Chat now with support
Chat with Support

Recovery Manager for AD Forest Edition 10.0.1 - User Guide

Overview Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Creating backups Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Icons in the user interface Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up System State components Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Fault tolerance Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Install Active Directory from Media recovery method Install Active Directory recovery method Managing Forest Recovery Agent Rebooting domain controllers manually Specifying fallback IP addresses to access a domain controller Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Forest recovery overview Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web interface Appendices
Frequently asked questions Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Backing up domain controllers

To restore domain controllers, you can use backups created with Recovery Manager for Active Directory or Recovery Manager for Active Directory Forest Edition. For this reason, you should back up domain controllers in the forest on a regular basis using one of these applications.

It is a good practice to create a Computer Collection that includes all domain controllers in the forest and back up the Collection each time you make changes to the forest infrastructure. Besides, you can use the Computer Collection to ensure that Forest Recovery Agent is installed on each domain controller in the Collection.

For more information about using the Forest Recovery Agent and Computer Collections, see the User Guide supplied with this release of Recovery Manager for Active Directory Forest Edition.

Assigning a preferred DNS server during recovery

Before starting a forest recovery operation, you should specify a method for selecting a preferred DNS server for each domain controller in your recovery project. You can choose one of the following DNS server selection methods:

  • Select a DNS server automatically
    Let Recovery Manager for Active Directory Forest Edition automatically select a DNS server (used by default).
  • Do not change DNS settings
    Recovery Manager for Active Directory Forest Edition retains client DNS settings during recovery or restores the DNS settings from a backup depending on the chosen recovery method.
  • Use the specified DNS server
    Specify a DNS server manually - here you can specify one DNS address or a list of DNS servers separated by semicolons or using the Edit button.

For more information on how to specify a DNS server selection method, see Domain controller recovery settings and progress.

When you choose to select a DNS server automatically, Recovery Manager for Active Directory Forest Edition contacts the domain controllers in the forest to get a list of all DNS servers they use. Then, Recovery Manager for Active Directory Forest Edition automatically selects a properly working DNS server from the received list and assigns that DNS server to the domain controller.

The automatic DNS selection method is recommended in the following cases:

  • Your DNS is not Active Directory-integrated.
  • Your DNS is Active Directory-integrated and you restore from backups the DNS servers (domain controllers) that act as primary source for each DNS zone.

Important: It is not recommended to uninstall or reinstall Active Directory on the DNS servers that act as a primary source for an Active Directory-integrated DNS zone. Also, it is not recommended to remove such DNS servers from Active Directory during recovery .

The Do not change DNS settings option lets you retain DNS settings during recovery so you do not need to reconfigure DNS settings for each domain controller within the forest after the recovery operation is completed.

When you specify a DNS server or list of DNS servers manually, Recovery Manager for Active Directory Forest Edition first tries to assign the specified DNS server(s) to the domain controller. If the specified DNS server does not function properly or is inaccessible, Recovery Manager for Active Directory Forest Edition automatically selects DNS servers (primary and alternate) that were set on this domain controller before the recovery. If this action is also unsuccessful, Recovery Manager for Active Directory Forest Edition selects DNS servers from a list of all DNS servers that are in use in the forest.

How does Recovery Manager for Active Directory Forest Edition determine that the DNS server is available for use?

Recovery Manager for Active Directory Forest Edition sets a DNS server on all the network adapters on the domain controller and checks if it is enough to register DC Locator resource records and A-type (host) records. If the test succeeds, then this DNS server is set as the preferred DNS server on all network adapters.

NOTE: According to Microsoft recommendations, DNS servers should include their own IP addresses in the lists of DNS servers. The loopback address (127.0.0.1) should be configured only as a secondary or tertiary DNS server on a domain controller.

If you specified the loopback address in the wrong sequence, the order will be corrected automatically when the list of DNS servers is configured on a domain controller.

For more details, see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10).

If you want to use the manual DNS server selection method, it is recommended to make sure you have one or more DNS servers properly configured for working with the domain controllers being recovered. All these DNS servers must support dynamic updates and have DNS zones configured for each domain in the forest you want to recover. Make sure you specify one of these DNS servers for each domain controller in your recovery project.

Forest recovery methods

Before you choose one of the recovery methods described in this section, it is strongly recommended that you read Microsoft’s best-practice paper, Planning for Active Directory Forest Recovery.

This section covers the following:

Recovery method 1: Restore as many domain controllers from backups as possible

To use this method, you must have recent and trusted backups for as many domain controllers as possible in each domain in the forest. These backups must be created at a similar point in time to mitigate the risk of discrepancy after the forest is recovered.

At a high level, Method 1 includes the following stages:

  1. Recovery Manager for Active Directory Forest Edition restores as many domain controllers as possible in each domain from the recent and trusted backups you specify. The more domain controllers you restore from backups, the faster the forest recovery operation completes.
  2. Recovery Manager for Active Directory Forest Edition uses Microsoft’s native tools (Dcpromo.exe or the Uninstall-ADDSDomainController and Install-ADDSDomainController cmdlets) to automatically reinstall Active Directory on the domain controllers for which no backups are available.
  3. The domain controllers where Active Directory was reinstalled replicate AD data from the domain controllers restored from reliable backups.

Method 1 has the following advantages and limitations:

Table 33: Recovery method 1: Advantages and limitations

Advantages Limitations
  • Fast recovery of the entire forest. Since most domain controllers are simultaneously restored from backups, the forest recovery operation completes faster than in Method 2.
  • Stability of the forest recovery process. Owing to the large number of backups used, the entire forest is recovered even if the restore of some domain controllers fails.
  • This method allows you to retain the original forest infrastructure. Since many domain controllers are restored from backups, the recovered forest is close to its original prefailure condition.
  • The risk of reintroducing corrupted or unwanted data is higher than in Method 2. Because of the large number of backups used in this method, there is no guarantee that corrupted or unwanted data from the backups will not be reintroduced into the recovered forest.

For a step-by-step procedure on how to perform a forest recovery, Overview of steps to recover a forest

Related Documents