Chat now with support
Chat with Support

Recovery Manager for AD Disaster Recovery Edition 10.0.1 - User Guide

Overview Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Creating backups Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Icons in the user interface Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up System State components Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Fault tolerance Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Install Active Directory from Media recovery method Install Active Directory recovery method Managing Forest Recovery Agent Rebooting domain controllers manually Specifying fallback IP addresses to access a domain controller Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Forest recovery overview Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Bare metal forest recovery Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web interface Appendices
Frequently asked questions Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Forest Recovery Agent is required

Forest Recovery Agent must be installed on the source computers. This is the same Forest Recovery Agent that is used by Recovery Manager for Active Directory Disaster Recovery Edition to recover domain controllers. Forest Recovery Agent also plays a vital part in the virtual test environment creation. For example, it is used to clean up metadata, seize FSMO roles, and validate that guest OS tools are installed on the virtual machines created in the lab.

For this reason, before creating a virtual test environment, you need to ensure that each source computer has the current Forest Recovery Agent version installed. To do so, you can use the Active Directory Virtual Lab console.

When you click the Verify Settings button in Step 4: Verify virtual machine creation settings in Step-by-step instructions, the Active Directory Virtual Lab checks and displays the Forest Recovery Agent version installed on the source computers in your project. If the current version of the agent is not installed, the Active Directory Virtual Lab displays a warning. If you ignore this warning, the current agent version will be automatically installed on the source computers during the virtual test environment creation.

Alternatively, you can use the Active Directory Virtual Lab console to manually install or update the Forest Recovery Agent: just select the appropriate shortcut menu command on the source computers in the virtual lab project.

Opening a legacy virtual lab project

This section describes how to open a legacy Virtual Lab Project (.vlproj) file created with the Active Directory Virtual Lab 8.5 if FIPS-compliant algorithms are enabled on the Active Directory Virtual Lab 8.6 or later computer.

The Active Directory Virtual Lab 8.5 uses hashing and encryption algorithms incompatible with FIPS. For this reason, to open a legacy .vlproj file created with the Active Directory Virtual Lab 8.5, you need to temporarily disable FIPS-compliant algorithms on the Active Directory Virtual Lab 8.6 or later computer.

To open a legacy project

  1. On the Active Directory Virtual Lab 8.6 or later computer, disable FIPS-compliant algorithms:
  1. Start the Group Policy Object Editor tool (gpedit.msc).
  2. In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then select Security Options.
  3. In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
  4. In the dialog box that opens, select Disabled and click OK.
  1. Restart the computer.
  1. Start the Active Directory Virtual Lab 8.6 or later console, open the legacy .vlproj file, and then save it. By doing so, you update the project to use FIPS-compliant algorithms.
  2. Enable FIPS-compliant algorithms on the Active Directory Virtual Lab 8.6 or later computer.

Note: To protect its data, the Active Directory Virtual Lab 8.6 or later uses the SHA-1 hashing algorithm and the Triple DES encryption algorithm that are FIPS-compliant. For more information about FIPS-compliant algorithms, see Microsoft Knowledge Base article 811833 “The effects of enabling the ‘System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing’ security setting in Windows XP and in later versions of Windows” at http://support.microsoft.com.

Precautions

Please consider the following precautions before creating a virtual test environment:

  • Virtual test environments created by the Active Directory Virtual Lab can only be used for testing, training, or evaluation purposes. Never restore or copy any data from your virtual test environments to the production Active Directory.
  • Ensure your virtual test environment is properly isolated from the source Active Directory forest. Otherwise, the source forest may be seriously damaged after you enable the network adapters in the newly-created virtual test environment.

Step-by-step instructions

To create a virtual test environment from an Active Directory forest, complete these steps:

Related Documents