To create a Recovery Plan:
- From the Recovery screen, click Add Recovery Plan.
- Enter a unique name for the Recovery Plan, or use the preset name.
- Select the primary recovery method for the Recovery Plan. This assigns the default recovery method to all domain controllers in the Recovery Plan. The recovery method can be changed at domain controller level. See Editing Domain Controller Configurations for more.
- Restore to Clean OS: restores the entire forest or any of its parts on freshly installed Windows machines. It is highly recommended that you visit the Restore to Clean OS section in the Before You Start page before you use this method.
|
|
NOTE: For Technical Preview, the Restore to Clean OS method is the only available recovery method for a Recovery Plan. The dropdown menu is disabled by default. |
- From the drop-down list, select the maximum age of backups allowed in the Recovery Plan. This automatically selects the most recent backup for each domain controller that is not older than the specified number of days. If there is no domain controller backup that meets the criteria, a backup must be manually selected for that domain controller or the restore will fail. The default value is 14 days.
- The table in the Domains section displays the domains within the environment. Select one or more domains to recover and specify configuration for the domain by clicking on the domain name. Refer to the Editing Domain Configurations section for more details. At least one domain controller from each selected domain must be recovered. Domains that are not selected are assumed to be operating correctly and no action will be performed for these domains.
- Click Save. You will be taken to the Recovery Plan details screen.
You can edit a Recovery Plan by clicking Configure, then Recovery Plan. The Configure Recovery Plan screen will appear. You can then edit the same Recovery Plan configurations as seen in the steps above.
|
|
IMPORTANT: If the Active Directory forest topology is changed on-premises (new domain controllers have been added or removed, domain controller roles are updated, etc), the environment will need to be manually re-discovered in the product and a new Recovery Plan needs to be created based on the updated topology. |
Upon the creation of a Recovery Plan, you will be taken to the Recovery Plan details screen. Here you can view details of the domain controllers within the domains selected in the Recovery Plan.
|
|
NOTE: The list of domain controllers is taken from the topology discovered by Disaster Recovery for Identity for Active Directory. If you see missing or additional domain controllers, or an incorrect domain controller type, run a discovery on the Topology screen and re-create a Recovery Plan. |
On the Recovery Plan details screen, you can view the following information:
- Domain Controller - the FQDN of the domain controller.
- Domain - the FQDN of the domain selected for recovery.
- Status - the status of the domain controller.
- Current Operation - the operation currently running.
- Recovery Method - the recovery method selected for the domain controller. This can be changed to Do Not Recover in Domain Controller Configuration.
- Selected Backup - the completion date and time of the selected backup.
|
|
NOTE: No Backup Available is displayed if there is no backup that meets the backup criteria. |
- Type - the domain controller can be of the following types:
Above the action bar, you will see a the overall Recovery Plan summary of the verification/recovery task that is currently being performed in the Recovery Plan, including:
- the FQDN of the forest the environment is linked to and overall latest status of the Recovery Plan. See the Status section below for more.
- the overall time for the completed action.
- the number of domain controllers that have the following statuses:
- Completed
- Completed with Warnings
- Canceled
- Pending
- Not Started
- In Progress
- Paused
- Canceling
- In Progress with Warnings
- Failed
- the recovery mode with the number of domains selected.
On the Recovery Plan details screen, you can perform the following actions:
|
|
NOTE: Individual domain controllers cannot be canceled from this screen. |
|
|
Caution: Canceling a verification or recovery operation may result in a corrupt forest. Proceed with caution. |
- View - view either events or tasks from the drop-down list for the Recovery Plan.
Status
The Status is displayed underneath the forest FQDN in the overall Recovery Plan summary as well as in the Status column for every domain controller. The Status column displays one of the following:
- Configuration errors if they exist in the Recovery Plan.
- Status of the ongoing or completed operation.
If a configuration error is present, open Domain Controller Configuration to view the full message.
By clicking on the status of the ongoing or completed operation, you can view the Domain Controller Operations for that domain controller. The status can include the following:
- Verify
- Verification Starting - the verification operation is in the process of starting.
- Verification in Progress - the verification operation is in progress.
- Verification Completed - the verification operation has been completed.
- Verification Completed with Warnings - the verification operation has been completed, but one or more operations have warnings. See Domain Controller Operations for more.
- Verification Failed - the verification operation has failed.
- Verification Canceling - the verification operation is in the process of being canceled.
- Verification Canceled - the verification process has been canceled.
- Verification Paused - the verification operation has been paused.
- Recovery
- Recovery Starting - the recovery operation is in the process of starting.
