Chatta subito con l'assistenza
Chat con il supporto

Recovery Manager for AD Disaster Recovery Edition 10.2.2 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Cloud Storage Secure Storage Server Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS method Bare metal forest recovery Using Management Shell Creating virtual test environments Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Secure Storage server with Multiple Consoles

To set up a Secure Storage server across multiple Recovery Manager consoles

By default the Recovery Manager console uses its own set of TLS keys to communicate with the Secure Storage server. To set up a Secure Storage server to be available on multiple Recovery Manager consoles you must use the same set of TLS keys on each console.

  1. Add Secure Storage server in primary console. Refer to Adding a Secure Storage server

  2. Open or create a recovery project in Forest Recovery Console.

  3. On the menu bar, select Tools | Fault Tolerance.

  4. Click Export communication keys….

  5. In File name:, the communication key file defaults to a location and file name, for example: C:\Users\administrator.RMAD.001\Documents\RMAD_NODE_2022-04-05_11-18.pfx

    Resources/Images/Export_Comm_key_Console.png

  6. Enter and confirm a password to protect the file.

  7. Click OK to save the key file.

    IMPORTANT: Ensure communication keys and access credentials are kept secret and protected.

  8. Then, launch the other instance of Forest Recovery Console.

  9. On the menu bar, select Tools | Fault Tolerance | Import secure communication keys…. Browse and select the Secure Communication Keys file saved in step 7 and click Open.

  10. Open the other instance of the Recovery Manager console.

  11. In the Recovery Manager for Active Directory console, click the Secure Storage node.

  12. In the Secure Storage Servers pane, click Add Server.

  13. Type the DNS name or IP address of original existing Secure Storage server.

  14. In the Agent port field, type port number used when Secure Storage server was first created.

  15. From the Agent installation method drop-down list, select Manual (recommended).

  16. Click OK.

After the Recovery Manager console connects to the existing Secure Storage agent running on the existing Secure Storage server, all backups will appear in the console for viewing.

WARNING

It is not recommended to use Recovery Manager consoles that are in different forests because if one of the forests is breached it may affect the backups of the other forest.

 

Configuring Allowed Volumes for a Secure Storage server

The Secure Storage server is used to store critical backups. A server can have multiple volumes available for storage of backup files. Recovery Manager for AD provides the ability to configure which volumes are allowed to store backups, the order of the volumes to be used or you can allow RMAD to determine which volume to use automatically.

If no policy is set for allowed volumes, the Secure Storage server will use the first volume found. The system drive with the operating system will only be selected if it is the only available volume on the server.

Ensure your Secure Storage server has sufficient space for storing of backup files. The amount of space used on each volume is displayed for the Secure Storage server and the available free space. Recommendation is to monitor available free space and ensure that there is space available for backups. If a volume is running out of free space, a warning icon will be displayed in the Properties dialog.

To configure the policy for allowed volumes on Secure Storage server

  1. During the installation of the Secure Storage agent on the Secure Storage server, a PowerShell® module was installed and is located in the agent installation folder.

  2. On the Secure Storage server, run Windows PowerShell®. The module will automatically be imported.

  3. To configure backup retention policy, run the cmdlet Set-RMADStorageServerAllowedVolumes. For further details on Set-RMADStorageServerAllowedVolumes see the Management Shell Guide supplied with this release of the product.

To get the current policy for allowed volumes on Secure Storage server

  1. During the installation of the Secure Storage agent on the Secure Storage server, a PowerShell® module was installed and is located in the agent installation folder.

  2. On the Secure Storage server, run the PowerShell® console. The module will automatically be imported.

  3. To configure backup retention policy, run the cmdlet Get-RMADStorageServerAllowedVolumes. For further details on Get-RMADStorageServerAllowedVolumes see the Management Shell Guide supplied with this release of the product..

 

Viewing backups on Secure Storage server

After a Secure Storage server has been added, backups can be copied to the Secure Storage server. To enable and configure backups on the Secure Storage server you must enable backups for each Computer Collection separately. For more information on configuring backups on a Secure Storage server refer to Secure Storage server backups.

To view backups on Secure Storage server

  1. In the Recovery Manager for Active Directory console, expand the Secure Storage node.

  2. Select the Secure Storage server to view available backups on the server.

  3. All backups will be listed in the Secure Storage Servers pane.

  4. Backups are displayed with information about the backup on the server including name of Host, Security Status, Agent Version, Server Status and available Free Space.

 

Secure Storage server backups

Secure Storage is enabled and configured for each Computer Collection separately. The Secure Storage backup can be enabled for both local and remote storage. When a backup is run for a Computer Collection with Secure Storage enabled, a copy of the backup is saved to the Secure Storage server.

Prerequisites
You must have completed the following steps before you can copy backups to your Secure Storage server.

  1. Secure Storage servers must be created and hardened.

  2. Computer Collections must be created.

  3. The backup type, either Standard (Active Directory®) or Full (Bare Metal Recovery), must be set for the Computer Collection.

NOTE

Both Active Directory® and Bare Metal Recovery backups can be copied to a Secure Storage server.

To enable a Secure Storage server for a Computer Collection

  1. In the Recovery Manager for Active Directory console, expand the Computer Collections node.

  2. Right-click the Computer Collection and select Properties.

  3. On the Secondary Storage tab, select the Enable a Secure Storage server check box.

  4. Select the radio button below Enable a Secure Storage server to choose the primary storage location for the backup file to be copied from. Select Copy backup from local storage location to the selected Secure Storage server to push the backup file from the local storage location.

    If using both local and remote storage options for primary storage, the recommendation is to configure your Secure Storage server to communicate with the primary storage location closest for optimal network performance.

  5. Under Copy backup from local storage location to the selected Secure Storage server, select the dropdown box and select a Secure Storage host.

NOTE

For both Secure Storage and Cloud Storage you may have to provide access credentials to be able to read from the primary storage location. If both types of primary storage are configured, Cloud Storage will default to copying from local storage.

  1. For the An account to read data from remote storage location: click on Select Account… button and add an account to read the backup data. It will be the same account that is used to access the Secure Storage server.

  2. For the An account to read data from local storage location: click on Select Account… button and add the account to read the local storage backup data. It will be the same account (probably account used for RMAD) that is used to store the back data locally.

  3. Click Apply then click OK.

To create backups and copy them to the Secure Storage server

  1. In the Recovery Manager for Active Directory console, expand the Computer Collections node.

  2. Right-click the Computer Collection and select Create Backup.

  3. After the backup file is created and saved to primary storage locations, the backup will be pushed to the configured Secure Storage server.

TIP

You can schedule backup creation on the Schedule tab on the Computer Collections Properties window.

To perform an integrity check

When a backup is created, a checksum is calculated for the backup file and saved in the Backups database when the backup is registered. An integrity check recalculates the checksum and compares it to the checksum stored in the Backups database.

  1. In the Recovery Manager for Active Directory console, click on Secure Storage and expand the server node(s).

  2. Click the Secure Storage server that contains the backup you want to perform the integrity check on.

  3. In the Backups on the Secure Storage Server pane, click the backup to check, right click and select Check Integrity.

  4. The following statuses can be displayed after running the integrity check:

    Status Description
    Passed The newly calculated checksum value matches the previously calculated checksum stored in the Backups database.
    Unknown The integrity check was not performed.
    Running The integrity check is in progress.
    No Checksum The previously calculated checksum could not be read. This could be due to the backup being created by a previous version of the product. The backup also may have been damaged in such a way that the checksum was also affected.
    Corrupted The newly calculated checksum value does not match the previously calculated checksum stored in the Backups database.

Copying backups from the Secure Storage server

You can copy backups stored on the Secure Storage server to another location.

  1. In the Recovery Manager for Active Directory console, click on Secure Storage and expand the server node(s).

  2. Select the Secure Storage server that you want to copy backups from.

  3. In the Backups on the Secure Storage Server pane, right-click the backup you want to copy and select Copy to.

  4. In the Network path to copy the backup to field, type the network path to which you want to copy the backup.

  5. In the User name and Password fields, type credentials that have write permissions for the network path.

  6. Click OK.

The backup is copied to the provided network path and can now be registered for use within a recovery project.

 

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione