On Demand Recovery Current - Release Notes

About Quest On Demand Recovery

Release Notes

These release notes provide information about the Quest® On Demand Recovery release.

Topics:

About On Demand Recovery

Quest On Demand Recovery allows you to backup and restore Microsoft Azure Active Directory and Office 365 objects with their properties. These objects can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes. Using the granular restore, objects that were inadvertently deleted or modified can be recovered in a few minutes.

Key features of On Demand Recovery

  • Back up Azure Active Directory and Office 365 users, groups, contacts, service principals, conditional access policies and device information.

On Demand Recovery automatically backs up your directory on a regular basis.

  • Granular, selective restore of Azure Active Directory and Office 365 users, groups, service principals, conditional access policies, devices, inactive mailboxes for permanently deleted users.

Users, groups, service principals and devices can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes.

  • Backup and restore Azure Active Directory B2C users and groups

On Demand Recovery supports Azure Active Directory B2C tenants.

  • Restore users or Office 365 groups from Recycle Bin

Restore users and Office 365 groups that were inadvertently moved to Recycle Bin.

  • Cloud solution: backup snapshots are stored in the cloud.

On Demand Recovery does not require to install or maintain any additional software.

  • Comparison reporting

This feature lets you view differences between the selected backup and live Azure Active Directory or Office 365 and revert unwanted changes.

  • Integration with Recovery Manager for Active Directory

On Demand Recovery can be integrated with Recovery Manager for Active Directory 9.0 or higher to restore on-premises objects that were synchronized with cloud by Azure AD Connect.

 

Release History

Release 1.3.11 (2019/06/11)

New Features

Enhancement ID Description
RMAZ-1005 Now On Demand Recovery can backup memberOf attributes for service principal objects.

 

Previous releases

Release 1.3.10 (2019/06/04)

New Features

Enhancement ID Description
RMAZ-1036 On Demand Recovery restores permanently deleted Office 365 groups as Private by default.
RMAZ-1046 For service principals provisioned from Azure Gallery: On Demand Recovery restores attributes from the User Attributes & Claims section in the Single Sign-On with SAML configuration. For limitations, see Backup and Restore of Service Principal Objects.

Release 1.3.09 (2019/05/28)

New Features

Enhancement ID Description
RMAZ-1056 On Demand Recovery can restore a user that has been in Recycle Bin for more than 30 days and the user account has been permanently removed from the Microsoft Online directory. In this case, we perform restore of hard deleted user.
RMAZ-1059 Stability of the tenant list synchronization has been improved.

Release 1.3.08 (2019/05/23)

New Features

Enhancement ID Description
RMAZ-1055 On Demand Recovery supports Recovery Manager for Active Directory encrypted backups for hybrid restore.
RMAZ-1064 Audit events are added for backup tasks.

Release 1.3.07 (2019/05/21)

New Features

Enhancement ID Description
RMAZ-1045 On Demand Recovery can backup attributes from the User Attributes & Claims section in the Single Sign-On with SAML configuration (for service principals provisioned from Azure Gallery ).

Fixes

Issue ID Description
RMAZ-1060 Unpack or difference report task could fail with the error "Failed to collect live Azure AD data" due to slow start of the backup task. Now the backup startup timeout is increased to 10 minutes.
RMAZ-1018 The misleading error message may occur "Invalid user name and password" due to the DNS Server issue. Now this problem is resolved.

Release 1.3.06 (2019/05/07)

New Features

Enhancement ID Description
RMAZ-1020, RMAZ-999 On Demand Recovery supports restore of service principals provisioned from Azure Gallery for users that have the service account for the tenant. This account must have at least one of the following roles in Azure portal: Exchange administrator or User administrator. To make SAML SSO work after the restore of such service principal objects, you have to install the new certificate for the application.

Release 1.3.05 (2019/04/24)

New Features

Enhancement ID Description
RMAZ-830 More detailed information about MFA methods now is shown on the facet panel on the Unpacked objects view.

Release 1.3.04 (2019/04/16)

Fixes

Issue ID Description
RMAZ-1025 The Create backup option did not work on the main Dashboard view.

Release 1.3.03 (2019/04/11)

New Features

Enhancement ID Description
RMAZ-997 If a conditional access policy contains invalid data, On Demand Recovery shows a warning specifying which items were missing and restores the policy to the previous state.

Release 1.3.02 (2019/04/09)

New Features

Enhancement ID Description
RMAZ-1009
  • Restore of the companyName user attribute in the cloud-only scenario.
  • Restore of the following list of service principal attributes:
    • notificationEmailAddresses
    • preferredSingleSignOnMode
    • samlSingleSignOnSettings
RMAZ-992 From this release, restore of object application role assignments works faster. Now On Demand Recovery can use cache for fast lookup of links by source_object_id or target_object_id without using the entire backup.

Release 1.3.01 (2019/04/04)

Fixes

Issue ID Description
RMAZ-988 A mailbox was lost after the second restore of the permanently deleted user because we did not store history of NetID. Now On Demand Recovery keeps NetID data and the second restore operation will run correctly in this case.

Release 1.3 (2019/04/02)

Features

Enhancement ID Description
RMAZ-949 Support for backup and restore of Conditional Access policies for Azure Active Directory.
RMAZ-939 Changes related to Conditional Access policies are shown in the Differences report.
RMAZ-987 During restore of deleted Conditional Access policy, On Demand Recovery checks whether objects assigned to the policy exist in Azure Active Directory.
RMAZ-989 Conditional Policy objects are updated when restoring permanently deleted objects (users, groups).
RMAZ-990 Number of policy objects in the backup is displayed on the Backups tab.

Fixes

Issue ID Description
RMAZ-986 The Differences report did not show attribute changes when the last change was older than the last backup. Now the backup comparison functionality works correctly.

Release 1.2.97 (2019/03/21)

Enhancements

Enhancement ID Description
RMAZ-586 Support for backup of Conditional Access policies for Azure Active Directory.

Release 1.2.96 (2019/03/19)

Resolved Issues

Issue ID Description
RMAZ-977 Azure AD Connect matching issue: A duplicated user was created after restore of hard deleted hybrid user if this user had Office Mailbox before deletion.
RMAZ-981 In some cases, the Differences report could contain null attribute values.

Release 1.2.95 (2019/03/12)

Resolved Issues

Issue ID Description
RMAZ-967 Memory usage has been reduced with improving the caching algorithm.
RMAZ-973 Cannot unpack a backup or restore a user if MSOL data contain special symbols in the Unicode format. Now this issue is fixed.

Release 1.2.94 (2019/03/07)

Resolved Issues

Issue ID Description
RMAZ-954 Cannot add application assignments during hybrid restore of a group with the error: "Resource [GUID] does not exist or one of its queried reference-property objects are not present." Now On Demand Recovery retries the restore operation in this case and this resolves the issue.
RMAZ-971 Cannot backup MSOL data when parameter values contain special symbols in the Unicode format. Now this issue is fixed.

Release 1.2.93 (2019/03/05)

Resolved Issues

Issue ID Description
RMAZ-965 Some properties were not handled correctly during restore of owners with the errors like "Failed to remove the owner from the group ."

Release 1.2.92 (2019/02/28)

Enhancements

Enhancement ID Description
RMAZ-896 Performance of backup and unpack operations is improved for tenants with a lot of devices.
RMAZ-950 Added the Unpack service principals and devices option that is used to limit a scope of unpacked objects. If this option is not selected, the unpack operation will work faster and the Differences report will contain only changes related to users and groups. Otherwise, you will see changes related to users, groups, service principals and devices. For more details, see here.

Release 1.2.91 (2019/02/26)

Enhancements

Enhancement ID Description
RMAZ-928 With On Demand Recovery, now you can restore group owners from the Differences report.

Resolved Issues

Issue ID Description
RMAZ-944 On Demand Recovery cannot backup group owners for group with more than 20 owners. Now this issue is fixed.
RMAZ-948 Backup can fail if requests to MSOL API have timeout of more than 5 minutes and more than 5 retries are performed. Now the time limit and number of retries for requests to MSOnline are increased.
RMAZ-955 The error "Failed to unpack delta changes" occurred in the Differences report if the manager attribute was changed.

Release 1.2.90 (2019/02/14)

Resolved Issues

Issue ID Description
RMAZ-912 If the service user account specified in the Configure backup dialog is correct and you reopen the dialog, and then press Test connection, the previously saved password will be used and you will see the OK message. Otherwise, you will get an error message.
RMAZ-946 Now processing of large backups takes less time and works more stable for large directories.

Release 1.2.89 (2019/02/07)

Enhancements

Enhancement ID Description
RMAZ-933 Added the new option Show all changes to Azure AD objects in the Backup Unpacking dialog. If this option is not selected (by default), the unpack operation will work faster and the Differences report will contain only changes related to users, groups, membership and managers.
RMAZ-625 Now On Demand Recovery restores inactive mailboxes for permanently deleted users.

Release 1.2.87 (2019/01/31)

Enhancements

Enhancement ID Description
RMAZ-921 Now Recovery Audit Log contains information about customer activity.

Release 1.2.86 (2019/01/29)

Enhancements

Enhancement ID Description
RMAZ-882 Service principal owners can be restored from the Differences report.

Release 1.2.85 (2019/01/24)

Resolved Issues

Issue ID Description
RMAZ-872 Cannot backup an Azure tenant when more than 1000 users/groups are assigned to one directory role.

Release 1.2.84 (2019/01/15)

Enhancements

Enhancement ID Description
RMAZ-876 On Demand Recovery restores device information and navigation properties.
RMAZ-915 The "Test connection" link is not shown when the option Backup Multi-Factor Authentication settings is disabled.

Resolved Issues

Issue ID Description
RMAZ-906 Deleting a temporary file that is created when building the Differences report can cause an error.

Release 1.2.83 (2019/01/10)

Enhancements

Enhancement ID Description
RMAZ-880 User/group assignments to service principals can be restored from the Differences report.
RMAZ-896 Backup of service principal links and unpack for the Differences report work faster.

Release 1.2.80 (2018/12/18)

Resolved Issues

Issue ID Description
RMAZ-889 Now the Differences report works correctly if a user changes the passwordProfile attribute.
RMAZ-897 Performance of backup statistics is improved.
RMAZ-910 On Demand Recovery skips the Read-Only attribute userStateChangesOn.

Release 1.2.79 (2018/12/13)

Enhancements

Enhancement ID Description
RMAZ-632, RMAZ-640 User/group assignments to service principals can be restored from the Differences report.
RMAZ-881 On Demand Recovery tries to use both types of Azure tenant tokens - the token with user claims and without user claims.

Release 1.2.78 (2018/12/12)

Enhancements

Enhancement ID Description
RMAZ-892

Changes in the user interface: new widgets on the Dashboard view

  • New "backups" widget
  • New "backup configuration" widget
  • New "unpacked objects" widget
  • New "differences" widget

Release 1.2.77 (2018/12/06)

Resolved Issues

Issue ID Description
RMAZ-887 On Demand Recovery does not show the error "Cannot restore attributes" during the cloud restore of companyName and onPremDistinguishedName user attributes in hybrid configuration.

Release 1.2.76 (2018/12/04)

Resolved Issues

Issue ID Description
RMAZ-858 Now On Demand Recovery skips attributes that throw error 403 and continues the restore operation.

Release 1.2.75 (2018/11/29)

Enhancements

Enhancement ID Description
RMAZ-878 Number of device objects is shown in the backup statistics.

Release 1.2.74 (2018/11/27)

Enhancements

Enhancement ID Description
RMAZ-851 From this version, On Demand Recovery can back up device information.

Release 1.2.73 (2018/11/22)

Resolved Issues

Issue ID Description
RMAZ-859 Backup creation will be started immediately after the backup schedule is enabled.

Release 1.2.72 (2018/11/20)

Resolved Issues

Issue ID Description
RMAZ-849 If a user with an assigned role has been permanently deleted, two items are shown in the Difference report: role deletion and user deletion. Now in this case, On Demand Recovery supports restore of the linked object (role) from the Differences report.
RMAZ-850 On Demand Recovery skips links to dynamic groups.

Release 1.2.71 (2018/11/13)

Enhancements

Enhancement ID Description
RMAZ-785

On Demand Recovery traffic is protected from passive attacks by the following technologies:

  • TLS 1.2 is enforced
  • Key-agreement protocols are used
  • Anonymous Diffie-Hellman key exchange method is not used because it is susceptible to Man in the middle (MITM) attacks
RMAZ-843 On Demand Recovery audit logs are published to On Demand Core and can be provided by request.

Release 1.2.70 (2018/10/30)

Enhancements

Enhancement ID Description
RMAZ-797 Support for Read-access geo-redundant storage (RA-GRS) for the Disaster Recovery plan. For details, see https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs#read-access-geo-redundant-storage.
RMAZ-801 On Demand Recovery temporary storage is moved to a separate Locally Redundant Storage (LRS) account. This reduces our cost of storing temporary data, e.g. statistics and differences report data.

Resolved Issues

Issue ID Description
RMAZ-771 On Demand Recovery restores user ownership for groups when a user object is selected for restore.

Release 1.2.69 (2018/10/23)

Resolved Issues

Issue ID Description
RMAZ-740 If you unpack the backup that exists in the On Demand Recovery user interface but is removed from the Azure storage due to the retention policy, the unpack task will fail.
RMAZ-825 The Request package vulnerability CVE-2018-18074 is fixed.

Release 1.2.68 (2018/10/18)

Resolved Issues

Issue ID Description
RMAZ-829 Backup of MFA settings may fail if the specified administrator account is a member of at least one group. Now this issue is fixed.

Release 1.2.67 (2018/10/16)

Enhancements

Enhancement ID Description
RMAZ-788 Now On Recovery sends email notification when the account credentials that are used to backup MFA settings are invalid
RMAZ-803 On Recovery checks whether the account that is used to backup Multi-Factor Authentication settings is valid and has sufficient permissions.
RMAZ-821 On Demand Recovery restores email address or phone number that was specified as an authentication method for the Password Reset user option in Azure portal. For more details, see here.

Release 1.2.66 (2018/10/09)

Enhancements

Enhancement ID Description
RMAZ-773 On Demand Recovery now restores the 'owners' attribute for a group if you select the group for restore. Group ownership is not restored if you select a user.
RMAZ-784 On Demand Recovery does not retain credentials that are used to backup MFA settings if you delete a tenant or uncheck the Backup Multi-Factor Authentication settings option in the Configure backup dialog for the tenant.

Release 1.2.65 (2018/10/02)

Resolved Issues

Issue ID Description
RMAZ-704 Enchancements to restore of Multi-Factor Authentication (MFA) settings.
RMAZ-791 Now On Demand Recovery correctly displays tenant names that contain Unicode characters.
RMAZ-792 From this release, MFA attributes are displayed correctly in restore events.
RMAZ-800 Fixed the issue related to creation of the Differences report for old backups that contain MFA settings.

Release 1.2.64 (2018/09/25)

Enhancements

Enhancement ID Description
RMAZ-748 Enchantments related to compliance with ISO 27001 Control 8.2.

Release 1.2.63 (2018/09/20)

Enhancements

Enhancement ID Description
RMAZ-778

The "Backup MFA" column was added to the Manage backups and Create backup dialogs. This column indicates whether Multi-Factor Authentication settings are included in the tenant backup or not. NOTE: If the MFA backup failed (for example, if tenant admin credentials are incorrect), the backup task will have the Failed status.

Resolved Issues

Issue ID Description
RMAZ-781 Some issues with setting up the password for MFA backup were fixed.

Release 1.2.62 (2018/09/18)

Enhancements

Enhancement ID Description
RMAZ-702, RMAZ-703

Support the backup and restore of Multi-Factor Authentication (MFA) settings.

The Backup Multi-Factor Authentication settings option is located in the Configure backup dialog.

NOTE:

  • To backup MFA settings, tenant admin credentials are required.

  • Restore of MFA settings is performed using delegated token.

Release 1.2.61 (2018/09/11)

Resolved Issues

Issue ID Description
RMAZ-765 A task now can be started even if you experience some slowness in accessing WCF Relay.

Release 1.2.60 (2018/08/21)

Enhancements

Enhancement ID Description
RMAZ-753 Now On Demand Recovery creates four backups per day.

Resolved Issues

Issue ID Description
RMAZ-750 Differences report can be created for a backup that contains a service principal where several SAML signing certificates are configured and at least one of them is expired.

Release 1.2.59 (2018/08/14)

Enhancements

Enhancement ID Description
RMAZ-724 In this release, we have improved the overall stability of the application. Quest Identity Broker is no longer used for the product operations.
RMAZ-725 On Demand Recovery can backup service principals that own more than 1000 objects.

Release 1.2.58 (2018/08/03)

Enhancements

Enhancement ID Description
RMAZ-680 On Demand Recovery is moved to Azure Kubernetes Service cluster.

Resolved Issues

Issue ID Description
RMAZ-686 The role assignment event now shows the role name.
RMAZ-715 Restore of RoleAssigmets works fine for groups on the Objects view.

Release 1.2.57 (2018/07/24)

Enhancements

Enhancement ID Description
RMAZ-661 Support for Canada Region.
RMAZ-671 Azure Active Directory can be used for authentication to OnDemand Core.

Resolved Issues

Issue ID Description
RMAZ-682 On Demand Recovery restores appRolesAssignments property for user objects.

Release 1.2.56 (2018/07/18)

Resolved Issues

Issue ID Description
RMAZ-672 If you delete a tenant from OnDemand Core, the scheduled backup for this tenant will be stopped.
RMAZ-683 Refresh of the Difference report works fine for backups that contain 200 000 users or more.
RMAZ-685 On Demand Recovery restores appRoleAssignments for the user if this user had multiple role assignments.
RMAZ-689 Assignments of users to a service principal work even if the application was re-provisioned by a customer.

Release 1.2.55 (2018/07/10)

Resolved Issues

Issue ID Description
RMAZ-649 Now On Demand Recovery can unpack large backups that contain 200 000 users or more.

Release 1.2.54 (2018/07/03)

Resolved Issues

Issue ID Description
RMAZ-126 Now On Demand Recovery does not show the error when restoring a user that has membership in a dynamic group, e.g. "All Users".

Release 1.2.53 (2018/06/26)

Resolved Issues

Issue ID Description
RMAZ-673 Refresh of the Difference report failed with error "Failed to collect live Azure AD data". Now this issue is fixed.
RMAZ-674 A new customer could see the red On Demand Recovery widget with the message "Failed to get the tenant backup details."
RMAZ-677 Improved reliability of scheduled backups.
RMAZ-679 Improved stability of backup statistics for large backups (100000 users or more).

Release 1.2.52 (2018/06/15)

Enhancements

Enhancement ID Description
RMAZ-613 The Differences report shows changes to service principal objects.
RMAZ-623 Restore of administrator roles and links between service principals and users.
RMAZ-624 Restore of delegated permissions for service principals.
RMAZ-626 Number of service principal objects is shown in the backup statistics.
RMAZ-651 Backup of service principal properties.
RMAZ-652 Backup of administrator roles and links between service principals and users.
RMAZ-654 Restore of permanently deleted service principal objects and its properties from the Objects view.
RMAZ-655 Restore of service principal delegated permissions from the Objects view.
RMAZ-656 Restore of user and group assignments from the Objects view.
RMAZ-657 Backup of service principal delegated permissions.
RMAZ-658 Backup of service principal user and group assignments.
RMAZ-660 Restore of administrator roles assigned to service principal users from the Differences report.
RMAZ-663 Restore of an application from Recycle Bin before creating the service principal object.

Resolved Issues

Issue ID Description
RMAZ-620 Restore of hybrid hard deleted groups: cloud membership is applied after Azure AD Connect re-creates the group.
RMAZ-627 Events that are generated if there were no backups for the last 24 hours now have correct time stamps. The number of such events is reduced.
RMAZ-643 Security: improvements to the isolation of customer data.
RMAZ-653 Performance improvements for the Differences report.

Fore more details about restoring of service principal objects, please see Back up and Restore Service Principal Objects.

Release 1.2.51 (2018/05/08)

Enhancements

Enhancement ID Description
RMAZ-618 The details panel may contain links.

Release 1.2.48 (2018/04/10)

Resolved Issues

Issue ID Description
RMAZ-598 Restore may hang when sending a request to Microsoft Graph.
RMAZ-599 Restore failed if there is no connection to Quest Migration and Management Platform.

Release 1.2.47 (2018/04/03)

Enhancements

Enhancement ID Description
RMAZ-550 Now Recovery Manager for Azure AD checks that all enabled backups are actually running. If there are no backups within the last 24 hours, the customer will receive the event.
RMAZ-546, RMAZ-574 AWS Systems Manager Parameter Store is no longer used to store RMAZ configuration data. Now the data is stored in Kubernetes cluster in Azure Container Servces (ACS).

Resolved Issues

Issue ID Description
RMAZ-588 The backup operation may hang when sending a request to Delta API.
RMAZ-579 RMAZ did not send any notifications about failed backups. Now you can find the event in the event log.

Release 1.2.46 (2018/03/21)

Enhancements

Enhancement ID Description
RMAZ-573 Encryption at rest for 100% of customer backup data including unpacked backups and the Difference report objects.
RMAZ-573 Better scalability, reliability and maintainability given by Azure Container Services (compare to single machine Swarm configuration).
RMAZ-573 Quotas and limits guarantee CPU and Memory resources for each customer and prevent mutual influence.
RMAZ-531 Each Azure AD scheduled snapshot is started at exact 0:00 of every hour – so we have exactly 24 snapshots per day and clear time for each (old implementation had always less than 24 snapshots per day and it depended on backup duration).
RMAZ-489 Geo redundant Azure storage for customer backups - data is durable even in the case of a complete regional outage or a disaster (https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#geo-redundant-storage).
RMAZ-447 Attributes that can be restored / not restored by On Demand Recovery are listed in the "How does On Demand Recovery handle object attributes?" section of User Guide.
RMAZ-530 Backups and backup statistics for On Demand Widget is moved to the Azure Container Service cluster.
RMAZ-490 Support of customer Azure Blob Storage account for backups.

Resolved Issues

Issue ID Description
RMAZ-477 Local users are matched before the restore operation to avoid duplications after restoring hard deleted users.
RMAZ-478 Social users are matched before the restore operation to avoid duplications after restoring hard deleted users.

Release 1.1.42 (2017/12/26)

Enhancements

Enhancement ID Description
RMAZ-421
  • Added the User Type facet on the Objects view.
    Possible user types:
    • Work or School
    • Hybrid
    • B2B Guest
    • B2C Local
    • B2C Social
  • Added a new column 'User Name' on the Objects view. This column contain additional information about users:
    • mail attribute for Guest users
    • first element in otherMails attribute for social users
    • first element in signInNames for local users
    • userPrincipalName for other users
    • empty value for non-users

Resolved Issues

Issue ID Description
RMAZ-425 The Events view showed inconsistent information.
RMAZ-454 Increased stability of backups in case of errors from external services.
RMAZ-465 Some data may be unavailable in the Differences view due to the errors with a backup.
RMAZ-470 The backup task that was created in the root scope is not shown in the tenant scope.
RMAZ-473 Tasks might hang in the "Starting" after the production upgrade due to non-provisioned resources.