- Recovery in Progress - the recovery operation is in progress.
- Recovery Completed - the recovery operation has been completed.
- Recovery Completed with Warnings - the recovery operation has been completed, but one or more operations have warnings. See Domain Controller Operations for more.
- Recovery Failed - the recovery operation has failed.
- Recovery Canceling - the recovery operation is in the process of being canceled.
- Recovery Canceled - the recovery process has been canceled.
- Recovery Paused - the recovery operation has been paused.
- Waiting For Other DCs - this operation is currently waiting for other domain controllers to finish their operations.
You can edit domain configurations for the Recovery Plan by either:
- Clicking on the domain FQDN in the Domain column on the Recovery Plan details screen,
- Clicking on the domain FQDN in the Domains table on the Create/Edit Recovery Plan page, or
- Clicking the checkbox for domain controller in the desired domain, then clicking Configure, then Domain. The Domain Configuration screen will appear.
|
|
NOTE: Domain configurations are required when creating a Recovery Plan with the Restore to Clean OS method. |
You can edit the following domain configurations:
- Change Server Access Credentials. Definitions of each credential can be found in the Server Access Credentials section in the Before You Start page:
- Domain Username - an Active Directory Domain Admin account that existed when the backup was created.
- Domain User Password - the password for the above domain.
- Local Username - the username for the local account that has Local Administrator rights on the target.
- Local User Password - the password for the above local account.
- DSRM Administrator - the username for the DSRM administrator.
- DSRM Administrator Password - the password that the DSRM password will be set to when target machine is promoted to the domain controller.
- Confirm DSRM Administrator Password - confirm the above DSRM administrator password.
- DNS Configuration. It is highly recommended that you visit the DNS configurations and Handling DNS servers during recovery sections in the Before You Start page:
- Select DNS server automatically - retrieves a list of all DNS servers that are in use in the forest and automatically assigns a DNS server that is operating correctly from the list to the current domain controller.
- Use preferred DNS server(s) - input preferred DNS server(s), individually separated by a semicolon (;). The use of the preferred DNS server can be seen in the Events screen.
You can edit domain controller configurations for the selected Recovery Plan by either:
- Clicking on the domain controller FQDN in the Domain Controller column on the Recovery Plan details screen, or
- Clicking the checkbox for the desired domain controller, then clicking Configure, then Domain Controller. The Domain Controller Configuration screen will appear.
You can edit the following domain controller configurations:
- You can change the Recovery Method to the following states: Restore to Clean OS, Install Active Directory or Do Not Recover.
|
|
NOTES:
- It is highly recommended that you visit the Recovery methods in Disaster Recovery for Identity for Active Directory section in the Before You Start page before you use any of these methods.
- If a domain controller is marked as Do Not Recover and then later changed to Restore to Clean OS (after successfully recovering domain credentials for a Restore to Clean OS recovery), the recovery status for all domain controllers will be reset. Therefore, if you run a recovery operation, it will start from the beginning for every domain controller, even if some were previously recovered.
|
- (Install Active Directory method only) Under Domain Controller Options, configure the checkboxes as desired for the Configure as a global catalog server and Install DNS server on the domain controller.
- Configure as a global catalog server - Use this option if you need to reconfigure the global catalog on the domain controller during Active Directory® reinstallation. This option will be selected by default if the original domain controller was a global catalog. Microsoft recommends that all domain controllers provide DNS and global catalog services for high availability in distributed environments. For more information, click here.
- Install DNS server on the domain controller - During Recovery, the DNS server is installed during the Install Windows features step. This option is enabled by default.
- The Target Server box will be empty by default. If the Target Server IP is empty, verification will run its operations against the source domain controller and a warning will be recorded. To perform a recovery, the Target IP must be populated, otherwise the recovery will fail.
|
|
NOTE: The target server should be compliant with the following requirements:
- Operating system version should be equal to the original domain controller operating system.
- Operating system should follow organization security best practices (e.g. have latest updates, security software) since this operating system will be used to run the Active Directory Domain services after the restore.
- The physical disks should have enough free space to host the Active Directory data after recovery.
|
- (Restore to Clean OS method only) Change whether to select backups automatically based on the backup selection criteria configured for the Recovery Plan or use a manually selected backup.
- By default, a backup is selected automatically according to the backup selection criteria. To select a backup for the domain controller, select Manual, then select the backup from the drop-down menu.
- Change server access credentials. By default, domain-level credentials are used. To specify credentials for the selected domain controller, check the Override domain-level credentials box, and input the credentials mentioned in the Editing Domain Configurations section above.
