Install DPM on a domain controller
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
Follow the procedures in this topic to install System Center 2012 – Data Protection Manager (DPM) on a read-only domain controller (RODC). Note that when DPM is installed on a domain controller only data sources located on the DPM server can be protected. You can’t install agents on other computers to configure protection.
Configure settings on the primary domain controller—Create security groups and user accounts.
Configure settings on the RODC—After allowing time for the groups created on the primary domain controller to replicate to the RODC install SQL Server and DPM.
Configure settings on the primary domain controller
Create the security groups and user accounts required for DPM
On the primary domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
Create the following security groups under Domain\Builtin. For each group, accept the default settings for Scope: Global and Group type: Security.
DPMDBReaders$<Computer Name>
MSDPMTrustedMachines$<Computer Name>
DPMRADCOMTrustedMachines$<Computer Name>
DPMRADmTrustedMachines$<Computer Name>
DPMDBAdministrators$<Computer Name>
MSDPMTrustedUsers$<Computer Name>
DPMSCOM$<Computer Name>
DPMRATrustedDPMRAs$<Computer Name>
Where <Computer Name> is the computer name of the domain controller on which DPM will be installed.
Add the local machine account for the domain controller (<Computer Name>) to the **MSDPMTrustedMachines$<Computer Name>** group.
On the primary domain controller, create a domain user account with the lowest possible credentials assign it a strong password that does not expire, and then add it to the local Administrators group.
Important
Make a note of this account because you need to use it in a later procedure to configure the SQL Server services during the installation of SQL Server. You can name this user account anything that you want; however, for the purposes of easily identifying the account’s purpose, you might want to give it a significant name, such as DPMSQLSvcsAcct. For the purposes of these procedures, this account is referred as the DPMSQLSvcsAcct account.
On the primary domain controller, create another domain user account with the lowest possible credentials and name the account DPMR$MACHINENAME, assign it a strong password that does not expire, and then add this account to the **DPMDBReaders$<Computer Name>** group.
Create the security groups and user accounts required for SQL Server
On the primary domain controller, create the following security groups for SQL Server 2008. For each group, accept the default values for Scope: Global and Group type: Security.
SQLServerSQL2005BrowserUser$<Computer Name>
SQLServerMSSQLServerADHelperUser$<Computer Name>
SQLServerReportServerUser$<Computer Name>$<Instance ID>.$<Instance Name>
SQLServerMSASUser$<Computer Name>$<Instance Name>
SQLServerDTSUser$<Computer Name>
SQLServerFDHostUser$<Computer Name>$<Instance Name>
Where:
** is the computer name of the domain controller on which SQL Server 2008 will be installed.
** is the name of the instance of SQL Server that you plan to create on the domain controller. The instance name can be any name other than the default DPM instance name (MSDPM2010).
** by default, this is assigned by SQL Server Setup and indicates that the group applies to Reporting Services (MSRS) for the major version of the instance (10) of SQL Server. For this release, this value is MSRS10_50.
On the primary domain controller, add the domain user account that you created earlier, which is referred to as the DPMSQLSvcsAcct account, to the following groups:
**SQLServerReportServerUser$<ComputerName>$MSRS10.<InstanceID>**
**SQLServerMSASUser$<ComputerName>$<InstanceID>**
Configure settings on the RODC
Install SQL Server
You’ll need to install SQL Server before you install DPM. Log on to the domain controller on which you want to install DPM using the domain user account that you created earlier. Let’s refer to this account as DPMSQLSvcsAcct.
For step-by-step instructions for installing SQL Server 2012, see Install SQL Server 2012.
On the Server Configuration — Service Accounts page of the Setup wizard you specify the login accounts for SQL Server services configure the SQL Server Agent, SQL Server Database Engine, and SQL Server Reporting Services services to run under the first domain user account that you created earlier (DPMSQLSvcsAcct).
After SQL Server is installed, open SQL Server Configuration Manager, expand SQL Server Network Configuration, click Protocols, right-click Named Pipes, and then click Enable.
Note
For the change to take effect you’ll need to stop and restart the SQL Server service.
Install DPM
For step-by-step instructions for installing DPM, see Install DPM. In the Setup Wizard, use the settings in the following steps to complete the specified wizard pages.
On the Installation Settings page, in the SQL server settings section, click Use an existing instance of SQL Server 2008.
On the SQL Server Settings page, in the Instance of SQL Server box, type the name of the instance of SQL Server that you installed in procedure 3, as localhost\<Instance Name>, and then type the credentials for the first domain user account that you created in procedure 1. For purposes of these procedures, this account is referred to as the DPMSQLSvcsAcct account.
The user account must be a member of the local Administrators group on the domain controller where the remote instance is installed. After setup is complete, you can remove the user account from the local Administrators group.
On the Security Settings page, enter the same password that you used when you created the DPMR$MACHINENAME user account earlier.
Open SQL Server Management Studio and connect to the instance of SQL Server that DPM is configured to use. Click New Query, copy the text below to the right pane, and then press F5 to run the query.
use DPMDB declare @refresh_jobid uniqueidentifier select @refresh_jobid = ScheduleId from tbl_SCH_ScheduleDefinition where JobDefinitionId in (select JobDefinitionId from tbl_JM_TaskDefinition where TaskDefinitionId in (select distinct TaskDefinitionID from tbl_TE_TaskTrail where VerbID = '53603503-C4C8-4D0E-8F1E-D2F3868E51E3')) and IsDeleted=0 exec msdb.dbo.sp_update_job @job_name =@refresh_jobid, @enabled=0 update tbl_SCH_ScheduleDefinition set IsDeleted=1 where ScheduleId = @refresh_jobid