This section describes how to open a legacy Recovery Project (.frproj) file created with Forest Recovery Console 8.2 or earlier if FIPS-compliant algorithms are enabled on the Forest Recovery Console 8.6 or later computer.
Forest Recovery Console version 8.2 or earlier used hashing and encryption algorithms incompatible with FIPS. For this reason, to open a legacy .frproj file created with Forest Recovery Console version 8.2 or earlier, you need to temporarily disable FIPS-compliant algorithms on the Forest Recovery Console 8.6 or later computer.
To open a legacy recovery project
By doing so, you update the project to use FIPS-compliant algorithms.
Note: To protect its data, the Forest Recovery Console version 8.6 or later uses the SHA-1 hashing algorithm and the Triple DES encryption algorithm that are FIPS-compliant. For more information about FIPS-compliant algorithms, see Microsoft Knowledge Base article 811833 “The effects of enabling the ‘System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing’ security setting in Windows XP and in later versions of Windows” at http://support.microsoft.com.
To save the changes made to a recovery project
It is recommended to regularly update your recovery project so that it reflects the changes occurred in your Active Directory forest.
To update a recovery project
Each recovery project has a number of project-specific settings that allow you to control the various aspects of recovery. For example, you can use these settings to select how to handle the global catalog during recovery, configure balloon notifications displayed in the Forest Recovery Console, configure e-mail notification settings, select the Active Directory domains you want to recover, and enable or disable the Recovery Persistence feature that provides protection from an inadvertent shutdown of the Forest Recovery Console.
To specify the recovery project settings
Table 25: Recovery project settings
Displays a list of all domains in the current recovery project.
On this tab, you can use the following options:
Allows you to select how to handle the global catalog during recovery. This tab provides the following options:
To advertise the rebuilt global catalog servers in DNS, this option uses the existing Global Catalog Partition Occupancy level specified in the system registry.
By default, a global catalog server is considered as ready to be advertised in DNS when all read-only directory partitions have been fully replicated to the new global catalog server. However, your particular forest may use a different setting. For this reason, it is recommended that you check the Catalog Partition Occupancy level specified in the system registry. If the default setting is used, then the Rebuild GC, advertise normally option is the safest and most reliable way to rebuild and advertise the global catalog during the recovery.
This option rebuilds the global catalog in the entire forest regardless of how many domains you are recovering.
When you select this option, the rebuilt global catalog servers will be advertised in DNS without waiting for the read-only directory partitions replication to fully complete. The trade-off of using this option is that the global catalog may include some inconsistencies until the global catalog servers have received the complete information from all the other domains in the forest.
This option rebuilds the global catalog only in the domains that you recover by using Recovery Manager for Active Directory Forest Edition.
In certain situations, this option might help you avoid global catalog downtime and make some forest-wide services available to the users more quickly. However, using this option greatly increases the risk of introducing lingering objects into the global catalog, which can lead to a corrupt forest. It might happen if you use a set of backups for the domain controllers with large age difference. That is, backups may contain inconsistencies that will lead to introducing lingering object.
If you use this option, it is recommended that you manually reset the global catalog to ensure it does not include inconsistencies.
Allows you to configure balloon notifications in the Forest Recovery Console to inform you if the backups selected for recovery were created at different points in time or if your recovery project is outdated.
Allows you to send e-mail notifications to specific recipients when the verification or recovery process is completed.
On this tab, you can configure e-mail notification settings. Recovery Manager for Active Directory Forest Edition will use these SMTP settings to send e-mail notification after the verification or recovery process has been completed.
NOTE: SSL data encryption is not supported for email notifications.
On this tab, you can specify TCP ports that will be used by Forest Recovery Console to communicate with Forest Recovery Agent and Management Agent.