지금 지원 담당자와 채팅
지원 담당자와 채팅

Recovery Manager for AD Forest Edition 10.3.1 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Using Management Shell Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Registering Application for Exchange Online Email Notifications

To use email notifications using Microsoft 365 Exchange Online, you need to register Recovery Manager for Active Directory with Microsoft Entra ID. During the registration process, the required variables are generated. These variables are used when you configure OAuth2 authentication.

To register an application for Microsoft 365 Exchange Online through Microsoft Entra ID

  • Log into the Microsoft Entra ID portal (https://portal.azure.com) with your global administrator user account.

  • In the Microsoft Azure dashboard, go to Microsoft Entra ID | App Registrations, and click New Registration.

  • Enter a name for the application.

  • Under Supported account types, select Accounts in this organizational directory only (Single tenant) for the accounts that can access the application API.

    IMPORTANT: It is highly recommended that the application does not have access to all mailboxes. For more information about how to limit the application access to all mailboxes see the article Limiting application permissions to specific Exchange Online mailboxes.

  • Leave the Redirect URI (optional) field empty.

  • Click Register.

  • On the Overview tab, go to View API Permissions. Click Add a permission, click Microsoft Graph | Application Permissions and add the Mail.ReadWrite and Mail.Send permissions. See Microsoft documentation for details on limiting permissions to specific Exchange Online mailboxes. (Note: The Enforce approver account validation option found when configuring email notifications will not function if you select to follow the Microsoft article to restrict access to a single mailbox.)

  • Click Add Permission.

  • On the API Permission tab, under Grant consent, click Grant admin consent for tenant name.

  • Click Yes to confirm.

  • On the preview screen, click Overview, and note the application ID and the directory ID. (You will need these values when setting up OAuth2 authentication.)

  • Go to Microsoft Entra ID - Roles and administrators and assign the Exchange Administrator role for the application you created in previous steps.

  • The Microsoft Entra ID application requires a certificate for authentication. Go to Certificates & secrets, select Upload Certificate and upload the required file.

Recovery Manager for Active Directory requires the certificate to be copied to the machine where the Recovery Manager console is installed. The certificate should be stored in the local certificate store.

To import the certificate on the console machine:

  • Open the Certificate Import Wizard
  • Select Local machine for Store location. Click Next.
  • Select Place all certificates in the following store, click Browse and select the Personal store. Click Next
  • After the certificate is imported to the store, obtain and save the certificate thumbprint. The certificate thumbprint will be needed when setting up OAuth2 authentication.
NOTE

Once OAuth2 authentication is set up, Recovery Manager for Active Directory saves the Application (client) ID, Directory (tenant) ID, and Certificate thumbprint in the registry. It is located in the registry path: "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Quest\Recovery Manager for Active Directory\Options\Email".

 

Logging tab

On this tab, you can configure diagnostic logging to write detailed information about the activity of RMAD to log files.

This tab provides the following options:

  • Use diagnostic logging. Select this check box to enable diagnostic logging in RMAD. Diagnostic logging produces a set of log files detailing the activity of RMAD.
Caution

Diagnostic logging can be resource intensive, affecting overall server performance and consuming disk space. Therefore, it should only be used temporarily when more detailed information is needed to isolate and resolve possible problems or to monitor the activity of RMAD on your server.

  • Log files location. Specifies the location where to create the log files. The default location is C:\ProgramData\Quest\Recovery Manager for Active Directory\Logs.

  • Create a new set of log files. Use this list to define how often (default Daily) to create a new set of log files. Each new set of log files is placed in a separate subfolder in the log files location.

 

Ports tab

On this tab, you can specify TCP ports that will be used by Recovery Manager Console to communicate with Backup Agent, Restore Agents and Management Agent.

This tab provides the following options:

Backup Agent

  • Connect to Backup Agent using a specific TCP port. Allows you to specify the TCP port number that will be used to connect to Backup Agent installed on a target domain controller. If the option is not selected, the default port 3843 is used.

Online Restore Agent

  • Automatically configure Windows Firewall If this option is selected, Windows Firewall settings will be configured automatically for the operations performed by Online Restore Agent.

  • Connect to Online Restore Agent using a specific TCP port. Allows you to specify the TCP port number that will be used to connect to Online Restore Agent installed on a target domain controller. If the option is not selected, RPC dynamic port range is used by default.

Offline Restore Agent

  • Automatically configure Windows Firewall If this option is selected, Windows Firewall settings will be configured automatically for the operations performed by Offline Restore Agent.

  • Connect to Offline Restore Agent using a specific TCP port. Allows you to specify the TCP port number that will be used to connect to Offline Restore Agent installed on a target domain controller. If the option is not selected, RPC dynamic port range is used by default.

Management Agent

  • Automatically configure Windows Firewall If this option is selected, Windows Firewall settings will be configured automatically for the operations performed by Management Agent.

  • Connect to Management Agent using a specific TCP port. Allows you to specify the TCP port number that will be used to connect to Management Agent installed on a target domain controller. If the option is not selected, RPC dynamic port range is used by default.

 

Default properties for Computer Collections

The default properties for Computer Collections are applied to newly created Computer Collections. Default properties are overridden by Computer Collection properties when Recovery Manager for Active Directory performs backup operations on a Computer Collection.

The default properties are used to specify where to store backups, what to back up, and how many backups to keep for each computer that belongs to a Computer Collection. The default properties include options used for performance tuning, such as bandwidth throttling, CPU usage throttling, parallel backup tuning, and data compression. The default properties also include advanced backup options, such as accessing target computers with a special account, autocorrecting registry quota, and storing a copy of each backup in an additional location. In addition, the default properties include the logging settings that are used by default.

To view and modify the default properties for Computer Collections
  • In the Recovery Manager Console tree, click the Computer Collections node, and then click the Action menu and click Collection Defaults or right click on Computer Collections node and Collection Defaults.

The fields you can use in the dialog box that opens are similar to those in the properties dialog box for an existing Computer Collection. For more information, see Properties for an existing Computer Collection.

 

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택