Identity Recovery and Resilience

Identity is the control plane for every modern organization. When Active Directory or Entra ID is unavailable, corrupted, or compromised, every dependent system stops with it. LeadThem Consulting has been planning, implementing, and testing identity recovery and resilience programs since 2005, using the products in Quest Identity Security and Resilience, the recovery-focused solution within the Quest Security Management Platform.

We deliver this work as an ongoing service, not a one-time deployment. Recovery posture decays the moment the environment drifts away from the runbook. Identity threats evolve. The point of a managed engagement is to keep the recovery story current with the environment it is meant to protect.

Quest Identity Recovery for hybrid AD and Entra ID

Quest Identity Recovery is a SaaS backup and recovery solution for hybrid Active Directory and Entra ID (formerly Azure AD). It protects users, groups, attributes, devices, service principals, Conditional Access policies, and Microsoft 365 identity data. Recovery is granular and does not require PowerShell scripting. Identity Recovery includes Standby AD Forest provisioning, which automates the creation of an always-ready recovery environment in an Isolated Recovery Environment (IRE) so the production forest is never the only path back to working identity.

On-premises Active Directory recovery

For environments anchored on on-premises Active Directory, LeadThem deploys Quest Recovery Manager for Active Directory for granular object-level backup and recovery, and Quest Recovery Manager for Active Directory Disaster Recovery Edition (RMAD DRE) for forest recovery scenarios. RMAD DRE automates domain controller repromotion, handles multi-domain and multi-site forests, and integrates with Microsoft Defender for malware scanning so a restoration completes into a clean state, not a re-infected one.

Ransomware recovery

Ransomware that encrypts or corrupts Active Directory needs a clean recovery, not just a restore. Restoring from a backup into a still-infected environment reintroduces the attacker's foothold. LeadThem builds ransomware recovery runbooks specific to your environment, using RMAD DRE's Clean OS recovery (which restores AD to a fresh Azure VM) and Identity Recovery's Standby Forest provisioning. The runbook defines which DCs recover first, what the isolation boundary is during recovery, and how business-critical services come back online before the full forest is restored.

Identity threat detection

Quest Identity Defense (formerly Security Guardian) is the AI-powered hybrid AD and Entra ID security solution that identifies risk, blocks unauthorized changes to Tier 0 assets, and contains attacks before they spread. LeadThem deploys and operates Identity Defense as part of ongoing identity protection engagements, including its Shields Up rapid-response capability for periods of elevated cyber risk. Detection that arrives before recovery is needed reduces what recovery has to do.

Active Directory access governance

Many incidents escalate because AD delegation is too broad: too many accounts with domain admin rights, stale privileged group memberships, and no audit trail for who changed what. LeadThem uses Quest Active Roles to implement least-privilege delegation, automate AD provisioning and deprovisioning, and maintain a full change audit trail. Tightening the delegation model before a breach limits the blast radius. After a breach, Active Roles is the fastest path to revoking attacker accounts and producing the audit trail that explains what actually changed.

Microsoft 365 and Entra ID resilience

Recovery does not stop at the on-premises perimeter. An Entra ID misconfiguration, a corrupted Conditional Access policy, or an accidental bulk deletion in Microsoft 365 can take down cloud authentication for an entire organization. LeadThem uses Quest Identity Recovery for Entra ID and hybrid AD backup and restore, validates Entra Connect Sync recovery so hybrid identity does not black out, and documents recovery procedures for the cloud identity and collaboration workloads your organization depends on. Entra-joined device recovery via Intune is part of the same plan.

Recovery planning and testing

A recovery plan that has never been tested is a guess. LeadThem designs DR runbooks specific to your environment, schedules tabletop and technical recovery exercises, and validates that your backup targets actually produce a working AD forest when restored. We document recovery time objectives and recovery point objectives that reflect your environment, not generic vendor benchmarks.

Server and application backup

For physical servers and virtual machines, LeadThem deploys Quest Rapid Recovery for image-based backup with verified recovery, including application-aware protection for SQL Server, Exchange, and SharePoint, and replication for offsite copies. For SharePoint content recovery scenarios, we use Quest Content Matrix.

Why LeadThem

• Quest Security Management Platform partner. We deliver the full Identity Security and Resilience portfolio: Quest Identity Recovery, Recovery Manager for AD, Recovery Manager for AD DRE, Quest Identity Defense, Quest Active Roles, Quest Rapid Recovery, and Quest Content Matrix.
• Quest Software partner since 2005. Direct access to Quest product engineering and early access to recovery tooling updates.
• All of our resources are Quest Certified. Every engineer on your engagement has been trained and certified by Quest on the products they operate.
• Tested runbooks, not theory. We build and exercise recovery procedures against your actual environment before an incident forces you to run them.
• Hybrid identity coverage. Scope spans AD, Entra ID, Entra Connect Sync, and Microsoft 365. Modern identity recovery cannot treat on-premises and cloud as separate workstreams.