none
DPM 2012 R2 without AD RRS feed

  • Question

  • Hello just simple answer. Exist a way how to restore data from DPM 2012 R2 without Active Directory running?

    I don´t have this problem now (luckily).

    I did not found nothing about this scenario. I understand why this is possible not supported because MS lives in his big cloud and all AD servers are installed much more than twice. But let´s imagine customer who has two AD servers and those two servers from some reason fails both. Logically what would customer do, ask backup server for AD backup. And what will say DPM? No way, I don´t have AD. No AD, no Data.

    I am now solving this problem using extra backup of AD by Windows backup to external volume out of DPM, but this is from my point very dummy access. Other solution can be the separate AD for DPM but this have lot of limitations especially If I have cluster or something like this.

    Competitors are strictly independent in this way.

    This is one important thing which I hate on DPM. In other way DPM is the one of the fastest backup solution on the market with lot of intelligent features.

    Thursday, December 31, 2015 9:38 AM

All replies

  • Hi Michal, 

    In this scenario I would recommend using Online Protection within DPM to backup your Domain controller/controllers offsite to Azure. In the event of a total disaster and all DCs becomes unavailable your can install the Azure Backup Agent on any server and recover your data from your Azure Backup Vault.

    Another solution would be to use tapes to store your DC-backups as tapes can be imported to another DPM-server(for example a DPM-server in a dummy-domain) and restore your backups.

    Kind Regards
    Markus Eliasson

    Monday, January 4, 2016 8:18 AM
  • Solved !!!

    Thank you for reply. I know these principles. No problem to do this. But there are some situations where you cannot use Online Protection and it is impossible to implement everything from Azure.

    But VERY GOOD NEWS. It is possible to do this.

    If everything in company crashed and you have just backup server and nothing else you can still rescue data saved on DPM server.

    First good news: login informations are in the cache, so if DPM cannot contact AD it is possible to start console, but it can cause lot of problems when you are restoring datas because AD connection is required to operate with agent. Here it is 50/50. If yes you are lucky, just restore System state of AD server and then you can start Active Directory domain from this and other steps are quite common because AD will be operational.  But if this fails then you must go by more dirty way.

    Limitation: After this operation DPM will not be available for other future backups and must be reinstalled. (In case that you have DPM in virtualization, you can simply make a snapshot before).

    Requirement: Local account (from DPM) must have sysadmin rights to SQL server.

    Howto:

    First separate new domain controller will be required. physical or virtual

    Just do basic setup of new domain (it is good to place it into different VLAN or on the separate switch)

    Stop all services (DPM, SQL). Just for prevention, copy the database files to some safer place.

    And then disjoin computer from domain and add to workgroup. Reboot number 1

    Join computer to temporary domain. Reboot number 2

    Service MSSQLSERVER must be changed from domain account (now invalid) to local account or Local Service. Start service.

    Login to server as local user with sysadmin rights to SQL server

    Open SQL Management studio, Management, Users and here you must add new domain account for MSSQL service as sysadmin and also add your Administrator account from temporary domain as sysadmin.

    Now you can change the MSSQLSERVICE back to the domain account from temporary domain. Edit also SQL Agent and Reporting service.

    Now login using Administrator account from temporary domain, open SQL Management studio

    Now you must add computer account of DPM server as a new SQL Server user. This must be done manually. write yourdomain\computeraccount$, add sysadmin rights and OK.

    Now you must open registry: HKLM\Software\Microsoft\Microsoft Data Protection Manager\setup and here you must edit last two records with the name of the service account. SchedulerJobOwnername and SQLAgentAccountName. Edit to your new SQL server service account.

    Return back to SQL Studio and open Database DPMDB_computername

    Find tbl_AM_Server table from Tables. Right click on it and Edit top 200 Rows.

    Here you must edit the name of DPM server to the new name with appropriate temporary domain.

    Now you have DPM server fixed. Restart computer and all services will be running and DPM working and ready to restore your backups. Just restore your Active Directory and other important datas. You can add new agents to some hardware for restore.

    It is VERY DIRTY WAY and I can call this as last resort. But good news is that YES, it is possible.

    It can be possible to return the setup back to original domain. But for recovery operation and for total disaster solution it can be useful to do this by this way.

    Also the situation when local administrator is not sysadmin can be solved:

    http://stackoverflow.com/questions/9889334/how-do-i-grant-myself-admin-access-to-a-local-sql-server-instance

    Some other ideas how to do this better?

    Wednesday, January 6, 2016 12:41 PM
  • Does this process work for DPM 2016?  I currently store my DPM VM and it's storage on a mirrored array, and just pull one of the drives every week for a cheap offsite backup.  I tried this process last night, but couldn't get it to work.  Not sure if DPM 2016 still supports this process or I did something wrong...
    Sunday, February 4, 2018 11:38 PM