Choose from the following topics:
The Active Directory iDataAgent provides a feature set above what a system state backup can provide. The Active Directory iDataAgent is designed to give granular backup and restore of individual Active Directory attributes.
Data Protection and Data Recovery Operations can be performed for Active Directory objects on a domain controller or AD LDS/ADAM attributes.
The following data types are supported by the Active Directory iDataAgent:
Active Directory iDataAgent backs up modifiable and non-modifiable attributes. Active Directory iDataAgent does not restore the following non-modifiable attributes as they are controlled by Active Directory:
Data Protection Operations for all other data types not mentioned in the above lists are not supported by the Active Directory iDataAgent.
While restoring the Active Directory partitions, consider the Restrictions on Schema Extensions.
When the Active Directory iDataAgent is installed, the following levels are automatically created in the CommCell® Browser:
![]() |
|
pear:
Client Active Directory: Agent defaultBackupSet: Backup Sets |
default: Subclients |
To perform a data protection operation using this Agent a specific Product License must be available in the CommServe® Server.
Review general license requirements included in License Administration. Also, View All Licenses provides step-by-step instructions on how to view the license information.
There are two ways to secure Active Directory objects on Windows Servers:
When you delete an object in Active Directory, the object is stripped of most of its attributes and moved to the deleted object folder (which is hidden and consequently not backed up). During a restore, the system undeletes the object and restores all of its attributes.
![]() |
When restoring the attributes of an undeleted
object on Windows Server 2003, the system brings back the user
account as enabled, but the operating system security marks it as
disabled. You will be prompted to reset the password upon the next
log on.
However, if you have run the adldaptool.exe utility prior to backing up the Active Directory, the passwords will be restored and there will be no need to reset them. See Backup - Active Directory for more information. |
The following example shows the iDataAgents needed to fully secure a hypothetical heterogeneous computing environment.
ADAM attributes can be protected and recovered in the same way as any other Active Directory attribute.
During installation of the software, any existing ADAM attributes are automatically discovered and assigned to the default subclient, provided the credentials for each instance are identical. Instances may then be added or removed at a later time as you would any other instance.
![]() |
Active Directory Application Mode (ADAM) for Windows Server 2003 R2 has been renamed to Active Directory Lightweight Directory Services (AD LDS) for Windows Server 2008. |