Disaster recovery workflow
This following steps let you restore multiple domain controllers including the system state data if a disaster occurs.
- Deploy Recovery Manager for Active Directory.
The product should be deployed on a separate host in the environment with access to backup data and blank hosts that will be a part of the disaster forest recovery.
- Register backups in Recovery Manager for Active Directory Console. For that, right click the Backups node and select Register Backup File option. Also, backups can be registered using Forest Recovery Console on the Selected a backup to create a new recovery project step of the New Recovery Project wizard.
- Prepare new servers for recovered domain controllers in each domain. These servers will be used for Bare Metal Restore. The servers should be compliant with the following requirements:
- Have compatible hardware. Dissimilar hardware (USB controllers, chipset, NIC, video, storage, etc.) is supported, assuming that the source DC system contains drivers for it.
- The number of physical disks on the target computer must equal (or exceed) the number of disks on the source domain controller.
- The physical disks on the target computer must be of the same size as the original disks or larger.
- Create the forest recovery project using Forest Recovery Console. The original forest topology is retrieved from the backup file. Domain controllers’ names are preserved.
- Specify recovery settings for each domain controller on the Settings tab in Forest Recovery Console. For more details, see the Settings tab section.
- Recovery method
- IP address for the target host (it will be retrieved automatically from the backup by default if the Bare Metal Active Directory method is selected)
- Access credentials to the target machine
- If the Bare Metal Active Directory Recovery method is selected, you can perform restore from Bare Metal Backup along with System State Backup
- Backup location
- Backup access credentials
- and other options
- If Wipe all disks on the target machine before restore from the backup is selected on the Settings tab, Recovery Manager for Active Directory performs the DiskPart "clean all" command before recreating the disks. This command removes all partitions and cleans all disk sectors.
NOTE: If this option is selected, this significantly increases the time of the restore operation.
- The network and DNS settings address will be retrieved automatically from the BMR backup for the Bare Metal Active Directory Recovery method.
- If you need to modify the network settings, click Change under the Target server network settings and select the required option. The following options are available:
- Retrieve network and DNS settings from a backup (used by default)
This option gets network settings for the selected domain controller from the backup
- Use the following address
This option lets you specify network settings manually.
- Select a DNS server automatically
If this option is selected, DNS server will be selected automatically.
- Use the specified DNS server
This option lets you specify one DNS server or a list of DNS servers separated by semicolons.
- In some scenarios, recovered domain controllers may be located outside the network where Recovery Manager for Active Directory Disaster Recovery Edition is installed. For such configurations, the NAT settings option is added to allow access to the external network using the NAT server. By default, Forest Recovery Console uses the IP address from the Forest recovery project settings (either obtained from a backup or configured manually, see steps 7,8) and the port (either from the RPC dynamic port range or the specific port configured in the recovery project) to communicate with the Forest Recovery Agent located on the restored host. The 'NAT server' setting allows you to specify a custom IP address and a port that will be used to send requests to the Forest Recovery Agent.
- Start the Verify Settings operation from the main menu of Forest Recovery Console.
NOTE: You can perform the project verification in a live environment when source domain controllers are still running and target blank hosts are not configured. In this case, the verification process checks only the backup accessibility and completes with the warning message "Source domain controller was contacted instead of the target blank host booted from Quest Recovery Media. Project verification will check only the backup accessibility*. To perform full verification, shut down the source domain controller and boot the target host from Quest Recovery Media".
- As a part of the verify settings operation, Recovery Manager for Active Directory Disaster Recovery Edition creates Quest Recovery Media image file for each domain controller. This image file will be used to boot the machine to be restored. The image is generated from BMR backup and extends the WinRE image with additional metadata required for disaster forest recovery (Forest Recovery Agent, Bare Metal Recovery Console, certificates, etc).
- The image file is recreated automatically on the "Ensure that Quest Recovery Media is available" verification step if any of the network settings stored in the file is changed (IP address, subnet mask, default gateway, FR Agent port). TCP port for Forest Recovery Agent can be changed on the Agents tab of Recovery Project Settings.
