To save the changes made to a recovery project
Forest Recovery Console saves the project when a user starts the verify settings or the recovery operation. Also, if these operations completed successfully or with some warnings, the project is saved once again.
It is recommended to regularly update your recovery project so that it reflects the changes occurred in your Active Directory® forest.
Open the recovery project you want to update.
On the menu bar, click Tools | Update Project with Changes in Active Directory.
Follow the steps in the wizard to update your project.
Each recovery project has a number of project-specific settings that allow you to control the various aspects of recovery. For example, you can use these settings to select how to handle the global catalog during recovery, configure balloon notifications displayed in the Forest Recovery Console and e-mail notification settings, select the Active Directory® domains you want to recover, and enable or disable the Recovery Persistence feature that provides protection from an inadvertent shutdown of the Forest Recovery Console.
Open or create a recovery project.
On the menu bar, select Tools | Recovery Project Settings.
Use the tabs described in the table below to view or modify the recovery project settings.
Displays a list of all domains in the current recovery project.
On this tab, you can use the following options:
Specify which type of restore operation you want to perform:
Specify the domains you want to selectively recover in the forest. For more information on how to selectively recover domains, see Selectively recovering domains in a forest.
For each domain, you can configure the domain controller where authoritative restore of SYSVOL will be performed.
You can specify default credentials to access domain controllers in the selected domain.
Allows you to select how to handle the global catalog during recovery. This tab provides the following options:
Rebuild GC, advertise normally. Uses a standard Active Directory® mechanism to remove and add the global catalog. By removing and then adding the global catalog you ensure that it contains no lingering objects and thus can avoid replication inconsistencies.
To advertise the rebuilt global catalog servers in DNS, this option uses the existing Global Catalog Partition Occupancy level specified in the system registry.
By default, a global catalog server is considered as ready to be advertised in DNS when all read-only directory partitions have been fully replicated to the new global catalog server. However, your particular forest may use a different setting. For this reason, it is recommended that you check the Catalog Partition Occupancy level specified in the system registry. If the default setting is used, then the Rebuild GC, advertise normally option is the safest and most reliable way to rebuild and advertise the global catalog during the recovery.
This option rebuilds the global catalog in the entire forest regardless of how many domains you are recovering.
Rebuild GC, advertise fast. Uses a standard Active Directory® mechanism to remove and then add the global catalog. This option offers a faster way to advertise the rebuilt global catalog servers in DNS. As a result, this option can help you make a number of forest-wide services (for example, user logon and Exchange Server messaging) available to the users more quickly after the recovery.
When you select this option, the rebuilt global catalog servers will be advertised in DNS without waiting for the read-only directory partitions replication to fully complete. The trade-off of using this option is that the global catalog may include some inconsistencies until the global catalog servers have received the complete information from all the other domains in the forest.
This option rebuilds the global catalog only in the domains that you recover by using RMADFE.
Keep GC intact. Does not rebuild or change the global catalog in any way during the recovery. With this option, the global catalog servers will remain either in the state in which they were before the recovery started (this is true for the servers that are located in the domains you selected not to recover) or in the state to which they were restored from backup during the recovery.
In certain situations, this option might help you avoid global catalog downtime and make some forest-wide services available to the users more quickly. However, using this option greatly increases the risk of introducing lingering objects into the global catalog, which can lead to a corrupt forest. It might happen if you use a set of backups for the domain controllers with large age difference. That is, backups may contain inconsistencies that will lead to introducing lingering object.
If you use this option, it is recommended that you manually reset the global catalog to ensure it does not include inconsistencies.
You can use this tab to configure balloon notifications displayed in the Forest Recovery Console and e-mail notification settings.
Allows you to configure balloon notifications in the Forest Recovery Console to inform you if the backups selected for recovery were created at different points in time or if your recovery project is outdated.
Age difference of selected backups exceeds <Number> hours. When selected, notifies you if the age difference of backups selected for recovery exceeds the number of hours you specify in this option. This option helps you ensure that the backups you select are created at a similar point in time and therefore hold similar Active Directory states.
Recovery project was updated more than <Number> days ago. When selected, notifies you if the current recovery project was last updated more than the number of days you specify in this option.
Forest topology has changed (only checked at console startup). When selected, causes the Forest Recovery Console to check if the forest topology information in the current recovery project is outdated. This check is performed each time the Forest Recovery Console starts up.
Allows you to send e-mail notifications to specific recipients when the verification or recovery process is completed.
Verification process is completed When the option is selected, the specified recipients will be notified that the verification process has been completed.
Recovery process is completed When the option is selected, the specified recipients will be notified that the recovery process has been completed.
Email Service Type Select SMTP Authentication or Exchange OAuth2.
E-mail address to send notifications Use this text box to specify e-mail recipients. More that one address can be entered, separated by a semicolon or a comma.
Sender email address Specify the return address for your e-mail notification messages. It is recommended that you specify the e-mail address of the RMAD administrator.
SMTP Authentication
SMTP server Specify the SMTP server for outgoing messages.
SMTP port Specify the port number (default port for SMTP is 25) that will be used to connect to your SMTP server.
SMTP server requires authentication When the option is selected, you will be prompted to provide credentials to log on to the SMTP server.
User name Specify the account name used to log on to the SMTP server.
Password Specify the user password.
Use Secure Socket Layer (SSL) to encrypt the connection Enables the SSL data encryption for email notifications.
Exchange OAuth2 Authentication
To set up email notifications for Microsoft 365 Exchange Online, you need to register Recovery Manager for Active Directory with Azure Active Directory. For steps to create and manage your Azure Active Directory application see Registering Recovery Manager for Microsoft 365 Exchange Online Email Notifications.
From address Provides a space for you to specify the return address for your email notification messages. It is recommended that you specify the e-mail address of the RMAD administrator.
Application (client) ID Provide the application (client) ID for the Azure Active Directory application created for Recovery Manager for Active Directory email notifications.
Directory (tenant) ID Provide the directory (tenant) ID for the Azure Active Directory application created for Recovery Manager for Active Directory email notifications.
Certificate Thumprint Provide the certificate thumbprint for the Azure Active Directory application created for Recovery Manager for Active Directory email notifications.
Test settings Sends a test notification message to the address specified in the Sender email address text box. Use this button to verify that the specified e-mail notification settings are valid.
On this tab, you can specify TCP ports that will be used by Forest Recovery Console to communicate with Forest Recovery Agent and Management Agent.
Connect to Management Agent using a specific TCP port. This agent is used to deploy other agents to the target server. Allows you to specify the TCP port number that will be used to connect to Management Agent installed on a target domain controller. If the option is not selected, RPC dynamic port range is used by default.
Management Agent will configure Windows Firewall exceptions. If this option is selected, Windows Firewall settings will be configured automatically for Management Agent.
Connect to Forest Recovery Agent using a specific TCP port. Allows you to specify the TCP port number that will be used to connect to Forest Recovery Agent installed on a target domain controller. If the option is not selected, RPC dynamic port range is used by default.
Forest Recovery Agent will configure Windows Firewall exceptions. If this option is selected, Windows Firewall settings will be configured automatically for Forest Recovery Agent.
To ensure you can recover your Active Directory® forest with minimum downtime, it is recommended that you regularly run the verify settings operation on your recovery project. When you run this operation, Recovery Manager for Active Directory (RMAD) connects to the domain controllers in the project, collects their configuration parameters, and then saves these parameters in the recovery project (.frproj) file. The verify settings operation does not modify any data in your Active Directory® forest.
After the configuration parameters have been collected, RMAD checks the recovery project settings against these parameters for any incompatibilities that may affect the forest recovery process. When the verify settings operation completes, you can view a report providing details about any problems found in your recovery project.
Running the verify settings operation on a regular basis allows you to promptly reveal any potential recovery problems and proactively prevent them by making appropriate adjustments to the recovery project settings.
When you run the verify settings operation, RMAD collects and saves the following information from each domain controller in the project:
IP addresses of all network adapters
IP addresses of all DNS servers on all network adapters
DNS names of all FSMO role holders in the Active Directory® forest
Forest Recovery Agent version installed on the domain controller (if any)
Whether the domain controller is read-only (RODC)
Operating system version installed on the domain controller
NOTE:
Check that the Administrative Share Admin$ exists and is accessible on the target domain controllers to perform the remote Forest Recovery Agent installation.
If the backup is located on the Recovery Manager Console machine: Check that the Administrative Share 'DriveLetter$' exists and is accessible for the disk where the backup is stored .
Otherwise, the Forest Recovery will fail. For more information, see Installing Backup Agent automatically.
Create or open a recovery project.
Specify recovery settings in the project.
On the toolbar, click the drop-down toggle next to Verify Settings, select Verify Settings and wait for the operation to complete.
To perform the verify settings operation for the particular domain controller(s), use the Verify Selected DCs option from the drop-down list.
After the verify settings operation completes, you can view a report on the operation results: from the menu bar, select View | Report.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center