These release notes provide information about the Quest® Recovery Manager for Active Directory Forest Edition 10.2.2 release.
Recovery Manager for Active Directory enables fast, online recovery. Comparison reports highlight what objects and attributes have been changed and deleted in Active Directory enabling efficient, focused recovery at the object or attribute level. Accurate backups and a quicker recovery enable you to reduce the time and costs associated with AD outages and reduce the impact on users throughout your organization.
Recovery Manager for Active Directory is based on patented technology.
Recovery Manager for Active Directory 10.2.2 is a release with new features and functionality. See New Features and Enhancements.
This section covers new features and enhancements in Quest® Recovery Manager for Active Directory 10.2.2.
| NOTE |
The following three features, AWS S3 Cloud Storage, Pause Recovery for Remediation, and Secure Storage Server Maintenance are only available with a Recovery Manager for Active Directory Disaster Recovery Edition license. To purchase a new license please send an email to sales@quest.com, or contact your local sales office. |
Recovery Manager for Active Directory Disaster Recovery Edition provides the ability to set up and use dedicated cloud storage locations for backups. Cloud Storage in combination with Tier 1 storage options ensure that your critical backups are always available in case of disaster.
Recovery Manager for Active Directory Disaster Recovery Edition 10.2.2 introduces support for Amazon Web Services (AWS) S3 storage.
In Recovery Manager for Active Directory Disaster Recovery Edition, RMAD PowerShell® cmdlets are available to add, edit and remove the AWS S3 Cloud Storage.
A recovery in Directory Services Restore Mode (DSRM) can now be paused during the recovery for remediation. A new Malware Remediation tab has been introduced in the Forest Recovery console and has options to allow the user to make choices for scanning of malware or server maintenance during recovery.
The feature pauses the recovery during Directory Services Restore mode (DSRM) before the domain controller is restarted into normal mode allowing users to perform maintenance and run their own scans using third party tools and/or remediate if malware found. Pause recovery in DSRM to perform maintenance tasks can be enabled for specific domain controllers by selecting the option from the Malware Remediation tab from each domain controller in the project, or for all domain controllers in the entire domain/forest.
New support for Secure Storage server maintenance without unhardening via PowerShell® cmdlets.
Recovery Manager for Active Directory is introducing a new configuration UI for Integration with On Demand Recovery. Configuration is available with a new node, Hybrid Recovery, in the Recovery Manager console. To enable integration with On Demand Recovery, see the section on the Hybrid Connector in the RMAD User Guide for further information on settings. To support hybrid recovery and communication with On Demand Recovery a new service is available – Quest Recovery Manager Hybrid Connection. To install the new service, select the installer option Recovery Manager Hybrid Connection during installation of the Recovery Manager server and console.
The Recovery Manager Portal, which enabled intranet users to use a Web browser to access the search and restore functionality is being deprecated. By providing configuration for On Demand Recovery Integration in the Recovery Manager console, installation and setup of the Recovery Manager Portal is no longer required to have Hybrid recovery support. There will not be a 10.2.2 version of the Recovery Manager Portal. Backward compatibility will be supported to continue to use earlier versions of the portal with an upgraded Recovery Manager server.
The new Hybrid Connector can be configured via the RMAD PowerShell® API.
Recovery Manager for Active Directory needs Microsoft .NET 4.8 as a requirement for install. A check is performed during installation to confirm .NET 4.8 is install on the system. If not, a pop up dialog will appear requesting .NET 4.8 be installed on the system.
