Chat now with support
Chat with Support

Recovery Manager for AD Forest Edition 10.0.1 - User Guide

Overview Backing up data
Permissions required for the Backup operation Managing Backup Agent Using a least-privileged user account to back up data Creating backups Retrying backup creation Enabling backup encryption Backing up AD LDS (ADAM) Backing up cross-domain group membership Backing up distributed file system (DFS) data Backup scheduling Setting performance options Setting advanced backup options Using Forest Recovery Agent Unpacking backups Using e-mail notification Viewing backup creation results Getting started
Permissions required to use Recovery Manager for Active Directory Recovery Manager Console Icons in the user interface Getting and using help Configuring Windows Firewall Using Computer Collections Managing Recovery Manager for Active Directory configuration Licensing
Restoring data
Getting started with Active Directory recovery Managing deleted or recycled objects Restoring backed up System State components Using granular online restore Restoring AD LDS (ADAM) Selectively restoring Active Directory object attributes Restoring objects in an application directory partition Restoring object quotas Restoring cross-domain group membership Performing a restore without having administrator privileges Reports about objects and operations Using complete offline restore Offline restore implications Restoring SYSVOL authoritatively Performing a granular restore of SYSVOL Recovering Group Policy Restoring data from third-party backups Using the Extract Wizard Restoring passwords and SID history
Fault tolerance Consolidating backup registration data Monitoring Recovery Manager for Active Directory Recovering an Active Directory forest
Permissions required to use Forest Recovery Console Forest Recovery Console Managing a recovery project Install Active Directory from Media recovery method Install Active Directory recovery method Managing Forest Recovery Agent Rebooting domain controllers manually Specifying fallback IP addresses to access a domain controller Resetting DSRM Administrator Password Purging Kerberos Tickets Managing the Global Catalog servers Managing FSMO roles Manage DNS Client Settings Configuring Windows Firewall Forest recovery overview Selectively recovering domains in a forest Recovering SYSVOL Deleting domains during recovery Resuming an interrupted forest recovery Recovering read-only domain controllers (RODCs) Checking forest health Collecting diagnostic data for technical support
Using Management Shell Creating virtual test environments Using Recovery Manager for Active Directory web interface Appendices
Frequently asked questions Best practices for creating backups for forest recovery Best practices for recovering a forest Descriptions of recovery or verification steps Backup Wizard Online Restore Wizard Online Restore Wizard for AD LDS (ADAM) Group Policy Restore Wizard Repair Wizard Extract Wizard Events generated by Recovery Manager for Active Directory

Opening a legacy virtual lab project

This section describes how to open a legacy Virtual Lab Project (.vlproj) file created with the Active Directory Virtual Lab 8.5 if FIPS-compliant algorithms are enabled on the Active Directory Virtual Lab 8.6 or later computer.

The Active Directory Virtual Lab 8.5 uses hashing and encryption algorithms incompatible with FIPS. For this reason, to open a legacy .vlproj file created with the Active Directory Virtual Lab 8.5, you need to temporarily disable FIPS-compliant algorithms on the Active Directory Virtual Lab 8.6 or later computer.

To open a legacy project

  1. On the Active Directory Virtual Lab 8.6 or later computer, disable FIPS-compliant algorithms:
  1. Start the Group Policy Object Editor tool (gpedit.msc).
  2. In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then select Security Options.
  3. In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
  4. In the dialog box that opens, select Disabled and click OK.
  1. Restart the computer.
  1. Start the Active Directory Virtual Lab 8.6 or later console, open the legacy .vlproj file, and then save it. By doing so, you update the project to use FIPS-compliant algorithms.
  2. Enable FIPS-compliant algorithms on the Active Directory Virtual Lab 8.6 or later computer.

Note: To protect its data, the Active Directory Virtual Lab 8.6 or later uses the SHA-1 hashing algorithm and the Triple DES encryption algorithm that are FIPS-compliant. For more information about FIPS-compliant algorithms, see Microsoft Knowledge Base article 811833 “The effects of enabling the ‘System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing’ security setting in Windows XP and in later versions of Windows” at


Please consider the following precautions before creating a virtual test environment:

  • Virtual test environments created by the Active Directory Virtual Lab can only be used for testing, training, or evaluation purposes. Never restore or copy any data from your virtual test environments to the production Active Directory.
  • Ensure your virtual test environment is properly isolated from the source Active Directory forest. Otherwise, the source forest may be seriously damaged after you enable the network adapters in the newly-created virtual test environment.

Step-by-step instructions

To create a virtual test environment from an Active Directory forest, complete these steps:

Step 1: Create a virtual lab project

To create a virtual lab project

  • Start the Active Directory Virtual Lab console.

After the console opens, a wizard starts automatically to guide you through the virtual lab project creation.

Alternatively, if you have the Active Directory Virtual Lab console already open, from the main menu, select File | New Project, and then follow the steps in the wizard.

When creating a virtual lab project, you are prompted to specify the following:

  • Third-party virtualization software with which to create virtual machines from the source computers.

The virtualization software must be preinstalled in your environment and be accessible to the Active Directory Virtual Lab. For the privileges required to use the virtualization software, see Permissions.

  • Source Active Directory forest from which to create your virtual test environment.
  • Default hardware settings for creating virtual machines from source computers in the virtual lab project.

    NOTE: You can configure the target network isolation using the IP subnet while creating a virtual lab project. To do this, on the "Specify default hardware settings for virtual machines to be created" step of the project creation wizard, click <Dynamic IP> and specify the IP address with the subnet mask that is isolated from the source environment. Later, when you add the source machine to the project, the IP address for the target virtual machine will be configured according to the default settings. For more details, see Isolated virtual network and DNS.

If necessary, you can modify these default settings for each virtual machine to be created.

  • A Virtual Lab Project (*.vlproj) file to save your project. You can reuse the settings stored in the .vlproj file to create more virtual test environments in the future.
Related Documents