- Notes, cautions, and warnings
- Preface
- PowerProtect Data Manager File System Agent Overview
- Enabling the File System Agent
- About the File System agent
- Application agent and File System agent coexistence
- File System agent prerequisites
- File System agent limitations
- Block-based backups
- Best practices for file system backups
- Configure the file system parallel backup setting
- Configure asset multi-streaming for file-based backups
- Protect an asset with the File System agent
- Protect an asset in a Microsoft Windows Server clustered environment with the File System agent
- Installing and uninstalling the File System agent on AIX
- Installing and updating the File System agent on Linux
- Installing and updating the File System agent on Windows
- Manage the File System agent
- Configure the centralized file-level restore service port number
- Update the application agent in the PowerProtect Data Manager UI
- Moving a File System agent from one PowerProtect Data Manager system to another
- Enable the File System agent after migrating File System assets to a refreshed server
- Managing Storage, Assets, and Protection
- Enable an asset source
- Discover a File System Host
- Protection policies for File System agent protection
- Supported protection policy purposes
- Supported protection policy objectives
- File System replication triggers
- Roadmap for planning a protection policy
- Before you add a protection policy for file system protection
- Add a protection policy for file system protection
- Asset-level configuration for protection policies
- Protection rules
- Cancel a File System agent backup or restore job
- Add a service-level agreement
- Extended retention for protection policies
- Edit the retention period for backup copies
- Delete asset backup copies
- Host CPU throttling
- Enable the use of pre-scripts and post-scripts with backups
- File Filters
- Centralized restore of a file-system asset
- Quick recovery for server DR
- Updating the File System agent hostname or IP address
- Reregister the agent after a PowerProtect Data Manager server hostname or IP address change
- Manage the PowerProtect agent service
- Performing Self-Service Backups and Restores with the File System Agent
- Performing Self-Service Backups and Restores for Disaster Recovery
- Performing Disaster Recovery with the File System Agent in Windows
- Disaster recovery limitations
- Preparing for disaster recovery
- Performing system-state recovery
- Recovering the Active Directory
- Performing bare-metal recovery
- Perform bare-metal recovery of Windows clusters
- Disaster recovery solution for Microsoft SQL application data
- Protecting Microsoft Distributed File System using BMR and SSR
- Performing application restores after bare-metal recovery
- Deleting temporary files after bare-metal recovery
- Performing Active Directory Data Recovery at a Granular Level
- File System Best Practices and Troubleshooting
- Glossary
PowerProtect Data Manager 19.16 File System User Guide
Active Directory Data Recovery at a Granular Level Overview
The PowerProtect Data Manager Active Directory Granular Level Recovery enhancement enables you to select a backup of an Active Directory (AD), browse and search the contents of the backup, and restore specific objects and attributes from the backup.
Active Directory stores information about objects on the network and makes this information easily accessible for administrators and users to find and use. AD undergoes a lot of changes every day, manually or by scripts in multiple ways like creating or modifying AD objects, accidentally deleting an AD object, or deleting multiple objects from a container. Protecting Active Directory objects against errors are crucial for the business. The AD Granular Level Recovery (GLR) enhancement helps in recovering individual AD objects and attributes in the event of data loss or corruption.
There are two ways to restore the AD data at a granular level:
- Performing centralized active directory data recovery using the PowerProtect Data Manager UI
- Self-service active directory data recovery using the command-line interface
Active directory has object types and classification. Object is the basic element of Active Directory. Objects have attributes that define and describe them. For example, the attributes of a user object might include the user's name, email address, and phone number. All objects of the same type or class have the same set of attributes, but they are distinguished from each other by having different values for at least one of these attributes. Some attributes are required to have values (First Name attribute of a user object), while other attributes can be optional (Telephone Number).
Active Directory Granular Level Recovery supports the following object types:
- User object - Required for users to log in the network.
- Computer object - Represent machines that belong to the domain.
- Container objects - These objects can contain other objects inside them, and we can make collection from them.
- Printer object - Pointers to printers on the network. If you create a network printer on a machine running Windows 2000, a related printer object is automatically created in Active Directory.
- Shared folder - Pointers to shared folders on a server on the network. If you create a shared folder on a computer running Windows 2000, an associated shared folder object is automatically created in Active Directory.
- Organizational Unit - Containers for organizing other objects in a hierarchical fashion.
- Group object - Collections of user accounts, computers, or other groups created for organizational purposes or for assigning permissions to shared resources.
- Group policy object - Group Policy Object (GPO) is a collection of settings that define the behavior of computers and users in an Active Directory environment. GPOs are used to enforce security policies, configure software settings, and manage user preferences across a group of computers or users.
Limitations
Active Directory Granular Level Recovery has the following limitations:
- Restoring the following attributes either manually or with APIs is unsupported:
- System owned attributes. For example, objectGUID, objectSid
- Security Accounts Manager attributes. For example createTimeStamp, modifyTimeStamp
- Constructed attributes. For example, badPasswordTime, badPwdCount
- Backlinks
- ADGLR does not support the restore operation to an alternate host if the AD version of the alternate host is lower than the primary host.
- The ADGLR operation is supported only if the operating system language is English, and does not support non-English languages.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\