Recovery Plan is designed to improve the overall transparency of the recovery process. The plan is a detailed recovery process roadmap you can generate and view for the current recovery project in the Forest Recovery Console. The plan provides an overview of recovery settings specified for the domain controllers in the recovery project, thus allowing you to gain a better understanding and control of every aspect of the forest or domain recovery.
Generating and reviewing the recovery plan before you proceed with the recovery helps you identify and if necessary avoid any unwanted recovery actions by adjusting the project settings appropriately. You can also print out the generated project recovery plan or export it to a number of presentation formats provided by Microsoft SQL Server® Reporting Services (SSRS) on which the Recovery Plan feature builds, such as PDF, XML, CSV, TIFF, and Excel®.
You can configure Recovery Manager for Active Directory (RMAD) to automatically run custom scripts on the RMAD computer before, after, or during the recovery operation.
This version of RMAD is supplied with the Microsoft Windows Script File (.wsf) file that serves as a template where you can insert your custom scripts written in the VBScript or JScript language.
The .wsf file has a number of XML elements where you can insert your scripts. Depending on the XML element where you insert it, your script will run
Before the recovery operation starts in the current project.
Each time before the restore from backup operation starts for a domain controller in the current project.
After the restore from backup operation completes for all domain controllers in the current project.
Before the reinstall Active Directory operation starts in the current project.
Each time before the reinstall Active Directory operation starts for a domain controller in the current project.
Each time the reinstall Active Directory operation completes for a domain controller in the current project.
After the recovery operation completes in the current project.
Recovery Manager for Active Directory performs the following functions:
Regular backup of domain controllers’ components across a network, including the Active Directory database, SYSVOL and Registry, and maintenance of one or more secure repositories containing the backed-up Active Directory data.
Wizard-driven, remotely administered restoration of Active Directory object data and Group Policy information from a point-in-time backup.
Active Directory, AD LDS (ADAM), and Group Policy comparison reporting, troubleshooting, and investigation.
Recovery Manager for Active Directory (RMAD) provides the facility to create backups of the Active Directory® components on domain controllers, including the Active Directory® database and Windows Server® Bare Metal Recovery (BMR) backups.
Both types of backups can be created for any Active Directory® domain controller available on the network. Backup creation is a task that can be performed on a regular basis without interrupting the operation of the domain controller.
RMAD lets you organize domain controllers into collections, and establish a backup scheduling frequency and “allowed hours” during which the backup process may run. Based on the frequency of updates to the directory data store, you can configure a backup schedule for each collection.
Depending on the requirements of your enterprise, you can configure a retention policy to specify how many backups are retained: for example, all saved backups or a number of the most recent backups. Different policy settings can be specified for different domain controller collections.
For Active Directory® backups, it is not necessary to maintain a single, centralized repository: several repositories, perhaps based on the site topology, can make your deployment more WAN-friendly. To minimize bandwidth consumption, RMAD employs agents that compress the data to be backed up, before sending it across the network.
RMAD allows backups to be encrypted and protected with a password, to prevent unauthorized access. This password is used to generate a passphrase with which the backup is encrypted.
For Active Directory® backup encryption, the product uses Microsoft’s implementation of the AES-256 algorithm from RSA, Inc. (Microsoft Enhanced RSA and AES Cryptographic Provider), with the maximum cipher strength. The use of the Microsoft Enhanced RSA and AES Cryptographic Provider ensures that backups are encrypted with 256–bit cipher strength
You can have RMAD keep unpacked Active Directory® or AD LDS (ADAM) backups in any appropriate location on your network.
Unpacked backups can be reused for subsequent starts of the Online Restore Wizard or Group Policy Restore Wizard. The use of unpacked backups accelerates the backup data preparation step of those wizards, because the unpacking process may be a lengthy operation.
RMAD makes it possible to use Active Directory® or AD LDS (ADAM) backups created with third-party backup tools. Before using this feature, unpack the backup to an alternate location with the corresponding third-party backup tool, and then register the database file (ntds.dit or adamntds.dit) using the Online Restore Wizard or Online Restore Wizard for AD LDS (ADAM), respectively.
When backing up Global Catalog servers, you have the option to force RMAD to collect group membership information from all domains within the Active Directory® forest. This option ensures that group membership spanning multiple domains is fully backed up.
It is recommended that you restore objects from Global Catalog backups that were created with this option. Otherwise, restored objects may not retrieve their membership in some local groups, because even Global Catalog servers do not store full information about group memberships. For example, information about membership in domain local groups is only stored in the home domains of those groups.
In an Active Directory® environment, each domain controller maintains its own Active Directory® database. Therefore, a backup of the Active Directory® database is domain controller-specific. To completely back up Active Directory®, you must back up the directory database on every domain controller.
To restore deleted or corrupted objects, it is recommended to back up at least two domain controllers for each domain for redundancy. If you intend to restore cross-domain group membership information, then it is also necessary to back up a global catalog server.
Another reason for backing up the directory database on every domain controller is loose consistency. Replication of changes made to Active Directory® does not occur immediately. The replication process first accumulates all changes, and then provides them to the participating domain controllers. As a result, the directory database on any domain controller is normally in a state of loose consistency. The directory object data on individual domain controllers differs to some extent, given that replication updates are either in transit between domain controllers, or waiting to be initiated.
The age of the backup must also be considered. Active Directory® prevents the restoration of data older than the "tombstone lifetime" - a setting specified in Active Directory®. Because of this, an Active Directory® backup should be created at least once within the tombstone lifetime. However, it is strongly recommended that backups of the directory database be created more often than this.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center