Chatta subito con l'assistenza
Chat con il supporto

Disaster Recovery for Identity Current - for Active Directory User Guide

Roles and Permissions in On Demand

This section lists the minimum user account permissions required to perform specific Disaster Recovery for Identity for Active Directory tasks. Listed below are the role definitions and their associated permissions for Disaster Recovery for Identity for Active Directory. For more on roles in On Demand, go to Access Control: Roles section in the On Demand Global Settings User Guide.

Role definitions and permissions for Disaster Recovery for Identity for Active Directory

  • Recovery for AD Viewer: The Recovery for AD Viewer role allows read only access to all areas of Recovery for Active Directory.
    • Can View All
  • Recovery for AD Backup Operator: The Recovery for AD Backup Operator role allows to set up and manage backups and backup-related operations.
    • Can View All
    • Can Manage Backups
  • Recovery for AD Restore Operator: The Recovery for AD Restore Operator role allows to manage all backup and recovery operations.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
  • Recovery for AD Administrator: The Recovery for AD Administrator role allows full access to Recovery for Active Directory.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
    • Can Run Forest Topology Discovery
    • Can Manage Domain Controller Agents
    • Can Manage Forests
    • Can Configure Agents
    • Can Export Data: Recovery
    • Can Read Access Control Roles
    • Can Read Activity Trail: Recovery
  • Recovery Administrator: The Recovery Administrator role allows full access to both Recovery for Active Directory and Recovery for Entra ID.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
    • Can Run Forest Topology Discovery
    • Can Manage Domain Controller Agents
    • Can Manage Forests
    • Can Configure Agents
    • Can Export Data: Recovery
    • Can Read Access Control Roles
    • Can Read Activity Trail: Recovery

 

Permission definitions

The following table describes each permission used in Disaster Recovery for Identity for Active Directory.

Permission Description
Recovery for AD: Can View All View all areas of Disaster Recovery for Identity for Active Directory. Can view On Demand notifications for Recovery for Active Directory in Settings | Notifications.
Recovery for AD: Can Manage Backups Manage Backup Plans and backups, including starting, pausing, and canceling backup tasks.
Recovery for AD: Can Manage and Verify Recovery Plans Manage Recovery Plans and run plan verification. Perform actions during verifications including starting, pausing, and canceling verification tasks.
Recovery for AD: Can Run Recovery Ability to start, pause, and cancel recovery tasks.
Recovery for AD: Can Run Forest Topology Discovery Ability to run, pause, and cancel topology discovery.
Recovery for AD: Can Manage Domain Controller Agents Ability to download, install and upgrade domain controller (DC) agents, as well as starting, pausing, and canceling agent tasks.
Recovery for AD: Can Manage Forests Ability to add a new or modify an existing forest. Can configure On Demand notifications for Recovery for Active Directory in Settings | Notifications.

Email Notifications

An On Demand notification is an email sent to one or more recipients following an event. For example, after a Backup Plan failure event, specified recipients receive a notification email. Disaster Recovery for Identity for Active Directory includes built-in notification templates to ensure that you are kept up to date on critical activity within your organization. For information on how to configure who will receive the notification, see Configuring Notification Templates.

The following built-in notification templates are currently available:

  • Backup of Domain Controller Failed
  • Backup Plan Completed
  • Backup Plan Failed

Configuring Notification Templates

Notification templates allow you to configure who will receive notifications so that they can take the appropriate action to address the outlined risks to your environment. Notification templates are managed through On Demand Global Settings. For information about required permissions, see Roles and Permissions in On Demand.

To edit a notification template

  1. In the side navigation panel of On Demand, select Settings.
  2. In the main panel, select Notification | Email Notifications in the menu bar.
  3. Expand Recovery for Active Directory.
  4. Select the notification template name of the template you want to edit.
  5. To add recipients, enter the required email addresses and select Add Recipients.
  6. To remove recipients, select the checkboxes for the relevant recipients listed under Selected Recipients, and select Remove.
  7. Optionally, send a test email by selecting the checkboxes for one or more recipients and selecting Send Test Email.
  8. Select Save.

The next time an event that is associated with this notification template occurs, all listed recipients receive a notification email.

Working with Disaster Recovery for Identity for Active Directory

This section provides step-by-step instructions on how to start using Disaster Recovery for Identity for Active Directory.

  1. Go to Quest On Demand and sign up for Quest On Demand. For more information, see Sign up for Quest On Demand.
  2. To launch Disaster Recovery for Identity for Active Directory, select Recover in the left pane, then select Active Directory.

Below is a general overview of the steps required to successfully use Disaster Recovery for Identity for Active Directory:

  1. Deploy hybrid agents on the standalone or domain-joined server connected to the forest you wish to backup and restore.

NOTE: When using Recovery Manager for Active Directory Forest Edition/Disaster Recovery Edition (RMAD FE/DRE), it is highly recommended to install the hybrid agent on the Forest Recovery Console machine.

  1. Add the forest into Disaster Recovery for Identity for Active Directory by selecting the hybrid agent deployed in the Active Directory forest.
  2. Discover forest topology and install domain controller agents on the domain controllers you want to back up.
  3. Create Backup Plans and schedule regular backups of the domain controllers.
  4. Create a Recovery Plan to be used in case of disaster.
  5. Verify the Recovery Plan on a regular basis to identify any potential issues with the plan.

Caution: Microsoft Entra is a dynamic and rapidly evolving platform, which means its APIs may be updated or changed with limited notice. These ongoing changes may occasionally impact features in Disaster Recovery for Identity for Active Directory. When possible, Quest aims to provide timely notification to customers in cases of such impact. For the latest updates on Entra ID APIs, refer to the Microsoft Entra ID documentation and Microsoft Graph Changelog.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione