V11 SP8
Loading...

Advanced Configuration - Active Directory iDataAgent

Table of Contents

Understanding the CommCell Console

Active Directory iDataAgent uses following main components to perform backup and restore operations from the CommCell Console.

Backup Set - collective information of all the data that needs to be backed up for the client.

Subclient - defines the data to be backed up.

Creating a Subclient to Back Up Specific Organizational Units

The default subclient contains the entire active directory database. You can create user defined subclient to manage and back up specific Domain Components (DC), Organizational Units (OU) or Common Names (CN).

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | Backup Set.
  2. Right-click the Backup Set, point to All Tasks and then click New Subclient.
  3. In the Subclient Name box, type a name.
  4. Click the Storage Device tab.
  5. In the Storage Policy list, click a storage policy name.
  6. Click the Content tab.
  7. Click Browse.
  8. Select the organizational unit to be backed up and click Add.

    Repeat this step to include all the organizational units to be backed up.

    When you add an organizational unit to a subclient, it is automatically excluded from the default subclient.

  9. Click Close.
  10. Click OK.

Modifying User Account for the Active Directory Server

By default, the user credentials provided during the Agent installation are used to back up the Active Directory Server.

At the Agent Level

Use the following steps to change the user credentials at the Agent level:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Active Directory and click Properties.
  3. Click Change Account.
  4. Type the username and password for the user account which has rights to back up and restore data from the Active Directory Server.

    The correct format for specifying a user is Domain\User.

  5. Click OK.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

The user credentials provided at the client computer group level are ignored if the client belongs to more than one group. In this case, provide the user credentials at the instance level.

Enabling Restore of Passwords

You must run adLdapTool.exe on the client before your first backup to enable restores of passwords for Users and Computers. Follow the steps given below to run this utility:

  1. Login to client computer using the user account, which has administrative privileges for the domain and Active Directory Schema.
  2. Open the Command Prompt and navigate to the following location:

    <Install Directory>\Base

  3. Enter the following command:

    adLdapTool.exe <domain_name\domain_administrator_user_name> <password> -hostserver <fully_qualified_directory_host_server_name> -port 389 <LDAP_port_number> -setschema 1

    If you are running the adLdapTool.exe utility on a ADAM or LDS Server, enter the following command:

    adLdapTool.exe <domain_name\domain_administrator_user_name> <password> -hostserver <fully_qualified_directory_host_server_name> -port <instance_LDAP_port_number> -adam -setschema 1

    The adLdapTool sets following values to the searchFlags attributes of "Unicode-Pwd" and "SID-History" found under CN=Schema and Cn=Configuration:

    Value for Unicode-Pwd - 0x00000008

    Value for SID-History0x00000009

    Due to this setting, Active Directory will preserve these two attributes on deletion.

Configuring Pre and Post Processing for Backups

Setting Up Pre and Post Processes

You can add and modify Pre/Post processes for a subclient. These are batch files or shell scripts that you can run before or after certain job phases. For example, you can use an echo command to check the level of a backup. Similarly, you can include a case statement within a script to run specific operations based on the level of the backup job.

A Save As Script file can also be run as a pre/post process, if you include the absolute path of the associated input file in the script file.

See Pre and Post Processes - Commands and Arguments for information on additional arguments that the CommServe sends to the Pre and Post processes.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | BackupSet.
  2. Right-click the <Subclient> in the right pane, and then click Properties.
  3. Click the Pre/Post Process tab.
  4. Depending on the process you want to set up, click the corresponding Browse button.
  5. Select the batch file or shell script and then click OK.

Setting Up Post Processes to Run during Failures

By default, a specified post process command is executed only on successful completion of the scan or backup operation or if the job is killed.

Use the following steps to run a post process even if the scan or backup operation did not complete successfully. For example, this may be useful to bring a database online or release a snapshot.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | BackupSet.
  2. Right-click the <Subclient> in the right pane, and then click Properties.
  3. Click the Pre/Post Process tab.
  4. Select the Run Post Backup Process for all attempts check box.
  5. Click OK.

Changing User Account for Executing Pre-Post Commands

You must specify the user account and password required for executing the Pre/Post commands.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | BackupSet.
  2. Right-click the <Subclient> in the right pane, and then click Properties.
  3. Click the Pre/Post Process tab.
  4. Click Change.
  5. Select one of the following user accounts:
    • Use Local System Account - Select this option to use the local system account on the MediaAgent for executing the Pre/Post Process commands. 
    • Impersonate User - Select this option to use an authenticated user account for executing Pre/Post commands. However, if the specified user account is not available on the MediaAgent, backup jobs using Pre/Post commands will fail.
  6. Click OK.

Modifying an Agent, a Backup Set or a Subclient

The following table describes the properties that can configured from the agent, backup set and subclient levels.

Option Description Related Topics
Change Storage Policies You can modify the storage policies in any of the following situations:
  • To include a different media for the backup operation.
  • To use a storage policy with a different retention criteria.

You can change the storage policies from the subclient level.

  1. From the CommCell Browser, right-click the subclient.
  2. Click Properties.
  3. Click Storage Device.
  4. Select the Storage policy from the drop-down menu.
  5. Click OK.
Refer to Storage Policies.
Rename a Backup Set or Subclient You can rename backup sets and subclients.

Renaming BackupSet:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory.
  2. Right-click the <Backup Set>, and then click Properties.
  3. In the Backup Set box, type a name.
  4. Click OK.

Renaming subclient:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | <Backup Set>.
  2. Right-click the <user-defined Subclient>, and then click Properties.
  3. In the Storage Policy list, click a storage policy name.
  4. Click OK.
 
Data Transfer Options You can efficiently configure the available resources for transferring data secured by data protection operations from the subclient level. This includes the following:
  • Enable or disable Data Compression either on the client or the MediaAgent.
  • Configure the transfer of data in the network using the options for Network Bandwidth Throttling and Network Agents.

You can configure the data transfer options.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | BackupSet.
  2. Right-click the <Subclient> in the right pane, and then click Properties.
  1. Click the Storage Device tab.
  2. Click the Data Transfer Option tab.
  3. Choose the appropriate software compression option for this subclient.
  4. Select the Throttle Network Bandwidth check box, and set the required bandwidth.
  5. Click OK.
Refer to Data Compression and Network Bandwidth Throttling.
View Data Paths You can view the data paths associated with the primary storage policy copy of the selected storage policy or incremental storage policy. You can also modify the data paths including their priority from the subclient level.
  1. From the CommCell Browser, navigate to Client Computers | <Client> | Active Directory | BackupSet.
  2. Right-click the <Subclient> in the right pane, and then click Properties.
  1. Click the Storage Device tab.
  2. In the Storage Policy list, click a storage policy name.
  3. Click Data Paths.
 
Configure Activity Control You can enable backup and restore operations from the agent and subclient level. However, you can enable restore operations only from the agent level.
  1. From the CommCell Browser, navigate to Client Computers | <Client>
  2. Right-click the <Client> or <Subclient> in the right pane, and then click Properties.
  3. Click the Activity Control tab and select or clear option(s) as desired.
  4. Click OK.
Refer to Activity Control.
Configure User Security You can configure user security from the agent or subclient level. You can perform the following functions:
  • Identify the user groups and roles associated with the CommCell object.
  • Associate this object with a user group and role.
  • Disassociate this object from a user group and role.
  1. From the CommCell browser, right-click the subclient and then click Properties.

    The Subclient Properties dialog box appears.

  2. Click the Security tab and then click Add.

    The Add Users and Groups dialog box appears.

  3. In the Users and Groups section, select the user group to associate with the CommCell object, and then click Add.
  4. In the Role section, select the role to associate with the CommCell object.
  5. Click OK.

    For this subclient, the users in the user group are restricted by the permissions in the role.

Refer to User Administration and Security.
Enable and Disable Data Encryption When you configure encryption at the client level, it is configured automatically for all the subclients associated with all the agents installed on that client. If you want to disable or change the encryption at the subclient level, follow the steps given below:
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Encryption.
  4. Select the desired encryption.
  5. Click OK.
Refer to Data Encryption.
View Software Version and Installed Updates The Version tab, at the Agent level displays the software version and post-release service packs and updates installed for the component.
  1. From the CommCell browser, right-click the agent.
  2. Click Properties.
  3. Click Version.
  4. Click OK.
 
CommCell Configuration Report The CommCell Configuration Report provides the properties of the CommServe, MediaAgents, clients, agents, subclients, and storage policies within the CommCell based on the selected filter criteria.
  1. On the CommCell Console menu bar, select the Reports tab.
  2. Click Configuration.

    The Report Selection dialog box appears.

  3. Click Run.
Refer to CommCell Configuration.

Deleting an Agent, a Backup Set or a Subclient

The following sections describe the steps involved in deleting an agent, backup set or subclient.

When you delete an instance or backupset, the associated data is logically deleted and you can no longer access the corresponding data from CommCell Console for recovery purposes.

Refer to the troubleshooting article on Recovering Data Associated with Deleted Clients and Storage Policies for information on how to recover data if you accidentally delete an entity.

Deleting an Agent

You need to uninstall or DeConfigure the agent software from the client computer before deleting from CommCell Browser. After you delete the client software, you can either leave the corresponding data intact for appropriate action or you can remove the data immediately. If you choose to remove the data immediately, you must delete the agent from the CommCell Browser. If you delete the agent, all of the agent's data is irretrievably lost.

  • You cannot delete an agent while operations for that agent are running.
  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click the <Agent>, and then click Delete.
  3. A confirmation message is displayed with the following message:

    This operation will permanently delete the data backed up from this level and it cannot be restored.

  4. Click OK to continue with the deletion operation or click No to abort the deletion.

Deleting a Backup Set

Consider the following before deleting a Backup Set:

  • You cannot delete a default Backup Set.
  • Schedules associated with the Backup Set are also automatically deleted.
  1. From the CommCell Browser, navigate to Client Computers | <Client> | <Agent>.
  2. Right-click the <Backup Set>, and then click Delete.
  3. A confirmation message is displayed, asking if you want to delete the Backup Set.

    Click No to cancel the deletion and retain the Backupset, or click Yes to continue the deletion.

Deleting a Subclient

Consider the following before deleting a subclient:

  • You cannot delete a default subclient.
  • Schedules associated with the subclient are also automatically deleted.
  1. From the CommCell Browser, navigate to Client Computers | <Client> | <Agent> | <Backup Set>.
  2. Right-click the <subclient> that you want to delete, and then click Delete.
  3. A confirmation message is displayed, asking if you want to delete the subclient.

    Click No to cancel the deletion and retain the subclient, or click Yes to continue the deletion.