Overview
About Quest Recovery Manager for Active Directory
Features and benefits
Getting started
Comprehensive Active Directory recovery options
AD LDS (ADAM) recovery
Granular, selective restore
Integration with On Demand Recovery
Group Policy recovery
Centralized remote administration
Audit of objects and operations
Fault tolerance
Management Shell
Scheduling and automation
Scalability and performance
Rapid economic justification
Technical overview
Permissions required to use Recovery Manager for Active Directory
Recovery Manager Console
Icons in the user interface
Getting and using help
Configuring Windows Firewall
Using Computer Collections
Backing up data
Creating Computer Collections
Renaming Computer Collections
Modifying Computer Collection properties
Deleting Computer Collections
Specifying an access account for Backup Agent and backup file storages
Adding domain controllers to a Computer Collection
Adding containers to a Computer Collection
Adding AD LDS (ADAM) hosts and instances
Removing items from a Computer Collection
Managing Recovery Manager for Active Directory configuration
Preparing for working with Active Directory or AD LDS (ADAM) backups
Settings
Default properties for Computer Collections
Properties for an existing Computer Collection
Licensing
Backup tab
Components tab
Schedule tab
Alerts tab
Logging tab
Performance tab
Advanced tab
Agent Settings tab
Console Storage tab
DC Storage tab
Unpacked Backups tab
Container and site properties
Properties for a domain or organizational unit
Properties for an Active Directory site
Properties for an AD LDS (ADAM) site
Sessions node properties
Forest properties
Domain properties
Domain controller properties
AD LDS (ADAM) partition properties
AD LDS (ADAM) instance properties
Showing or hiding AD LDS (ADAM) partitions
Showing or hiding domains
Showing or hiding sites
Permissions required for the Backup operation
Managing Backup Agent
Restoring data
Installing Backup Agent automatically
Preinstalling Backup Agent manually
Discovering preinstalled Backup Agent
Updating Backup Agent information
Upgrading Backup Agent
Uninstalling Backup Agent
Removing a Backup Agent entry from the Backup Agent Management node
Using a least-privileged user account to back up data
Creating backups
Retrying backup creation
Enabling backup encryption
Backing up AD LDS (ADAM)
Method 1: Back up AD LDS (ADAM) from the Recovery Manager Console
Method 2: Schedule backup creation for AD LDS (ADAM)
Backing up cross-domain group membership
Backing up distributed file system (DFS) data
Backup scheduling
Setting performance options
Setting advanced backup options
Unpacking backups
Configuring default settings to unpack backups
Configuring Computer Collection-specific settings to unpack backups
Unpacking a backup manually
Deleting data unpacked from a backup
Using e-mail notification
Viewing backup creation results
Getting started with Active Directory recovery
Fault tolerance
Consolidating backup registration data
Monitoring Recovery Manager for Active Directory
Choosing an Active Directory recovery method
Implications of the online restore
Using agentless or agent-based method
Managing deleted or recycled objects
Restoring backed up System State components
Using granular online restore
Restoring AD LDS (ADAM)
Method 1: Restore an AD LDS (ADAM) instance from a backup created with Recovery Manager for Active Directory
Method 2: Restore an AD LDS (ADAM) database from a backup created with third-party software
Selectively restoring Active Directory object attributes
Restoring objects in an application directory partition
Restoring object quotas
Restoring cross-domain group membership
Performing a restore without having administrator privileges
Reports about objects and operations
Reports about Active Directory objects
Reports about AD LDS (ADAM) objects
Reports about Group Policy objects
Reports about who modified Active Directory objects
Using complete offline restore
Offline restore implications
Restoring SYSVOL authoritatively
Performing a granular restore of SYSVOL
Recovering Group Policy
Restoring data from third-party backups
Using the Extract Wizard
Creating a Windows Server 2008-based domain controller from a backup
Creating a Windows Server 2012-based domain controller from a backup
Restoring passwords and SID history
Supported versions of Microsoft Operations Manager
Importing Management Pack
Rules provided in Microsoft System Center Operations Manager
Health dashboards
Using Management Shell
Collecting diagnostic data for technical support
Step 1: Use Diagnostic Data Collector to automatically gather data
Step 2: Gather remaining data manually
Using Recovery Manager for Active Directory Web Interface
About Recovery Manager Portal
Installing Recovery Manager Portal
Connecting to Recovery Manager Portal
Administering Recovery Manager Portal
Appendices
Configuring portal for working with Recovery Manager for Active Directory
Viewing health summary for Recovery Manager for Active Directory instances
Viewing backup creation history
Recovering data using Recovery Manager Portal
Step 1: Install Recovery Manager Portal Access Service
Step 2: Configure Recovery Manager for Active Directory
Step 3: Add Recovery Manager for Active Directory instances
Step 4: Configure recovery settings for Active Directory domains
Modifying recovery settings for domains
Assigning roles to portal users
Delegating restore or undelete permissions
Configuring e-mail notification
How Recovery Manager Portal recovers data
Integration with On Demand Recovery
Frequently asked questions
Why do I need to restore deleted users or groups, rather than re-create them?
How can I restore a user or group in Active Directory?
How does online restore work?
When an object is undeleted, what is restored from the tombstone and what is restored from the backup?
What's the difference between an online restore and an authoritative restore?
What's the difference between the agentless restore method and the agent-based restore method?
Can I undelete a mailbox-enabled user?
In the Group Policy Restore Wizard, a GPO link is shown as deleted, but the link actually exists in Active Directory. What's wrong?
What is a primary restore of the SYSVOL?
How do I change the Backup Agent port number?
Backup Wizard
What to Back Up
Where to Store Backups
When to Back Up
Computer Collection Name (optional)
Completing the Backup Wizard
Online Restore Wizard
Wizard Operation Mode
Domain Selection
Backup Selection
Backup for Comparison (optional)
Unpacked Backups Folder Selection
Backup Data Preparation
Domain Access Options
Objects to Be Processed
Operation Selection
Processing Options
Additional Options
Operation Start
Operation Progress
Operation Option
Objects to Be Restored
Where to Restore Deleted Objects
Operation Results
Completing the Online Restore Wizard
Online Restore Wizard for AD LDS (ADAM)
Wizard Operation Mode
AD LDS (ADAM) Instance Selection
Backup Selection
Backup for Comparison
Unpacked Backups Folder Selection
Backup Data Preparation
AD LDS (ADAM) Access Options
Objects to Be Processed
Processing Options
Reporting Options
Operation Start
Operation Progress
Operation Option
Objects to Be Restored
Operation Results
Completing the Online Restore Wizard for AD LDS (ADAM)
Group Policy Restore Wizard
Backup Source Domain
Backup Selection
Unpacked Backups Folder Selection
Backup Data Preparation
Target Domain Controller
Group Policy Object Selection
GPO Restore Options
Link Restore Options
Restore Process Start
Completing the Group Policy Restore Wizard
Repair Wizard
Computer and Backup Selection
Target Computer
Computer Restart
Primary Restore of SYSVOL
Restore Process Start
Restore Progress
Authoritative Restore Selections
Computer Restart in Normal Mode
Completing the Repair Wizard
Extract Wizard
Events generated by Recovery Manager for Active Directory
Undeleting objects
To undelete objects, you must be assigned a specific role in the Recovery Manager Portal. For more information, see Assigning roles to portal users.
To undelete objects
- Connect to the Recovery Manager Portal with your Web browser.
- In the Recovery Manager Portal, open the Recovery tab.
-
Note: To restore data from the encrypted backup, first go to the Configuration tab, expand Portal Settings and select the Use packed and encrypted backups for restore operations option.
Note that unpacked components cannot be removed using Recovery Manager Portal. To perform this operation, use the Delete Unpacked Components option in the Recovery Manager Console.
- Click Undelete objects to start the wizard
- On the Find and add objects to undelete step, you can specify Active Directory objects and containers that you want to undelete. Click Objects to undelete to go to the next step..
- On the View added objects step, type the password if you use the encrypted backup and specify whether the backup remains unpacked after the undelete operation.
- On the Undelete progress step, you can view the progress of the undelete operation.
Appendices
Appendices
- Frequently asked questions
- Backup Wizard
- Online Restore Wizard
- Online Restore Wizard for AD LDS (ADAM)
- Group Policy Restore Wizard
- Repair Wizard
- Extract Wizard
- Events generated by Recovery Manager for Active Directory
Frequently asked questions
- Why do I need to restore deleted users or groups, rather than re-create them?
- How can I restore a user or group in Active Directory?
- How does online restore work?
- When an object is undeleted, what is restored from the tombstone and what is restored from the backup?
- What’s the difference between an online restore and an authoritative restore?
- What’s the difference between the agentless restore method and the agent-based restore method?
- Can I undelete a mailbox-enabled user?
- In the Group Policy Restore Wizard, a GPO link is shown as deleted, but the link actually exists in Active Directory. What’s wrong?
- What is a primary restore of the SYSVOL?
- How do I change the Backup Agent port number?
Why do I need to restore deleted users or groups, rather than re-create them?
Appendices > Frequently asked questions > Why do I need to restore deleted users or groups, rather than re-create them?
Each user account or security group is uniquely identified with a SID (Security ID) and a GUID (Global Unique ID). If a user or group has been deleted, and is then re-created with the same name, the SID and GUID of the newly created user or group will differ from those of the deleted object. As a result, the new user or group loses all permissions, profile settings, and all other settings associated with the old SID and GUID.
When you restore a deleted user or group from a backup, the restored user or group will have the same SID and GUID as the deleted object, and will have all the settings associated with that SID and GUID.