Hello!
Having just upgraded to 2024E, specifically 11.36.41, I notice the Active Directory agent now supports backups for GPO as documented here - Great. Changes in Commvault Platform Release 2024E
However, the permissions required are not particularly helpful:
-
Permissions to Back Up Group Policy Objects via PowerShell: The account must have the necessary permissions to back up GPOs using PowerShell cmdlets. By default, members of the Remote Management Users group possess these permissions.
My question is, if you don’t want the account to be a member of “Remote Management Users” or admin groups, what granular permissions can be set on the account to still achieve the backup?
full error:
-----
Currently whilst the backup is completing for AD as it always has, its now completing but with error “Failed to process group policy object”.
Error Code: [28:548]
Description: Failed to process group policy object. Please verify following: (1) User account configured in Active Directory connection settings is member of Remote Management Users group or has administrator permissions. (2) User account configured in Active Directory connection settings has read and write permission to job results directory.
-----
