Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Recovery Manager for AD Disaster Recovery Edition 10.1 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS Bare metal forest recovery Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web portal Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory Descriptions of PowerShell commands
Add-RMADBackup Add-RMADCollectionItem Add-RMADFEComputer Add-RMADReplicationConsole Add-RMADStorageServer Backup-RMADCollection Close-RMADFEProject Compare-RMADObject Convert-RMADBackup ConvertTo-RMADRecycledObject Create-RMADStorageManagementAgentSetup Expand-RMADBackup Export-RMADBackup Export-RMADFERecoveryCertificate Export-RMADFEResult Get-RMADBackup Get-RMADBackupAgent Get-RMADBackupInfo Get-RMADBackupObject Get-RMADBackupSecurityStatus Get-RMADCollection Get-RMADCollectionItem Get-RMADDeletedObject Get-RMADFEComputer Get-RMADFEConsole Get-RMADFEDnsCache Get-RMADFEDomain Get-RMADFEEvent Get-RMADFEGlobalOptions Get-RMADFEOperation Get-RMADFEPersistenceConnection Get-RMADFEProject Get-RMADFERecoveryAgent Get-RMADFESchedule Get-RMADGlobalOptions Get-RMADLicenseInfo Get-RMADObject Get-RMADReplicationConsole Get-RMADReplicationSchedule Get-RMADReplicationSession Get-RMADReplicationSessionItem Get-RMADReportObject Get-RMADReportObjectAttributes Get-RMADReportObjectChildren Get-RMADReportSession Get-RMADSession Get-RMADSessionItem Get-RMADSessionItemEvent Get-RMADStorageServers Import-RMADBackup Import-RMADFERecoveryCertificate Install-RMADBackupAgent Install-RMADFERecoveryAgent New-RMADCollection New-RMADFEProject New-RMADFERecoveryMedia New-RMADSchedule Open-RMADFEProject Publish-RMADBackupSecurityStatus Remove-RMADBackup Remove-RMADBackupAgent Remove-RMADCollection Remove-RMADCollectionItem Remove-RMADFEComputer Remove-RMADFERecoveryAgent Remove-RMADFESchedule Remove-RMADReplicationConsole Remove-RMADReplicationSchedule Remove-RMADReplicationSession Remove-RMADStorageServer Remove-RMADUnpackedComponent Rename-RMADCollection Restore-RMADDeletedObject Restore-RMADDomainController Restore-RMADObject Resume-RMADFERecovery Save-RMADFEProject Set-RMADCollection Set-RMADFEComputer Set-RMADFEDnsCache Set-RMADFEDomain Set-RMADFEGlobalOptions Set-RMADFEPersistenceConnection Set-RMADFERecoveryMode Set-RMADFESchedule Set-RMADGlobalOptions Set-RMADReplicationConsole Set-RMADReplicationSchedule Start-RMADFERecovery Start-RMADFEVerification Start-RMADReplication Start-RMADReportViewer Stop-RMADFEWorkflow Update-RMADBackupAgent Update-RMADFEProject Update-RMADLicense

How Recovery Manager Portal recovers data

Please consider the following behavior of the Recovery Manager Portal:

  • By default, the permissions to restore or undelete objects in an Active Directory domain are only granted to the members of the Domain Admins group in that domain. However, you can delegate the restore or undelete permissions to the portal users you want. For more information, see Delegating restore or undelete permissions.

  • By default, the Recovery Manager Portal uses the agent-based method for all search and restore operations, regardless of the settings configured on the Recovery Manager for Active Directory instance used to perform these operations. For more information about the agent-based method, see Agent-based method in Using agentless or agent-based method. You can change the portal settings to use the agentless method.

To use the agentless method

  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Configuration tab.

  3. Expand Portal Settings, and then select the Use agentless method for all search and restore operations check box.

To undelete an Active Directory object, the Recovery Manager Portal uses Microsoft’s Active Directory Recycle Bin feature if it is enabled in the target forest. If this feature is unavailable, the Recovery Manager Portal restores the object from the latest available unpacked backup that includes the object before its deletion.

 

Integration with On Demand Recovery

You can use On Demand Recovery to restore on-premises objects that are synchronized with cloud.

What can be restored using the hybrid configuration

  • On-premises groups

  • Office 365 licenses (assignedLicenses property for cloud users) and cloud group membership

  • Deleted on-premises users and groups

  • Service principals' appRoleAssignments to on-premises users

  • appRoleAssignments to non-Office groups (used for SSO and App Roles)

  • Directory roles: Global administrator, Exchange administrator, Compliance administrator

  • Other cloud-only properties: such as Block sign in, Authentication contact information, Minors and Consent

  • Multi-factor authentication (MFA) settings if a customer uses cloud MFA

  • Azure application custom attributes (schema extension attributes)

IMPORTANT

To configure the hybrid connection, outbound HTTPS (port 443) should be opened in the firewall on the machine where Recovery Manager Portal is installed.

Required Permissions

Depending on which kind of restore operation (agent-based or agentless) you are going to perform in a hybrid configuration, the account under which you want the selected Recovery Manager for Active Directory instance to recover data in the domain must meet the corresponding requirements. For details about account permissions for agent-based and agentless restore, see Permissions required to use Recovery Manager for Active Directory.

To enable integration with the cloud

  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Configuration tab.

  3. Expand Portal Settings and click On Demand integration…

  4. In the On Demand Recovery integration dialog, select Enable integration check box and specify Relay URL and credentials. To get these parameters, please go to On Demand Recovery and perform the following steps:

    a. On the Dashboard screen, click Create hybrid connection.

    b. In the Create hybrid connection dialog, click Download hybrid credentials to download a configuration file with Relay credentials.

    c. Save the file to the folder of your choice.

    d. Go back to the On Demand integration dialog, click Choose file and select the configuration file. For security reasons, you should remove this file from your computer after the credentials will be specified in Recovery Manager Portal.

NOTE

Azure AD Connect synchronization occurs automatically after the restore operation. But On Demand Recovery has the ability to force synchronization cycle and requires credentials for the machine where Azure AD Connect is installed.

  1. Specify Azure AD Connect host name and credentials. If Azure AD Connect and Recovery Manager Portal are installed on the same machine, leave the fields blank.

You may get an error related to the proxy settings while configuring integration with On Demand Recovery. To resolve this issue, perform the following actions:

  1. Open the Recovery Manager Portal configuration file %Program Files%\Quest\Recovery Manager Portal\EnterprisePortalSettings.xml.

  2. Check that "ProxyAddress" has the correct value.

  3. Make sure that URI contains the protocol prefix and the port number, e.g. http:/localhost:8080/.

  4. Restart the Recovery Manager Portal service.

For more information about integration with On Demand Recovery, please see the Integration with Recovery Manager for Active Directory section in the On Demand product documentation.

 

Viewing health summary for Recovery Manager for Active Directory instances

You can view the health summary for the Recovery Manager for Active Directory instances with which the portal is configured to work. To view the health summary, you must be assigned a specific role in the Recovery Manager Portal. For more information, see Assigning roles to portal users.

To view the health summary

  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Monitoring tab.

  3. Expand the Health Summary node to view the health summary.

 

Viewing backup creation history

You can view backup creation history for a particular instance of the Recovery Manager for Active Directory with which the Recovery Manager Portal is configured to work. To view backup creation history, you must be assigned a specific role in the Recovery Manager Portal. For more information, see Assigning roles to portal users.

The backup creation history displays the date when a particular backup was created, the backup operation duration, the size of the created backup and whether the backup is encrypted. You can also view the name of the computer hosting the Recovery Manager for Active Directory instance that created the backup, the name of backed up Computer Collection and backed up computer.

To view backup creation history

  1. Connect to the Recovery Manager Portal with your Web browser.

  2. In the Recovery Manager Portal, open the Monitoring tab.

  3. Expand the Backup History node to view the list of existing backups. If the backup is encrypted, this will be indicated in the 'Size' column.

    You can use the provided search box to find a specific entry in the list.

 

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation