To restore Active Directory data, the Recovery Manager Portal relies on unpacked backups created by the Recovery Manager for Active Directory instances deployed in your environment. For this reason, you need to configure the Recovery Manager for Active Directory instances to create unpacked backups for the domain controllers you want. Then, configure the Recovery Manager Portal to work with those instances.
Note that the Recovery Manager Portal can only work with Recovery Manager for Active Directory version 8.6 or higher, so make sure to install or upgrade to that Recovery Manager for Active Directory version.
To configure the Recovery Manager Portal for working with Recovery Manager for Active Directory, complete the following steps:
To access a Recovery Manager for Active Directory instance, the Recovery Manager Portal requires the Recovery Manager Remote API Access service to be installed and running on the Recovery Manager for Active Directory computer. This service enables the following Recovery Manager for Active Directory features: integration with Recovery Manager Portal, full replication of RMAD console, consolidation of backup registration data and support for hybrid environment.
The Recovery Manager Remote API Access service is an optional feature and you must select this component when installing Recovery Manager for Active Directory version 10.1. To check if this service is installed and running, you can use the Services tool (services.msc). If the service is not installed, complete the next steps to install it.
Open the list of installed programs (appwiz.cpl).
In the list of installed programs, locate and select Recovery Manager for Active Directory.
At the top of the list, click Change.
Step through the wizard until you are on the Change, repair, or remove installation page.
Click the Change button, and then select the Recovery Manager Remote API Access feature for installation.
Follow the steps to complete the wizard.
The Quest Recovery Manager Remote API Access service runs under the Local System account by default.
However, you can specify another service account using the Services snap-in or command line.
Open the Run dialog, type services.msc and press Enter.
Find Quest Recovery Manager Remote API Access service in the list, and open its Properties.
Switch to the Log On tab.
Choose the This account option, Browse for a user account and specify the password.
Click OK to close the Properties dialog.
Restart the service.
Start cmd.exe.
Type the following command:
sc config RecoveryMgrPortalAccess obj= "[account]" password= "[password]"
net stop RecoveryMgrPortalAccess & net start RecoveryMgrPortalAccess
Have the Log on as a service permission.
To grant the permission:
Run secpol.msc.
In the Local Security Policy console, select Local Polices | User Rights Assignment | Log on as service.
Right-click Log on as service and select Properties.
Make sure that the target account is in the list or belongs to the groups listed on the Local Security Setting tab.
Have the Read and Write permissions on RMAD database folder %PROGRAMDATA%\Quest\Recovery Manager for Active Directory.
Have the Read and Write permissions on the folder RMAD log.
Have the Local Launch and Local Activation permissions on COM server "COM Surrogate" .
To grant permissions:
Run comexp.msc.
In the Component Services console, click Computer | My Computer | DCOM Config.
Right-click {D023E270-1AB8-4F68-873E-7BD3304DC645} and select Properties.
Go to the Security tab and select Customize under Launch and Activation Permissions and click the Edit button.
Assign Local Launch and Local Activation to the target user.
Have the Read and Write permissions for the registry keys "HKEY_CLASSES_ROOT", "HKEY_LOCAL_MACHINE\SOFTWARE\Classes" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes".
Have the Read permission on the folder backups.
Have the Modify permission on the folder unpacked backups.
Have the Read permission on folder %SystemRoot%\system32\Tasks.
Be a member of the local Administrators group.
NOTE |
If you have already created computer collections, and have unpacked backups, skip this step. |
In this step, you need to configure the Recovery Manager for Active Directory instances for working with the Recovery Manager Portal.
In each Active Directory domain, choose one domain controller whose backups the Recovery Manager Portal will use for recovery operations.
In the appropriate instance of Recovery Manager for Active Directory, create a separate Computer Collection for each domain controller you have chosen.
Add the domain controllers to their individual Computer Collections.
Configure backup settings for these Computer Collections:
Specify to unpack backups. For instructions, see Configuring Computer Collection-specific settings to unpack backups.
This is required because the Recovery Manager Portal can only restore data from unpacked backups.
Configure a retention policy for the unpacked backups. For instructions, see Unpacked Backups tab in Properties for an existing Computer Collection.
The number of retained unpacked backups determines the number of available backup states to which you can restore Active Directory objects in the Recovery Manager Portal.
In the Recovery Manager Portal, add the Recovery Manager for Active Directory instances you have configured in the previous step. By adding the instances, you make the unpacked backups they create available in the Recovery Manager Portal.
Connect to the Recovery Manager Portal with your Web browser.
Use the user account under which you installed the Recovery Manager Portal. By default, this account has all necessary permissions to modify the portal configuration.
In the Recovery Manager Portal, open the Configuration tab.
Expand Recovery Manager for Active Directory Instances.
Click the Add instance button.
Use the following options in the dialog box that opens:
Computer. Type the fully qualified domain name (FQDN) of the computer that hosts the Recovery Manager for Active Directory instance.
Access the computer using. Type the user name and password of the account with which you want to access the specified computer. The account must be a local administrator on the target computer.
When finished, click OK.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center