Chatee ahora con Soporte
Chat con el soporte

Recovery Manager for AD Disaster Recovery Edition 10.2 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Secure Storage servers Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS Bare metal forest recovery Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web portal Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory Descriptions of PowerShell commands
Add-RMADBackup Add-RMADCollectionItem Add-RMADReplicationConsole Add-RMADStorageServer Backup-RMADCollection Close-RMADFEProject Compare-RMADObject Convert-RMADBackup ConvertTo-RMADRecycledObject Copy-RMADFEBackup Create-RMADStorageAgentSetup Expand-RMADBackup Export-RMADBackup Export-RMADFERecoveryCertificate Export-RMADFEResult Export-RMADSecureStorageBackup Get-RMADBackup Get-RMADBackupAgent Get-RMADBackupInfo Get-RMADBackupObject Get-RMADBackupSecurityStatus Get-RMADCollection Get-RMADCollectionItem Get-RMADDeletedObject Get-RMADFEAvailableSubnet Get-RMADFEComputer Get-RMADFEConsole Get-RMADFEDnsCache Get-RMADFEDomain Get-RMADFEEvent Get-RMADFEGlobalOptions Get-RMADFEOperation Get-RMADFEPersistenceConnection Get-RMADFEProject Get-RMADFERecoveryAgent Get-RMADFESchedule Get-RMADGlobalOptions Get-RMADLicenseInfo Get-RMADObject Get-RMADReplicationConsole Get-RMADReplicationSchedule Get-RMADReplicationSession Get-RMADReplicationSessionItem Get-RMADReportObject Get-RMADReportObjectAttributes Get-RMADReportObjectChildren Get-RMADReportSession Get-RMADSession Get-RMADSessionItem Get-RMADSessionItemEvent Get-RMADStorageServer Get-RMADStorageServerHardeningStatus Get-RMADStorageServerRetentionPolicy Import-RMADBackup Import-RMADFERecoveryCertificate Install-RMADBackupAgent Install-RMADFERecoveryAgent New-RMADCollection New-RMADFEProject New-RMADFERecoveryMedia New-RMADSchedule Open-RMADFEProject Protect-RMADSecureStorageServer Protect-RMADStorageServer Publish-RMADBackupSecurityStatus Refresh-RMADStorageServer Register-RMADSecureStorageBackups Remove-RMADBackup Remove-RMADBackupAgent Remove-RMADCollection Remove-RMADCollectionItem Remove-RMADFERecoveryAgent Remove-RMADFESchedule Remove-RMADReplicationConsole Remove-RMADReplicationSchedule Remove-RMADReplicationSession Remove-RMADStorageServer Remove-RMADUnpackedComponent Rename-RMADCollection Restore-RMADDeletedObject Restore-RMADDomainController Restore-RMADObject Resume-RMADFERecovery Save-RMADFEProject Set-RMADCollection Set-RMADFEComputer Set-RMADFEDnsCache Set-RMADFEDomain Set-RMADFEGlobalOptions Set-RMADFEPersistenceConnection Set-RMADFERecoveryMode Set-RMADFESchedule Set-RMADGlobalOptions Set-RMADReplicationConsole Set-RMADReplicationSchedule Set-RMADStorageServerRetentionPolicy Start-RMADFERecovery Start-RMADFERecoveryAgentOperation Start-RMADFEVerification Start-RMADReplication Start-RMADReportViewer Stop-RMADFEWorkflow Test-RMADSecureStorageBackup Unprotect-RMADStorageServer Update-RMADBackupAgent Update-RMADFEProject Update-RMADLicense

Adding containers to a Computer Collection

You can add containers such as Active Directory domains, sites, or organizational units to a Computer Collection. When a Computer Collection includes a container, it implicitly includes all domain controllers that are in that container. You can select containers in the details pane after browsing the console tree and selecting a node that holds the containers you want to add.

Domains are located under the Active Directory/Forest <Name> node, organizational units are located under domain nodes. You can add Active Directory forests to the Active Directory node by using the Connect to Forest command on the node’s Action menu.

To add a container to a selected Computer Collection
  1. Right-click the Computer Collection, point to Add, and then click Container.

  2. In the Domain box, select the domain that includes the container or type the DNS name of the domain. If you typed the domain name, click Connect to redraw the tree in the Containers box.

  3. Browse the directory tree in the Containers box to locate and select the container.

  4. In the dialog box, click OK.

Note

For a Computer Collection that includes a container, backups are created for all domain controllers in the container, including the newly created DCs that are not explicitly present in the Computer Collection .

Alternatively, you can add containers to a Computer Collection using the following procedure
  1. Browse the Recovery Manager Console tree to select the node that holds the containers you want to add.

  2. In the details pane, select the containers you want to add. To select multiple containers, hold down CTRL, and click the containers.

  3. On the Action menu, click Add to Collection.

  4. In the dialog box that opens, select an existing Computer Collection or click New Collection to create and select a new Computer Collection.

