Backup of enterprise applications (Microsoft stack, IBM Db2, MongoDB, Oracle, PostgreSQL, SAP)
Post Reply
Richie Rogers
Influencer
Posts: 12
Liked: 1 time
Joined: Aug 14, 2023 10:50 am
Full Name: Richard Rogers
Contact:

Permissions Required for Backup and Restore of Active Directory

Post by Richie Rogers »

Hi,
As per the title, I'm looking to setup Active Directory Backup and Restore, but am unsure of the permissions required.
Some documents say a standard AD User Account added into the BUILT-IN\Administrators group on the Domain Controller, others say a full Domain Admin.
I'd rather not add unnecessary permissions (and would likely get queried by security on adding full domain admin rights), so what is actually needed?
Would the preferred account type be a gMSA, MSA or "user" account (I think gMSA)?
Would Domain Admin rights only be needed for a restore, rather then backup and could the credentials of the person running the restore be "passed through" as they would likely be a Domain Admin?

Thanks,
Richie
PetrM
Veeam Software
Posts: 3996
Liked: 686 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Permissions Required for Backup and Restore of Active Directory

Post by PetrM »

Hi Richard,

As stated on this page:
To back up Microsoft Active Directory data, the account must be a member of the built-in Administrators group.
You can also use a gMSA, you may refer to this page to get more details about gMSA usage.

Speaking about potential restore option, please note that Veeam Explorers do not support data recovery using gMSAs. The account used for data recovery must be a member of the Domain Administrators group. You can find more information about the required permissions on this page of the Veeam Explorers user guide.

Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests