Chat now with support
Chat with Support

Recovery Manager for AD Disaster Recovery Edition 10.3 - User Guide

Overview Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Getting and using help Configuring Windows Firewall Using Computer Collections Cloud Storage Secure Storage Server Hybrid Recovery with On Demand Recovery Managing Recovery Manager for Active Directory configuration Licensing
Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Using Managed Service Accounts Active Directory backups vs Windows System State backups Creating BMR and Active Directory backups Using the Backup Wizard Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up Active Directory components Integration with Change Auditor for Active Directory Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Full Replication Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Forest recovery overview Deploying Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Recovery methods Phased recovery Managing Forest Recovery Agent Rebooting domain controllers manually Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Developing a custom forest recovery plan Backing up domain controllers Assigning a preferred DNS server during recovery Handling DNS servers during recovery Forest recovery approaches Deciding which backups to use Running custom scripts while recovering a forest Overview of steps to recover a forest Viewing forest recovery progress Viewing recovery plan Viewing a report about forest recovery or verify settings operation Handling failed domain controllers Adding a domain controller to a running recovery operation Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Restore Active Directory on Clean OS method Bare metal forest recovery Using Management Shell Creating virtual test environments Appendices
Frequently asked questions Best practices for using Computer Collections Technical characteristics Best practices for creating backups Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Ports Used by Recovery Manager for Active Directory Forest Edition (Disaster Recovery Edition) Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Removing items from a Computer Collection

To remove items from a Computer Collection
  1. In the Recovery Manager Console tree, select the Computer Collection from which you want to remove items.

  2. In the details pane, select the items you want to remove. Use CTRL and SHIFT to select multiple items.

  3. Right-click the selection, and then click Delete.

 

Cloud Storage

Recovery Manager for Active Directory Disaster Recovery Edition provides the ability to set up and use dedicated cloud storage locations for backups. Cloud Storage, in combination with primary (Tier 1) storage options, ensure that your critical backups are always available in case of disaster.

By using Cloud Storage you can store your AD and BMR backups in the cloud ensuring that your backups are always accessible and protect your backup files with storage account properties such as immutability policies, and redundancy with different types of replication.

IMPORTANT

Use of Cloud Storage requires a Recovery Manager for Active Directory Disaster Recovery Edition license.

Requirements

  • Internet access available on the Recovery Manager for Active Directory console. A standard outbound HTTPS port 443 is used to upload data to Azure® Blob and Amazon S3 buckets.

  • Azure and/or Amazon S3 subscription(s) to create and manage both Azure Storage accounts and containers and/or Amazon S3 Storage accounts and buckets.

  • A method of creating and managing Azure and/or Amazon S3 Storage accounts, containers, buckets, and policies for the storage account (lifecycle, immutability and replication policies).

note

Recovery Manager for Active Directory does not create or provide management features of the storage account.

Best Practices

  • Recommend using immutable storage for your business-critical backups. By using immutable storage you can protect your backups from being overwritten or deleted. For further guidance on configuring immutability policies for containers reference Microsoft Azure documentation: Configure immutability policies for containers and for Amazon S3 documentation: Use Immutable Storage.

  • For high availability of your critical backups it is highly recommended to use geo-redundancy. For Azure Storage accounts there are two options: Geo-zone-redundant storage(GZRS) and Geo-redundant storage(GRS): Change how a storage account is replicated and for Amazon S3 Buckets there are two options: Cross-Region Replication (CRR) and Same-Region-Replication (SRR) Setting up replication.

  • To help identify immutable storage, a message will appear below the selected container, which if immutable states, Backups uploaded to an immutable storage container cannot be modified or deleted for a user-specified interval. By configuring immutable policies in (Azure Portal or AWS Management Console), you can protect your backups from overwrites and deletes.

  • Recommend minimum TLS version 1.2

NOTE

When an immutable S3 bucket is provisioned, it’s important to enable default retention for newly placed objects as immutability is not going to work immediately out of the box. There are two different retention modes which can be selected depending on project requirements:

Governance - Users with specific permissions, for example “s3:BypassGovernanceRetention”, can still delete data.

Compliance - No users can overwrite or delete data.

