지금 지원 담당자와 채팅
지원 담당자와 채팅

Recovery Manager for AD Disaster Recovery Edition 10.2.2 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Cloud Storage Secure Storage Server Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS method Bare metal forest recovery Using Management Shell Creating virtual test environments Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Collecting diagnostic data for technical support

There may be a situation where technical support requests you to gather and supply diagnostic data from your computer collection. For this purpose, you can use a special tool provided in the Forest Recovery Console called Diagnostic Data Collector.

NOTE

From version 8.7, the diagnostic data can be collected for the Recovery Manager Console as well.
When gathering diagnostic data, the Diagnostic Data Collector collects the following:

  • From Forest Recovery Console machine

    • Collects the data saved in the current Recovery Project (.frproj) file, except for the passwords stored in that file.

    • Collects the Forest Recovery Console log

    • Collects the Recovery Manager for Active Directory event logs

    • .db3 database files

    • Recovery Manager for Active Directory

  • From Domain Controller

    • Collects Backup and Restore agent logs

    • Collects system event logs

    • Windows debug logs

    • Runs Microsoft Netdiag, Dcdiag, Nltest, MsInfo32 and Repadmin tools (in diagnostic mode only), and then collects the output provided by these tools. The tools are started by Collectdcdata.cmd and you can modify the list of collected logs.

To gather diagnostic data for your recovery project by using the Diagnostic Data Collector, you need to complete the following steps:

  • Step 1: Use Diagnostic Data Collector to automatically gather data. In this step, you use the Diagnostic Data Collector to automatically gather diagnostic data from each domain controller in your recovery project and save the data to the folder you specify. You can perform this step regardless of whether or not a recovery operation is currently running on the recovery project. If this step completes successfully for all domain controllers, Step 2 is not needed.

  • Step 2: Gather remaining data manually. You need to perform this step only for those domain controllers from which you could not successfully collect data in Step 1. In Step 2, you copy several files supplied with Recovery Manager for Active Directory to the target domain controller, and then run one of the copied files. As a result, diagnostic data is collected from the domain controller and saved to a new folder created in the location from which you ran the file.

The next sections provide instructions on how to complete each of these steps.

 

Step 1: Use Diagnostic Data Collector to automatically gather data

To automatically gather diagnostic data
  1. In the Forest Recovery Console, open the recovery project you want to collect diagnostic data.

  2. Make sure you specify credentials to access each domain controller in the project. To check whether you specified access credentials for a particular domain controller, do the following:

    • Select that domain controller in the list of domain controllers.

    • Open the General tab.

    • Make sure you specify the correct credentials in the Domain Controller Access option.

    The Forest Recovery Console will use the specified credentials to access the domain controller and gather diagnostic data from it.

  3. From the menu bar, select Tools | Diagnose | Collect Diagnostic Data.

  4. Use the Drop folder text box to specify the local or UNC path to the folder where you want to save the diagnostic data to be collected. The collected data is saved to a .zip, e.g. CollectedLogs_10_20_2015 07_23_25.zip

  5. You can change credentials to access the domain controllers that were specified on the step 2.

  6. Select the Delete collected logs from domain controllers option to delete collected RMAD\RMADFE logs from domain controllers.

  7. Click the Collect button and wait for the operation to complete.

If you successfully collected data from all the domain controllers in this step, you can submit the .zip file to Quest® technical support. Otherwise, complete Step 2: Gather remaining data manually.

 

Step 2: Gather remaining data manually

Perform the next steps for each domain controller from which you could not successfully collect data in Step 1: Use Diagnostic Data Collector to automatically gather data.

To gather diagnostic data manually
  1. Create a temporary folder on the local disk of the target domain controller.

  2. Copy Collectdcdata.cmd from the Recovery Manager for Active Directory installation folder to the folder you created in step 1 of this procedure.

  3. Run the Collectdcdata.cmd file in the location you copied it to and wait for the script to complete.

    The collected diagnostic data is saved to the CollectedData folder created in the location where you ran the Collectdcdata.cmd file.

  4. Rename the CollectedData folder so that its name reflects the name of the domain controller from which you collected data.

  5. Add the folder to the .zip file created in Step 1: Use Diagnostic Data Collector to automatically gather data.

    Now you can submit the .zip file to Quest technical support.

 

Restore Active Directory on Clean OS method

Using the Restore Active Directory on Clean OS method you can restore the entire forest or any of its parts on the freshly installed Windows® machines. This recovery method can be used, for example, when existing BMR backups contain the infected OS image. In this case, Active Directory® backups can be used due to they do not contain binaries (except Sysvol files). Active Directory backups can be also checked for viruses.

Domain controllers that are running on virtual machines in Amazon Web Services (AWS) or Microsoft Azure can be restored with the Restore Active Directory on Clean OS method.

NOTE

The first step of the Restore Active Directory on Clean OS recovery method is to promote the selected Windows® server to a domain controller. This operation cannot be performed for Windows Server® 2012 R2 or higher machines with FRS replication. So, Restore Active Directory on Clean OS is supported only for Windows Server® 2012 R2 or higher with DFS Replication.
For Windows Server 2012 R2 or higher machines with FRS replication, you can only use the Bare Metal Active Directory Recovery method.

At the first stage of the Restore Active Directory on Clean OS recovery method, the DNS server role is installed on a domain controller. For this reason, it is recommended to use a backup that was made on the AD-integrated DNS server for Clean OS recovery. You can still use backups that were made on the non-AD-integrated DNS server but in this case you should not use Automatic DNS selection option on any domain controller in such a domain.
If your domain has AD-integrated DNS servers restored from backup, you need to specify the DNS settings manually. After recovery, the domain controller that was restored by the Restore Active Directory on Clean OS recovery method synchronizes DNS partitions and continues to be a DNS server.
If your domain uses external DNS, you need to specify the DNS settings manually for every domain controller in the domain. After recovery, the domain controller restored by the Restore Active Directory on Clean OS recovery method will run a non-functional DNS server so you can uninstall it.

If you are testing Forest Recovery in the lab environment and your production forest uses an external (non-AD integrated) DNS server.

  1. You can prepare the lab by installing a new DNS server (e.g. on the RMAD server).

  2. Create empty DNS zones on this server in accordance with your production DNS configuration.

  3. Ensure that SOA and NS records created in the empty zone have the FQDN DNS name corresponding to this DNS server.

  4. Create an A record pointing to this server IP address in each zone.

  5. Ensure that non-secure DNS dynamic updates are enabled.

Recovery steps

Resources/Images/Clean_OS_pic.png

Step 1. Install the clean Windows image on the existing hardware or virtual machine

A blank host should comply with the following requirements:

  • The version of the Windows operating system must match the version deployed on the failed domain controller.

  • A blank host must have the same drive letters as the source domain controller if the Use AD paths from backup check box is selected or the drive letters must match the custom paths specified in the project.

  • A blank host should have enough free space for AD and SYSVOL data.

  • The account that is specified in Forest Recovery Console to access the target blank host should be the local Administrator on this machine.

Step 2. Select any appropriate Active Directory backup
Step 3. Use the Restore Active Directory on Clean OS recovery method

Recovery Manager for Active Directory promotes the selected Windows server to a domain controller and then restores Active Directory® data.

Resources/Images/Restore_on_clean_host.png

 

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택