- Related Products
- ADManager Plus
- ADSelfService Plus
- EventLog Analyzer
- Exchange Reporter Plus
- AD360
- Log360
Total object count | Disk space for one year* | RAM (for AD Backup and Recovery add-on alone) | System RAM recommended |
---|---|---|---|
0 to 100,000 | 100 GB | 3 GB | 8 GB |
200,000 | 200 GB | 4 GB | 8 GB |
500,000 | 350 GB | 6 GB | 16 GB |
1,000,000 | 500 GB | 8 GB | 16 GB |
*This is calculated for one full backup every month and one incremental back up everyday.
Port Number | Protocol | Purpose |
---|---|---|
9270 | HTTP | To connect to the Elasticsearch database |
9370 | TCP | Used for communication between nodes in a cluster |
ADAudit Plus' AD Backup and Recovery module can instantly start backing up AD objects upon providing domain admin credentials. However, if your organization’s policy restricts the use of the Domain Admin account, you can assign the service account with the least privileges required for utilizing the add-on.
The table below lists the permissions that should be assigned to the service account configured in ADAudit Plus:
Action | Permissions |
---|---|
To back up AD objects | Read permission, replicating directory changes, and replicating directory changes all permission for Domain, DomainDNSZones, ForestDNSZones, configuration, and schema partitions. |
To back up GPOs | Add the service account to the Administrators group. |
To restore deleted GPOs | Add the service account to the Group Policy Creator Owners group. |
To restore all AD objects | Write permission. |
To provide the service account with Read permission for Domain, DomainDNSZones, ForestDNSZones, configuration, and schema partitions in AD:
With these permissions in place, the user account can be used to configure the domain in ADAudit Plus and perform backup operations.
The permissions that you have just assigned to the service account will only allow the product to take backups of your AD environment. When you need to perform any restoration, the product will verify which account was used to configure the domain.
Once you provide the credentials, the product will use the credentials to perform the restoration. After the restoration is complete, the product will not store the credentials.
To back up GPOs, the product has to run PowerShell commands to access the admin share folder and the service account has to be added to the Administrators group.
If you want the account to be able to restore deleted GPOs as well, the service account must also be added to Group Policy Creator Owners group.