Join Domain or Not

[igetyaall]

Hello Veeam Community,


at the moment our Veeam Server is Member of our Domain and does the Backup of hour VMware Infrastructure + some remote Sites with phyiscal Machines.
We had a Massvive Issuse with a Domain Controller, one of the Admins did change some GPO with dcom securtity Setting -> Result of that was complete loss of Acces Rights on ALL Domain Servers including local Admin Account, bvecause the Veeam Server was in the Domain too... he did get the same Problems as all the other Servers. So there were no chance to use veeam to restore the misconfigured DC.....


Now there are disccusions about to remove the Backupserver from Domain so this can never happen again.

At some Points i do agree BUT, If the Backupserver is not part of the Domain anymore, i cant restore Single Files / AD Objects and many more.....(in My opinion)
I will still be able to restore VMs but most of the time Users want File Levvel Restore or Some AD Objects.


Maybe Sombody can share his experience or some thouhgts Thanks!

[Pat490]

sure you can still restore everything, you just have to enter credentials manually during restore process.
Our server is not part of AD becuase of security reasons.

[Gostev]

Yes, in general it is the best practice to ensure that your data protection solution is not dependent on any production system that it is supposed to restore. This helps to avoid catch 22 situation of, for example, being unable to perform the restore of Active Directory domain controller VM because your Active Directory is down, making you unable to logon to the Veeam console.

[cgrebing]

At most costumers we separate the Backup Server (VM) from the Repository Server for security reasons. so we can logon to the Backup Server with Domain credentials but no Domain user (or any "tool" running in the user context) can logon to the repository to Change the backup data.