Cayosoft Guardian Forest Recovery

A breakthrough in hybrid Active Directory ransomware recovery – absolutely nothing faster!

Instant Active Directory Forest Recovery Software

Including Object and Attribute, Domain Controller, and Forest Recovery

When your Active Directory (AD) or Azure Active Directory (Azure AD) stops working, every second matters. Business is at a standstill and users lose all access to applications and resources necessary to work and communicate, resulting in costly outages and lost business. No matter the cause, the continued success of your organization depends on the resilience of directories and integrated enterprise services.

Designed to protect your business from costly AD outages caused by ransomware cyberattacks, wiper cyberattacks, and directory data corruption, Cayosoft Guardian Forest Recovery is an all-in-one, instant recovery solution for all Microsoft directories, on-premises AD, hybrid AD, and Azure AD, and all major directory recovery scenarios, including AD object and attribute, partition, domain controller (DC), and forest recovery. Cayosoft Guardian Forest Recovery also includes continuous change monitoring to allow for quick detection and rollback of mistakes or malicious changes, preventing outages or attacks before they happen.

21 Days

Companies experience, on average, 21 days of downtime after cyberattacks and ransomware incidents.


The average cost to recover from a ransomware attack is $1.85 million.

35 Steps

There are over 35 complex steps in the technical guide Microsoft provides to natively recover AD forests.

How Cayosoft Guardian Forest Recovery Excels — The Key Features

Instant AD Forest Recovery Automation

Fast forest recovery with comprehensive automation and advanced backup and recovery plans needed for instant and accurate recovery, in all key Microsoft directory recovery scenarios. Advanced automation capabilities allow for accelerated, secure recovery, remove human error, and minimize costly business interruptions. With Cayosoft Guardian Forest Recovery, automate your entire forest recovery process and get back to business up to 10 times faster than native recovery and most other recovery processes. By creating backup and recovery plans in advance, you can start the instant recovery of Active Directory domains in your forest with one click. The recovery plan includes more than 35 operations described in the Active Directory Forest Recovery Guide provided by Microsoft, including domain controller recovery and promotion, DNS configuration, raising RID pools, setting DSRM passwords, seizing FSMO roles, global catalog configuration, group policy objects (GPOs), and other critical tasks.

True Hybrid Change Monitoring and Recovery

The only platform that delivers an all-in-one Active Directory forest recovery software for on-premises AD, hybrid AD, and Azure AD scenarios including instant object and attribute recovery, DC recovery, and full forest recovery, as well as continuous change monitoring. Using Cayosoft’s single interface reduces cost and complexity, making AD and Azure AD recovery faster and easier. Cayosoft Guardian Forest Recovery allows you to ensure the availability and integrity of all your directories, by having to only maintain and manage one platform, all while reducing your attack surface and avoiding costly business interruptions. With continuous change monitoring and instant recovery combined, you can quickly identify and instantly rollback malicious changes or misconfigurations, whether on-premises or in the cloud.

Ideal Active Directory Backups

Collecting only what is needed reduces the data stored, speeding the recovery process and recovery times without introducing possible malware-infected components. In today’s climate, ransomware attacks are a major threat to every organization and when your Active Directory is down, your business stops. To ensure the restoration of business operations, you require an AD recovery plan that takes less time and eliminates the risk of malware reinfection. Cayosoft Guardian Forest Recovery provides the safest and most efficient means of recovery. Simplify and streamline the recovery process with smaller backups that only collect, store, and process the data necessary for you to recover your AD forest.

Clean Restore Anywhere

Authoritative restore to clean Windows servers ensures a secure and rapid recovery, while preventing reintroduction of malware. Restoration to an on-premises physical server, virtual machine (VM), or to an Azure VM provides the ultimate recovery flexibility. When your Active Directory gets attacked, cyber threat actors often seek ways to spread like escalating privileges, moving laterally, and corrupting additional servers, creating risk of reinfection when restoring your AD forest. With Cayosoft Guardian Forest Recovery, choose which recovery process is best for your situation. Quickly recover your AD to clean, trusted hardware anywhere, whether virtual or physical, on-premises or in the cloud. This eliminates the risk of reintroduction of rootkits, ransomware, and other malware and significantly reduces the forest recovery process.

Instant Granular Object and Attribute-Level Restore

Instant, granular recovery of AD or Azure AD objects and attributes, like group memberships, group policy objects (GPOs), account settings, changes to Azure AD policies, Microsoft license assignments, and Microsoft Teams memberships, enables fast recovery. Active Directory object and attribute recovery goes beyond the basic capabilities of the native recycle bin “undelete” feature. Cayosoft Guardian Forest Recovery’s granular restoration minimizes the effects of outages by quickly identifying problems and instantly rolling back smaller, more frequent mistakes or malicious changes caused by insider threats or cyberattacks. Eliminate downtime and negative impact on network users and stop attackers before they have a chance to act.

Isolated Virtual Labs for Disaster Recovery (DR) and Other Testing

Define recovery plans to create production AD forest duplicates, test and document recovery procedures, and create virtual labs for other changes to domains or forests. With malware incidents on the rise and attackers gaining sophistication, having a validated disaster recovery plan is critical to ensuring business continuity. Be prepared for when, not if, the inevitable forest outage happens with an all-in-one Active Directory disaster recovery and backup solution. With Cayosoft Guardian Forest Recovery easily and frequently test your DR plan’s effectiveness, in a replicated environment and in virtual labs, ensuring recovery can be performed when needed. Prevent costly production outages by isolating the recovery environment from the production forest environment. Use virtual forest test labs to test disaster scenarios and other changes that have the potential to cause outages, such as schema changes, application upgrades, changes to AD capabilities, and scripted operations.

Want to learn about the other features of Cayosoft Guardian Forest Recovery?

In addition to AD domain and forest recovery, Cayosoft Guardian Forest Recovery also includes all the features in Cayosoft Guardian. Learn more about Cayosoft Guardian, the base of our all-in-one recovery solution, here.

See Cayosoft Guardian Forest Recovery In Action

Cayosoft Guardian_change monitoring demo
Play Video

Ready to see more of Cayosoft Guardian Forest Recovery?

How Cayosoft Compares

One Solution for All Active Directory Recovery Scenarios


Time-consuming and error-prone process. Microsoft’s AD Forest Recovery Guide details a lengthy, complicated process spanning multiple threads and numerous steps.

Common Result: Costly outages and downtime that bring business operations to a screeching halt.


Multiple installations, typically three to five different products, and complex backup architectures, across numerous disconnected interfaces.

Common Result: Increased costs and complexity. Navigating between consoles can delay recovery leading to mistakes, creating areas for attackers to invade.


All-in-one, AD and Azure AD recovery: instant object and attribute recovery, partition recovery, domain controller recovery, and automated, instant full forest recovery. Cayosoft Guardian Forest Recovery was designed to do it all, in a single interface.

Others Who Trust Cayosoft

Guardian Forest Recovery FAQ

AD domain controllers run Microsoft Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.

Cayosoft Guardian Forest Recovery only saves data related to Active Directory like the AD database, registry, and system volume (SYSVOL). The backup file is optimized for performance and security by omitting other system state components, any applications, and their date.
Cayosoft Guardian Forest Recovery’s backup file only stores data related to Active Directory, like the AD database, registry, and system volume (SYSVOL). For a new AD domain, without any users, groups, and data on SYSVOL, the backup file size is typical around 300 – 400 MB.

Follow the “3-2-1 rule.” Keep at least 3 copies, or versions, of data stored, on 2 different pieces of media, 1 of which is off-site. With Cayosoft Guardian Forest Recovery you can easily do this, by configuring it to back up to two different file storages and then archive one of these storages off-site.

Check out these relevant resources.


All-In-One, Instant AD Recovery Solution

Cayosoft Guardian Forest Recovery is the only solution for Active Directory and Azure Active Directory continuous change monitoring, instant object and attribute recovery, partition recovery, domain controller recovery, and automated, instant full forest recovery.

On-Demand Webinar

Achieving Active Directory Resilience with Immediate Forest Recovery

As cyberattacks continue to increase, it is no surprise establishing cyber resilience has become a top priority for organizations. In this session, learn more about AD and Azure AD recovery and the crucial role it plays in strengthening your resilience.


Cayosoft Launches Innovative, New Solution for Immediate Full AD Recovery

Cayosoft Guardian Forest Recovery delivers continuous change monitoring and immediate recovery for Active Directory, hybrid AD, and Azure Active Directory, in a single solution.