These release notes provide information about the Quest® Recovery Manager for Active Directory Forest Edition 10.3.2 release.
Recovery Manager for Active Directory enables fast, online recovery. Comparison reports highlight what objects and attributes have been changed and deleted in Active Directory enabling efficient, focused recovery at the object or attribute level. Accurate backups and a quicker recovery enable you to reduce the time and costs associated with AD outages and reduce the impact on users throughout your organization.
Recovery Manager for Active Directory is based on patented technology.
Recovery Manager for Active Directory 10.3.2 is a release with new features and functionality. See New Features and Enhancements.
This section covers new features and enhancements in Quest® Recovery Manager for Active Directory 10.3.2.
Event logging has been enhanced for actions that are performed in the RMAD console and Forest Recovery Console. Using the event viewer, actions on computer collections, forest recovery projects and much more can be audited.
New ability to create virtual machines in Microsoft Hyper-V or VMWare ESXi and use the Restore Active Directory® to Clean OS recovery method or the Install Active Directory recovery method. To configure Microsoft Hyper-V or VMWare ESXi, new infrastructure templates are available.
With the 10.3.2 release, a new guide is available detailing all security information for Recovery Manager for Active Directory. This guide contains details on network communications, encryption algorithms, protection of data and much more.
Recovery Manager for Active Directory version 10.3.2 now supports the operating system Microsoft Windows Server 2025 for product installation, backups and recovery.
Ability to create virtual machines in Azure, Microsoft Hyper-V and VMWare ESXi when using Install AD and Install from Media recovery methods. RMAD automatically creates the virtual machine and installs the Operating System using the provided image and settings from the Forest Recovery project and metadata in the backup.
Using the phased recovery feature in Recovery Manager for Active Directory, you can now run the phase 2 (repromotion) without phase 1 to recover domain controllers directly through Repromotion method, providing even more flexibility to your forest recovery project.
Using the forest recovery project, manage your Active Directory by automating the promotion of domain controllers. New feature allows you to use the recovery process to promote standalone servers to domain controllers either as an operational task in a healthy environment or as part of the AD recovery.
| Enhancement | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.3.2 | ||
| Increase event viewer logging for console actions | 234185 | |
| INTEGRITY CHECKS: Backups on remote storage must be checked by the backup agent | 445485 | |
| Allow multi-select when using "Register Backup File" in RMAD and FR consoles | 463748 | |
| Password Complexity Check on Backup Encryption Password | 473827 | |
| Replication engine should enforce backup retention policy | 500287 | |
| DNS forwarder zone information is lost when reading backup computer info | 533935 | |
| Allow for blank backup access credentials when backup is located on DC | 539083 | |
| Recovery Manager for Active Directory 10.3.1 Hotfix 3 | ||
| Use different method other than SMB for "Get information about computer from backup" during recovery | N/A | 506275 |
| Support restore from backup in no NTLM environment when backup stored on DC | N/A | 506551 |
| Recovery Manager for Active Directory 10.3.1 | ||
| Create new PowerShell cmdlet - Remove-RMADSession cmdlet | N/A | 370687 |
| Email notifications during integrity checks | N/A | 395979 |
| Allow to add a folder path for Forest Recovery projects to be included in backup | N/A | 396047 |
| Add support for US government GCC high accounts in exchange Oauth2 notifications | N/A | 402135 |
| Add collection Name/Id to PowerShell script parameters | N/A | 410125 |
| Allow to ignore missing/malfunctioning VSS writers | N/A | 412323 |
| Deprecate SCOM | N/A | 416078 |
| Diagnostic log BackupAgent64 - Allow for threshold on file size and overwrite | N/A | 418052 |
| Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller | N/A | 421517 |
| Add an option to disable automatic checking of manual and scheduled backups | N/A | 429365 |
| Remove Support for 2012 and 2012 R2 from supported operating systems and SQL Server 2012 | N/A | 437548 |
| Support using of LocalSystem account in scheduled backup | N/A | 437699 |
| Recovery Manager for Active Directory 10.3 | ||
| Salting mechanism for forest recovery project password hashes | N/A | 412667 |
| Show AD tombstone lifetime settings somewhere in a product UI | N/A | 353685 |
| Allow for password complexity | N/A | 253917 |
| BackupAgent does not respect global logging setting 'Create a new set of log files: Never' on the DC side. | N/A | 381957 |
| TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand | N/A | 384624 |
| Enhancement | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.3.2 | ||
| User should be able to recovery on second phase (Repromotion) without running Phase 1 | RMADFE-2618 | 242096 |
| Reinstall DC on 2nd phase may fail if DC metadata retained in AD | RMADFE-2642 | 242099 |
| Reuse (cache) backup already copied to DC between several Verify attempts, and especially between Verify and Recovery | 253786 | |
| Allow user to specify the Replication DC used to Promote DC or join the domain from FR Console | 260108 | |
| Ability to provision a new DC in Forest Recovery Project (using IFM or Install AD for provisioning a new DC) | 364379 | |
| Add last modified date for computer collections | 386967 | |
| Show console configuration backups stored on secure storage server in RMAD console | 413892 | |
| Assign registry forwarder to primary forest root DNS server for all other DNS servers in forest | 493179 | |
| Allow forest recovery without prior project verification | 514577 | |
| Recovery Manager for Active Directory 10.3.1 | ||
| Verify setting should warn if target windows version doesn't match backup windows version | N/A | 370842 |
| FR Console - Allow Integrity Check to be optional for backups during Verify Settings | N/A | 400616 |
| Deprecate ADVL | N/A | 414943 |
| Extend Collect Diagnostic Data Feature: Usage of Forest Recovery Agent instead of Separate Process | N/A | 417491 |
| Recovery Manager for Active Directory 10.3 Hotfix 1 | ||
| Allow for password complexity on forest recovery project files | N/A | 253917 |
| Soften default FR project password complexity rules; make them customizable via config file. | N/A | 422735 |
| Recovery Manager for Active Directory 10.3 | ||
| Forest level option to Resume all DC's without selecting them during recovery while paused in DSRM mode | N/A | 367808 |
| Have the Forest project files replicated using the RMAD replication feature | N/A | 374869 |
| Malware Remediation button to also include global malware scanning option | N/A | 369597 |
| Detect DNS server based on server capabilities | RMADFE-2242 | 242068 |
| Implement primary DNS approach as default option for Automatic DNS selection | N/A | 358394 |
| Support multizone DNS delegation restore | N/A | 363514 |
| Automatic DNS selection on Repromotion phase should select restored DNS server on Recovery phase | N/A | 259424 |
| Resolved Issues | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.3.2 | ||
| Performance difference between local and remote storage | N/A | 370691 |
| IFM method store temporary extracted backup on C:\ drive instead of Temp folder | N/A | 488677 |
| Log rotation interval not working as expected with logs found in root log folder | N/A | 515418 |
| Intermittent backup failures with error: Failed to connect to backup agent: Access is denied | N/A | 532286 |
| The DIT Database component cannot be backed up because the NTDS VSS writer is unavailable or does not work properly | N/A | 539934 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 3 | ||
| Change "Full" to "AD" in "Retain recent backups" | N/A | 513320 |
| Domain recovery deletes DNS conditional forwarder to root domain | N/A | 519110 |
| RMAD Console "The server threw an exception" when accessing computer collection settings Advanced Run Scripts after moving database to a new host | N/A | 523958 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 2 | ||
| DNS should cleanup all non-relevant NS records | N/A | 487775 |
| Handle null values which can be returned from Change Auditor database query | N/A | 498663 |
| Static Analysis Security Issue: Out-of-bounds read/access for ud3convert | N/A | 498947 |
| Hybrid Restore Service: Time zone settings set to UTC - (negative offset) causes ODR restore objects fail with "No results received from the agent". | N/A | 504110 |
| Hybrid Restore Service: Issue with database upgrade when upgrading RMAD product | N/A | 505343 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 1 | ||
| Hybrid Restore Service: Timezone and region settings set to UTC+ causes ODR Diff restore objects to hang on "Synchronizing object changes with Azure AD" | N/A | 444355 |
| Expand-RMADBackup crashes when it's executed simultaneously for multiple backups | N/A | 465177 |
| Poor performance of backup replication in Full Mode | N/A | 472789 |
| Invalid Version String in the rmad.db3 crashes the Console | N/A | 478037 |
| Correct User Guide about permissions required for online restore | N/A | 480678 |
| Disable IPv6 loopback for AD integrated DNS server | N/A | 487979 |
| Child domain forest-wide DNS zone gets wrong IP address | N/A | 487991 |
| Recovery Manager for Active Directory 10.3.1 | ||
| FSMO roles doesn't removed from non-recovered DC | N/A | 408607 |
| OnlineRestoreAgent.msi uninstalls Backup agent on DC if Backup agent exists. Backup agent also uninstalls ORA on DC if exists before install Backup Agent. | N/A | 421201 |
| Perform integrity check after scheduled backup' option works incorrectly | N/A | 430626 |
| GPO Comparison Report error: "Uncaught Reference Error: Enumerator is not defined" | N/A | 431908 |
| Using Online Restore Wizard, any GPO Comparison Reports do not show the changes/differences because the information is hidden | N/A | 434960 |
| Do not store user account credential in the task for scheduled console config backup | N/A | 437559 |
| Too long replication in full mode | N/A | 438621 |
| Restore-RMADDeletedObject cmdlet throws "Invalid Password Cannot decrypt data" when backup is not accessible - improve error message | N/A | 440174 |
| DC side PowerShell script account requires SeInteractiveLogonRight, or the logon will fail. | N/A | 444542 |
| Get information about computer from Backup takes too long to fail if backup access credentials are incorrect | N/A | 448638 |
| When forest domain is forest-wide replicated all DCs in forest should use its DC as primary DNS server | N/A | 468637 |
| Email notifications: SMTP authentication long password truncated after saving and reopening Recovery Manager Settings dialog | N/A | 470665 |
| Recovery Manager for Active Directory 10.3 Hotfix 2 | ||
| Online Restore Agent attempts to connect to a wrong domain controller when trying to perform an online recovery | N/A | 431481 |
| Integrity checks of collections with backups to be stored in Azure Files (SMB share) fail. | N/A | 435383 |
| RMAD console crashes during Online Restore Wizard for AD LDS (ADAM) due to large number of objects. | N/A | 437753 |
| Online restore is failing with the error: Failed to create a remote object. DCOM configuration required. | N/A | 440746 |
| Support gMSA accounts for scheduled collections when "Network access: Do not allow storage of passwords and credentials for network authentication" is enabled. | N/A | 444925 |
| Recovery Manager for Active Directory 10.3 Hotfix 1 | ||
| Cleanup CNAME DC record | RMADFE-2746 | 242105 |
| Hybrid Restore selection is not being verified in installer when remote SQL and windows creds are being used. | N/A | 359203 |
| Online Restore Wizard: "Objects to Be Processed" Add button browse not working properly | N/A | 411383 |
| New-RMADSchedule cmdlet doesn't support several weeks trigger | N/A | 414124 |
| Read zone info from inconsistent/partial registry key | N/A | 419904 |
| Hybrid restore may fail with the 'database is locked' error when restoring 50..100 objects | N/A | 424314 |
| Apply Group Policy step hangs if root domain DNS zone is forest-wide replicated | N/A | 427816 |
| Recovery Manager for Active Directory 10.3 | ||
| Online Restore Wizard: Reporting on Unchanged Objects | N/A | 377277 |
| Incorrect email subject message after unsuccessful/incomplete recovery | N/A | 406720 |
| Computer Column - Timing column for the backup jobs to assist users in estimating job lengths | N/A | 351058 |
| When the Additional path is offline, then a job that's only using local-storage completes with a warning. With Remote Storage, the job fails with an error. | N/A | 370690 |
| ISO boot fails with a BSOD on Windows 2022 lab. To fix the issue, you need to add the latest cumulative update (any update after 7C-KB5015879) into WinRE.wim. Download the LCU September 13, 2022 — KB5017316 (OS Build 20348.1006) (microsoft.com). See the Quest Knowledge Base article KB4368806 for commands that need to be run. | N/A | 376632 |
| Online Restore Wizard Directory object not found when restoring with old 2012 R2 backup to 2019 DC | N/A | 380226 |
| Issue with install - invalid SQL hostname during install/upgrade | N/A | 388182 |
| FSMO Roles are not displayed in the recovery report after restore | N/A | 376235 |
| Tab order on SQL Installer page is wrong | N/A | 397266 |
| Resolved Issue | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.3.2 | ||
| Console configuration backup fails when password contains double quotes. | N/A | 443231 |
| Scheduled verify task succeeds when frproj has validation issues | N/A | 476407 |
| Open-RMADFEProject cmdlet does not work with relative path | N/A | 523257 |
| Console configuration backups do not support passwords containing spaces | N/A | 539417 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 3 | ||
| Invalid password. Cannot decrypt data at GetComputerInfoFromBackup step | N/A | 490646 |
| Forest Recovery should reset GC occupancy level to original value | N/A | 505147 |
| FRAgent crashes on DSRM reboot step | N/A | 510813 |
| Recovery report doesn't show quarantined files if the recovery was crashed/interrupted | N/A | 511476 |
| Error on FR console open: Unable to sort because the IComparer.Compare() method returns inconsistent results | N/A | 511477 |
| Recovery Report: Data retrieval fail for the subreport, 'DCReport', located at: DCReport. Please check the log files for more information | N/A | 518248 |
| Remove obsolete NS records for forest replicated zones | N/A | 520205 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 2 | ||
| Recovery project verification may fail with "Invalid password. Cannot decrypt data" error | N/A | 506570 |
| Recovery Manager for Active Directory 10.3.1 Hotfix 1 | ||
| Azure VM Creation: Unable to verify settings on the cloned Azure infrastructure template | N/A | 483661 |
| LSA protection enabled and online restore gets access denied on Windows 2022 | N/A | 486528 |
| Selected network adapter is not applied during HyperV/VMWare VM creation | N/A | 492184 |
| Invalid default subnetwork selected when configuring new resource group for Azure VM creation | N/A | 493636 |
| Unable to connect Azure to configure the infrastructure with Az 12.0 or Az.Accounts 3.0 modules | N/A | 494885 |
| "The term Get-AzLocation is not recognized…" error is displayed when configuring Azure infrastructure template | N/A | 495398 |
| Recovery Manager for Active Directory 10.3.1 | ||
| Avoid install DNS server in case of external DNS used for Restore to Clean OS - Multi Tree Forest | RMADFE-2413 | 242083 |
| Unable to Retry All operation for failed DC after FRC process restarted | N/A | 422083 |
| Backup access failed with user unfriendly error message | N/A | 422251 |
| Verify setting and recovery should show error if target windows version older than version in the backup | N/A | 432655 |
| Domain Removal during recovery leaves Trust account | N/A | 449224 |
| "Do Not Recover" checkbox state is not synced between "Advanced Actions" and "Configure Advanced Actions" dialogs | N/A | 450812 |
| Retry last fails with: "Object reference not set to an instance of an object" after canceling DC on SetPrefferedDns then close/reopen FR console to resume recovery | N/A | 456538 |
| Forest Recovery Console crashes after project verification or forest recovery if email notification throws an error | N/A | 467130 |
| FR console crashes with Alerts configured after Verify Settings or Recovery if notification "From address" is invalid | N/A | 467637 |
| Recovery Manager for Active Directory 10.3 Hotfix 2 | ||
| Automatic DNS configuration for forest replicated root domain zone | N/A | 423045 |
| Automatic Backup selection criteria always chooses remote backup even if local backup is newer. | N/A | 433601 |
| Inform user about the issues with DNS selection. | N/A | 440127 |
| Recovery Manager for Active Directory 10.3 Hotfix 1 | ||
| Alternate paths are not provided to FR agent if UNC server name contains some special characters | N/A | 420386 |
| Last Integrity Check shows wrong time | N/A | 422094 |
| Custom action RemoveDllReference fails if no dll references are present in FRConsole.exe.config file | N/A | 422727 |
| Console Configuration Backup: unable to create backup on remote share with remote share credential specified | N/A | 422883 |
| Recovery Manager for Active Directory 10.3 | ||
| No warning when accounts are missed on password reset | N/A | 302503 |
| Issues occur with Forest recovery if Administrator and Guest builtin accounts have been renamed | N/A | 273145 |
| The "DC for auth restore of Sysvol" dropdown is empty in the FR project settings | N/A | 412284 |
| Cannot access the recovery plan if no printer exists, or printer is not functioning properly | N/A | 375548 |
| Persistence restore session can become "stuck" | N/A | 365894 |
| Verify operation should check FSMO owners consistency in frproj | N/A | 370975 |
| Date format used to display date/time on progress screen in Forest Recovery Console does not follow the configured date/time format on the server | N/A | 374429 |
| Same domain name appears twice with different letter cases on project settings dialog | N/A | 252242 |
| iLO access password is logged in clear text | N/A | 317963 |
| 'Configure the domain controller as global catalog server' option is shown on FR console when the 'Restore Active Directory on Clean OS' recovery method is used | RMADFE-2830 | 242200 |
| DNS is not working correctly after BMR recovery with multiple DNS domains hosted in one zone | RMADFE-2173 | 242184 |
| Do not show skipped "Apply group policy" step on progress tab | N/A | 414312 |
Recovery Manager for Active Directory fully supports Transport Layer Security (TLS) 1.2. It is recommended that you upgrade to TLS 1.2 for secure communications.
| Security Resolved Issue | ID (old) | Azure DevOps |
|---|---|---|
| Recovery Manager for Active Directory 10.3.1 Hotfix 3 | ||
| Insecure SSL/TLS: bad certificate verifier - CWE-295, CWE-296, CWE-300 | N/A | 498948 |
| Recovery Manager for Active Directory 10.3 | ||
| Salting mechanism for forest recovery project and ADVL project password hashes | N/A | 412667 |
| Enforce password complexity on Forest Recovery project | N/A | 253917 |
| TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand | N/A | 384624 |
© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
