Configure Active Directory

In reference to this TechNet article, by configuring Active Directory Domain Services to support end-user recovery.

Start by launching the DPM console, and click on Management.

Config AD 01

In the toolbar at the top of the screen, click on Options.

Config AD 02

On the Options dialog, on the ‘End-User Recovery’ tab, click on the ‘Configure Active Directory’ button.

Config AD 03

On the Configure Active Directory dialog, supply credentials with permissions to update Active Directory. Then press OK.

Config AD 04

You will encounter the following message, click Yes.

Config AD 05

You will also encounter this other message, press OK.

Config AD 06

NOTE: You may encounter the following error message. Press OK.

Config AD 07

We have to perform a workaround to accomplish this.

Extend Active Directory Schema

Since there is an issue with using the Configure Active Directory option, we have to perform a workaround.

The reason is the way the security of Windows 2008 is configured.

The workaround is to use the DPMADSchemaExtension tool, located in C:Program FilesMicrosoft System Center 2012DPMDPMEnd User Recovery. In order to run this tool logon to a domain controller map to the directory above and run DPMADSchemaExtension.exe.

Log onto a domain controller, and copy the DPMADSchemaExtension.exe tool from the DPM server to the domain controller. Right-click on the EXE and choose ‘Run as Administrator’.

AD Extension 01

On the following prompt, click Yes.

AD Extension 02

Enter Data Protection Manager Computer Name, note this is not the FQDN name of the server, but just the server name. Then press OK.

AD Extension 03

Enter Data Protection Manager Server domain name, note this will be the FQDN domain name so if your domain is yourdomain.local enter yourdomain.local. Then press OK.

AD Extension 04

Enter Protected Computer Domain Name. This field can be left blank if the DPM server is in the same domain as the Domain Controller that owns the Schema master role.

AD Extension 05

On this information dialog, press OK.

AD Extension 06

You may encounter the following prompt, especially if you are attempting this on Windows Server 2012. You will have to close this dialog, install .NET Framework 3.5 and then re-run the DPMADSchemaExtension.exe tool on the Domain Controller. AD Extension 07

After having successfully installed .NET Framework 3.5, and re-running the DPMADSchemaExtension.exe tool, when it completes you should encounter this message. Press OK.

AD Extension 08

Log back into your DPM server, and open the Options window. On the End-User Recovery tab, you will notice that the ‘Configure Active Directory’ button is now disabled, and the ‘Enable End-User Recovery’ checkbox is available. Ensure that this checkbox is selected, and press OK.

AD Extension 09

You will encounter the following information message, press OK.

AD Extension 10