Chat now with support
Chat with Support

Recovery Manager for AD Forest Edition 10.0.1 - Deployment Guide

Best practices for using Forest Recovery Console

This section provides some best practice recommendations for installing and using the Forest Recovery Console and creating and storing Active Directory backups for forest recovery.

Table 6: Best practice recommendations

Recommendation Justification
Install the Forest Recovery Console on a member server.

When installed on a domain controller, the Forest Recovery Console consumes its resources and may impair the domain controller's performance.

In addition, domain controllers in your forest may require a restart during a forest recovery operation (for example, to boot in Directory Services Restore Mode).

If you are using the Forest Recovery Console on a domain controller, Recovery Manager for Active Directory Forest Edition cannot restart that domain controller during the forest recovery operation.

Use the Forest Recovery Console under a local administrator account. Allows you to log on to the Forest Recovery Console computer and use the Console even if Windows authentication is not working properly in your Active Directory forest.
Run the verify settings operation on your recovery project at least once a month. Enables Recovery Manager for Active Directory Forest Edition to detect the changes occurred to your forest and update your recovery project accordingly. For more information about verifying recovery project settings, see the User Guide.
Store backups on domain controllers. Store backups on the domain controllers for which they were created. This will substantially shorten the recovery time, as backups will not have to be transferred to the domain controllers during the recovery.
Create a recovery project while your Active Directory forest is healthy.

Do not postpone creating a recovery project until your forest becomes corrupt.

The preferable method for creating a recovery project is to connect to a live domain controller and retrieve the forest infrastructure information from that domain controller.

Use separate Computer Collections for granular AD data recovery and forest recovery.

Granular Active Directory data recovery and full-scale forest recovery impose different requirements in terms of storing backups, backup creation frequency, and backup retention policies. To satisfy these requirements, you can create separate Computer Collections.

  • Computer Collections for granular recovery. Configure these Collections to back up Active Directory data at least once a day.
  • Computer Collections for forest recovery. Configure these Collections to back up data at least once in every five days. To avoid backup copying to domain controllers prior to the recovery, store each backup on the domain controller for which the backup was created. Configure a backup retention policy to keep the optimal number of backups. Backups should not consume too much disk space. At the same time, you should have a sufficient number of backups to choose from in case of an Active Directory disaster.
Configure the Forest Recovery Console to access the ForestRecovery- Persistence SQL Server database under the Microsoft SQL Server administrator account (sa).

Enables Recovery Manager for Active Directory Forest Edition to access and use the ForestRecovery-Persistence database even if Windows authentication is not working properly in your Active Directory forest.

For more information about the ForestRecovery-Persistence database and the Recovery Persistence feature, see the “Resuming an Interrupted Forest Recovery Operation” section in the User Guide.

Disable the automatic backup creation immediately after you discover any issues in your Active Directory forest.

If an Active Directory disaster occurs, automatic backup creation paired with a backup retention policy may delete all the good and trusted backups you have.

When your Active Directory forest becomes corrupt, bad data starts sneaking into the backups that are created automatically. At the same time, your backup retention policy continues to delete old backups that contain good and trusted data.

As a result, you may end up with a corrupt Active Directory forest and without any good and trusted backups to restore data from.

Configure a standalone mail server to use in case of an Active Directory failure. Provides a fallback solution for a situation where all mail servers in your forest are rendered inoperable because of an Active Directory failure.
Restore as many domain controllers from backups as possible. Allows you to restore many domain controllers simultaneously and at the same time minimize the amount of replication traffic for the domain controllers you recover by reinstalling Active Directory.
Ensure you allow traffic on the required communication ports. For more information about the required ports, see Communication ports.

Best practices for deploying Recovery Manager Console

Note: Machine that hosts the Recovery Manager Console must have same or higher version of Windows operating system than the processed domain controllers. Otherwise, the online compare and restore operations cannot be performed via the console.

It is recommended to install the Recovery Manager Console on a member server and not on a domain controller. When installed on a domain controller, the Recovery Manager Console consumes its resources and may impair the domain controller's performance.

To perform a selective online restore of Active Directory data, it is sufficient to deploy one instance of the Recovery Manager Console in the Active Directory forest.

In order you could perform a complete offline restore of the Active Directory database by using the Repair Wizard, it is recommended to deploy an instance of the Recovery Manager Console in each Active Directory site.

A Computer Collection allows you to group the computers (domain controllers or AD LDS (ADAM) hosts) to which you want to apply the same backup creation settings. For more information on how to create and manage Computer Collections, see the User Guide supplied with this release of Recovery Manager for Active Directory.

It is recommended to add computers to the same Computer Collection if you want to do any of the following:

  • Back up the same System State components on all these computers.
  • Apply the same backup storage policy to all these computers.

For instance, you may want to store domain controller backups in one central location accessible to the Recovery Manager Console over a fast link. This scenario eliminates the need to copy the backups across the network before running an online restore operation and allows you to centrally manage the restore.

  • Set up the same backup creation schedule for all these computers.

The following diagram provides an example of using Computer Collections:

Figure 1: Example of Using Computer Collections

In this example, the Recovery Manager Console is installed in the London site. Computer Collections 1, 2, and 3 include all domain controllers from the Tokyo, London, and New York sites, respectively. Computer Collection 4 includes two domain controllers from the London site. Backups of these two domain controllers are accessible to the Recovery Manager Console via a fast link and can be used to perform selective online restores of Active Directory objects.

Best practices for using Computer Collections

This section provides some recommendations for performing granular restore operations with Recovery Manager for Active Directory.

A Computer Collection allows you to group the computers (domain controllers or AD LDS (ADAM) hosts) to which you want to apply the same backup creation settings. For more information on how to create and manage Computer Collections, see the User Guide supplied with this release of Recovery Manager for Active Directory.

It is recommended to add computers to the same Computer Collection if you want to do any of the following:

  • Back up the same System State components on all these computers.
  • Apply the same backup storage policy to all these computers.

For instance, you may want to store domain controller backups in one central location accessible to the Recovery Manager Console over a fast link. This scenario eliminates the need to copy the backups across the network before running an online restore operation and allows you to centrally manage the restore.

  • Set up the same backup creation schedule for all these computers.

The following diagram provides an example of using Computer Collections:

Figure 2: Example of Using Computer Collections

In this example, the Recovery Manager Console is installed in the London site. Computer Collections 1, 2, and 3 include all domain controllers from the Tokyo, London, and New York sites, respectively. Computer Collection 4 includes two domain controllers from the London site. Backups of these two domain controllers are accessible to the Recovery Manager Console via a fast link and can be used to perform selective online restores of Active Directory objects.

Best practices for granular AD data restores

This section provides some recommendations for performing granular restore operations with Recovery Manager for Active Directory.

Related Documents