지금 지원 담당자와 채팅
지원 담당자와 채팅

Recovery Manager for AD Forest Edition 10.2.1 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web portal Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Connecting to Recovery Manager Portal

Before connecting to the Recovery Manager Portal for the first time, log out, and then log back on to the computer where you have installed the Recovery Manager Portal.

To connect to the Recovery Manager Portal

  • Start your Web browser, and then go to the following URL: http://WebSite/VirtualDirectory/

    Substitute the Web site and virtual directory names specified during the Recovery Manager Portal installation for the "WebSite" and "VirtualDirectory" placeholders.

    For example, if the Recovery Manager Portal site is installed on the computer named Comp to the virtual directory RecoveryManagerPortal in the default Web site, to access the Recovery Manager Portal, you need to go to http://Comp/RecoveryManagerPortal.

 

Administering Recovery Manager Portal

This section describes how to perform administrative tasks in the Recovery Manager Portal. To perform these tasks, you must access the Recovery Manager Portal using the account under which you installed the portal. For more information, see Assigning roles to portal users.

In this section:

 

Configuring portal for working with Recovery Manager for Active Directory

To restore Active Directory data, the Recovery Manager Portal relies on unpacked backups created by the RMAD instances deployed in your environment. For this reason, you need to configure the RMAD instances to create unpacked backups for the domain controllers you want. Then, configure the Recovery Manager Portal to work with those instances.

Note that the Recovery Manager Portal can only work with RMAD version 8.6 or higher, so make sure to install or upgrade to that Recovery Manager for Active Directory version.

To configure the Recovery Manager Portal for working with RMAD, complete the following steps:

 

Step 1: Install Recovery Manager Remote API Access Service

To access a RMAD instance, the Recovery Manager Portal requires the Recovery Manager Remote API Access service to be installed and running on the RMAD computer. This service enables the following RMAD features: integration with Recovery Manager Portal, full replication of RMAD console, consolidation of backup registration data and support for hybrid environment.

The Recovery Manager Remote API Access service is an optional feature and you must select this component when installing RMAD version 10.1. To check if this service is installed and running, you can use the Services tool (services.msc). If the service is not installed, complete the next steps to install it.

To install the Recovery Manager Remote API Access service

  1. Open the list of installed programs (appwiz.cpl).

  2. In the list of installed programs, locate and select Recovery Manager for Active Directory.

  3. At the top of the list, click Change.

  4. Step through the wizard until you are on the Change, repair, or remove installation page.

  5. Click the Change button, and then select the Recovery Manager Remote API Access feature for installation.

  6. Follow the steps to complete the wizard.

The Quest Recovery Manager Remote API Access service runs under the NT AUTHORITY\SYSTEM account by default.

However, you can specify another service account using the Services snap-in or command line.

To change the service account using the Services snap-in

  1. Open the Run dialog, type services.msc and press Enter.

  2. Find Quest Recovery Manager Remote API Access service in the list, and open its Properties.

  3. Switch to the Log On tab.

  4. Choose the This account option, Browse for a user account and specify the password.

  5. Click OK to close the Properties dialog.

  6. Restart the service.

To change the service account using the command line

  1. Start cmd.exe.

  2. Type the following command:

    sc config RecoveryMgrPortalAccess obj= "[account]" password= "[password]"

  3. Restart the service:

    net stop RecoveryMgrPortalAccess & net start RecoveryMgrPortalAccess

Minimum permission requirements for the service operations
Run the service

Have the Log on as a service permission.

To grant the permission:

  1. Run secpol.msc.

  2. In the Local Security Policy console, select Local Polices | User Rights Assignment | Log on as service.

  3. Right-click Log on as service and select Properties.

  4. Make sure that the target account is in the list or belongs to the groups listed on the Local Security Setting tab.

Connect to the configuration database

Have the Read and Write permissions on RMAD database folder %PROGRAMDATA%\Quest\Recovery Manager for Active Directory.

Write the service log

Have the Read and Write permissions on the folder %PROGRAMDATA%\Quest\Recovery Manager for Active Directory\logs.

Invoke COM Surrogate (64-bit OS)

Have the Local Launch and Local Activation permissions on COM server "COM Surrogate" .

To grant permissions:

  1. Run comexp.msc.

  2. In the Component Services console, click Computers | My Computer | DCOM Config.

  3. Right-click {D023E270-1AB8-4F68-873E-7BD3304DC645} and select Properties.

  4. Go to the Security tab and select Customize under Launch and Activation Permissions and click the Edit button.

  5. Assign Local Launch and Local Activation to the target user.

Register COM at run time

Have the Read and Write permissions for the registry keys "HKEY_CLASSES_ROOT", "HKEY_LOCAL_MACHINE\SOFTWARE\Classes" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes".

Access the backups folder

Have the Read permission on the folder backups.

Access the unpacked backups folder

Have the Modify permission on the folder unpacked backups.

Create Scheduled Tasks when using the Replication feature in the Full mode

Have the Read permission on folder %SystemRoot%\system32\Tasks.

Create Scheduled Tasks when using the Replication feature in the Full mode on Windows Server 2016 and 2019

Be a member of the local Administrators group.

 

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택