Hi, I'm Sean with Quest Software. And I would like to welcome you to the Recovery Manager for Active Directory Disaster Edition that shows how to create bare metal backups and perform a restore via the two new methods available in the new edition. Now with the Disaster Recovery Edition, we do not just recover Active Directory, we can also recover the domain controller's operating systems using our Bare Metal Recovery. On each domain controller you wish to backup with the bare metal feature, make sure that the Windows Server Backup feature is installed.
And if you want the backups encrypted, make sure that BitLocker feature is installed on the DC and on the Recovery Manager server. We use their Windows Server Backup files with our own metadata to restore through Recovery Manager. I already have an encrypted Bare Metal backup created. So go under the Properties of the collection, under the Backup tab, you now have the option to create a Bare Metal backup and also have the option to encrypt it with BitLocker.
If you choose to encrypt it, you need to enter a password when you're creating a forced recovery project. Currently we cannot store Bare Metal backups on the console. We recommend storing the backups on a UNC share that is secure, and recommend using the IP address of the server that host the share, because if AD is down, there's no DNS resolution to resolve the IP to the server name.
Let's take a look at the recovery project I created earlier. I used the bare metal backup to create the project. And all the metadata needed to restore will come from this backup. Just note that the backup needs to be unpacked, just the AD database on the RMAD server. So you'll need to have enough disk space on the C drive to do so.
Let's take a look at some of the settings I've configured and configurable ones. The Bare Metal Active Directory Recovery method is one of the new features. So we're going to use this method during the Verifying settings process. We'll get into more advanced lab and restore from both new methods.
Next, we need to select a bare metal backup taken by the RMAD console. If you have multiple backups, you can just uncheck the Use backup criteria to automatically select a backup. And hit the Select button and pick any backup you wish. I only have one to conserve space in my lab environment. You then need to supply credentials that have permissions to the Network store location where the backup file is located.
Another setting that can be specified is the Wipe all disks on the target machine before restoring from a backup. This is very helpful in case of a server had data on it, or a DC that had a disaster, and you want to wipe all the corruption, possible viruses, ransomware, et cetera, before restoring. When performing a restore, we combined both backups for the most recent state of Active Directory and the Operating system. So you might want to run a bare metal backup once a week, or possibly less frequent, and run the AD backups once a day, or whatever your compliance needs are.
There are also new network setting options, which are important to have configured properly. There are two options. One is to retrieve network and DNS settings from a backup. And this will restore the original IP configuration, including the Subnet mask and Default gateway. It's best to check that no other computer in has the IP address to avoid an IP conflict. You can also use the Custom IP setting by just selecting Use the following addresses, and fill out the IP, subnet mask, and default gateway.
There is another new recovery method called Install Active Directory From Media. This will allow you to install Active Directory to the existing domain and promotes a new domain controller using an AD database from another DC. This method requires to have at least one DC available, as using this method needs replication to successfully recover the DC. The really only difference in the settings is in the Install Active Directory parameters. You specify where the DC database, Log file pass, and Sys file pass are located. You also need to specify the IP address of the target machine where Active Directory is going to be installed.
All the data comes from the BKF file. This can be any backup file from any DC in the domain, except read only domain controllers. It does not require a backup file from the target machine where you're restoring to. And it would be best to use a global catalog server.
First, make sure that the server you're restoring to, mine is BlankHost1, which is a brand new server with no OS, is going to boot to the Quest Recovery Media ISO file. The media is created when verifying the project settings. I did this earlier to have it ready to go. First, it gets the info from the backup. Then it creates the Quest Recovery Media from the backup file and make sure it's available. And it boosts to the Quest Bare Metal Console.
The boot file uses WinRE, which is Windows Recovery Environment. And it's only used to boot the Bare Metal Restore Console. We use WinRE with some Quest tools to accomplish this. These tools configure the network, displays, the recovery process, and is responsible for starting and stopping the forced recovery agent. It also provides communication with the forced recovery console. As you can see, that all the checks and settings are green, which means you can start the recovery at this time.
I want to mention an important list of requirements needed on the target machine, before we start the recovery, in which we currently do not check for. The first would be that the target machine should have the same amount, or more, disks than the one that had the disaster. The disks will needed to be the exact same size, or greater than, the original DC.
The second requirement is that the firmware on the target computer must be compatible with the configuration of the source disks. If the physical disks on the source computer have a GPT partition style, the target computer must have UEFI firmware and must be booted in the UEFI mode. If the physical disks on the source computer have MBR partition style, then both the firmware types, BIOS and UEFI, are supported on the target computer.
Now it's time to start the recovery. I'm going to use a more complex environment I was able to get access to, for the recovery process, to show you that multiple DCs can be restored simultaneously. It's the same warnings and agreements that was in the forced edition that you need to accept. As you can see in the below left hand corner, there's a lot more recovery steps from when we verified the settings. Most of these are the same steps when performing the forced recovery from a non bare metal backup. The recovery time really comes down to the amount of size of volumes that were on the original DC.
Once the restored disks from a Windows Server Backup step goes green, you will need to go into either the BIOS and make sure your primary disk is the main boot device, or unmount the ISO if a virtual machine. So after the recovery is completed, it will boot to the operating system. As you can see, on the Quest Bare Metal Console that progress is being made with details below the Progress bar. And if you look back at the Forced Recovery Console, you can see the progress of all six servers being restored.
For the purpose of this video, I'm going to speed up the recovery process and continue on. One thing to note, is that there is a different license file for the Disaster Recovery Edition. And as you can see, five of the six servers has successfully been restored using the two new methods, the Bare Metal Restore and the Install Active Directory From Media. The one that's still in progress is just taking a bit longer than the rest.
And that completes this video demonstration. From all of us here at Quest, we thank you for taking the time to watch this video. And there'll be many more to come. To learn more about Recovery Manager for Active Directory Disaster Recovery Edition, visit us online.
07:11
