Recovery Manager for Active Directory (RMAD) employs a Backup Agent to back up data on remote domain controllers.
The Backup Agent must be deployed on each remote domain controller where you want to back up Active Directory® data.
There are two methods to deploy the Backup Agent:
Have RMAD automatically deploy the Backup Agent before starting a backup creation operation and automatically remove the Agent after the operation is complete.
Manually preinstall the Backup Agent on all target domain controllers where you want to back up Active Directory® data.
The latter method allows you to:
Perform a backup operation without having domain administrator privileges. It is sufficient if RMAD runs under a backup operator's credentials.
Reduce network traffic when backing up a Computer Collection.
Back up domain controllers in domains that have no trust relationships with the domain where RMAD is running, solving the so-called “no trust” problem.
Note |
To preinstall Backup Agent, you can either use the Backup Agent Setup Wizard or perform a silent installation. For more information, refer to the Quick Start Guide supplied with this release of RMAD. |
If you create full backups on a daily basis as recommended earlier in this document, you should configure a backup retention policy to maintain the backups created in the last two weeks (14 last backups for each domain controller). This approach will provide you with a sufficient number of backups to recover from an Active Directory® failure that remained undetected for some time. For information on how to configure a backup retention policy, refer to the User Guide supplied with this release of Recovery Manager for Active Directory.
In addition to the retained backups, you can also archive at least one domain controller backup on a weekly basis. This will allow you to retrieve Active Directory® data (for instance, deleted objects) from a period past the recent backup history you retain. Make sure that these archived backups cover the entire tombstone lifetime period (180 days by default).
The best practice is to create BMR backups only once a week to minimize the required storage space.
For information on how to configure a backup retention policy for a Secure Storage server, refer to Secure Storage server backups.
For security reasons, keep at least one copy of each backup off-site in a properly controlled environment in order to protect it from possible attacks by malicious individuals via the network.
For each Computer Collection, you can specify where to store the Collection’s backup files. You can store backups on the computer running RMAD, the domain controller being backed up, or any available network share.
This section provides general recommendations where to store backups to be used in specific restore scenarios, such as granular online restore of directory objects, complete offline restore of Active Directory®, or Active Directory® forest recovery.
The following diagram shows the recommended method for storing the backups you plan to use for granular online restores of directory data or complete offline restores of Active Directory®:
It is recommended that you store such backups in a central backup storage accessible to the Recovery Manager Console via a fast and reliable link. Such a link is required because during a restore operation backup, files may be copied or unpacked from the central backup storage to the computer where you are using the Recovery Manager Console.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center