지금 지원 담당자와 채팅
지원 담당자와 채팅

Recovery Manager for AD Disaster Recovery Edition 10.3.2 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Cloud Storage Secure Storage Server Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Installed Active Directory method Restore Active Directory on Clean OS method Bare metal forest recovery Using Management Shell Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

In the Group Policy Restore Wizard, a GPO link is shown as deleted, but the link actually exists in Active Directory. What's wrong?

If a link’s No Override option or Disabled option has been changed, RMAD treats the link as having been deleted, and assumes that a new link was created with new options. This behavior is by design.

 

What is a primary restore of the SYSVOL?

A primary restore is intended to recover the initial member of the SYSVOL replica set, only when the entire replica set has been lost. A primary restore should therefore not be used if there are two or more operational domain controllers in the domain. If there are other members in the replica set with which the restored SYSVOL can synchronize, a primary restore should not be performed, as it disrupts the replication of SYSVOL data.

For more information about primary restore, see the Microsoft article “Authoritative, Primary, and Normal Restores” at How to force authoritative and non-authoritative synchronization for DFSR-replicated sysvol replication.

 

How do I change the Backup Agent port number?

RMAD uses a TCP port to communicate with Backup Agent installed on the target domain controllers to be backed up. To change the Backup Agent port number, perform the following procedures.

On each target domain controller to be backed up, perform the following steps:

  1. Start Registry Editor (Regedit.exe), and then locate the registry key:

    HKLM\SYSTEM\CurrentControlSet\Services\ErdAgent

  2. In the details pane, double-click the ImagePath value, and in the Value data text box, specify the port number in the following way:

    %SystemRoot%\RecoveryManagerAD\ErdAgent.exe -I -P:3899

    In this example, Backup Agent will use port 3899. When finished, click OK.

  3. Close Registry Editor.

  4. Restart the Backup Agent service.

Start the Recovery Manager for Active Directory Console (snap-in), and then perform the following steps:

  1. In the console tree, select the node RMAD, and then on the Action menu, click Settings.

  2. On the Ports tab, select the Connect to Backup Agent using a specific TCP port. check box, and then specify the port number in the Port text box.

  3. Click OK to close the Recovery Manager for Active Directory Properties dialog box.

Important

If you are using a firewall, the specified TCP port must be opened. You must specify the same port number for all target domain controllers to be backed up.

 

How and where is LDAP used in RMAD?

When is LDAP used in RMAD?

LDAP is used to search AD-LDS (ADAM) to retrieve Active Directory object information. During the Online Restoration (agentless and agent-based) and Group Policy Restoration, the LDAP API is used to perform modifications to specified Active Directory objects.

Is LDAP used to authenticate?

RMAD does not use LDAP for authentication of credentials or for Domain Controller connectivity. RMAD is using LDAP version 3, and the password is not in plain text, but is "encrypted". RMAD uses the Generic Security Services Application Program Interface (GSSAPI) to authenticate user logon. GSSAPI is included in the Kerberos protocol.

Is LDAP used to transfer data from AD during backups?

RMAD does not use LDAP for transfer, but deploys a Backup Agent to the domain controller. The Backup agent will collect data and make a backup file. If you store the backup file on console side, the backup file will be transfer by encrypted RPC protocol; if you use Remote Storage and assign a UNC path, the backup is copied by SMB protocol. The user can assign a password to encrypt the backup file.

 

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택