Release 1.1.41 (2018/03/01)

Enhancements

Enhancement ID Description
RMAZ-562 On Demand Recovery is synchronized with the latest version of Quest Migration and Management Platform.

Release 1.1.40 (2017/12/15)

Enhancements

Enhancement ID Description
RMAZ-418 Azure Active Directory B2C: Now permanently deleted users are distinguished from soft deleted (moved to Recycle Bin) users in the Differences view.

Resolved Issues

Issue ID Description
RMAZ-450 Azure Active Directory B2C: Now the application correctly processes hard deleted social accounts.
RMAZ-453 Azure Active Directory B2C: Fixes to the "restore of social accounts" feature: Now the 'userIdentities' attribute and other multi-valued attributes are restored.
RMAZ-428 Fixes to the unpack operation.
RMAZ-456 Now more attempts are made to read the backup data.

Release 1.1.38 (2017/12/12)

Enhancements

Enhancement ID Description
RMAZ-469

Now the 'details panel' shows different content depending on the type of task.

  • For the Backup task, the panel does not show 'creation' and 'last modification' time.
  • For the Diff restore task, if you click on the task status, the Differences view will be opened.

Release 1.1.37 (2017/12/07)

Enhancements

Enhancement ID Description
RMAZ-438 Azure Active Directory B2C: Now the progress bar shows the actual backup progress.

Release 1.1.36 (2017/11/28)

Enhancements

Enhancement ID Description
RMAZ-424, RMAZ-436 Azure Active Directory B2C: The functionality of the Differences view is available for Azure AD B2С tenants.
RMAZ-433 Azure Active Directory B2C: Support for backup and restore of Azure AD B2C local accounts.
RMAZ-439 Now the backup task contains information about the backed-up tenant.

Release 1.1.35 (2017/11/27)

Enhancements

Support for backup and restore of Azure Active Directory B2C tenants - PREVIEW.

Limitations:

  • Difference view is not implemented yet

  • Restore of hard deleted local accounts and social accounts is not implemented yet.

Resolved Issues

Issue ID Description
RMAZ- 441 Azure Active Directory B2C: A customer gets the error message and an email notification if the backup was not created.

Release 1.1.34 (2017/11/27)

Resolved Issues

Issue ID Description
RMAZ- 407 Shows the 'Packed' / 'Unpacked' backup status on the Backups view.

Release 1.1.33 (2017/11/23)

Enhancements

Enhancement ID Description
RMAZ-241 Added the error event that indicates that a backup was not created for the tenant.
RMAZ-363 Added new facets for the Objects view: 'Tenant', 'Backup', 'Type', 'User type' and 'AAD Connect' status.
RMAZ-390 Azure Active Directory B2C: Now On Demand Recovery can backup all types of groups and group membership for Azure AD B2C.
RMAZ-391 Azure Active Directory B2C: Support for backup of Azure AD B2C users.
RMAZ-415 Azure Active Directory B2C: Support for backup statistics for Azure AD B2C (number of users, groups, etc).
RMAZ-416 Azure Active Directory B2C: Backup and restore of the Manager attribute for Azure AD B2C.

Resolved Issues

Issue ID Description
RMAZ-427 Now the Refresh task on the Differences screen works correctly if 'jobtitle' was changed.

Release 1.1.32 (2017/11/22)

Enhancements

Enhancement ID Description
RMAZ-408 Added the Create backup button on the Dashboard view.

Resolved Issues

Issue ID Description
RMAZ-409 Now the Refresh task on the Differences view fails if some data cannot be uploaded to Migration and Management Platform.

Release 1.1.31 (2017/10/27)

Enhancements

Enhancement ID Description
RMAZ-381 Now customers are notified about failed backups by email.

Resolved Issues

Issue ID Description
RMAZ-380 Hybrid restore may fail when there are too many per-object errors.

Release 1.1.30 (2017/10/26)

Enhancements

Enhancement ID Description
RMAZ-366 The new Backups view is introduced in the user interface. This view shows a list of backups that were created for the tenant.
RMAZ-370 Now Ireland WCF Relay for EU region is used instead of Amsterdam WCF Relay.
RMAZ-194 The Tenant column is added to the grid on the Differences view.

Release 1.1.29 (2017/10/25)

Enhancements

Enhancement ID Description
RMAZ-82, RMAZ-83 Security headers have been updated.

Resolved Issues

Issue ID Description
RMAZ-369 Stability improvement for hybrid restore: a large number of objects (>400) can be restored.
RMAZ-342 Now On Demand Recovery stops the restore operations if on-premises restore has been failed.

Release 1.1.28 (2017/10/18)

Enhancements

Enhancement ID Description
RMAZ-371 Version of Recovery Manager Portal is shown in the hybrid restore events.
RMAZ-376 Now you can acknowledge (hide) events which are not actual anymore. If you use the Acknowledge option on the Events view, the status of the selected events is changed from 'Current' to 'Obsolete'. To view the list of obsolete events, click Obsolete on the left side of the Events screen.

Resolved Issues

Issue ID Description
RMAZ-362 On Demand Recovery tried to apply wrong set of attributes to the cloud after restoring a large number of on-premises objects. Now this issue is fixed.
RMAZ-375 Now On Demand Recovery can restore a large number (more than 400 objects) of cloud objects with no errors.

Release 1.1.27 (2017/10/16)

Enhancements

Enhancement ID Description
RMAZ-78 On Demand Recovery restores attributes of on-premises groups.
RMAZ-290 Now restore of multiple objects works faster.

Release 1.1.26 (2017/10/12)

Enhancements

Enhancement ID Description
RMAZ-300 The current status of the Refresh task is shown on the Differences view.
RMAZ-321 From this release, On Demand Recovery can restore directReports attributes.

Resolved Issues

Issue ID Description
RMAZ-181 Now attribute lists are separated for different tenants.
RMAZ-261 From this release, object attributes from different backups can be restored from the Differences view.
RMAZ-135 On Demand Recovery can restore hybrid objects which are synchronized by Azure AD Connect.
RMAZ-330 Restore of group membership works correctly in hybrid configuration.

Release 1.0.25 (2017/10/04)

  • Minor fix for icons

  • Added link to the online documentation in the Create hybrid connection dialog

Release 1.0.24 (2017/10/04)

  • Hybrid restore fixes and improvements

Release 1.0.23 (2017/09/20)

  • Fixes for jobTitle, companyName attributes in hybrid restore

  • Restore of memberOf attribute from the Objects view in hybrid restore

Release 1.0.22 (2017/09/14)

  • The beta version of the RMAD hybrid restorefeature has been deployed

  • New version of Quest Migration and Management Platform (QMMP) has been deployed

Release 1.0.21 (2017/08/31)

  • Restore of on-premises groups and its attributes (RMAD hybrid restore).

  • On Demand Recovery now shows events related to hybrid restore.

  • Changes to on-premises objects are synchronized automatically by Azure AD Connect after the restore operation.

  • On-premises attributes mapping is improved.

Release 1.0.20 (2017/08/18)

  • Restore of on-premises deleted users from the Objects view (RMAD hybrid restore).

  • Manager ID attribute can be restored.

  • Automated Azure Relay provision for customer.

Release 1.0.18 (2017/08/11)

  • Hybrid restore from the Objects view.

Release 1.0.16 (2017/08/01)

  • Fix: No information about what backup has been unpacked.

Release 1.0.15 (2017/07/28)

  • Personally identifiable information (PII) was removed from logs.

Release 1.0.13 (2017/07/05)

  • Fixes related to data retention.

  • Improved stability for network errors.

Release 1.0.12 (2017/06/30)

  • Shows the warning message if the Admin Consent is not granted.

  • Other fixes related to Admin Consent.

  • Support for the Ireland data center.

Release 1.0.11 (2017/06/19)

  • Fixes related to the public API.

Release 1.0.10 (2017/06/07)

  • Improved web application security.

Release 1.0.9 (2017/06/01)

  • Fixes related to unpacking of large backups.

Release 1.0.8 (2017/05/30)

  • Now the unpacking operation works faster: 20 minutes for 500 K backup

Release 1.0.7 (2017/05/30)

  • Fixes related to the New Object count in the Comparison report.

Release 1.0.6 (2017/05/26)

  • Lambda constants were changed to work with large backups.

Release 1.0.5 (2017/05/24)

  • New timeouts related to task status are set to not report the Failed status in case of healthy backup.

  • Backup tracking interval was changed from 3 to 24 hours.

Release 1.0.4 (2017/05/04)

  • Added additional tests for the Comparison report and restore process.

Release 1.0.3 (2017/05/02)

  • Old backups that were created earlier than 3 or 4 days ago are unpacked faster. Now we use our own backup comparison instead of Azure AD delta.

Release 1.0.1 (2017/04/20)

  • Added the Comparison Report feature that let you view differences between the selected backup and Live Azure Active Directory.

  • Large backups (200-400K objects) can be unpacked and restored faster.

  • On Demand Recovery restores Office 365 license attributes.

  • On Demand Recovery restores deleted Office 365 groups from Recycle Bin.

  • Objects can be restored from the Comparison report.

  • Office 365 license attributes can be restored from the Comparison report.

  • Group links can be restored from the Comparison report.

  • Hide added and deleted objects from the Comparison report.

  • Restore operations can be performed in Objects and Comparison report in parallel.

Release 1.0 (2017/03/01)

  • New public URL https://quest-on-demand.com and integration with the Quest On Demand products family, added also for the Backup Stats widget.

Release 0.0.13 (2016/11/28)

  • Users that are deleted from Recycle Bin can be restored including group membership and attributes.

  • A spinning wheel is displayed during login and initialization operations (10-20 sec) when a user comes to the On Demand Recovery main page.

  • Added PROTO Comparizon Report that shows difference between backup and live Azure Active Directory. The feature is available by request.

  • Support for the userPrincipalName attribute recovery (mail and proxyAddresses attributes will also be updated by Azure Active Directory automatically).

  • On Demand Recovery shows attributes and values which were applied during the restore operation in the restore event - for better troubleshooting.

Release 0.0.12 (2016/11/10)

  • Now you can restore deleted Office 365 groups.

  • Multi-level group nesting. Now you can restore groups containing group with member containing another group.

Release 0.0.11 (2016/10/27)

  • On Demand Recovery uses differential API for backup:

    • Support for large directories with many links (400 K objects).

    • Backup format is changed.

Release 0.0.10 (2016/10/13)

  • Restore membership for the nested groups (one-level nesting).

Release 0.0.9 (2016/10/13)

  • Restores deleted security (not mail enabled) groups with membership.

Release 0.0.7 (2016/9/27)

  • Product scalability and customer capacity are improved.

Release 0.0.6 (2016/09/21

  • Added the "text copy" browser feature in dialog grids like the Manage Directories dialog.

Release 0.0.5 (2016/09/15

  • On Demand Recovery lets you back up large tenants: ~400 K objects (users and groups).

Release 0.0.4 (2016/09/13)

  • Administrator credentials are no longer required for restoring users from Recycle Bin.

Release 0.0.3 (2016/09/04)

  • The Beta Test Agreement confirmation is shown after the login screen.

  • Slack channel invitation is sent automatically to customers.

Release 0.0.2 (2016/08/15)

  • On Demand Recovery registers customer tenants using multi-tenant application; support for Office 365 tenants.

Release 0.0.1 (2016/07/24)

  • Validate On Demand Recovery access permissions.

  • Allow access only for approved Quest Software accounts (white list).

  • Now you can back up and restore selected attributes for users.

  • You can back up and restore groups using On Demand Recovery.

  • Restores deleted users from Recycle Bin users.

  • On Demand Recovery offers simple charts for Active Directory objects - objects by type, by backup date, by tenant.

