Chat now with support
Chat with Support

On Demand Recovery Current - User Guide

About On Demand Recovery Before You Start On Demand Recovery Console Overview Working with On Demand Recovery Backup Unpacking Restoring objects Integration with Recovery Manager for Active Directory Reporting Advanced Search How does On Demand Recovery Handle Object Attributes? What is not protected by Auzure AD Connect in a hybrid environment but can be restored by On Demand Recovery?

Search by date range

Table 5: Query examples to search by date range

Time stamp Query example

Search for the backup created on September 18, 2017 Eastern Time (UTC-5) in the Select backups to unpack dialog

when:[2017-09-18T00:00:00-05 TO 2017-09-19T00:00:00-05]
All events after June 27 timestamp:[2017-06-27 TO *]
All events up to June 27 9:03:27 timestamp:[* TO 2017-06-28T09:03:27]
January 27-28 interval timestamp:[2017-01-27 TO 2017-01-28]
53 second interval on January 27 9:13 UTC timestamp:[2017-01-27T09:13:00Z TO 2017-01-27T09:13:53Z]
The same time interval as previous but with time zone specified timestamp:[2017-01-27T12:13:00+03 TO 2017-01-27T12:13:53+03]
1 – 3 weeks of 2017 year timestamp:[2017-W1 TO 2017-W3]

First 50 days of 2017 year

timestamp:[2017-001 TO 2017-050]

Using query strings

You can refine your search for the report data by using search expressions. To perform a keyword search in a specified column, you need to use the internal name of the column instead of the column display name. For example, <internal column name>:<search term or expression>. For a list of internal column names and string examples, see the tables below.

Table 6: Unpacked Objects screen

Column display name Column internal name To search for Query example
Name displayName An object by object name displayName:SamJones
Type objectType An object by object type objectType:user
Backup Date backupDate An object by the specified backup date/time backupDate:[2017-06-27]
Directory tenant An object by directory name tenant:demo365
Principal Name userPrincipalName An object by principal name userPrincipalName:Sam.Jones@mycompany.com
Mail mail An object by mail address mail:Sam.Jones@mycompany.com
City city An object by city city:London
Department department An object by department department:Sales
Job Title jobTitle An object by job title jobTitle:manger
Description description An object using keywords in the object descriptions description:Sales
User Type userType An object by user type userType:new
Telephone Number telephoneNumber An object by telephone number telephoneNumber:44658

Table 7: Differences screen

Column display name Internal column name To search for Query example
Name objectName Changes related to a specified object name objectName:SamThomas*
Change changeType Objects by change type changeType:"Object hard deleted"
Object Type objectType Objects by object type objectType:User
Attribute changedAttribute Changes related to a specific attribute changedAttribute:link
Difference oldValue Search by old attribute value (value before the change) oldValue:User1@mycompany.com
Difference newValue Search by new attribute value (value after the change) newValue:User1@gmail.com
Backup time backupDate Search by the specified backup date/time backupDate:[2017-06-27]

Table 8: Events screen

Column display name Internal column name To search for Query example
Time timestamp Specified timestamp timestamp:NormanThomas*
Description message Keywords in event descriptions message:"Object attributes were restored"
Object Name object.name Objects by an object name object.name:User
Task Name task.name Specified task task.name:"Restore objects"

Table 9: Tasks screen

Column display name Column internal name To search for Query example
Title name A task by task name name:"restore objects"
State status A task by task status status:completed
Type type A task by task type type:restore
Modified modified A task by the date when the task was modified modified:[2017-06-26]
Created created A task by the date when the task was created created:[2017-06-27]
Operation lastResultDescription Keywords in the operation description lastResultDescription:unpack*

How does On Demand Recovery Handle Object Attributes?

Attributes restored by On Demand Recovery

For more information, see https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference. This list of attributes is actual for December 2017 and may be different from the customer's attribute list depending on the scenario of using Azure Active Directory.