Full support for group Managed Service Accounts (gMSA) is now available for use in Recovery Manager for Active Directory, Recovery Manager for Active Directory Forest Edition and Recovery Manager for Active Directory Disaster Recovery Edition. This support includes but is not limited to, gMSA accounts to verify FE projects by schedule; use a gMSA account from one domain as the agent account for backing up DCs in a different domain; replication for console connection; gMSA for setting up replication; and gMSA to run PS custom scripts.
| Enhancement | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.2.2 | ||
| Improve message the error while creating remote DCOM object failed because "Access is denied" | N/A | 263396 |
| Cannot restore a user from a backup that requires credentials for accessing it | N/A | 267022 |
| Support GMSA account type to run PS custom script (Agent side only) | N/A | 317648 |
| Installation option for hybrid service in the main product setup | N/A | 346507 |
| New hybrid configuration Powershell API | N/A | 346513 |
| Installer check updated for .NET 4.8 | N/A | 349988 |
| Full support for GMSA accounts for RMAD DRE/FE/Standard | N/A | 352707 |
| Support for Windows 2022 with exceptions. See User Guide | N/A | 363862 |
| Recovery Manager for Active Directory 10.2.1 | ||
| Usability improvements to the Computer Collections Properties dialog including removal of Logging tab and introduction of new tab for Secondary Storage | N/A | 283362 |
| Creation of Management Shell Guide which lists all available PowerShell® cmdlets, with examples. Appendix removed from User Guide | N/A | 275100 |
| Recovery Manager for Active Directory 10.2 | ||
| Rename system state backups to Active Directory® backups | RMADFE-3009 | 218405 |
| Hide the "Components" tab in computer collection settings | RMADFE-3042 | 218415 |
| SCOM 2019 support | N/A | 219783 |
| Pass through Synchronize across time zones from windows task scheduler to RMAD | RMADFE-952 | 220703 |
| Create Logs Daily to be on by default | N/A | 223980 |
| Display operating system version for all backups | N/A | 228741 |
| Enhancement | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.2.1 | ||
| Automatically enable File and Printer Sharing on the clean OS machine when installing FR agent | RMADFE-2778 | 242106 |
| RMAD Console and Forest Recovery Agent cannot read AD configuration with more than 1000 sites | N/A | 274279 |
| Recovery Manager for Active Directory 10.2 | ||
| Forest Recovery simulation mode available | RMADFE-920 | 218277 |
| The 'View Recovery Report' action should be available as one of the post recovery dialog actions | RMADFE-3034 | 218413 |
| Encrypt credentials in Forest Recovery project using AESCryptoServiceProvider instead of TripleDESCryptoServiceProvider | RMADFE-2199 | 220948 |
| Allow RMAD backup to continue if forest recovery agent cannot be installed | N/A | 221433 |
| Set default global catalog handling option to "Keep GC Intact" | N/A | 223871 |
| Show 'object's tombstone is expired' detailed warning in the Online Restore Wizard | RMADFE-1613 | 223987 |
| Default recovery method to the Repromotion phase should be "Install AD", not "ReinstallAD" | N/A | 234195 |
| Tool to update backup creation date in simulation projects | N/A | 234197 |
| Keep previous recovery methods when changing recovery mode like Forest Recovery --> Repromotion --> Forest Recovery | N/A | 234201 |
| Every DC in simulation project should have a backup created for this domain controller so all recovery methods are available | N/A | 234203 |
| Resolved Issues | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.2.2 | ||
| RMAD replication doesn't work with Group Managed Service Account (gMSA) configured for console connection | RMADFE-2594 | 242195 |
| gMSA cannot be used when setting up replication | RMADFE-2519 | 242560 |
| Use a gMSA account from one domain as the agent account for backing up DCs in a different domain does not work | N/A | 265197 |
| RMAD not finding backups requested by ODR in different timezones | N/A | 316404 |
| BackupAgent does not respect global logging setting "Create a new set of log files: Never" | N/A | 322747 |
| Update DisksInfoProvider to be more current and ignore unnecessary drive types | N/A | 323924 |
| ERDiskAD.mdb does not get imported, gets overwritten by blank rmad.db3 when installing the new version. | N/A | 352421 |