Once enabled, the setting will then apply to all files uploaded into the bucket.



User Scenario

Backup data for all domain controllers can be accumulated on primary storage, and at the same time, you can make a copy of your backup on Cloud Storage. If disaster strikes, you could lose your backups on the primary (Tier 1) storage and even your installation of Recovery Manager for Active Directory but your Cloud Storage will remain in place.

 

Adding Microsoft Azure Cloud Storage

To add Azure® Cloud Storage

  1. In the Recovery Manager for Active Directory console, click the Cloud Storage node.

  2. Click on the Add Storage button at the bottom of the Cloud Storage pane. The Add Cloud Storage dialogue box will now appear in the user interface.

  3. In the Storage Provider dropdown, select the Azure Blob Storage.

  4. Type an identifying name in the Display Name field. This name is used in the Recovery Manager console for the registered Azure cloud storage account and selected container.

  5. To register a cloud storage in Recovery Manager for Active Directory, specify the storage account connection string in the field Azure Storage Account Connection String. The connection string will be protected and will not be displayed.

    To retrieve your Azure® storage account connection string:

    • Log in to the Azure® portal.

    • Select your Storage account and navigate to Access keys under the Security + networking section.

    • Click on the Show keys and copy the Connection string.

    • In the Recovery Manager for Active Directory console, paste the Connection string in the Azure Storage Account Connection String field.

  6. Select the Container. The available containers in the Azure® Cloud Storage will be displayed in the drop down list for the connected storage account. Containers protected with an immutability policy will be displayed with (immutable) after the container name.

    note: To validate the connection to the correct Azure® storage account, compare the available containers in the drop down field on the Add Cloud Storage dialog with the created containers in the Azure® portal. In the Azure® portal, the Containers are listed under Data storage. RMAD support only with Container types. In the case a storage account has no containers, the dialog box will prompt you to create at least one container in the Azure® Portal, or specify a connection string to another storage account.

  7. Select one or more computer collections by selecting the checkbox by the computer collection name in the section Backups from selected collections will be copied to the cloud storage.

    Once a backup is created, the Active Directory® and BMR backups on primary storage (Tier 1) are copied to the registered and configured cloud storage container (Tier 2).

  8. Click OK.

 

Adding Amazon Web Services (AWS) Cloud Storage

To add an Amazon Web Services® (AWS®) Cloud Storage

  1. In the Recovery Manager for Active Directory console, click the Cloud Storage node.

  2. Click on the Add Storage button at the bottom of the Cloud Storage pane. The Add Cloud Storage dialogue box will now appear in the user interface.

  3. In the Storage Provider dropdown, select the Amazon S3 Storage.

  4. Type an identifying name in the Display Name field. This name is used in the Recovery Manager console for the registered AWS® cloud storage account and selected bucket.

    Note: An AWS Identity and Access Management (IAM) user account will be needed in advance to create and finalize the AWS bucket location. See IAM Access Keys for more information.

    To Create an IAM account:

    • Create an IAM user, see Creating an IAM user in your AWS account for details

    • Create or add a policy for the IAM User created above, that has at least the LIST and WRITE access to the S3 bucket where the RMAD backups are to be stored. This allows the account to see the intended bucket in the list and is able to write to that bucket. This ensures that the account has the minimum permissions necessary to perform the backups.

    • Note the user's access key ID and secret access key

    Note: To manage an IAM account or to generate a new access key for an existing user account see Managing access keys for IAM users for more information.

  5. In the Access Key ID enter the ID for the AWS® Cloud Storage IAM account you are using. See Access Key ID and Secret Access Key for more details.

  6. In the Secret Key enter the key to access the AWS® Cloud Storage. See IAM Access Keys for more details.

  7. Select the Container. The available buckets in the AWS® Cloud Storage will be displayed in the drop down list for the connected storage account. Containers protected with an immutability policy will be displayed with (immutable) after the container name.

  8. Select one or more computer collections by selecting the checkbox by the computer collection name in the section Backups from selected collections will be copied to the cloud storage.

    Once a backup is created, the Active Directory® and BMR backups on primary storage (Tier 1) are copied to the registered and configured cloud storage container (Tier 2).

  9. Click OK.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating