Microsoft has improved the Active Directory recovery process by providing a way to compare data as it exists in snapshots or backups that are taken at different times. You might wonder why I think this is important in a security perspective. The reason is quite simple. It gives you the means to follow the changes that happened before a security breach—simply a way of doing forensics by comparing data. For this you use the new Active Directory database mounting tool (Dsamain.exe), which will help you decide which data to restore after data loss. For me, this feature has eliminated the need to restore multiple backups to compare the Active Directory data that they contain.