I know I keep banging on about this but it really does bother me that we are not adequately protecting Active Directory (AD) as the primary directory service in Windows. Microsoft Exchange, SQL, and SharePoint all depend on efficient backup and quick recovery of AD. So if you have any of these business applications you should be thinking about how you backup, and more to the point, restore AD. We all know that AD data has a bad habit of corruption which can have a disastrous affect across the Windows environment.
AD objects can get modified or deleted by mistake, faulty scripts accidentally overwrite key AD attributes. Since it is a replicated database an accidentally deleted user account can result in a lengthy process while someone struggles to recover the AD environment. Ultimately, we can end up at the mercy of AD. Anyone who has ever had to recover AD understands the frustration and time involved with what should be a basic recovery process – but isn’t.
Enter the BE Agent for AD
Symantec Backup Exec 12.5 Agent for Microsoft Active Directory is designed to overcome these recovery limitations. It can dramatically reduce the time to recover, leveraging Granular Recovery Technology (GRT) which give you the ability to restore individual AD items, while Active Directory is online, including:
- Individual User Accounts
- Organizational Units (OU’s)
- Printer Objects
- Even Individual AD attributes and values including names, addresses, phone numbers, email addresses, etc. all from a fast single-pass database level backup of Active Directory.
Key Benefits of Backup Exec 12.5 Agent for Microsoft Active Directory
- Centralised System State and Active Directory protection
- Online, granular recovery of individual Active Directory objects
- Point and Click restores
- Restore objects without rebooting AD Domain Controllers
- Single Pass Backups for complete AD or object level recovery from single backup
The embedded Granular Restore Technology gives you the ability to restore individual AD objects down to the individual attribute level without restoring the entire AD. Single-Pass Backup with GRT Eliminate separate slow individual object level AD backups forever. Complete data protection requires only one backup job saving space on vital disk and/or tape media and ensure each backup completes quickly.
- Online AD Recovery (no reboots required)
- Recover important Active Directory information while Active Directory is online
- Completely Automated Object Recovery
- Ensure deleted AD objects to be recovered with their original IDs and correct links to other Active Directory objects, eliminating the need to re-create the IDs and broken links
- Disk to Disk or Disk to Tape Backup and Recovery
- Flexible backup and recovery capabilities allow for backup to disk for fast recovery or backup to tape for long-term storage
So anyone who is running Exchange, SQL, or SharePoint would quite naturally have the BE application or database agent as appropriate. In which case it makes absolute sense that you would also have the Agent for AD … wouldn’t it?
One of the really cool functions of BE is the Granular Recovery Technology (GRT). By the way, anytime you need more information on any aspect of BE please see the Backup Exec for Windows Servers Administrator’s Guide. In fact, don’t take my word for it, download from here:
Just a few tips to help you get the best out of BE’s GRT:
- Review the requirements for staging locations in the Administrator’s Guide.
- You must use a staging location for GRT-enabled jobs in the following scenarios:
- You back up to or restore from a volume with file size limitations.
- You restore granular items from tape.
- You run an off-host backup job.
- You are better off creating a separate backup-to-disk folder specifically for all GRT enabled backup jobs – this really simplifies media management. You will need to manage the IMG media that GRT enabled jobs create differently than other backup-to-disk media.
- Don’t allocate a maximum size for backup-to-disk files. If you do then you are in danger of getting failed jobs because of low disk space. This is because the backup-to-disk file often occupies extra space since GRT information is stored in IMG media and Backup Exec will only create a backup-to-disk file that is as large as the size that you specified.
- If you are using frequent incremental GRT enabled jobs it is a really good idea to run a full GRT enabled backup job every so often. This is because each incremental GRT enabled job requires a small amount of internal storage. If this storage amount increases too much, it can affect system resources. When you run the full GRT enabled backup job, you make available the storage space that has accumulated from incremental jobs.
12.5 delivers GRT for Exchange, Active Directory, SharePoint Server, and SharePoint Services which gives you the ability to recover granular data quickly and efficiently from a single-pass backup. It means, for example, that you do not have to run Exchange mailbox backups to recover granular data, including documents, list items and user attributes, or properties.