Rollback operations are object-level and attribute-specific. The process ensures minimal disruption by targeting only the modified parts of an object, such as changed group membership or deleted application assignments.

Step-by-step:

1. Select Object:
   From the Entra ID dashboard, select a backed-up object (e.g., a user) and click Rollback.
   

   

   2440×1474 1.78 MB

2. Choose Attributes to Restore:
   The rollback wizard allows you to restore all attributes or only those that have changed.
   

   

   2440×1674 966 KB

3. Confirm and Execute:
   Review your selection, confirm, and execute. A success message appears when complete.
   

   

   2440×1639 595 KB

4. A completed message is displayed when the rollback is successful. Click OK. The object has been rolled back.

Note: Before you can collect and roll back Entra ID objects, you must register an app in Entra ID and assign it the appropriate permissions:

• Navigate to App registrations in Azure Portal.
  

  

  2459×1717 2.08 MB

• Enter a user-facing name for the application. Under “Supported account types”, select the option that describes your organization. In this example, we selected “Accounts in this organization only - Single tenant”. Click Register when done. You are taken to /App registrations/[your app] page.
  

  

  2459×1827 1.72 MB

• Click Manage and select API permissions. Click Add a permission. On the right side, the Request API permissions window opens. Click Microsoft Graph.
  

  

  The image displays a screen from Microsoft Azure showing API permissions for an application named NRAD_Entra, detailing configured permissions and settings for directory access and other related data. (Captioned by AI)2459×1717 1.27 MB

• Register a new app and assign the following Microsoft Graph application permissions:

  • AdministrativeUnit.ReadWrite.All
  • Application.ReadWrite.OwnedBy
  • Directory.Read.All, Directory.ReadWrite.All
  • Group.ReadWrite.All
  • User.DeleteRestore.All

• Finally, grant admin consent for the tenant to enable read and write data, which allows you to rollback and restore Microsoft Entra ID objects.
  

  

  711×425 57 KB

The Dashboard is accessible from the left navigation pane (Home) and displays four draggable, customizable cards:

1. Active Directory Object Count

• Shows total AD objects collected(backed up) in Recovery for Active Directory across all domains.
• By default, the pie chart displays the five most common object types(computer, OU, GPO, group, user).
  • Each slice on the pie chart represents an object type in a distinct color and displays the total number of objects for that type.
  • A slice also represents the share of an object type relative to the others in the pie chart.
  • The key maps the colors used in the pie chart to an object type. You can hover over a slice to view the name of the object type it represents.

Add/Remove Object Types from the Pie Chart:
Click the gear icon to add or remove object types from the pie chart.

406×518 11.8 KB

View object details:
Click an object type in the pie chart or the key to view details about the objects for that type. The Active Directory Metric Details - page is displayed.

1685×912 52.7 KB

This page has the following elements:

• Bar chart
  Displays the number of objects collected for the specific object type (e.g., users).

  • Each bar represents a domain.
  • Hover your mouse over a bar to view the exact number of collected objects.

• Lower pane
  When you click a bar in the chart, the lower pane displays:

  • Object name
  • Distinguished name (full Active Directory path)
  • Object type
  • Backup time

  Note: The distinguished name represents the object’s full path in the Active Directory hierarchy and helps locate it in the domain tree.

• Search field
  Enter a text string to filter the object list and display matching results.

• Pagination options
  Choose how many results to show per page:

  • 10 (default)
  • 25
  • 50
    Use navigation arrows to move between pages.

• Rollback function
  Select an object and click Rollback to launch the Object Rollback wizard.
  See the Rollback Objects topic (starting at Step 4) for guided steps.

2. Microsoft Entra ID Object Count

• Aggregates object counts from all Entra tenants.
• By default, the pie chart displays the three most common object types (users, devices, and groups).
  • Each slice on the pie chart represents an object type in a distinct color and displays the total number of objects for that type.
  • A slice also represents the share of an object type relative to the others in the pie chart.
  • The key maps the colors used in the pie chart to an object type. You can hover over a slice to view the name of the object type it represents.

Add/Remove Object Types from the Pie Chart:
Click the gear icon to add or remove object types from the pie chart

The image displays a modal window for selecting object types, with options for Group, User, Application, and Device checked, and a Save button at the bottom. (Captioned by AI)411×516 4.87 KB

View Object Details

Click an object type in the pie chart or the key to view details about the objects for that type. The Entra Metric Details page is displayed.

The image displays a metric detail chart for a group within a data management interface, featuring a prominent green bar and a list of group names and backup times below. (Captioned by AI)1674×894 50.1 KB

This page has the following elements:

• Bar chart
  Displays the number of objects collected for the specific object type (e.g., users).

  • Each bar represents a tenant.
  • Hover your mouse over a bar to view the exact number of objects collected.

• Lower pane
  When you click a bar in the chart, the lower pane shows:

  • Object name
  • Object type
  • Backup time

• Search field
  Enter a string to filter the list and show only objects matching the search text.

• Pagination options
  Select how many items to display per page:

  • 10 (default)
  • 25
  • 50
    Use the navigation arrows at the bottom to move through pages of results.

• Rollback function
  Click the object you want to roll back, then click Rollback to launch the Object Rollback wizard.
  See the Rollback Objects topic for full instructions.

3. Domain Collections

This card uses a bar graph to display information about the backup collections performed for Active Directory domains configured in Recovery for Active Directory.

The bar graph compares success and failure rates for two domain collections, with 'trenian.local' showing near full success and 'sub.trenian.local' showing a slight drop in success. (Captioned by AI)442×399 20.7 KB

• Visualization
  • Each bar in the chart represents a domain.
  • Blue bars indicate successful collections.
  • Red bars indicate failed collections.
  • Hover over a bar to view the exact number of successful or failed attempts.

Domain collections are a backup of all objects and their attributes in a domain, facilitating you to perform object rollback and restore operations in Recovery for Active Directory.

• Set Time Range
  • Click the gear icon in the card header.

DomainTimeRange414×169 2.03 KB

• In the Time Range window, use the arrows or manually enter the number of days (default is 7).

• Click Save to apply the selected time range to the chart.

• View Object Details

  • Click on a bar to view detailed information about the collection activity for that domain.
  • This opens the Domain Collection Details page.
    
    

    The bar graph displays the number of collected objects over several days in April 2025, indicating varying collection amounts, with the highest counts on April 19th and April 20th. (Captioned by AI)1304×580 14 KB

Domain Collection Details Page

This page includes:

• Bar chart

  • Each bar represents the number of objects collected on a specific day.
  • Hover over a bar to see the exact object count collected by the job.

• Lower pane

  • Displays additional information about each backup job:
    • Date and time the job ran
    • Duration of the collection process
    • Job status (success or failure)
    • Total number of objects collected (backed up)

4. Server Backups

This card uses a bar graph to display information about the number of backup collections performed for domain controllers in the forest(s) configured in Recovery for Active Directory.

• Visualization

  • Each bar represents a domain controller.
  • Blue bars indicate successful backups.
  • Red bars indicate failed backups.
  • Hover over a bar to view the exact number of successes or failures.

• Set Time Range

  • Click the gear icon in the card header.

DomainTimeRange414×169 2.03 KB

• In the Time Range window, use the arrows or manually enter the number of days to display (default is 7).

• Click Save to update the chart.

• View Backup Details

  • Click a bar to open the Server Backup Details page for the selected domain controller.
    
    

    The image displays a server backup report with a bar chart showing the number of backup collections on two separate dates, March 25 and March 26, 2025, along with detailed information on individual collection times, durations, statuses, and total sizes. (Captioned by AI)1575×741 25.6 KB

Server Backup Details Page

This page contains:

• Bar chart

  • Each bar shows the number of backup collections on a specific day.
  • Hover over a bar to view the exact number of successful or failed collections.

• Lower pane

  • Displays detailed information about each collection job:
    • Date and time the backup ran
    • Duration of the collection
    • Job status (success or failure)
    • Total size of the backup