Steffen Urskov Thomsen | Senior Storage Engineer at Cristie
Active Directory is the front door to your entire organisation. Every user, every application, every authentication request runs through it. And yet — most organisations have no tested plan for recovering it after a cyberattack.
Here's the uncomfortable reality: AD redundancy is not the same as AD resilience. If one domain controller is compromised, the entire forest is at risk. And Microsoft's own recovery documentation for AD forests runs to 29 pages of manual steps — written for a calm, structured scenario, not a crisis at 2 AM.
In this masterclass, Steffen breaks down identity recovery from the ground up:
Why Active Directory is the primary target in 80% of cyberattacks — and why most organisations don't know what they'd actually do if it fell
The difference between high availability and real recoverability — and why your DC redundancy won't save you from ransomware
How Rubrik Identity Recovery orchestrates full forest recovery from immutable backups — without the 29-page manual
Granular recovery in practice: restoring a single deleted user, a Group Policy Object, or a specific attribute — without touching production
Hybrid identity recovery across on-prem Active Directory and Entra ID — including Conditional Access Policies, Enterprise App Registrations, and Entra-joined devices
How to identify FSMO roles, DNS, DHCP, and domain trust relationships before a crisis — not during one
What NIS2 and modern cyber resilience frameworks actually require from your identity recovery capability
The goal is not to sell you a product. It's to ensure that the next time identity becomes the attack vector, you know exactly what recovery looks like — and whether you're ready for it.
This masterclass is suitable for organisations that:
Run Active Directory — on-prem, in hybrid environments, or alongside Entra ID — and have never tested a full forest recovery
Have experienced an identity-related incident, or work in sectors where one is considered a matter of when, not if
Need to demonstrate identity recovery capability to auditors, regulators, or executive leadership
Are evaluating their readiness for NIS2 or other compliance frameworks that require documented recovery procedures for critical infrastructure
Typical participants: IT security managers, Active Directory administrators, IT architects, CISO and security officers, and recovery owners responsible for critical infrastructure.
Duration: 30–90 minutes depending on your needs
Format: Online or on-site at your premises
Style: Scenario-driven introduction — what actually happens when AD goes down — followed by a concrete walkthrough of recovery options, from full forest restoration to granular object and attribute-level recovery
Materials: Basic presentation material and a brief written summary can be shared afterwards
Each masterclass is adapted to your environment — on-prem AD, Entra ID, hybrid, or all three. You won't get a generic vendor demo. You'll get a structured conversation about your actual exposure and what recovery would look like in practice.