To access a Recovery Manager for Active Directory instance, the Recovery Manager Portal requires the Recovery Manager Remote API Access service to be installed and running on the Recovery Manager for Active Directory computer. This service enables the following Recovery Manager for Active Directory features: integration with Recovery Manager Portal, RMAD console fault tolerance and support for hybrid environment.
The Recovery Manager Remote API Access service is an optional feature and you must select this component when installing Recovery Manager for Active Directory Disaster Recovery Edition version 10.0.1. To check if this service is installed and running, you can use the Services tool (services.msc). If the service is not installed, complete the next steps to install it.
To install the Recovery Manager Remote API Access service
The Quest Recovery Manager Remote API Access service runs under the Local System account by default.
However, you can specify another service account using the Services snap-in or command line.
To change the service account using the Services snap-in
To change the service account using the command line
The table below lists the minimum user account permissions required for different tasks.
|Run the service||
Have the Log on as a service permission.
To grant the permission:
|Connect to the configuration database||Have the Read and Write permissions on RMAD database folder %PROGRAMDATA%\Quest\Recovery Manager for Active Directory.|
|Write the service log||Have the Read and Write permissions on the folder RMAD log.|
|Invoke COM Surrogate (64-bit OS)||
Have the Local Launch and Local Activation permissions on COM server "COM Surrogate" .
To grant permissions:
|Register COM at run time||Have the Read and Write permissions for the registry keys "HKEY_CLASSES_ROOT", "HKEY_LOCAL_MACHINE\SOFTWARE\Classes" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes".|
|Access the backups folder||Have the Read permission on the folder backups.|
|Access the unpacked backups folder||Have the Modify permission on the folder unpacked backups.|
|Create Scheduled Tasks when using the Replication feature in the Full mode||Have the Read permission on folder %SystemRoot%\system32\Tasks.|
|Create Scheduled Tasks when using the Replication feature in the Full mode on Windows Server 2016 and 2019||Be a member of the local Administrators group.|
In this step, you need to configure the Recovery Manager for Active Directory instances for working with the Recovery Manager Portal.
To configure a Recovery Manager for Active Directory instance
This is required because the Recovery Manager Portal can only restore data from unpacked backups.
The number of retained unpacked backups determines the number of available backup states to which you can restore Active Directory objects in the Recovery Manager Portal.
In the Recovery Manager Portal, add the Recovery Manager for Active Directory instances you have configured in the previous step. By adding the instances, you make the unpacked backups they create available in the Recovery Manager Portal.
To add a Recovery Manager for Active Directory instance
Use the user account under which you installed the Recovery Manager Portal. By default, this account has all necessary permissions to modify the portal configuration.
To configure recovery settings
NOTE: If you leave the User name and Password text boxes blank, the account specified in Step 3: Add Recovery Manager for Active Directory instances (Access the computer using option) is used by default. If a collection contains domain controllers from other domains or forests, Recovery Manager Portal should be able to read Active Directory schema for all domains included in the collection. For that, you need to specify the access credentials for these domains.