The RMAD minimum permission model supports at least one nesting level for permissions.
The following scenario outlines the conditions required to accomplish this:
- The 'RMAD backup operators' group is created across all the trusted forests available in the environment.
- Instead of adding the gMSA account directly into this group, a gMSA group is added, which contains the gMSA account. Both the gMSA account and the gMSA group belong to the same forest where RMAD is installed.
- The gMSA account is assigned in the Scheduled tab of all collections created for each forest.
- Active Directory backups should complete successfully once executed according to the assigned schedule.
