Changes made to AD DS for end-user recovery

 

Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager

When you enable end-user recovery System Center 2012 – Data Protection Manager (DPM) performs a number of actions in AD DS:

  • Extends the schema

  • Creates a container (MS-ShareMapConfiguration)

  • Grants the System Center 2012 – Data Protection Manager (DPM) server permissions to change the contents of the container

  • Adds mappings between source shares and shares on the replicas

If DPM administrators are also schema and domain administrators in AD DS, end-user recovery can be enabled in a couple of clicks. For DPM administrators who aren’t schema and domain administrators, the DPMADSchemaExtension tool runs to configure AD DS.

This topic describes the classes and attributes that are added when end-user recovery is enabled by either an AD DS schema and domain administrator, or when the DPMADSchemaExtension tool runs.

Classes added by DPM describes the classes that are added to Active Directory when you enable end-user recovery on DPM.

Attributes added by DPM describes the attributes that are added to Active Directory when you enable end-user recovery on DPM.

Classes added by DPM

DPM adds one class, ms-SrvShareMapping, to the Active Directory directory service when you enable end-user recovery. This class contains the mapping from the protected computer (and share) to the DPM server (and share).

Warning

It is recommended that you do not modify this class.

The following table provides a detailed description of the ms-SrvShareMapping class:

Attribute Value
objectClass Top
objectClass classSchema
instanceType 4
possSuperiors Container
possSuperiors organizationalUnit
subClassOf Top
governsID 1.2.840.113556.1.6.33.1.22
mustContain ms-backupSrvShare
mustContain ms-productionSrvShare
rDNAttID Cn
showInAdvancedViewOnly TRUE
adminDisplayName ms-SrvShareMapping
lDAPDisplayName ms-SrvShareMapping
adminDescription Maps servers with shared resources.
objectClassCategory 1

Attributes added by DPM

DPM adds two attributes to Active Directory when you enable end-user recovery. The following table lists the added attributes:

Attribute Description
ms-BackupSrv-Share Attribute Provides the DPM share name and DPM computer name in a string.
ms-ProductionSrv-Share Attribute Provides the protected computer share name and protected computer computer name in a string.

ms-BackupSrv-Share Attribute

The following table provides a detailed description of the ms-BackupSrv-Share attribute:

Attribute Value
objectClass Top
objectClass attributeSchema
attributeID 1.2.840.113556.1.6.33.2.23
attributeSyntax 2.5.5.12
rangeUpper 260
isSingleValued TRUE
showInAdvancedViewOnly TRUE
adminDisplayName ms-BackupSrv-Share
adminDescription Identifies a server with shared resources.
oMSyntax 64
IDAPDisplayName ms-backupSrvShare
objectCategory CN=Attribute-Schema,<SchemaContainerDN>

ms-ProductionSrv-Share Attribute

The following table provides a detailed description of the ms-ProductionSrv-Share attribute:

Attribute Value
objectClass Top
objectClass attributeSchema
attributeID 1.2.840.113556.1.6.33.2.24
attributeSyntax 2.5.5.12
rangeUpper 260
isSingleValued TRUE
showInAdvancedViewOnly TRUE
adminDisplayName ms-ProductionSrv-Share
adminDescription Identifies a computer with shared resources.
oMSyntax 64
IDAPDisplayName ms-productionSrvShare
objectCategory CN=Attribute-Schema,<SchemaContainerDN>