- The image file will also be recreated when the FR Agent version has changed, for example, because of the installation of the product update.
For details about custom image file with additional drivers, see the next section Custom Quest Recovery Media with Additional Drivers.
- The Verify Settings process is paused on the Wait for target machine booted from Quest Recovery Media step. This means that the recovery process cannot connect the remote host and you need boot this host with Quest Recovery Media image. The message contains the link to the folder with Quest Recovery Media files (by default "C:\ProgramData\Quest\Recovery Manager for Active Directory\Recovery Media").
NOTE: If you get the message "Remote machine is booted from outdated Quest Recovery Media...." and recommendation to update the file and retry all operations on this machine, this means that Forest Recovery Console was able to connect to the FR agent running on the remote host, but the agent version is lower than the console version. Recovery Manager for Active Directory Disaster Recovery Edition does not check version of Forest Recovery Agent inside the image file.
- The recovery image should be provided to the target hosts to initiate the recovery process by any available option:
- By the hardware management WebUI
- By specifying the boot media in hypervisor if virtual machines are used
- By configuring the network boot using the PXE boot server
- After you boot a machine, Bare Metal Recovery Console will automatically apply network settings (IP address, subnet mask) taken from the BMR backup and wait for the connection from Forest Recovery Console. Manual steps are not required.
NOTE: Bare Metal Recovery Console applies only static IP address settings.
If you need to change network settings, press Back on the Waiting for connection step of the wizard to go to the previous Select network adapter step.
NOTE: If the network settings are changed in Bare Metal Recovery Console, you need to specify the corresponding network settings in Forest Recovery Console manually.
- Before you start the restore operation, check the boot order for the remote machine. Ensure that the target machine is trying to boot from the disk drive not from Quest Recovery Media.
- Start the restore operation by clicking Start Recovery from the main menu.
"Install Active Directory" and "Install Active Directory from Media" recovery methods can be used as a part of the Disaster Recovery workflow.
Custom Quest Recovery Media with additional driver
Custom Quest Recovery Media with additional drivers
The Quest Recovery Media image requires storage drivers to recognize the drives of the server, and network adapter drivers in order to communicate with the Forest Recovery Console over the network.
A generic set of Windows storage controller and network adapter drivers are included automatically when you generate the Recovery Media image. This satisfies the requirements of newer systems. Systems from other manufacturers or older systems may require you to inject storage controller or network adapter drivers when creating the Recovery Media image.
When creating the Recovery Media image, driver injection is used to facilitate interoperability between the Forest Recovery Console, network adapter, and storage on the target machine.
Data restored from the Bare Metal Recovery Backup includes drivers for the hardware previously in place. Custom third-party drivers will be added automatically from the Recovery Media image to the restored operating system. This allows the restored operating system to boot using the new set of hardware.
Default locations for Quest Recovery Media and Drivers:
- %ProgramData%\Quest\Recovery Manager for Active Directory\Recovery Media
- %ProgramData%\Quest\Recovery Manager for Active Directory\Drivers
To change these default locations, you can use the following command: Set-RMADFEGlobalOptions -RecoveryMediaPath "<Recovery Media directory>" -CustomDriversPath "<driver Directory>" -Save
To add third-party drivers to the Recovery Media image, use the Add third-party drivers or the Add third-party drivers from Bare Metal Backup option on the Settings tab of Forest Recovery Console.
Using Management Shell
About Management Shell
The Recovery Manager for Active Directory Management Shell, built on Microsoft Windows PowerShell technology, provides a command-line interface that enables automation of backup/recovery-related administrative tasks. With this Management Shell, administrators can manage Computer Collections, backup/recovery sessions, compare and start backup/recovery jobs.
The Management Shell command-line tools (cmdlets), like all the Windows PowerShell cmdlets, are designed to deal with objects—structured information that is more than just a string of characters appearing on the screen. The cmdlets do not use text as the basis for interaction with the system, but use an object model that is based on the Microsoft .NET platform. In contrast to traditional, text-based commands, the cmdlets do not require the use of text-processing tools to extract specific information. Rather, you can access portions of the data directly by using standard Windows PowerShell object manipulation commands.