Topics | How To | Related Topics
Things to Consider when Creating and Configuring Active Directory Subclients
The following table shows subclient creation and configuration details specific to the Active Directory iDataAgent.
Agent |
Type of Data | Default Subclient created during install of the Agent | Supports Default Subclient | Supports User Defined Subclient | Contents of the default subclient when user-defined subclient is present | Other Types of subclients supported by the Agent | Notes |
Active Directory iDataAgent | database | Yes | Yes | Yes | portion of database not assigned to other subclients, unless otherwise configured* | None | *See Caution Against Re-configuring Default Subclient Content. |
The figure below shows a simple subclient configuration for an Active Directory database.
Subclient2 is a user-defined subclient consisting of the Computers and Users portion of the Active Directory database. The default subclient consists of all other data in the Active Directory database, which in this example is the Domain Controllers and Printers portion of the database. Each subclient, when it is backed up or restored, establishes a logical data channel through which data can travel to or from the backup media.
The Active Directory iDataAgent is designed to back up and restore database objects within an Active Directory Domain. Subclient content for this iDataAgent consists of Domain Components (DC), Organizational Units (OU), as well as Common Names (CN) for users, groups and computers. After installing this iDataAgent, a default subclient is automatically created by the system and initially its content is the entire Active Directory database on the client. However, you can create additional user-defined subclients, and any content not assigned to them remains as content in the default subclient. Note that the indicator of default subclient content for this agent is represented by a comma (,).
When you configure subclient content, you browse the Lightweight Directory Access Protocol (LDAP) path tree structure and select the objects you want protected. The resulting content will display the LDAP path as follows:
,CN=Administrator,CN=Users,DC=Company,DC=com
A useful way to distribute the subclient content of an Active Directory client is by departments, corresponding to Organizational Units, as shown in the example below:
Client-A contains the following departments that are set up as Organizational Units in the Active Directory database:
After installing the Active Directory iDataAgent, the default subclient content included all of these OU's. The data can then be distributed across subclients to better balance the backup load. For example, three new user-defined subclients were created, each containing backup data for a particular department, resulting in the following subclient content configuration for the client:
Note that the comma indicates that this subclient's content contains all portions of the database on the client not assigned to other subclients. In this example, the comma (,) represents the following LDAP paths:
,CN=Computers,DC=generic,DC=company,DC=com
,CN=Users,DC=generic,DC=company,DC=com
,OU=Accounting-Department,DC=generic,DC=company,DC=com
Distributing the client data using subclients in this way can help improve backup performance as well as facilitate storage resource billing by department.
Data protection filtering is not applicable for this agent.
Wildcards and regular expressions are not supported for this agent when defining subclient content.
For more information, see Things to Consider when Creating and Configuring Active Directory Subclients.
Once installed, the agent is configured and is therefore able to manage the data or volumes on the client computer. However, you can change certain aspects of the subclient configuration to manage the data in the manner that best suits your needs.
You can view or change the subclient configuration from the Subclient Properties dialog box. The following information can be configured.
You can enable or disable all operations for this CommCell object and all objects below it. For more information, see Activity Control.
You can define the content of the subclient. Most agents include a configure button that displays a dialog where you can add or modify the data included as subclient content. For step-by-step instructions, see Configure Subclient Content.
For more information, see Subclient Content.
Several configurable options to efficiently use available resources for transferring data secured by data protection operations are provided in the subclient. This includes the following:
You can enable or disable the encryption of data for transmission over unsecure networks and for storage on media. For more information, see Data Encryption.
You can view the data paths associated with the primary storage policy copy of the selected storage policy or incremental storage policy. You can also modify the data paths for the subclient including their priority. For additional information, see Configuring Alternate Data Paths for Subclients.
You can add, modify or view Pre/Post processes for the subclient. These are batch files or shell scripts that you can run before or after certain job phases. For more information, see Pre/Post Processes.
You can associate the subclient to a storage policy. For more information, see Storage Policies.
You can rename a user-defined subclient.
You can define an account with permissions to execute Pre/Post commands for the agent's archive, backup, or volume creation jobs.
See Active Directory iDataAgent: Other User Accounts in User Accounts and Passwords for more information.
You can perform the following functions:
For more information, see User Administration and Security.
We recommend that you do not re-configure the content of a default subclient because this would disable its capability to serve as "catch-all" entity for client data. As a result, the likelihood that some data will not get backed up or scanned for archiving would increase.