| A v10.2.1 pre-installed backup agent fails when backup is requested by a v10.1.1 console | N/A | 353765 |
| Updating backup agent fails if custom port is configured. | N/A | 354851 |
| Global settings dialog has a slightly broken layout on several tabs | N/A | 358457 |
| RMAD Console - Replication: Backup information is not being cleaned out of the console when it no longer exists on source | N/A | 359553 |
| RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection | N/A | 363140 |
| Installer log messages are truncated | N/A | 364258 |
| Recovery Manager for Active Directory 10.2.1 Hotfix 2 | ||
| RMAD Console Replication error (XML error) during replication when backup runs on master console | N/A | 351462 |
| Cleanup of metadata during restore of an unprotection object failed from accidental deletion | N/A | 354567 |
| RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection | N/A | 363140 |
| RMAD build 10.2.1.36279 will not install and triggers MS Defender notification | N/A | 366313 |
| Recovery Manager for Active Directory 10.2.1 Hotfix1 | ||
| Error with diagram explaining Change Auditor integration | N/A | 323348 |
| GMSA workflow in the documentation is reportedly missing steps | N/A | 325726 |
| Cannot retry a snapshot if certain errors occurred while creating a backup | N/A | 330733 |
| Recovery Manager for Active Directory 10.2.1 | ||
| Allow to unselect Console storage immediately as alternative has been configured | N/A | 220573 |
| Large number of scheduled tasks can cause Console, Replication and PowerShell cmdlets to be extremely slow | RMADFE-1837 | 242166 |
| Remove a BOM prefix from the script file | N/A | 257798 |
| Unpacking the backup and the retention policy may fail if the DC cannot be accessed via LDAP from the RMAD console machine | N/A | 279431 |
| RPC calls to Backup Agent are not retried on RPC_S_SERVER_TOO_BUSY error | N/A | 314812 |
| Misleading 'Unable to map the network share IPC$ on the computer' error message on attempt to map UNC share | N/A | 316902 |
| Installation fails with an invalid error message when using a local windows credential to connect to the remote SQL server | N/A | 317818 |
| Online Restore Wizard cannot undelete an object using a non-administrative account. Restoring an object in Online Restore Wizard using a non-administrative account may result in the following error for NT-Security-Descriptor attribute: "Cannot retrieve attribute value(s) from Active Directory. Possible reason: Insufficient access rights." To ignore this error, the NT-Security-Descriptor attribute can be excluded from the list of restored attributes. |
N/A | 293311 |
| Recovery Manager for Active Directory 10.2 Hotfix 1 | ||
| Installation of Quest personal certificates to the local certificate store failed. Receive error message to install Quest certificates later. This should not be required. | N/A | 274643 |
| Computer Collection scheduled tasks removed after upgrade to 10.2 if gMSA used as the scheduled task account | N/A | 280854 |
| rmad.db3 file gets overwritten during an uninstall -> install of version 10.2 | N/A | 283069 |
| Cannot retain the uncheck "Global Catalog Servers" option in the Advanced tab of the Computer Collection properties window | N/A | 230397 |
| It will display 'Network access is denied' error in Win2016/2019 if specify account to restore GPO with "domain\username" format | N/A/ | 233623 |
| Cannot see some advanced objects in the object picker in Online Restore Wizard | N/A | 275027 |
| Recovery Manager for Active Directory 10.2 | ||
| Security Vulnerability - Sensitive comments embedded within client-side code sent to an end user machine | RMADFE-3244 | 218142 |
| Security Vulnerability - Runtime hardening (SEP, ASLR and other) | RMADFE-3248 | 218146 |
| Full replication fails when a DC is selected for the option 'Unpack each backup upon its creation' in the master console | RMADFE-1858 | 218500 |
| Storage agent settings are not applied on install | N/A | 219910 |
| No progress/wait indication after clicking 'OK' on the 'Add Console…' dialog | N/A | 224321 |
| Backup fails if the Domain Controllers OU has a AzureADKerberos computer object in it as part of Azure AD FIDO deployment | N/A | 227903 |
