an organisation had to fly a domain controller across continents just to begin recovery – an extreme but revealing reminder of what happens when resilience is left to chance. 

Think of it this way: imagine a forest full of trees. If a problem arises within the roots of one tree, this will affect the trunk, the branches and the leaves. When someone tries to ‘fix’ the tree, they won’t put a loose leaf back onto a dying branch – they would need to start at the root of the problem (literally, in this case). Multiplying this across an entire forest gives a sense of what makes Active Directory recovery so tricky. IT teams must recover their systems in a very precise order, following a complex set of instructions. One wrong move could easily mean starting again from scratch and, in the worst-case scenario, Active Directory recovery can take weeks or even months to complete.

Automating resilience

So, where does that leave organisations who want to create an effective mitigation strategy or find themselves on the receiving end of an Active Directory breach? 

From a technology standpoint, what’s changed recently is the growing availability of automation solutions that dramatically reduce the complexity of restoring Active Directory environments. Automated Active Directory recovery works by streamlining critical steps, such as transferring key roles from failed domain controllers to operational ones, so organisations can achieve a clean and controlled recovery process.

This approach transforms a notoriously complex, manual process into something far more reliable, efficient, and resilient. Instead of relying on error-prone runbooks or trying to implement dozens of recovery steps under pressure, automated solutions streamline the entire workflow – minimising downtime and the risk of human error.

For example, the ability to visualise Active Directory topology infrastructure enables faster, more informed decision-making during the recovery process. With clear insight into which domain controllers should be restored first and how to approach each step, teams can accelerate the return of critical directory services. In doing so, they are much better placed to validate the integrity of environments and credentials at scale before going live. The net result is that automation not only helps drastically shorten recovery time but, at the same time, helps businesses ensure they don’t accidentally reintroduce compromised configurations.

Crucially, automation also enables organisations to test their capabilities in isolated environments. This allows IT teams to verify that their recovery process works as intended and gives them access to a proactive process that turns theory into a tested and trusted plan. 

Despite the fact that Active Directory is now 25 years old, the technology remains central to how Microsoft stores and manages information about users and network resources. As a result, organisations should look to automation to provide the levels of resilience and recovery efficiency that are vital for continuous business.

Ian Wood is Senior Director Systems Engineering at Commvault