  5. In the dialog box, click OK.

Note

Also you can drag the containers selected in the details pane to the target Computer Collection in the console tree or use the Copy and Paste commands.

To view and modify an exclusion list for a container

This option lets you specify an explicit list of the domain controllers that will not be included in the backup.

  1. In the Recovery Manager Console tree, select the Computer Collection that holds the container.

  2. In the details pane, right-click the container and select Properties.

  3. In the Properties dialog box, click Modify.

  4. Select domain controllers that you want to exclude from the Available domain controllers list and click Add.

  5. Click OK.

 

Adding AD LDS (ADAM) hosts and instances

You can add AD LDS (ADAM) hosts and instances to a Computer Collection. AD LDS (ADAM) instances available for a selected AD LDS (ADAM) configuration set are located under the Active Directory/AD LDS (ADAM) Configuration Set/All Instances node. To add an AD LDS (ADAM) configuration set to a Computer Collection, you need to connect to AD LDS (ADAM).

To connect to AD LDS (ADAM)
  1. In the Recovery Manager Console tree, select the Active Directory node.

  2. From the main menu, select Action | Connect to AD LDS (ADAM).

  3. In the dialog box that opens, do the following:

    1. In the AD LDS (ADAM) host box, type the full DNS name of the host to which you want to connect.

    2. In the Port number box, type the port number used by AD LDS (ADAM).

    3. In the User name and Password boxes, type the user name and password with which you want to access the AD LDS (ADAM) host. Note that to display these boxes, you may need to click the Options button.

  4. When finished, click OK.

To add AD LDS (ADAM) hosts to a particular Computer Collection
  1. Right-click the Computer Collection, point to Add, and then click AD LDS (ADAM) Host.

  2. In the Select Computers dialog box, enter the names of the AD LDS (ADAM) hosts you want to add or select the hosts from the list and click Add. The Select Computers dialog box allows you to specify multiple AD LDS (ADAM) host names.

Recovery Manager for Active Directory backs up all AD LDS (ADAM) instances hosted on the computer you have added to a Computer Collection.

To add AD LDS (ADAM) instances to a Computer Collection
  1. In the Recovery Manager Console tree, expand the appropriate Active Directory/AD LDS (ADAM) Configuration Set node, and then click All Instances.

  2. In the details pane, select the instances you want to add. To select multiple instances, hold down CTRL, and click the instances.

  3. On the Action menu, click Add to Collection.

  4. In the dialog box that opens, select an existing Computer Collection or click New Collection to create and select a new Computer Collection.

  5. In the dialog box, click OK.

Note

Alternatively, you can drag the selected AD LDS (ADAM) instances to the target Computer Collection in the console tree or use the Copy and Paste commands.

You can also select a Computer Collection, and then add AD LDS (ADAM) hosts to the selected Collection.

 

Removing items from a Computer Collection

To remove items from a Computer Collection
  1. In the Recovery Manager Console tree, select the Computer Collection from which you want to remove items.

  2. In the details pane, select the items you want to remove. Use CTRL and SHIFT to select multiple items.

  3. Right-click the selection, and then click Delete.

 

Secure Storage servers

Recovery Manager for Active Directory provides the ability to set up a dedicated secure backup storage server. If you use a Secure Storage server in your environment it helps prevent unauthorized modification or malware attacks on backup data, supporting your key data security and compliance initiatives. For more information on how a Secure Storage server is secured, see Hardening Secure Storage servers below.

Requirements

  • Operating system: Microsoft Windows 2016 or higher
  • An account that will be used to deploy the Storage Agent on the Secure Storage server. This account must also be a local Administrator on the Secure Storage server.
  • A server to use as your Secure Storage server.
  • Physical access to the Secure Storage server.
IMPORTANT

Use of Secure Storage Server requires a Recovery Manager for Active Directory Disaster Recovery Edition license.

Best Practices

  • We highly recommend using a new, dedicated, clean physical server as your Secure Storage server to help ensure access methods are kept to a minimum.

  • Secure additional methods of accessing the Secure Storage server such as console or serial access.

  • We recommend regular maintenance of the Secure Storage server. Maintenance of the server cannot be completed remotely using Recovery Manager for Active Directory. Manual maintenance is highly recommended for continued security and protection of your dedicated secure backup storage server.

  • Recommendation to use a non-domain joined Windows Server for increased security

note

Virtual machines are more susceptible to ransomware attacks and if a virtual machine is used for your Secure Storage server, a bad actor could gain access to backups on the server or delete the entire Secure Storage server.

User Scenario

Backup data for all domain controllers can be accumulated on local storage or a remote storage server, and at the same time, you can make a copy of your backup data on a Secure Storage server. The Secure Storage agent will pull the backup securely to the Secure Storage server while the firewall on the Secure Storage server remains in place. If disaster strikes, you could lose your backups on the local storage, remote storage and even your installation of Recovery Manager for Active Directory but your Secure Storage server will remain in place.

Resources/Images/RMAD_tiers_1_2_v3.png

 

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación