Chatee ahora con Soporte
Chat con el soporte

Recovery Manager for AD Disaster Recovery Edition 10.2.2 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Cloud Storage Secure Storage Server Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS method Bare metal forest recovery Using Management Shell Creating virtual test environments Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

How many instances of the Recovery Manager Console to deploy?

To recover your Active Directory® forest with the Forest Recovery Console, you can only use backups created with the Recovery Manager Console. In simple environments, it is advisable to have only one Recovery Manager Console deployed. However, this may not be possible in large distributed environments that spread across different physical locations connected by slow links. In this case, you can deploy several instances of the Recovery Manager Console in each main physical location to back up domain controllers there.

You can also deploy several instances of the Recovery Manager Console if you want to:

  • Delegate the right to back up individual Active Directory® objects and perform online restores to other administrators in your environment, without delegating the right to run forest recovery operations.

  • Back up and restore individual Active Directory® objects using backup and restore strategy and schedule specific to those objects.

 

How many domain controllers to back up?

This depends on the forest recovery approach you choose for your environment. For more information, see Forest recovery approaches.

The decision on how many domain controllers to back up (and, therefore, which method to use for forest recovery) depends on the factors like

  • The overall number of domain controllers in Active Directory®

  • The size of Active Directory® database

With a large number (50+) of domain controllers in the domain and significant size (over 1 GB) of the Active Directory® database, it may not be feasible to fully back up Active Directory® of all domain controllers in the domain due to storage limitations or time constraints. In this case, you can back up only some of the domain controllers.

A good practice is to back up at least two domain controllers from each domain in the forest. It is recommended to back up the domain controllers that are DNS servers and FSMO role holders.

 

How many domain controllers to back up at once?

The Recovery Manager Console allows you to group the computers you want to back up into computer collections with each collection having its own backup creation parameters and schedule.

All computers in a computer collection are backed up simultaneously. The backup creation process may be a resource-consuming task if the number of computers in a collection is more than 10. Therefore, it is recommended that you back up only one computer collection at a time. Also, it is not recommended to have more than 10 domain controllers in a single computer collection.

 

What data to back up?

All of the domain controller backups that you plan to use for forest recovery include the following Active Directory® components:

  • DIT Database

  • SYSVOL

  • Registry, including all registry hives and the NTUSER.DAT file

On the Advanced tab in the Properties dialog box for the computer collection, the When backing up Global Catalog servers, collect group membership information from all domains within the Active Directory forest option is selected by default. However, if the backup creation operation takes a significant time to complete, you may disable collecting group membership information from all domains within the forest.

To streamline the creation of Active Directory® backups, you can follow these best practices:

  • Avoid using groups with cross-domain membership in Active Directory® as much as possible. To reveal such groups, you can use an Active Directory® reporting tool such as Quest® Enterprise Reporter.

  • If you cannot avoid using groups with cross-domain membership, make sure you have a procedure in place to back up and restore these groups manually. For example, you can do so by using such command line tools as Ldifde or Csvde provided by Microsoft®.

 

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación