Chat now with support
Chat with Support

Recovery Manager for AD Forest Edition 10.2.1 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web portal Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Assigning roles to portal users

You can assign specific roles to the Recovery Manager Portal users. A role assigned to a user defines the Recovery Manager Portal user interface elements and functionality available to that user. You can only assign portal roles by using the account under which the Recovery Manager Portal was installed. By default, this account is granted all portal roles.

To assign portal roles, you can use local security groups existing on the computer where the Recovery Manager Portal is installed. By adding or removing members in these groups you can define the scope of authority for a portal user and the operations that the user can perform in the Recovery Manager Portal.

The local security groups are as follows:

  • Recovery Manager Portal - Configuration Admins. Members in this group have permissions to modify the Recovery Manager Portal configuration and delegate restore permissions to other Recovery Manager Portal users.

  • Recovery Manager Portal - Recovery Operators. Members in this group have permissions to restore or undelete Active Directory objects by using the Recovery Manager Portal.

  • Recovery Manager Portal - Undelete Operators. Members in this group have permissions to undelete Active Directory objects by using the Recovery Manager Portal.

  • Recovery Manager Portal - Monitoring Operators. Members in this group can view the health summary and backup creation history for the RMAD instances with which the portal is configured to work.

 

Delegating restore or undelete permissions

You can delegate permissions to restore or undelete objects in specific Active Directory containers to the users or groups of your choice. These users or groups must reside in the Active Directory forest where the Recovery Manager Portal is installed and be assigned an appropriate portal role. For more information about portal roles, see Assigning roles to portal users.

To delegate restore permissions, you also must have a specific role in the Recovery Manager Portal. For details, see Assigning roles to portal users.

To delegate permissions
  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Configuration tab.

  3. Expand Active Directory Domains.

  4. Click the name of the domain that includes the containers on which you want to delegate permissions.

  5. Click Configure a list of delegates, and then expand the domain entry.

  6. Click the container on which you want to delegate permissions.

  7. Click Add, to specify delegates to the Users or groups list.

  8. In the dialog that opens, you can find and add users and groups from any trusted domain in the Active Directory forest.

  9. Below the Users and groups list, select the operations you want to grant or deny to the added users or groups.

  10. When you are finished, click OK. If necessary, repeat steps 6-9 for other containers in the domain.

 

Configuring e-mail notification

You can configure the Recovery Manager Portal to send notification e-mails to specific recipients when the health state of any RMAD instance with which the Recovery Manager Portal is configured to work changes from healthy to unhealthy or vice versa.

To configure e-mail notification
  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Configuration tab.

  3. Expand Portal Settings and under General Settings, click on the Configure E-mail button.

  4. Use the following options in the dialog box that opens:

    • Outgoing SMTP server. Type the fully qualified domain name (FQDN) or IP address of the SMTP server you want to use for sending notification e-mails.

    • SMTP port. Type the number of the port (default port for SMTP is 25) on which you want to connect to the server.

    • Sender e-mail address. Type the e-mail address you want to display in the From field of all notification e-mail messages.

    • Notification recipients. Here you can specify a list of notification recipients. To specify multiple values, use semicolon as the separator.

  5. User name and password. Type the user name and password of the user account you want to use to send notification e-mails from the SMTP server. The account must have the appropriate permissions.

  6. When you are finished, click OK to apply your settings.

 

How Recovery Manager Portal recovers data

Please consider the following behavior of the Recovery Manager Portal:

  • By default, the permissions to restore or undelete objects in an Active Directory domain are only granted to the members of the Domain Admins group in that domain. However, you can delegate the restore or undelete permissions to the portal users you want. For more information, see Delegating restore or undelete permissions.

  • By default, the Recovery Manager Portal uses the agent-based method for all search and restore operations, regardless of the settings configured on the RMAD instance used to perform these operations. For more information about the agent-based method, see Agent-based method in Using agentless or agent-based method. You can change the portal settings to use the agentless method.

To use the agentless method
  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Configuration tab.

  3. Expand Portal Settings, and then select the **Use agentless method ** radio button for all search and restore operations.

NOTE

User cannot select Automatically configure firewall before the restore operation check box, when the Use agentless method radio button is selected.

To undelete an Active Directory object, the Recovery Manager Portal uses Microsoft’s Active Directory Recycle Bin feature if it is enabled in the target forest. If this feature is unavailable, the Recovery Manager Portal restores the object from the latest available unpacked backup that includes the object before its deletion.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating