These release notes provide information about the Quest® Recovery Manager for Active Directory 10.3.1 release.
Recovery Manager for Active Directory enables fast, online recovery. Comparison reports highlight what objects and attributes have been changed and deleted in Active Directory enabling efficient, focused recovery at the object or attribute level. Accurate backups and a quicker recovery enable you to reduce the time and costs associated with AD outages and reduce the impact on users throughout your organization.
Recovery Manager for Active Directory is based on patented technology.
Recovery Manager for Active Directory 10.3.1 is a release with new features and functionality. See New Features and Enhancements.
This section covers new features and enhancements in Quest® Recovery Manager for Active Directory 10.3.1.
Recovery Manager for Active Directory Version 10.3.1 has updated and validated all cryptographic algorithms used within each component of the product. RMAD 10.3.1 is using FIPS 140-2 validated algorithms and functions. Encryption is used within the product for encryption of backups, encryption of forest recovery project files, and encryption of all user entered passwords. For all encryption, the product uses AES-256 algorithms.
To support copying backups to Secure Storage Servers in environments where NTLM is disabled, Recovery Manager for Active Directory Version 10.3.1 has enhanced the implementation of Secure Storage Servers.
When NTLM is disabled, a standalone, non-domain joined Secure Storage Server cannot pull the backup from remote primary storage. With Version 10.3.1, RMAD now copies backups over a secure RPC channel that is protected by public/private key pairs and does not rely on either NTLM or Kerberos authentication.
The Active Directory Virtual Lab (ADVL) is a component of Recovery Manager for Active Directory that helps you create virtual test environments. This component has been deprecated in RMAD 10.3.1 and is no longer available. To continue to create virtual test environments the restore active directory to clean OS method can be utilized. Using the Restore Active Directory on Clean OS method you can restore on a freshly installed Windows virtual machine using an available AD backup to create a test environment for your disaster recovery plans.
Recovery Manager for Active Directory Management Pack for Microsoft System Center Operations Manager (SCOM) allows you to monitor the backup and restore operations performed by RMAD. There are two editions of RMAD Management Packs for SCOM: Regular and Limited. With the release of version 10.3.1 both Management Packs have been deprecated and will no longer be available.
Support has been added for US Government GCC High accounts when using Exchange OAuth2 authentication for email notifications.
Recovery Manager for Active Directory supports integrity checks for Active Directory backups. To ensure the integrity of your backup prior to a restore operation, integrity checks are completed by default.
In RMAD version 10.3.1, multiple options have been introduced to select if integrity checks will be performed. Active Directory backup integrity checks are very quick, while BMR and larger backups can take a long time to complete. As a result integrity checks are now optional. Options are available in Computer Collection Advanced properties and during Verify Settings.
After a Scheduled or Manual backup, if Alerts is enabled from the Computer Collection properties, the email notification sent to the user will now include the Integrity check success/failure status. The email notification can contain all integrity check messages or only warnings and errors. You can also configure emails to be sent always or only on warnings and errors.
During the Restore to Clean OS method, the following services will be installed, AD-Domain-Services, DNS, FS-FileServer, RSAT-AD-AdminCenter.
The logic for collecting logs on a domain controller has been moved from a separate service to an operation on the Forest Recovery Agent. RPC Pipes are used to send the collected logs from the domain controller to the Forest Recovery Console.
The password requirements can be modified via the Set-RMADFEGlobalOptions cmdlet with the two new parameters, FRPasswordComplexity and FRPasswordLength.
When creating Azure virtual machines a new option has been introduced to specify private or public IP.
New email notifications (alerts) available for the upload of a backup to cloud storage. Notifications will be sent if a cloud upload fails and backup email notifications are enabled.
Enhancement | ID (old) | Azure DevOps |
---|---|---|
Recovery Manager for Active Directory 10.3.1 | ||
Create new PowerShell cmdlet - Remove-RMADSession cmdlet | N/A | 370687 |
Email notifications during integrity checks | N/A | 395979 |
Allow to add a folder path for Forest Recovery projects to be included in backup | N/A | 396047 |
Add support for US government GCC high accounts in exchange Oauth2 notifications | N/A | 402135 |
Add collection Name/Id to PowerShell script parameters | N/A | 410125 |
Allow to ignore missing/malfunctioning VSS writers | N/A | 412323 |
Deprecate SCOM | N/A | 416078 |
Diagnostic log BackupAgent64 - Allow for threshold on file size and overwrite | N/A | 418052 |
Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller | N/A | 421517 |
Add an option to disable automatic checking of manual and scheduled backups | N/A | 429365 |
Remove Support for 2012 and 2012 R2 from supported operating systems and SQL Server 2012 | N/A | 437548 |
Support using of LocalSystem account in scheduled backup | N/A | 437699 |
Recovery Manager for Active Directory 10.3 | ||
Salting mechanism for forest recovery project password hashes | N/A | 412667 |
Show AD tombstone lifetime settings somewhere in a product UI | N/A | 353685 |
Allow for password complexity | N/A | 253917 |
BackupAgent does not respect global logging setting 'Create a new set of log files: Never' on the DC side. | N/A | 381957 |
TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand | N/A | 384624 |
Recovery Manager for Active Directory 10.2.2 Hotfix 2 | ||
Support for OAuth2 authentication method for email notifications. Required due to deprecation of basic authentication for Exchange Online | N/A | 384541 |
Recovery Manager for Active Directory 10.2.2 | ||
Improve message the error while creating remote DCOM object failed because "Access is denied" | N/A | 263396 |
Cannot restore a user from a backup that requires credentials for accessing it | N/A | 267022 |
Support GMSA account type to run PS custom script (Agent side only) | N/A | 317648 |
Installation option for hybrid service in the main product setup | N/A | 346507 |
New hybrid configuration Powershell API | N/A | 346513 |
Installer check updated for .NET 4.8 | N/A | 349988 |
Full support for GMSA accounts for RMAD DRE/FE/Standard | N/A | 352707 |
Support for Windows 2022 with exceptions. See User Guide | N/A | 363862 |
Recovery Manager for Active Directory 10.2.1 | ||
Usability improvements to the Computer Collections Properties dialog including removal of Logging tab and introduction of new tab for Secondary Storage | N/A | 283362 |
Creation of Management Shell Guide which lists all available PowerShell® cmdlets, with examples. Appendix removed from User Guide | N/A | 275100 |
Recovery Manager for Active Directory 10.2 | ||
Rename system state backups to Active Directory® backups | RMADFE-3009 | 218405 |
Hide the "Components" tab in computer collection settings | RMADFE-3042 | 218415 |
SCOM 2019 support | N/A | 219783 |
Pass through Synchronize across time zones from windows task scheduler to RMAD | RMADFE-952 | 220703 |
Create Logs Daily to be on by default | N/A | 223980 |
Display operating system version for all backups | N/A | 228741 |
Resolved Issues | ID (old) | Azure DevOps |
---|---|---|
Recovery Manager for Active Directory 10.3.1 | ||
FSMO roles doesn't removed from non-recovered DC | N/A | 408607 |
OnlineRestoreAgent.msi uninstalls Backup agent on DC if Backup agent exists. Backup agent also uninstalls ORA on DC if exists before install Backup Agent. | N/A | 421201 |
Perform integrity check after scheduled backup' option works incorrectly | N/A | 430626 |
GPO Comparison Report error: "Uncaught Reference Error: Enumerator is not defined" | N/A | 431908 |
Using Online Restore Wizard, any GPO Comparison Reports do not show the changes/differences because the information is hidden | N/A | 434960 |
Do not store user account credential in the task for scheduled console config backup | N/A | 437559 |
Too long replication in full mode | N/A | 438621 |
Restore-RMADDeletedObject cmdlet throws "Invalid Password Cannot decrypt data" when backup is not accessible - improve error message | N/A | 440174 |
DC side PowerShell script account requires SeInteractiveLogonRight, or the logon will fail. | N/A | 444542 |
Get information about computer from Backup takes too long to fail if backup access credentials are incorrect | N/A | 448638 |
When forest domain is forest-wide replicated all DCs in forest should use its DC as primary DNS server | N/A | 468637 |
Email notifications: SMTP authentication long password truncated after saving and reopening Recovery Manager Settings dialog | N/A | 470665 |
Recovery Manager for Active Directory 10.3 Hotfix 2 | ||
Online Restore Agent attempts to connect to a wrong domain controller when trying to perform an online recovery | N/A | 431481 |
Integrity checks of collections with backups to be stored in Azure Files (SMB share) fail. | N/A | 435383 |
RMAD console crashes during Online Restore Wizard for AD LDS (ADAM) due to large number of objects. | N/A | 437753 |
Online restore is failing with the error: Failed to create a remote object. DCOM configuration required. | N/A | 440746 |
Support gMSA accounts for scheduled collections when "Network access: Do not allow storage of passwords and credentials for network authentication" is enabled. | N/A | 444925 |
Recovery Manager for Active Directory 10.3 Hotfix 1 | ||
Cleanup CNAME DC record | RMADFE-2746 | 242105 |
Hybrid Restore selection is not being verified in installer when remote SQL and windows creds are being used. | N/A | 359203 |
Online Restore Wizard: "Objects to Be Processed" Add button browse not working properly | N/A | 411383 |
New-RMADSchedule cmdlet doesn't support several weeks trigger | N/A | 414124 |
Read zone info from inconsistent/partial registry key | N/A | 419904 |
Hybrid restore may fail with the 'database is locked' error when restoring 50..100 objects | N/A | 424314 |
Apply Group Policy step hangs if root domain DNS zone is forest-wide replicated | N/A | 427816 |
Recovery Manager for Active Directory 10.3 | ||
Online Restore Wizard: Reporting on Unchanged Objects | N/A | 377277 |
Incorrect email subject message after unsuccessful/incomplete recovery | N/A | 406720 |
Computer Column - Timing column for the backup jobs to assist users in estimating job lengths | N/A | 351058 |
When the Additional path is offline, then a job that's only using local-storage completes with a warning. With Remote Storage, the job fails with an error. | N/A | 370690 |
ISO boot fails with a BSOD on Windows 2022 lab. To fix the issue, you need to add the latest cumulative update (any update after 7C-KB5015879) into WinRE.wim. Download the LCU September 13, 2022 — KB5017316 (OS Build 20348.1006) (microsoft.com). See the Quest Knowledge Base article KB4368806 for commands that need to be run. | N/A | 376632 |
Online Restore Wizard Directory object not found when restoring with old 2012 R2 backup to 2019 DC | N/A | 380226 |
Issue with install - invalid SQL hostname during install/upgrade | N/A | 388182 |
FSMO Roles are not displayed in the recovery report after restore | N/A | 376235 |
Tab order on SQL Installer page is wrong | N/A | 397266 |
Recovery Manager for Active Directory 10.2.2 Hotfix 3 | ||
RMAD fails to perform backups when using GMSA account after Microsoft Patch applied KB5022289 \ KB5022286 | N/A | 406231 |
Recovery Manager for Active Directory 10.2.2 Hotfix 2 | ||
Include product name and version to the self-extracted installation package | N/A | 367930 |
Remove Autorun from build, CD package | N/A | 380288 |
Email notifications to O365 email is not supported when Basic Authentication disabled on tenant | N/A | 386176 |
RMAD Console crashes when recovering SYSVOL from a backup using Repair Wizard | N/A | 388796 |
SCOM: computer collection and RMAD instances are in not monitored health state | N/A | 393392 |
Option to "Repair" an installation is grayed out | N/A | 383571 |
Online restore wizard does not work on Windows 2016 with LSA protection and Secure Boot enabled | N/A | 226670 |
Online restore wizard does not work on Windows 2022 with agent based restore and with LSA protection enabled | N/A | 367163 |
Recovery Manager for Active Directory 10.2.2 Hotfix 1 | ||
Restore-RMADDeletedObject cmdlet crashes when it's used without explicitly specified credentials | N/A | 382646 |
Domains that are not synced with Azure AD should be present in the list of discovered domains but should not cause error (require credentials) while saving the configuration | N/A | 380628 |
Cannot save ODR integration settings in RMAD due to an old forest/dc listed in discovered domains | N/A | 380625 |
Offline Restore Wizard fails with Access Denied to install Offline Restore Agent | N/A | 375451 |
Setup folder does not include .NET 4.8 after changing product requirement | N/A | 373180 |
Full replication between two consoles is failing with 'The given key was not present in the dictionary' error | N/A | 322095 |
Recovery Manager for Active Directory 10.2.2 | ||
RMAD replication doesn't work with Group Managed Service Account (gMSA) configured for console connection | RMADFE-2594 | 242195 |
gMSA cannot be used when setting up replication | RMADFE-2519 | 242560 |
Use a gMSA account from one domain as the agent account for backing up DCs in a different domain does not work | N/A | 265197 |
RMAD not finding backups requested by ODR in different timezones | N/A | 316404 |
BackupAgent does not respect global logging setting "Create a new set of log files: Never" | N/A | 322747 |
Update DisksInfoProvider to be more current and ignore unnecessary drive types | N/A | 323924 |
ERDiskAD.mdb does not get imported, gets overwritten by blank rmad.db3 when installing the new version. | N/A | 352421 |
A v10.2.1 pre-installed backup agent fails when backup is requested by a v10.1.1 console | N/A | 353765 |
Updating backup agent fails if custom port is configured. | N/A | 354851 |
Global settings dialog has a slightly broken layout on several tabs | N/A | 358457 |
RMAD Console - Replication: Backup information is not being cleaned out of the console when it no longer exists on source | N/A | 359553 |
RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection | N/A | 363140 |
