The General tab displays general information about the selected backup.
The Components tab displays a list of the System State components the backup includes.
The Backed up components box lists the system components included in the backup. In the list, each entry includes the following fields:
|
Note: From version 8.8, Recovery Manager for Active Directory supports environments with disabled NTLM authentication and the Protected Users security group. |
The table below lists the minimum user account permissions required to perform some common tasks with Recovery Manager for Active Directory.
Table 3: Minimum permissions
Task | Minimum permissions |
---|---|
Install Recovery Manager for Active Directory |
The account must be a member of the local Administrators group on the computer where you want to install Recovery Manager for Active Directory. If during the installation you specify an existing SQL Server instance, the account with which Recovery Manager for Active Directory connects to that instance must have the following permissions on the instance:
|
Open and use the Recovery Manager Console |
The account must be a member of the local Administrators group on the computer where the Recovery Manager Console is installed. The account must also have the following permissions on the SQL Server instance used by Recovery Manager for Active Directory:
|
Preinstall Backup Agent manually | The account you use to access the target computer must be a member of the local Administrators group on that computer |
Upgrade Backup Agent | |
Discover preinstalled Backup Agent instances |
The account used to access the target domain controllers must:
|
Uninstall Backup Agent | |
Update information displayed about Backup Agent in the Recovery Manager Console | |
Automatically install Backup Agent and back up Active Directory data |
To automatically install Backup Agent, the account must have:
To back up data, the account must be a member of the Backup Operators group on the target domain controller. |
Back up Active Directory using preinstalled Backup Agent |
The account used to access the target domain controllers must:
|
Perform a complete offline restore of Active Directory by using the Repair Wizard |
If you restore data to a domain controller where User Account Control (UAC) is not installed or disabled:
If you restore data to a domain controller where User Account Control (UAC) is enabled:
In both these cases, the account you use to access the domain controller must have the Write permission on the folder %AllUsersProfile%\Application Data\Quest\Recovery Manager for Active Directory located on the Recovery Manager for Active Directory computer. |
Perform a selective online restore of Active Directory objects |
Agentless restore (used by default in Online Restore Wizard)
For more details, see Agentless method. Agent-based restore
For more details, see Agent-based method. |
Restore a Group Policy object |
The account used to access the target domain controller must:
|
Automatically install Backup Agent and back up an AD LDS (ADAM) instance |
The account used to access the computer hosting the instance must:
|
Back up an AD LDS (ADAM) instance using preinstalled Backup Agent |
The account used to access the computer hosting the instance must:
|
Restore an AD LDS (ADAM) instance |
The account used to access the computer hosting the instance must:
|
Install or uninstall Recovery Manager Portal | Be a local administrator on the target computer. |
Access Recovery Manager Remote API Access service |
To access a Recovery Manager for Active Directory instance, the Recovery Manager Portal requires the Recovery Manager Remote API Access service to be installed and running on the Recovery Manager for Active Directory computer. This service enables the following Recovery Manager for Active Directory features: integration with Recovery Manager Portal, RMAD console fault tolerance and support for hybrid environment. For information about minimum permission requirements for the service, refer Step 1: Install Recovery Manager Remote API Access Service. |
Start and use the Recovery Manager Portal |
From version 8.7, Recovery Manager Portal can be run under Managed Service Account (in Windows Server 2008 or higher) or Group Managed Service Account (in Windows Server 2012 or higher). If you specify the MSA or gMSA account, add the '$' character at the end of the account name (e.g. domain\computername$) and leave the Password field blank (on the Specify Web Site Settings step of the wizard).
|
To perform restore or undelete operation in Recovery Manager Portal |
User must be a member of the "Recovery Manager Portal - Recovery Operators" security group on the computer where the Recovery Manager Portal is installed. If you want to use the agentless recovery method, select the Configure a list of delegates that can perform the restore and undelete operations option on the Portal Settings tab. For more information about delegation, see Delegating restore or undelete permissions. |
To perform the undelete operation in Recovery Manager Portal |
User must be a member of the "Recovery Manager Portal - Undelete Operators" local security group on the computer where the Recovery Manager Portal is installed. If you want to use the agentless recovery method, select the Configure a list of delegates that can perform the restore and undelete operations option on the Portal Settings tab. For more information about delegation, see Delegating restore or undelete permissions. |
To modify the Recovery Manager Portal configuration and delegate restore permissions to other Recovery Manager Portal users |
User must be a member of the "Recovery Manager Portal - Configuration Admins" local security group on the computer where the Recovery Manager Portal is installed. |
To view the health summary and backup creation history for the Recovery Manager for Active Directory instances in Recovery Manager Portal | User must be a member of the "Recovery Manager Portal - Monitoring Operators" local security group on the computer where the Recovery Manager Portal is installed. |
Access the SQL reporting database |
To access the SQL reporting database (%ProgramData%\Quest\Recovery Manager for Active Directory\DBReporting\RecoveryManager-Reporting-<host name>), the account must be assigned to db_datareader, db_datawriter roles and have rights to execute all the usp_* procedures, as follows:
|
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy