We're trying to go to least privileged user access required to do backups, and we've generally just been putting the user in the "Administrators" group of a VM as shown here: http://helpcenter.veeam.com/backup/80/v ... sions.html
But with Active Directory controllers, they obviously don't have their machine specific "administrators" group any more, and when we remove the user from "domain admins", we get this error:
"Failed to prepare guest for hot backup. Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share."
What is the least privileged rights we can use to backup an Active Directory Domain Controller?