| Improve documentation with information on number of scheduled computer collections for optimal performance | N/A | 232614 |
| Access Violation in the ProcessRequest function and crashes service | N/A | 232682 |
| Remove mutual exclusion mechanism between replication process and restore process | RMADFE-1575 | 237972 |
| Display correct backup info and support restore for Collections with containers (not DCs) | N/A | 240580 |
| Retriable VSS error causes undefined behavior in Backup Agent on retry | N/A | 241825 |
| Modify the configuration to remove collision problems with SHA1, moved to SHA256 | N/A | 253913 |
| Retention policy ignores collection and consider backups of all collections | N/A | 259645 |
| Resolved Issue | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.2.2 | ||
| Installing Forest Recovery agent hangs if SMB shares are disabled | N/A | 285225 |
| Antivirus scanning failed with 'Path too long' error | N/A | 324610 |
| FRConsole broken due to undocumented new System Requirements for FR Console | N/A | 325287 |
| FR Console Crashes after recovery cancellation | N/A | 363341 |
| Recovery Manager for Active Directory 10.2.1 Hotfix 2 | ||
| Install AD/IFM operation may fail unable to bind replicationPartner parameter | N/A | 356459 |
| Recovery Manager for Active Directory 10.2.1 Hotfix1 | ||
| Forest Recovery Console takes a long time to apply backup selection criteria | N/A | 322570 |
| Online Restore Wizard cannot connect to Change Auditor database if the agent-based method is selected | N/A | 325775 |
| Verify Setting may fail at pre-recovery checking DSRM password | N/A | 328446 |
| Protect object from accidental deletion prevents Metadata Cleanup from removing DC computer object | N/A | 330979 |
| Recovery Manager for Active Directory 10.2.1 | ||
| Check Forest Health can get stuck on the second step | RMADFE-3041 | 218559 |
| New recovery project, selecting a Backup display the adding time in the Backup Age column instead of backup age | N/A | 237971 |
| 'There is no PREFERRED_DNS value' error occurs, if no DNS server is found on installing Active Directory | RMADFE-2437 | 242191 |
| Feature loss in Forest Edition: Cannot skip a backup for non-authoritative DCs in Sysvol recovery mode | N/A | 245551 |
| 'There is no PREFERRED_DNS value' error when a 'Select preferred DNS' agent operation did not return a result it causes product to halt and cannot be skipped or aborted | N/A | 253457 |
| Resume Forest Recovery show 'Password is incorrect' | N/A | 254788 |
| Installing Forest Recovery agent hangs if SMB shares are disabled | N/A | 285225 |
| Recovery Manager for Active Directory 10.2 Hotfix 1 | ||
| During upgrade a DBImport error occurs when antimalware status data exists. Caused by debug logging on by default. | N/A | 274622 |
| GPO Comparison Report is not working | N/A | 278211 |
| Recovery Manager for Active Directory 10.2 | ||
| Email notification template contains invalid text and status message | N/A | 252659 |
| Verification email contains incorrect backup data | N/A | 252866 |
| Creating ADVL fails when unable to access VConverter error | N/A | 253382 |
| Wrong replication partner is selected in IFM recovery on second phase. IFM failed | N/A | 253681 |
| IFM script does not automatically reboot DC after installed AD DS tools. IFM failed | N/A | 253778 |
| Install AD method on second phase may fail with "Unable to connect to the replication source" | N/A | 225791 |
| IPSec isolation policy was not removed successfully when previous forest recovery is aborted and left dirt data | N/A | 237004 |
| IPSec isolation policy was not removed successfully during restore | N/A | 237049 |
| The "Reset computer account" operation fails when some other recovery operation failed and retried earlier | RMADFE-2659 | 242197 |
| After upgrade from 10.1 to 10.1.1, the Verify Settings in Forest Recovery console send emails with some kind of strange status messages | N/A | 242679 |
Recovery Manager for Active Directory fully supports Transport Layer Security (TLS) 1.2. It is recommended that you upgrade to TLS 1.2 for secure communications.
| Security Resolved Issue | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.2.1 | ||
| Do not use SHA1 for key derivation function to generate hash for creation of AES-256 key for backup encryption |
--- | --- |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center