Installer log messages are truncated | N/A | 364258 |
Recovery Manager for Active Directory 10.2.1 Hotfix 2 | ||
RMAD Console Replication error (XML error) during replication when backup runs on master console | N/A | 351462 |
Cleanup of metadata during restore of an unprotection object failed from accidental deletion | N/A | 354567 |
RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection | N/A | 363140 |
RMAD build 10.2.1.36279 will not install and triggers MS Defender notification | N/A | 366313 |
Recovery Manager for Active Directory 10.2.1 Hotfix1 | ||
Error with diagram explaining Change Auditor integration | N/A | 323348 |
GMSA workflow in the documentation is reportedly missing steps | N/A | 325726 |
Cannot retry a snapshot if certain errors occurred while creating a backup | N/A | 330733 |
Recovery Manager for Active Directory 10.2.1 | ||
Allow to unselect Console storage immediately as alternative has been configured | N/A | 220573 |
Large number of scheduled tasks can cause Console, Replication and PowerShell cmdlets to be extremely slow | RMADFE-1837 | 242166 |
Remove a BOM prefix from the script file | N/A | 257798 |
Unpacking the backup and the retention policy may fail if the DC cannot be accessed via LDAP from the RMAD console machine | N/A | 279431 |
RPC calls to Backup Agent are not retried on RPC_S_SERVER_TOO_BUSY error | N/A | 314812 |
Misleading 'Unable to map the network share IPC$ on the computer' error message on attempt to map UNC share | N/A | 316902 |
Installation fails with an invalid error message when using a local windows credential to connect to the remote SQL server | N/A | 317818 |
Online Restore Wizard cannot undelete an object using a non-administrative account. Restoring an object in Online Restore Wizard using a non-administrative account may result in the following error for NT-Security-Descriptor attribute: "Cannot retrieve attribute value(s) from Active Directory. Possible reason: Insufficient access rights." To ignore this error, the NT-Security-Descriptor attribute can be excluded from the list of restored attributes. |
N/A | 293311 |
Recovery Manager for Active Directory 10.2 Hotfix 1 | ||
Installation of Quest personal certificates to the local certificate store failed. Receive error message to install Quest certificates later. This should not be required. | N/A | 274643 |
Computer Collection scheduled tasks removed after upgrade to 10.2 if gMSA used as the scheduled task account | N/A | 280854 |
rmad.db3 file gets overwritten during an uninstall -> install of version 10.2 | N/A | 283069 |
Cannot retain the uncheck "Global Catalog Servers" option in the Advanced tab of the Computer Collection properties window | N/A | 230397 |
It will display 'Network access is denied' error in Win2016/2019 if specify account to restore GPO with "domain\username" format | N/A/ | 233623 |
Cannot see some advanced objects in the object picker in Online Restore Wizard | N/A | 275027 |
Recovery Manager for Active Directory 10.2 | ||
Security Vulnerability - Sensitive comments embedded within client-side code sent to an end user machine | RMADFE-3244 | 218142 |
Security Vulnerability - Runtime hardening (SEP, ASLR and other) | RMADFE-3248 | 218146 |
Full replication fails when a DC is selected for the option 'Unpack each backup upon its creation' in the master console | RMADFE-1858 | 218500 |
Storage agent settings are not applied on install | N/A | 219910 |
No progress/wait indication after clicking 'OK' on the 'Add Console…' dialog | N/A | 224321 |
Backup fails if the Domain Controllers OU has a AzureADKerberos computer object in it as part of Azure AD FIDO deployment | N/A | 227903 |
Improve documentation with information on number of scheduled computer collections for optimal performance | N/A | 232614 |
Access Violation in the ProcessRequest function and crashes service | N/A | 232682 |
Remove mutual exclusion mechanism between replication process and restore process | RMADFE-1575 | 237972 |
Display correct backup info and support restore for Collections with containers (not DCs) | N/A | 240580 |
Retriable VSS error causes undefined behavior in Backup Agent on retry | N/A | 241825 |
Modify the configuration to remove collision problems with SHA1, moved to SHA256 | N/A | 253913 |
Retention policy ignores collection and consider backups of all collections | N/A | 259645 |
Recovery Manager for Active Directory fully supports Transport Layer Security (TLS) 1.2. It is recommended that you upgrade to TLS 1.2 for secure communications.
Security Resolved Issue | ID (old) | Azure DevOps |
---|---|---|
Recovery Manager for Active Directory 10.3 | ||
Salting mechanism for forest recovery project and ADVL project password hashes | N/A | 412667 |
Enforce password complexity on Forest Recovery project | N/A | 253917 |
TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand | N/A | 384624 |
Recovery Manager for Active Directory 10.2.1 | ||
Do not use SHA1 for key derivation function to generate hash for creation of AES-256 key for backup encryption |
--- | --- |
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center