Table 10: User attributes

Attribute Name Description
accountEnabled True if the account is enabled; otherwise, False.
assignedLicenses The licenses that are assigned to the user.
assignedPlans The plans that are assigned to the user. This read-only attribute is based on assignedLicences values and can be restored if assignedLicenses is selected for restore.
ageGroup The age group of the user.
city The city in which the user is located.
country The country/region in which the user is located.
companyName The company name which the user is associated.
consentProvidedForMinor Sets whether consent has been obtained for minors.
department The name of the department in which the user works.
displayName The name displayed in the address book for the user.
directReports This attribute contains the list of users that directly report to the user.
employeeId The employee identifier assigned to the user by the organization.
facsimileTelephoneNumber The primary facsimile telephone number for the user.
givenName The given name (first name) of the user.
isCompromised Indicates whether this user is compromised.
jobTitle The user’s job title.
memberOf The groups that the user is a member of.
manager The user or contact that is this user’s manager.
mailNickname The mail alias for the user.
mobile The primary cellular telephone number for the user.
objectType Identifies the object type.
otherMails Specifies other email addresses for the user.
passwordPolicies Specifies password policies for the user.
physicalDeliveryOfficeName This attribute is for storing a description for the office, for example the office building/number.
postalCode The postal code for the user's postal address.
preferredLanguage The preferred language for the user.
roles Specifies administrator roles assigned to a user.
showInAddressList True if the Outlook global address list should contain this user, otherwise, False. If not set, this will be treated as True.
signInNames The list of sign in names for the user.
state The state or province in the user's address.
streetAddress The street address of the user's place of business.
surname The user's surname (family name or last name).
telephoneNumber Specifies the user's telephone number.
usageLocation A two letter country code (ISO standard 3166).
userPrincipalName The user principal name (UPN) of the user.
userType A string value that can be used to classify user types in your directory, such as “Member” and “Guest”.

Table 11: User attributes from MSOnline

Attribute Name Description
AlternateEmailAddresses This attribute is used to get Alternate Authentication Email.
MobilePhone This attribute is used to get Mobile Phone.
PhoneNumber This attribute is used to get Office Phone.
StrongAuthenticationUserDetails This attribute is used to get Authentication Phone, Authentication Email, and Alternate Authentication Phone.
StrongAuthenticationMethods This attribute is used to get Authentication Methods and Default Authentication Method.
StrongAuthenticationRequirements This attribute is used to get Authentication Requirement State.

Table 12: Group attributes

Attribute Name Description
assignedLicenses The licenses that are assigned to the group.
description An optional description for the group.
displayName The display name for the group.
members Members of this group.
memberOf The groups that the group is a member of.
mailNickname The mail alias for the group.
mailEnabled Specifies whether the group is mail-enabled.
owners The owners of the group.
objectType Identifies the object type.
securityEnabled Specifies whether the group is a security group.

Table 13: Service principal attributes

Attribute Name Description
accountEnabled True if the service principal account is enabled; otherwise, False.
appId The unique identifier for the application. This attribute is restored only when the object is recreated from the deleted state.
appRoles The collection of application roles that an application may declare.
appRoleAssignments Applications that the service principal is assigned to.
appRoleAssignedTo This attribute represents the list of all role assignments for the application.
appRoleAssignmentRequired Indicates whether an application role assignment is required.
displayName The display name for the service principal. This attribute is restored only when the object is recreated from the deleted state.
groupMembershipClaims Contains data related to "Groups associated with the user" setting (Group Claims settings).
logoutUrl Logout Url from the Basic SAML Configuration section.
memberOf The groups that the service principal is a member of.
notificationEmailAddresses List of email addresses for notification.
oAuth2PermissionGrants User impersonation grants associated with this service principal.
optionalClaims Contains data related to the "Source Attribute" and "Emit groups as role claims" settings (Group Claims settings).
preferredSingleSignOnMode Specifies the preferred Single Sign-on mode.
roles Specifies administrator roles assigned to a service principal.
ssoSettings This compound attribute contains the following properties; Reply URL, Sign on URL, Relay State from the Basic SAML Configuration section, and Configured SSO Type.
samlSingleSignOnSettings Specifies Single Sign-on settings.
servicePrincipalNames Based on the collection of identifiers, plus the application's appId property, these URIs are used to reference an application's service principal. This attribute is restored only if the object is recreated from the deleted state and there are no conflicts with existing service principal objects in the same directory. If there are conflicts, a message will be displayed and the attribute value will not be restored.
servicePrincipalType Identifies the service principal type. This attribute is restored only when the object is recreated from the deleted state.
tags A list of tags associated with the service principal object.
userAttributesAndClaims The attribute value shows how many attributes/claims were changed. This attribute can be restored if the User Attributes & Claims section was changed or a service principal was permanently deleted.

Table 14: Application Proxy attributes

Attribute Name Description
onPremisesPublishing Settings
externalUrl The address your users will go to in order to access the app from outside your network.
internalUrl The URL that you use to access the application from inside your private network.
externalAuthenticationType Details the pre-authentication setting for the application. Pre-authentication enforces that users must authenticate before accessing the app.
isTranslateHostHeaderEnabled If set to true, translates urls in headers. Keep this value as true unless your application required the original host header in the authentication request.
isTranslatedLinksInBodyEnabled If set to true, translates urls in body. Keep this value as No unless you have hardcoded HTML links to other on-premises applications and don't use custom domains.
isOnPremPublishingEnabled Indicates if the application is currently being published via Application Proxy or not.
isHttpOnlyCookieEnabled Indicates if the HTTPOnly cookie flag should be set in the HTTP response headers. Set this value to true to have Application Proxy cookies include the HTTPOnly flag in the HTTP response headers. If using Remote Desktop Services, set this value to False. Default value is False.
isSecureCookieEnabled Indicates if the Secure cookie flag should be set in the HTTP response headers. Set this value to true to transmit cookies over a secure channel such as an encrypted HTTP request. Default value is True.
isPersistentCookieEnabled Indicates if the Persistent cookie flag should be set in the HTTP response headers. Keep this value set to False.
applicationServerTimeout The duration the connector will wait for a response from the backend application before closing the connection. Possible values are default or long. When set to default, the backend application timeout has a length of 85 seconds. When set to long, the backend timeout is increased to 180 seconds. Use long if your server takes more than 85 seconds to respond to requests or if you are unable to access the application and the error status is "Backend Timeout".
useAlternateUrlForTranslationAndRedirect  
Connector Settings (Connector data is currently backed up but cannot be restored)
id Unique identifier of the connector.
machineName The machine name the connector is installed and running on.
externalIp The external IP address as detected by the connector server.
status Indicates the status of the connector. Possible values are; active or inactive.
connectorGroupId Provide the Id of the Connector group that is assigned to this application.
Connector Group Settings
name The display name for the connector group
region The region the connector group is assigned to.

Table 15: Device attributes

Attribute Name Description
accountEnabled True if the account is enabled; otherwise, False.
alternativeSecurityIds Contains an alternative security ID associated with a device.
approximateLastLogonTimestamp Contains the last logon timestamp using this device.
complianceExpiryTime Indicates the time at which device compliance is expired.
deviceId Unique identifier set by Azure Device Registration Service at the time of registration.
deviceMetadata The metadata for this device.
deviceObjectVersion For internal use only.
deviceOSType The type of operating system on the device.
deviceOSVersion The version of the operating system on the device.
deviceTrustType The device trust type.
devicePhysicalIds Contains Device Serial Number, Windows Product ID, Hardware Hash.
dirSyncEnabled True if this object is synced from an on-premises directory. False if this object was originally synced from an on-premises directory but is no longer synced.
displayName The display name for the device.
isCompliant True if the device complies with Mobile Device Management (MDM) policies; otherwise, False.
isManaged True if the device is managed by a Mobile Device Management (MDM) app such as Intune; otherwise, False.
lastDirSyncTIme The last time at which the object was synced with the on-premises directory.
profileType Contains value RegisteredDevice.
registeredOwners Navigation property between a user and a device. Corresponds to registeredOwners for device objects and to ownedDevices for user objects.
registeredUsers Navigation property between a user and a device. Corresponds to registeredUsers for device objects and to registeredDevices for user objects.

Table 16: Conditional access policies attributes

Attribute Name Description
displayName The display name for the conditional access policy.
policyType Identifies the policy type. The value for the conditional access policy is 18.
policyDetails* Contains general information about the conditional access policy.

(*) General policy information

State: Enabled or Disabled

Assignments:

  • Users and groups for which the policy is applied
  • Cloud applications for which the policy is enabled
  • Included/excluded locations
  • Device platforms

Access controls:

  • Block access
  • Grant access (require MFA authentication, compliant device or domain joined device)
Related Documents