Recovery Page Tiles
On the Recovery tab, the Recovery page provides a visual summary of all Recovery Plans created in the forest. When you create Recovery Plans, a tile for each plan is displayed on the Recovery page. The tiles provide an at-a-glance overview of the current state of each Recovery Plan and allows you to manage them from one place.
To create a Recovery Plan, on the Recovery page, select Create Recovery Plan. A new tile is displayed on the page showing the default plan name, status (in this case, New), a summary of its scope, and links that allows you to take quick actions. When you create a new Recovery Plan, the tile for the plan is displayed as the first tile on the top left of the page. After you configure the Recovery Plan (see Configuring Recovery Plans), you can verify the plan (see Verifying Recovery Plans) and then start recovery (see Performing Recovery). The tile then updates to reflect the progress or completed actions of verification and recovery tasks, including any errors.
Status
This section displays recent activity and the current state of your Recovery Plan. Selecting a status entry on the tile opens the Tasks page filtered by the specific Task ID. The possible status entries are as follows:
- New – The Recovery Plan has been created but not yet run.
- Verification
- Verify Recovery Plan in Progress – The verification of the Recovery Plan is in progress.
- Last Successful Verify Recovery Plan – The time of the last successful verification of the Recovery Plan.
- Verify Recovery Plan Canceling – The verification of the Recovery Plan is in the process of being canceled.
- Verify Recovery Plan Canceled – The verification of the Recovery Plan has been canceled.
- Verify Recovery Plan Failed – The time of the last failed verification of the Recovery Plan.
- Recovery
- Recovery in Progress – The Recovery Plan is in the process of recovery.
- Last Successful Recovery – The time of the last successful recovery.
- Recovery Canceling – The recovery process is being canceled.
- Recovery Canceled – The recovery process has been successfully canceled.
- Recovery Failed – The time of the last failed recovery.
Summary
This section displays an overview of the scope of your Recovery Plan.
- Domains to recover – The number of domains set to be recovered out of the total number of domains in the forest.
- Domain controllers to recover – The number of domain controllers in the domain set to be recovered out of the total number of domain controllers.
Action Links
You can use the links on the bottom of the card to perform the following actions:
Configuring Recovery Plans
This section guides you through the process of configuring a Recovery Plan.
- Editing General Settings. On the General tab, define the plan’s basics, including its name and the backup criteria, and enable simulation mode (if needed).
- Editing Domains. On the Domains tab, configure the domains in the forest by selecting a recovery method for each domain. Depending on the chosen recovery method, you may need to specify credentials and DNS configurations.
- Editing Domain Controllers. On the Domain Controllers tab, configure the domain controllers in the forest by selecting a recovery method for each domain controller. Depending on the chosen recovery method, you may need to specify credentials, target server, backup selection, and other options.
|
NOTE: If you edit any details in the Recovery Plan configuration (on the General, Domains, or Domain Controllers tab), the verification or recovery progress view will no longer be available until a new task is started. For more information, see Recovery Plan Progress. |
Editing General Settings
After creating a Recovery Plan (Recovery tab | Create Recovery Plan), you can view and modify the default name and backup criteria for the Recovery Plan on the General tab.
To edit general settings of a Recovery Plan
|
NOTE: If you edit the general settings, this clears the Status column in the progress view and removes access to the list of operations performed during the last verification or recovery. For more information, see Recovery Plan Progress. |
- From the Recovery tab, on the tile for the Recovery Plan you want to edit, select Open.
|
NOTE: If you have not yet created a Recovery Plan, on the Recovery tab, select Create Recovery Plan. |
- On the General tab, enter a unique name for the Recovery Plan or use the default name.
- To enable simulation mode, turn on the Enable Simulation Mode toggle. For more information, see Simulation mode below.
- Under Backup Criteria, use the dropdown list to select the maximum age of backups allowed in the Recovery Plan. This automatically selects the most recent backup for each domain controller that is not older than the specified number of days. If there is no domain controller backup that meets the criteria, a backup must be manually selected for that domain controller; otherwise, the restore will fail. The default value is 14 days.
- Select Save
Simulation mode
Disaster Recovery for Identity for Active Directory allows you to run verification and recovery operations using simulation mode. This mode runs through simulated verification or recovery operations using topology information from the connected Active Directory forest and its backups. This mode successfully completes verification and recovery operations without using target machines, allowing you to test the workflow of Recovery Plans and identify issues without risk to the data or forest.
To enable simulation mode for a Recovery Plan
- On the General tab of the Recovery Plan configuration, under Recovery Plan, turn on the Enable Simulation Mode toggle.
- Select Save.
To indicate that a Recovery Plan is in simulation mode, a badge or icon is displayed in the following locations:
- In the summary bar of the Recovery Plan configuration
- On the Recovery Plan tile on the Recovery page
- In the summary bar on the domain controller Operations page
- On tasks on the Tasks page
- On events on the Events page
Editing Domains
After specifying details on the General tab, you need to configure the domains within the forest. The table on the Domains tab allows you to view and edit the configurations for each domain, including the recovery method, the credentials, and DNS configurations (if applicable).
The following information is displayed for each domain:
- Domain – The fully qualified domain name (FQDN) of the domain.
- Domain Recovery Method – The recovery method selected for the domain.
- DC Backup Coverage – The number of domain controllers (DCs) that have backups matching the selected backup criteria out of the total number of DCs in the domain. If needed, adjust your backup selection or create additional backups.
- Credentials – Indicates whether or not credentials are provided (or not required).
- DNS Configuration – Indicates the method for selecting a DNS server (Automatically Selected or Manually Selected). If the recovery method does not require DNS configuration, Not Applicable is displayed.
To edit domains in the Recovery Plan
On the Domains tab, select the name of the domain you want to configure. The Domain Configuration page is displayed.
|
NOTE: If you edit the domain configurations, this clears the Status column in the progress view and removes access to the list of operations performed during the last run verification or recovery. For more information, see Recovery Plan Progress. |
For each domain, you need to specify a recovery method. When you create a Recovery Plan, the default recovery method Recover Domain is set for the domain. You can change the recovery method for the domain to one of the other available methods. In some cases, the recovery method you select for the domain affects the recovery method that is available for the domain controller. Click the link below to go to the recovery method you want to select or configure and follow the steps in that section.
|
NOTES:
- Before selecting a recovery method, it is highly recommended that you read Recovery Methods in the Recovery Considerations and Best Practices section.
- The Ignore Healthy Domain and Delete Domain options are not supported at the same time; you cannot include both options in a Recovery Plan.
|
Recover Domain
This method enables the restoration of the entire forest or specific domains within the forest by recovering one or more domain controllers from a backup. This is the default recovery method assigned to all domains when a new Recovery Plan is created. At least one domain in the Recovery Plan needs to be set to be recovered, and at least one domain controller in the domain must be restored from a backup (using the Restore to Clean OS recovery method).
|
NOTE: If the recovery method for the domain is set to Recover Domain, the Restore to Clean OS recovery method is set by default for all domain controllers in the domain. |
If the Recover Domain method is selected, perform the following steps:
- Specify or change the server access credentials. To learn more about each credential type, see Server Access Credentials in the Recovery Considerations and Best Practices section. When credentials are specified at the domain level, they are applied to all domain controllers within that domain. If needed, you can change the credentials for individual domain controllers from the Domain Controllers tab.
- Domain Username – An Active Directory Domain Admin account that existed when the backup was created.
- Domain User Password – The password for the domain.
- Local Username – The username for the local account that has Local Administrator rights on the target.
- Local User Password – The password for the local account.
- DSRM Administrator – The username for the DSRM administrator.
- DSRM Administrator Password – The password that the DSRM password will be set to when the target machine is promoted to the domain controller.
- Confirm DSRM Administrator Password – Confirm the DSRM administrator password.
|
NOTE: For the Recover Domain method, you need to specify all credentials here or in the domain controller configuration. |
- You can change the DNS server configuration. It is highly recommended that you read DNS Configuration in the Recovery Considerations and Best Practices section.
- Select DNS server automatically – Automatically selects and assigns a DNS server for each domain controller in the domain. This option is selected by default.
- Use preferred DNS server(s) – Specify the DNS servers manually by entering one or more IP addresses, each separated by a semicolon.
- Select Save.
Ignore Healthy Domain
This method excludes the healthy domain from recovery while keeping it intact in the forest. This option performs configuration changes on domain controllers within the domain to ensure connectivity to the recovered domains.
|
NOTE: If the recovery method for the domain is set to Ignore Healthy Domain, the Adjust to Active Directory Changes recovery method is set for all domain controllers and cannot be modified. |
If the Ignore Healthy Domain method is selected, perform the following steps:
- You can change the domain credentials. When credentials are specified at the domain level, they are applied to all domain controllers within that domain. If needed, you can change the credentials for individual domain controllers from the Domain Controllers tab.
- Domain Username – An Active Directory Domain Admin account that existed when the backup was created.
- Domain User Password – The password for the domain.
|
NOTE: For the Ignore Healthy Domain method, you need to specify domain credentials here or in the domain controller configuration. |
- Select Save.
Delete Domain
This method removes the domain from the forest by cleaning up its metadata from all restored and existing domains. This option cannot be used on the forest root domain.
|
NOTE: If the recovery method for the domain is set to Delete Domain, the Remove DC recovery method is set for all domain controllers and cannot be modified. |
After selecting the Delete Domain recovery method, select Save.