Plan for self-service and end user recovery
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager
DPM provides two types of end-user recovery: enables users to independently recover previous versions of their files. Users can recover files using shares on file servers or DFS Namespaces.
End-user recovery—This feature allows end users to independently recover data by retrieving file recovery points. Users can recover data through shared folders on the DPM server, through a Distributed File System (DFS) namespace, or by using the Document Recovery task pane in Microsoft Office. Enabling end-user recovery involves enabling the end-user recovery feature on the DPM server and installing the shadow copy client software on the client computers.End-user recovery is supported in the Active Directory Domain Services (AD DS) domains in which the domain controllers are running either Windows Server 2003 or Windows 2000 Server with Service Pack 4 or later, Windows Server 2003, Windows Server 2008, Windows Server 2012, and Windows Server 2012 R2 with schema modifications enabled.
Self-service recovery—This feature allows SQL Server administrators access to data protected by DPM, so that they can restore a SQL Server database from backup to a network folder. You use the DPM Self-Service Recovery Configuration Toll to create and manage roles that specify which users can perform self-service recovery. Then users use the DPM Self-Service Recovery Wizard to recover SQL Server databases.
Your deployment plan should consider the following:
Which data users will be able to recover
AD DS configuration requirements
Note that if you currently have Shadow Copies of Shared Folders enabled on a computer that you protect with DPM, you can disable that feature and regain the disk space that it uses. End-users and administrators will be able to recover files from the recovery points on the DPM server.
Configuring Active Directory Domain Services to support end-user recovery involves four operations:
Extending the schema— The schema is extended only once; however, you must configure the Active Directory schema extension for each DPM server.
Creating a container
Granting the DPM server permissions to change the contents of the container
Adding mappings between source shares and shares on the replicas
When you enable end-user recovery for additional DPM servers in the domain, the process performs steps 3 and 4 for each additional server. DPM will update the share mapping (step 4) after each synchronization, if needed.
DPM administrators who are both schema and domain administrators in the Active Directory Domain Services domain can complete these steps with a single click in DPM Administrator Console. DPM administrators who are not schema and domain administrators can complete these steps by directing a schema and domain administrator to run the DPMADSchemaExtension tool.
The DPMADSchemaExtension tool is stored on the DPM server in the folder Microsoft DPM\DPM\End User Recovery. A user who is both a schema and domain administrator can run the tool on any computer running Windows Server 2003 that is a member of the domain in which the DPM server is deployed. The administrator must specify the name of the DPM server when running the tool.
If you use the DPMADSchemaExtension tool to enable end-user recovery, you must run it once for each DPM server.
Steps for configuring end-user recovery include configuring the AD DS schema, enabling the end-user recovery feature on the DPM server, and installing the recovery point client software on the client computers. For more information see Configure end-user recovery and recover file data
DPM 2012 includes the DPM Self-Service Recovery Configuration Tool for SQL Server (SSRCT), which is installed on the DPM server and accessed from the Protection task area in DPM Administrator Console. You can use this tool to create, modify, or delete DPM roles, which specify which users can perform self-service recovery of protected SQL Server databases that they own.
You set up self-service recovery by creating a role. You can then manage these roles as required. When you create a role you specify the following settings:
Security groups: One or more security groups that contain the users for whom you want to enable self-service recovery of SQL Server databases.
Recovery items: Instances of SQL Server and SQL Server databases that are currently protected by DPM for which you want to enable self-service recovery by users.
Recovery targets: Instances of SQL Server that users can use as targeted locations to recover databases during self-service recovery.
For details on creating a role Recover SQL Server databases using self-service recovery