 

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

General known issues

Issue ID Known Issue
RMAZ-18 If you restore two groups which are members of the third group which was deleted, the third group can be duplicated after the restore operation. This issue is applied only to non-Office Groups which support nesting. For possible workarounds, see the Workarounds section below.
RMAZ-128 On Demand Recovery converts distribution lists and Mail-enabled security groups to Office 365 groups during recovery. If you have nested distribution lists, they will not be restored.
RMAZ-129 On Demand Recovery does not back up and does not store user passwords.
RMAZ-130 On Demand Recovery does not support restore of Contact objects.
RMAZ-120 On Demand Recovery does not support restore of dynamic groups (the feature of Azure AD Premium). If a user tries to restore dynamic group, the application will restore it as non-dynamic with all explicitly applied members.
RMAZ-127 Explicit (granted directly to a user, not inherited via group membership) permissions are lost after restore of permanently deleted users or groups.
RMAZ-464 On Demand Recovery does not restore Applications for users and groups.
RMAZ-136 Restore of changed user mail attributes such as mail, proxyAddress, targetAddress is not supported. These attributes are restored correctly if you restore the deleted object from Recycle Bin.
RMAZ-137 On Demand Recovery does not restore an Office 365 mailbox (either for user or for Office group) if it was permanently deleted.
RMAZ-138 On Demand Recovery does not restore user's Photo (thumbnailPhoto attribute).
RMAZ-139 On Demand Recovery does not restore Contact Authentication attributes: Authentication Email, Alternate Authentication Email, Authentication Phone, Alternate Authentication Phone.
RMAZ-141 On Demand Recovery does not restore multi-factor authentication settings for users.
RMAZ-174 On Demand Recovery does not restore Distribution List members with the error "Status: 400, Code: Request_BadRequest. Details: Unable to update the specified properties for objects that have originated within an external service".
RMAZ-252 Only for Hybrid restore: Granular restore of object membership from the Differences view is not supported. For possible workarounds, see the Workarounds section below.
RMAZ-262 On Demand Recovery supports one hybrid connection per the On Demand organization. If you need to manage multiple hybrid tenants, create a separate On Demand organization for each Hybrid Azure AD tenant.
RMAZ-270 If two users perform the unpack operation simultaneously with the selected "Clear objects" option in the same On Demand organization, one of the processed backups will not be unpacked (or will be partly unpacked). For possible workarounds, see the Workarounds section below.
RMAZ-273 Old backups (backups that were created before you remove the tenant) are not shown in the On Demand Recovery user interface if the same tenant was removed and then added again. If you need to unpack, restore or delete old backups, please contact Quest Support.
RMAZ-279 InTune policies are not supported by On Demand Recovery.
RMAZ-308 Some attributes of on-premises objects (e.g. "ipPhone","pager","info","homePhone") are mapped by Azure AD connect but are not shown in the Differences view and cannot be applied to the cloud users. On Demand Recovery restores these attributes for on-premises objects.
RMAZ-309 On Demand Recovery shows expired backups that were deleted. If you select the expired backup to perform the restore operation, you will get the "Internal error in lambda restoreAttributes" error.
RMAZ-311 Cannot download hybrid credentials with the Error 404 "Not found". This issue may occur if you try to get credentials right after the registration - it takes about one minute to create the Relay credentials.
RMAZ-315 Backup task does not check the Admin consent status, but if the Admin consent is not granted for the tenant, the following error occurs: "The identity of the calling application could not be established."
RMAZ-335 The usageLocation attribute may not be restored if license attributes were not selected together with usageLocation for restore.
RMAZ-338 On Demand Recovery does not show the proxyAddresses attribute in the Differences view.
RMAZ-352 The restore operation from the Differences view may fail if you run Refresh before the restore operation is completed.
RMAZ-354 Incorrect (empty) object count in the "details panel" of the Restore from Diff task.
RMAZ-355 If the same on-premises object is selected in different unpacked backups on the Objects view, On Demand Recovery will perform the hybrid restore of the object on the first selected backup date.
RMAZ-358 If multiple objects are selected for restore and there is Directory Synchronization Service Account among them, the restore operation will fail for all objects with the error "Failed on-premise restore. Error: Value cannot be null".
RMAZ-359 On Demand Recovery does not backup and restore openTypeExtension attributes. For more details about openTypeExtension, see https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/opentypeextension.
RMAZ-360 On Demand Recovery does not backup and restore schemaExtension attributes.
RMAZ-373 Hybrid restore (from Objects or Differences view) uses attribute values from the on-premises backup. So, these values may be different from the corresponding values shown in the Differences or Objects view.
RMAZ-374 One instance of Recovery Manager Portal can be used with one Azure AD tenant and one Azure AD Connect server. Install multiple RMAD web portals if you need to work with multiple Azure AD tenants and Azure AD connect servers.
RMAZ-405 If you enable Azure Multi-Factor Authentication (MFA), you should regrant Admin Consent for the On Demand Recovery module. Otherwise, you will get the following error during the restore operation: "Failed to refresh access token. StatusCode: 400. ErrorCode: interaction_required. Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access".
RMAZ-457 Restore of the usageLocation cloud attribute does not work for the "Exchange Hybrid" scenario.
RMAZ-471 A password is not restored for hard deleted users (work, school, local, guest accounts). In this case, the user needs to reset the password.
RMAZ-472 Object IDs are not preserved when you restore hard deleted users (work, school accounts, B2C local accounts, guest or B2B, B2C social accounts) or groups.
RMAZ-485 Failed to restore the hybrid cloud user that was permanently deleted if Azure AD Connect cannot synchronize the newly created user from the on-premises Active Directory to the cloud. For possible workarounds, see the Workarounds section below.
RMAZ-542 Actual for hybrid configuration only: After restore of permanently deleted objects, these objects are still shown as permanently deleted in the Differences report along with the recreated objects.
RMAZ-566 On Demand Recovery does not support backup and restore of Azure Active Directory tenants created in Azure Germany, China or U.S. Government.
RMAZ-576 Restore of more than 10000 objects using one task is not supported.
RMAZ-595 On Demand Recovery does not support backup of application certificate settings.
RMAZ-690 If a user does not have the service account for the tenant, On Demand Recovery cannot restore permanently deleted service principals provisioned from Azure Gallery. For possible workarounds, see the Workarounds section below.
RMAZ-720 Cannot restore cloud attributes for a permanently deleted user in hybrid scenario after the user was recreated by Azure AD Connect. The following error will arise: "Another object with the same value for property userPrincipalName already exists "
RMAZ-721 On Demand Recovery cannot restore the onPremisesDistinguishedNam property for permanently deleted users in hybrid scenario. In this case you will get the following error message: "Property 'onPremisesDistinguishedName' is read-only and cannot be set" error.
RMAZ-726 On Demand Recovery does not restore owners for service principals.
RMAZ-777 On Demand Recovery does not restore MFA authentication methods for a hard deleted user if the mobile application was assigned to this user. NOTE: If any of the following Voice Call/SMS/Office Phone was set up as an authentication method for a user, On Demand Recovery will restore all MFA data for this user.
RMAZ-779 On Demand Recovery does not support MFA enabled accounts for backup creation. To set the account password to never expire, use the following PowerShell command: Set-MsolUser -UserPrincipalName <name of the account> -PasswordNeverExpires $true For more details, refer this article https://support.office.com/en-us/article/set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466
RMAZ-798 If you restore a permanently deleted user with the enabled Self-Service Password Reset option, Multi-Factor Authentication methods will be displayed as not verified after restore.
RMAZ-819 On Demand Recovery cannot restore otherMail, mobile, telephoneNumber attributes with the following error: "Cannot restore attributes. Details: Insufficient permissions to complete the operation". For possible workarounds, see the Workarounds section below.
RMAZ-827 If you get the error "DeltaLink older than 30 days is not supported" during the unpack operation, create a new backup before you unpack the backup that is older then 30 days.
RMAZ-907 Hubryd restore may fail with the following error in Recovery Manager Portal: "The ChannelDispatcher at 'sb://backupaad-rmaz-hybrid-us.servicebus.windows.net/org-f555beae-38fa-4d0a-b502-08c4b93b01da' with contract(s) 'HybridRestoreServiceContract' is unable to open its IChannelListener". For possible workarounds, see the Workarounds section below.
RMAZ-931 If you get the error "[Hybrid Module] Failed on-premise restore. Error: Remote connection to AAD Connect: The specified module 'ADSync' was not loaded because no valid module file was found in any module directory.", the Import-Module ADSync command may not work correctly on the Azure AD Connect host. For possible workarounds, see the Workarounds section below.
RMAZ-998 On Demand Recovery does not restore the conditional access policy "Baseline policy: Require MFA for admins".
Workarounds
RMAZ-18

To avoid this issue, the user needs either to restore groups one by one (order is not important) or restore all of them at once.

RMAZ-252

Go to the Objects view, find the group that you want to restore and select the member attribute in the attribute list to restore links.

RMAZ-270

Do not select the "Clear objects" option. Also, the restore operation may fail if the user is trying to unpack the backup that is currently processed by another user.

RMAZ-485

Force Azure AD Connect initial synchronization to fix this issue, then restart the restore operation.

RMAZ-690
  1. Install the corresponding application from Azure Gallery once again to re-create the service principal object.

  2. Install SSL certificates for the application.

  3. Configure single sign-on (SSO) options for the service principal (if any).

  4. After that, On Demand Recovery will be able to apply properties from the backup.

RMAZ-819

You should explicitly grant one of the following role to the service principal object: Helpdesk Administrator, User Administrator or Global Administrator. For that, use the following PowerShell commands:

Get the service principal for which Admin Consent was granted in On Demand Core
$principal = Get-AzureADServicePrincipal -SearchString "Quest On Demand - Recovery"

Get the required role from Azure AD
$role = Get-AzureADDirectoryRole | Where-Object {$_.DisplayName -eq 'Helpdesk Administrator'} $role

Assign the role to the service principal
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $principal.objectId

Ensure that the role is assigned
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId

For more details, refer https://blogs.msdn.microsoft.com/aaddevsup/2018/08/29/how-to-add-an-azure-ad-role-to-a-enterprise-application-service-principal/.

RMAZ-907

Restart the Recovery Manager Portal service.

RMAZ-931
  • Make sure that Import-Module is available globally on the Azure AD Connect host.

-OR-

  • Сopy the AADSync.psm1 file manually from the Recovery Manager Portal machine to the PowerShell default folder on the Azure AD Connect host.

Quest Migration and Management Platform known issues

Issue ID Known Issue
QMMP-74 You may see a "white screen" instead of spinning preloader when starting On Demand Recovery.
QMMP-130 The "Select all" option does not work properly in the "Select attributes" dialog that opens when you click Browse in the Restore Objects dialog. If you select the "Select all" check box, all attributes will be selected, but will not be restored.
QMMP-142 Invalid sorting of data by 'Task Name' and 'Object Name' fields in the Events view.
QMMP-159 Resizing issue: Shows gray overlay on small displays when the side bar was initially in the expanded state.
QMMP-177, QMMP-182 Scrolling hangs if there are more than 10000 objects in a list. Workaround: Use sorting or filtering option to narrow your search scope.
QMMP-184 The timelines on the Events and Backups show incorrect results if you select an interval in the timeline and then click any date range link on the left side of the screen.
QMMP-201 If you work with Internet Explorer 11, dialogs launched from the Differences and Dashboard screens may show controls from the lower layer. Workaround: Resize the browser window.
QMMP-221 Details panel on the Objects view shows tasks in a random order.
QMMP-228 On the Dashboard view, if you click on any specific status in the objects widget, you will be redirected to the Objects view with this status as a filter. Then, if you go back to Dashboard and click on the widget title (total number of objects), you will be redirected to Objects with the previous status filter.

 

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents