+11Hi!
I've seen here in the communities a few thread regarding Commvault's ability to fully protect AD/domain controllers.
Has this been addressed in the later releases (11.28+)? I mean, what is the correct strategy? AD iDA + system state with the FS iDA?
Is this sufficient for a full DC recovery and also for granular recoveries of AD objects?
Regards,
Pedro
Best answer by Damian Andre
To expand - the Active Directory IDA only allows granular recovery of AD objects - like restoring user attributes etc. You cannot perform a full AD restore with that agent.
Full AD restores require system state backups as part of the file system iDA. You can use the mining tool if you don’t want to use the AD agent but that is much more effort.
So yes, having both provides full coverage with the best recovery options.
Instructions for restoring a domain controller: https://documentation.commvault.com/2022e/essential/57210_recovering_windows_file_system_data.html
There is really one critical item to be aware of. If you need the backup data to overwrite all domain controllers, you need to perform an authoritative restore (overwrite AD on all DCs).
I’d definitely recommend trying out some AD/DC recovery scenarios in an isolated environment, as there are always nuances with restoring system state on top of an existing machine, and its best to test that ahead of time than figure them out during an actual disaster.
Hi
You can check this link in our Documentation:
https://documentation.commvault.com/2022e/expert/14387_active_directory.html
Best Regards,
Sebastien Merluzzi
+23To expand - the Active Directory IDA only allows granular recovery of AD objects - like restoring user attributes etc. You cannot perform a full AD restore with that agent.
Full AD restores require system state backups as part of the file system iDA. You can use the mining tool if you don’t want to use the AD agent but that is much more effort.
So yes, having both provides full coverage with the best recovery options.
Instructions for restoring a domain controller: https://documentation.commvault.com/2022e/essential/57210_recovering_windows_file_system_data.html
There is really one critical item to be aware of. If you need the backup data to overwrite all domain controllers, you need to perform an authoritative restore (overwrite AD on all DCs).
I’d definitely recommend trying out some AD/DC recovery scenarios in an isolated environment, as there are always nuances with restoring system state on top of an existing machine, and its best to test that ahead of time than figure them out during an actual disaster.
+13Hello
I see that Commvault offers new approaches for Active Directory protection methods, such as Active Directory Forest-level recovery. Given these advancements, is a traditional image-level backup of an AD DC server sufficient for reliable restore operations?
I'd appreciate your feedback on this.
Nikos
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
