Chat now with support
Chat with Support

Disaster Recovery for Identity Current - for Active Directory User Guide

Organizations and Regions

When you sign up for the On Demand service for the first time, you create an organization and you are granted the On Demand Administrator role. You can add additional organizations and administrators.

When selecting a region for an organization, this indicates where all Disaster Recovery for Identity for Active Directory services are running as well as the region for backup storage.

For more information about managing your organization see Managing organizations and regions in the On Demand Global Settings User Guide.

Access Control

Quest On Demand uses the Role-based Access Control (RBAC) security policy that restricts information system access to authorized users. Your Quest On Demand organization comes configured with a number of default roles which cannot be changed, but subscribers can create custom roles with the permissions to perform needed operations on the assets of the organization.

If you are the On Demand administrator or the owner of the subscription, you can add users to an existing organization and assign the required roles. If you are not the subscription owner or administrator, contact your On Demand administrator for access.

For more information on assigning roles, see Adding users to an organization in the On Demand Global Settings User Guide.

 

Roles and Permissions in On Demand

This section lists the minimum user account permissions required to perform specific Disaster Recovery for Identity for Active Directory tasks. Listed below are the role definitions and their associated permissions for Disaster Recovery for Identity for Active Directory. For more on roles in On Demand, go to Access Control: Roles section in the On Demand Global Settings User Guide.

Role definitions and permissions for Disaster Recovery for Identity for Active Directory

  • Recovery for AD Viewer: The Recovery for AD Viewer role allows read only access to all areas of Recovery for Active Directory.
    • Can View All
  • Recovery for AD Backup Operator: The Recovery for AD Backup Operator role allows to set up and manage backups and backup-related operations.
    • Can View All
    • Can Manage Backups
  • Recovery for AD Restore Operator: The Recovery for AD Restore Operator role allows to manage all backup and recovery operations.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
  • Recovery for AD Administrator: The Recovery for AD Administrator role allows full access to Recovery for Active Directory.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
    • Can Run Forest Topology Discovery
    • Can Manage Domain Controller Agents
    • Can Manage Environments
    • Can Configure Agents
    • Can Export Data: Recovery
    • Can Read Access Control Roles
    • Can Read Activity Trail: Recovery
  • Recovery Administrator: The Recovery Administrator role allows full access to both Recovery for Active Directory and Recovery for Entra ID.
    • Can View All
    • Can Manage Backups
    • Can Manage and Verify Recovery Plans
    • Can Run Recovery
    • Can Run Forest Topology Discovery
    • Can Manage Domain Controller Agents
    • Can Manage Environments
    • Can Configure Agents
    • Can Export Data: Recovery
    • Can Read Access Control Roles
    • Can Read Activity Trail: Recovery

 

Permission definitions

The following table describes each permission used in Disaster Recovery for Identity for Active Directory.

Permission Description
Recovery for AD: Can View All View all areas of Disaster Recovery for Identity for Active Directory.
Recovery for AD: Can Manage Backups Manage Backup Plans and backups, including starting, pausing and canceling backup tasks.
Recovery for AD: Can Manage and Verify Recovery Plans Run and manage Recovery Plans and recovery, including starting, pausing and canceling recovery and verification tasks.
Recovery for AD: Can Run Recovery Ability to start, pause and cancel recovery tasks.
Recovery for AD: Can Run Forest Topology Discovery Ability to run, pause and cancel topology discovery.
Recovery for AD: Can Manage Domain Controller Agents Ability to download, install and upgrade Domain Controller (DC) agents, as well as starting, pausing and canceling agent tasks.
Recovery for AD: Can Manage Environments Ability to add a new or modify an existing environment.

Working with Disaster Recovery for Identity for Active Directory

This section provides step-by-step instructions for how to start using Disaster Recovery for Identity for Active Directory.

  1. Go to Quest On Demand and sign up for Quest On Demand. For more details, refer to Sign up for Quest On Demand.
  2. To launch Disaster Recovery for Identity for Active Directory, click Recover on the left pane, then click Active Directory. The Environments screen opens.

Below is a general overview of the steps required to successfully utilize Disaster Recovery for Identity for Active Directory:

  1. Deploy Hybrid Agents on the standalone or domain-joined server connected to the forest you wish to backup and restore.
  2. Add the Active Directory forest into Disaster Recovery for Identity for Active Directory by creating an environment and selecting the Hybrid Agent.
  3. Discover Forest Topology and install Domain Controller Agents on the domain controllers you wish to backup.
  4. Create Backup Plans and schedule regular backups of the domain controllers.
  5. Create a Recovery Plan that will be used in case of disaster.
  6. Verify the Recovery Plan on regular basis to find any potential issues with the plan.
Related Documents
Disaster Recovery for Identity - Current
for Active Directory Release Notes
for Active Directory Security Guide
for Active Directory User Guide
Release Notes
Security Guide
User Guide
Showing 1 to 6 of 6 rows

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating