Chatta subito con l'assistenza
Chat con il supporto

Disaster Recovery for Identity Current - for Active Directory User Guide

Topology

On the Topology tab, you can see the latest discovered topology of your Active Directory forest.

Forest Summary

The header in Forest Summary shows the number of domains and domain controllers, and how long ago the last discovery was run.

In the Forest Summary table, you can view the following:

  • Domain Controller – The FQDN of the domain controller within the Active Directory forest.
  • Type – The domain controller type, which can be one of the following:
    • GC – Global catalog server
    • DC – Writable domain controller
    • RODC – Read-only domain controller
  • Domain – The FQDN of the domain within the Active Directory forest.
  • FSMO Role – The FSMO (Flexible Single Master Operation) roles assigned to the domain controller, displayed as a badge for each role. The FSMO roles are as follows:
    • PDC emulator
    • RID master
    • Infrastructure master
    • Schema master
    • Domain naming master
  • Site – The name of the site in which the domain controller is located.
  • DC Agent Status – The status of the domain controller agent. By hovering over the status, you can also see the version of the current domain controller agent and the version of the available domain controller agent (if applicable). The agent statuses are:
    • Online – The domain controller agent is online and the latest version is installed.
    • Outdated – The domain controller agent is online and an older supported version is installed. Backup and recovery tasks will run, but an agent update to the latest version is strongly recommended.
    • Not Supported – The domain controller agent is installed and online but the version is not supported and requires an update. Backup, verification and recovery operations cannot be performed.
    • Offline – The domain controller agent is offline. The agent cannot be reached or is not installed.
    • Installing – The domain controller agent is being installed.
    • Refreshing – The status of the domain controller agent is being updated.
    • Unknown – The status of the domain controller agent has not been checked yet. Click the Refresh Agent Status button to view the latest domain controller agent status.
  • In Backup Plans – The Backup Plans which include the associated domain controller. If the domain controller is associated with multiple Backup Plans, hover over the icon to view the Backup Plans which include the domain controller. A maximum of ten domain controllers per domain can be backed up within the forest. If a domain controller is added to multiple Backup Plans, each instance counts towards the maximum.
Action Bar Buttons

You can perform the following actions on the Topology page:

  • Filters – Filter the list of domain controllers by one or more domains, DC agent statuses, or Backup Plans.
  • Run Discovery – Run topology discovery in the Active Directory forest. This action updates the domain controllers listed in the table.
  • DC Agent – Select this button to access agent-related actions:
    • Refresh Agent Status – Refresh the domain controller agent status.

      NOTE:
      • You can select a single or multiple domain controllers to refresh their status only.
      • The agent status is automatically refreshed each time a backup is performed.
    • Install Agent – Deploy or upgrade a domain controller agent on one or multiple domain controllers. For more information, see Installing a Domain Controller Agent.
    • Download Agent – Download the domain controller agent package. A task is generated to download the agent, and once the task is complete, a download link will be available on the Tasks page. The download package will expire in 30 minutes. For more information on domain controller agents, either click About Agents on the Forests page or see Hybrid Agents and Domain Controller Agents in the Recovery Considerations and Best Practices section.
  • Create Backup Plan – Create a Backup Plan for the selected domain controllers from the Topology page. For more information, see Backup Plans and Backups.

Topology Discovery

After adding a forest, IF you t Run Discovery to run a discovery for domains and domain controllers for the selected forest. To run a discovery, the user must have the Recovery for AD: Can Run Forest Topology permission. For more information, see Roles and Permissions in On Demand.

At the top of the page, you can see how long ago the last discovery was run.

You can change the selected forest by choosing the desired forest name from the dropdown menu on the top right of the page.

Recovery Plans should be created based on the latest topology to ensure full preparedness in case of a disaster. You need to manually re-discover topology when a domain controller or domain configuration is changed on-premises.

NOTE: IP addresses of domain controllers are collected during topology discovery and persistently stored in the database. For recovery methods that do not require an explicit Target Server IP, these pre-resolved IP addresses are used by the hybrid agent during recovery if DNS resolution by FQDN fails. We recommend regularly performing topology discovery to keep cached IP addresses up-to-date.

NOTE: If you enable LDAPS during installation of the hybrid agent by entering Y when prompted to enable SSL/TLS encryption for LDAP queries, LDAPS queries will be used when running topology discovery. Topology discovery will fail if LDAPS queries are unsuccessful. To disable LDAPS, you need to reinstall the hybrid agent and enter N to the SSL/TLS encryption prompt.

Installing a Domain Controller Agent

You can deploy a domain controller (DC) agent on one or more domain controllers within forest using the Disaster Recovery for Identity for Active Directory interface. Alternatively, you can manually install the DC agent.

For more information on domain controller agents, see Hybrid Agents and Domain Controller Agents in the Recovery Considerations and Best Practices section.

To Install the DC agent

  1. On the Topology page, select one or more domain controllers, and then select DC Agent | Install Agent. If an agent version 10.3.1 or below is detected, it is considered to be installed by Recovery Manager for Active Directory Forest Edition/Disaster Recovery Edition (RMAD FE/DRE) and you will not be able to automatically install the agent from Disaster Recovery for Identity for Active Directory. Upgrade RMAD to 10.3.2 Hotfix 1 before proceeding to use Disaster Recovery for Identity for Active Directoryand RMAD in the same Active Directory environment.
  2. Specify the credentials to install the DC agent. By default, the credentials saved for the forest are used to install DC agents. These credentials must have Domain Administrator permissions to install the agent on the domain controller. For more information on permissions, see the Required permissions section in the Before You Start chapter. If you want to use these credentials, select the Install Agent button. The Install Agent task will run and the Agent Status will change to Installing.
  3. If you want to use different credentials to install the DC agent, deselect the Use credentials saved for the forest checkbox, and enter the required credentials. Then select the Install Agent button. The Install Agent task will run and the Agent Status will change to Installing.

NOTE: If the installation fails, the agent status will be set to Offline. Go to the Tasks page to view the reason for failure.

Manual installation
  1. To download the domain controller agent you are planning to install the domain controller agent on, from the Topology page, select DC Agent | Download Agent. A task is generated to download the agent, and once complete, a download link will be available on the Tasks page. The download package will expire in 30 minutes. For more information on domain controller agents, either click About Agents on the Forests page or see Hybrid Agents and Domain Controller Agents in the Recovery Considerations and Best Practices section.
  2. Copy the package to the machine and run the RecoveryAgent64.exe to install the domain controller agent.

After the domain controller agent installation has successfully completed, the domain controller will have "Quest Forest Recovery Service" installed, which is running as a Local System.

Once the agents have been installed on all relevant domain controllers, you can now create a Backup Plan for the forest.

Backup Plans and Backups

Disaster Recovery for Identity for Active Directory is designed to scale efficiently in large, multi-domain environments. This solution provides excellent performance, creates backups for multiple computers in parallel, and is easily scalable to service additional domain controllers. Administrators can logically group domain controllers based on roles, location, or other criteria for easier management by creating different Backup Plans.

This product also uses domain controller agents to streamline backup creation and application processes. This agent-based approach enhances scalability and reduces network overhead by compressing data before transmission and performing parallel backups for multiple domain controllers.

The Backup tab is where you can create and view Backup Plans and backups for each forest.

NOTE: It is highly recommended that you visit the Backup Considerations and Best Practices section in the Before You Start chapter before you begin to create Backup Plans.

In this topic:

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione