Chatta subito con l'assistenza
Chat con il supporto

Disaster Recovery for Identity Current - for Active Directory Release Notes

Release Notes

Quest® Disaster Recovery for Identity for Active Directory

Release Notes

August 20, 2025

Disaster Recovery for Identity for Active Directory offers off-network abilities to manage on-premises domain controllers, including Active Directory® backups and restore operations, in the case of a disaster. It is essential for any modern business have uninterrupted network and computer systems, which are essential for business continuity. Unforeseen outages, like directory service failures, can significantly disrupt operations. To mitigate such risks, critical infrastructure must be designed for swift recovery from failures.

 

Disaster Recovery for Identity for Active Directory leverages advanced technologies to minimize downtime resulting from Active Directory corruption or accidental modifications. This solution automates backups and enables rapid, remote recovery of data stores in Active Directory. Disaster Recovery for Identity for Active Directory dramatically reduces the time required to restore Active Directory.

Disaster Recovery for Identity for Active Directory allows you to perform the following operations:

  • Configure and manage backups using Backup Plans.
  • Store Active Directory backups in Quest Azure tenant.
  • Configure and manage recovery of an Active Directory forest.
  • Restore Active Directory using Clean OS method, allowing you to restore the entire forest or any of its parts on a freshly installed Windows machine.
  • Schedule backup of domain controllers based on business needs
  • Verify recovery configurations to validate your disaster Recovery Plan

Caution: Microsoft Entra is a dynamic and rapidly evolving platform, which means its APIs may be updated or changed with limited notice. These ongoing changes may occasionally impact features in Disaster Recovery for Identity for Active Directory. When possible, Quest aims to provide timely notification to customers in cases of such impact. For the latest updates on Entra ID APIs, refer to the Microsoft Entra ID documentation and Microsoft Graph Changelog.

 

These release notes provide information about Disaster Recovery for Identity for Active Directory deployments.

Topics:

Release History

The following lists the new features and resolved issues by deployment.

 

Current Deployment

Release: August 20, 2025

Feature Issue ID (ADO)

Recovery Plans that restore specific domains (i.e., at least one domain is set to Ignore Healthy Domain) now automatically streamline the process of unhosting and rehosting global catalog partitions, speeding up overall recovery.

 ADO- 571302
The Override domain-level credentials checkbox is removed from the Server Access Credentials section of the domain controller configuration. You can now directly override inherited domain-level credentials by entering one or more credentials for the domain controller. ADO-574735

 

Previous Deployments

Release: July 24, 2025

Feature Issue ID (ADO)

Revised UI terminology by renaming the Environments tab to Forests and updating related UI labels from 'environment' to 'forest' to align with Active Directory terminology.

 ADO-565083
You can now manage email notifications by configuring notification templates in On Demand Global Settings (Settings | Notifications). For a list of the available notification templates, see the user guide. ADO-554178
Failed Backup Plans for scheduled backups generate notification emails even if the environment is offline. ADO-566989
Resolved issue Issue ID (ADO)
Upgrade of the JRS Plugin does not complete and requires that the agent service is manually restarted. ADO-551429

Release: July 9, 2025

Feature Issue ID (ADO)

The Forest Summary on the Topology tab includes two new columns: FSMO Role, which displays a badge for each FSMO role assigned to the domain controller, and Type, which shows the domain controller type (GC, DC, or RODC).

ADO-531981
When manually selecting a backup in the Select Backup flyout, you can now specify a date range to filter backups by their creation date. ADO-444246
Information about agent installation progress is now displayed on the Tasks page. ADO-522639
The minimum supported version of the DC Agent is updated to 10.3.2.45365 (RMAD 10.3.2 Hotfix 1). ADO-556035
The action bar on the Topology page is enhanced with an option to edit columns. Additionally, agent-related options can now be accessed through the new DC Agent button. ADO-562889
The domain recovery method Recover Damaged Domain is renamed to Recover Domain. Descriptions of recovery methods on the user interface are enhanced for clarity. ADO-565087
Resolved issue Issue ID (ADO)
Applying a date filter to the Events or Tasks table and refreshing the page causes the application to crash. ADO-566237
When a Recovery Plan is added and saved with default settings, the summary above the action bar displays the status Ready. ADO-566677
After starting an installation task on a domain controller, you are able to start another installation task on the same domain controller. ADO-566882
Actions on the Operations page, such as Skip and Continue or Cancel, can be performed without the required permissions. Permissions are now required for all actions. ADO-567947

Release: June 26, 2025

Feature Issue ID (ADO)
You can now view environments in read-only mode. This allows you to review environment details even when operations are in progress for the environment or if you do not have permission to edit the environment. ADO-525113
You can now view Backup Plans in read-only mode. This allows you to review Backup Plan details even when a Backup Plan is running or if you do not have permission to edit Backup Plans. ADO-541869
You can now selectively override one or more domain-level credentials for a domain controller by selecting the Override domain-level credentials checkbox in the configuration and entering the desired credentials. When default domain-level credentials apply, the credential set is marked with a badge labeled Inherited credentials. ADO-530835
When creating a Recovery Plan, a new column Backup Coverage in the Domains table shows the number of domain controllers (DCs) that have backups matching the selected backup criteria out of the total number of DCs in the domain. ADO-556720
Resolved issue Issue ID (ADO)
Domain controller IP addresses are persistently stored during topology discovery. Recovery Plans use these pre-resolved IP addresses to access domain controllers even when they are not reachable by FQDN. ADO-499767
When using the Ignore Healthy Domain and Adjust to Active Directory Changes recovery methods, only domain credentials (set in the domain or domain controller configuration) are required. ADO- 558580

Release: June 11, 2025

Feature Issue ID (ADO)
Added the option to enable Install From Media for the Install Active Directory recovery method, providing the ability to pre-populate Active Directory and Sysvol with data from a selected backup. ADO-550966

Support for the deletion of domains during recovery. One of the following recovery methods can be specified for each domain: Recover Damaged Domain, Ignore Healthy Domain, or Delete Domain.

IMPORTANT: Recovery Plans created before this feature release will become invalid and must be updated.

 ADO-519109
Names for Backup Plan and Recovery Plan within an environment must be unique. If a duplicate name is entered for either, an error is displayed. ADO-510803
Backup plans are now sorted by date created, with the most recent at the top of the list. ADO-515795
Added validation of backup availability. If no backup exists when starting verification or recovery, the operation does not start and an error is displayed. ADO-519091
Added Recovery Plan validation. If the IP address for the target server is not specified for the domain controller when starting recovery, the recovery does not start and an error is displayed. ADO-519906
On the Topology page, enabled searching for domain controllers and filtering by domain, DC agent status, or Backup Plan. ADO-522453
Added a badge on the Operations page that displays the number of canceled operations for the domain controller. ADO-531908
When selecting domain controllers to back up, enabled filtering the list of domain controllers by domain, site, DC agent status, or Backup Plan. ADO-546462
Support of LDAPS queries in topology discovery. Users can enable LDAPS for the hybrid agent during installation or post-installation. ADO-550094
Resolved issue Issue ID (ADO)
In the Status column on the Recovery Plan details page, the text length of entries are limited regardless of the cell width. ADO-561377

Release: April 17, 2025

Feature Issue ID (ADO)
Copy button added to Events and Tasks screens to allow copying event and task descriptions to the clipboard. ADO-550064
Domain controller agent updated to version 10.3.2.44604. ADO-546342

Release: March 26, 2025

Feature Issue ID (ADO)
Improvements to services to support stateless allowing for deployment and updates to Disaster Recovery for Identity for Active Directory to be completed without stopping ongoing backup, verification and recovery operations. ADO-520301
Updates to Environment tile to improve user onboarding and product understanding, including removal of DC Agent section from tile and updates to About Agents. ADO-524845
OWASP ASVS V5.5, V5.19, V5.20, V5.21, V18.4: Enhanced server validation of inputs ADO-525649
Deployment to Australian and Canadian regions. Disaster Recovery for Identity for Active Directory now supports the following regions: Australia, Canada, EU, UK and US. ADO-530535
Show notification when verification or recovery is running and hybrid agent goes offline. ADO-535753
Domain controller agent updated to version 10.3.2.44484. ADO-544324

Release: March 13, 2025

Feature Issue ID (ADO)
Limit domain controllers that can be backed up by domain. Limit domain controllers that can be backed up by Backup Plans per domain. A maximum of 10 domain controllers per domain can be included in Backup Plans. ADO-523055
Display Total Elapsed Time on Tasks. ADO-531124
Compatibility with Recovery Manager for Active Directory Forest/Disaster Recovery Edition (RMAD FE/DRE): Domain controller agent version checking for installation of DRI AD and RMAD FE/DRE in the same Active Directory environment. RMAD FE/DRE 10.3.2 or later is required. It is recommended to install the DRI AD hybrid agent on the same machine as RMAD Forest Recovery Console. ADO-540986
New detail panel RMAD Compatibility to view guidance information for usage of DRI for AD and RMAD in the same Active Directory environment. ADO-541695
Proper handling of ODRAD and RMAD communication certificates and error messages when mismatches are found. (Certificate Handling between Blob Storage and Plugin). Information available by clicking on RMAD Compatibility on the Environment tab. ADO-546318

Release: March 04, 2025

Feature Issue ID (ADO)
Add clarification about DC agent and hybrid agent on the Create/Edit Environment page ADO-524870
Backup name format in Selected Backup dropdown is the same as on Backups list ADO-532002
"Hybrid agent is offline or unavailable" notification should disappear ADO-546318

Release: February 12, 2025

Feature Issue ID (ADO)
Support of 'Install Active Directory' method' ADO-379572
Display time of the last discovery on the Topology tab ADO-504703
Ability to see when the hybrid agent is offline ADO-517362
Download DC Agent from the Topology tab ADO-526146
Display the total elapsed time from the Tasks tab ADO-531124
Increase retention period for backups to 180 days ADO-535313

Release: January 10, 2025

Feature Issue ID (ADO)
First deployment of Disaster Recovery for Identity for Active Directory N/A

Incident response management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. On Demand relies on Azure and AWS infrastructure and as such, is subject to the possible disruption of these services.

You can view the following status pages:

System requirements

The following web browsers are supported with On Demand:

  • Microsoft Edge
  • Google Chrome (latest version)
  • Mozilla Firefox (latest version)

 

Hybrid agent requirements

  • A standalone or domain-joined server (standalone server is highly recommended).
  • Ensure that the hybrid agent server has a stable internet connection and uses a DNS server that is not affected by a forest failure.
  • A service account used to run the hybrid agent must be a local administrator account on the computer where the hybrid agent is installed.
  • The domain FQDN\username should at least have forest-wide read permissions.

 

Domain Controller Agent requirements

  • A service account used to run the domain controller agent is always a Local System account.
  • An account used to install the domain controller agent remotely must be a member of the Local Administrators group.
  • The minimum supported version for the domain controller agent is 10.3.2.44484.

 

Endpoint requirements

 

Hybrid agent requirements

The hybrid agent must be able to access the following endpoints associated with the region where your On Demand organization resides.

TCP Port Direction Endpoints Description
389

Outbound

Domain Controllers

 LDAP port to domain controllers to discover environment.
445 Outbound Domain Controllers SMB port to domain controllers to install domain controller agents.
443 Outbound

AU

odjrs-auprod-au-iothub.azure-devices.net

https://odjrsauprodaugrssto.blob.core.windows.net

https://odrjsauprodausto.blob.core.windows.net

 

CA

odjrs-caprod-ca-iothub.azure-devices.net

https://odjrscaprodcagrssto.blob.core.windows.net

https://odrjscaprodcasto.blob.core.windows.net

 

EU

odjrs-euprod-eu-iothub.azure-devices.net

https://odjrseuprodeugrssto.blob.core.windows.net

https://odjrseuprodeusto.blob.core.windows.net

 

UK

odjrs-ukprod-uk-iothub.azure-devices.net

https://odjrsukprodukgrssto.blob.core.windows.net

https://odjrsukproduksto.blob.core.windows.net

 

US

odjrs-usprod-us-iothub.azure-devices.net

https://odjrsusprodusgrssto.blob.core.windows.net

https://odjrsusprodussto.blob.core.windows.net

 Agent connection to Disaster Recovery for Identity for Active Directory backend services (see On Demand Global Settings User Guide for more)
80 Outbound

AU

odjrsauprodauiotinst-odjrsauprodauiotacct.b.nlu.dl.adu.microsoft.com

 

CA

odjrscaprodcaiotinst-odjrscaprodcaiotacct.b.nlu.dl.adu.microsoft.com

 

EU

odjrseuprodeuiotinst--odjrseuprodeuiotacct.b.nlu.dl.adu.microsoft.com

 

UK

odjrsukprodukiotinst--odjrsukprodukiotacct.b.nlu.dl.adu.microsoft.com

 

US

odjrsusprodusiotinst--odjrsusprodusiotacct.b.nlu.dl.adu.microsoft.com

 Agent connection to Disaster Recovery for Identity for Active Directory backend services (see On Demand Global Settings User Guide for more)

 

Domain controller agent requirements

The domain controller agent must be able to access the following endpoints associated with the region where your On Demand organization resides.

TCP Port Direction Endpoints Description
445

Inbound

 

 SMB port to allow automatic agent installation.
135 Inbound   RPC Endpoint Mapper port used by the RPC runtime.
49152-65535 Inbound

 

 RPC dynamic port range to accept RPC connection from hybrid agent.
443 or proxy server port Outbound

AU

https://odradprodausa.blob.core.windows.net

 

CA

https://odradprodcasa.blob.core.windows.net

 

EU

https://odradprodeusa.blob.core.windows.net

 

UK

https://odradproduksa.blob.core.windows.net

 

US

https://odradprodussa.blob.core.windows.net

 Download and upload backups from Azure Blob Storage accounts.
Strumenti self-service
Knowledge Base
Notifiche e avvisi
Supporto prodotti
Download di software
Documentazione tecnica
Forum utente
Esercitazioni video
Feed RSS
Contatti
Richiedi assistenza sulle licenze
Supporto tecnico
Visualizza tutto
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione