Changes made to AD DS for end-user recovery

 

Updated: May 13, 2016

Applies To: System Center 2012 SP1 - Data Protection Manager, System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager

When you enable end-user recovery System Center 2012 – Data Protection Manager (DPM) performs a number of actions in AD DS:

  • Extends the schema

  • Creates a container (MS-ShareMapConfiguration)

  • Grants the System Center 2012 – Data Protection Manager (DPM) server permissions to change the contents of the container

  • Adds mappings between source shares and shares on the replicas

If DPM administrators are also schema and domain administrators in AD DS, end-user recovery can be enabled in a couple of clicks. For DPM administrators who aren’t schema and domain administrators, the DPMADSchemaExtension tool runs to configure AD DS.

This topic describes the classes and attributes that are added when end-user recovery is enabled by either an AD DS schema and domain administrator, or when the DPMADSchemaExtension tool runs.

Classes added by DPM describes the classes that are added to Active Directory when you enable end-user recovery on DPM.

Attributes added by DPM describes the attributes that are added to Active Directory when you enable end-user recovery on DPM.

DPM adds one class, ms-SrvShareMapping, to the Active Directory directory service when you enable end-user recovery. This class contains the mapping from the protected computer (and share) to the DPM server (and share).

System_CAPS_ICON_caution.jpg Caution

It is recommended that you do not modify this class.

The following table provides a detailed description of the ms-SrvShareMapping class:

AttributeValue
objectClassTop
objectClassclassSchema
instanceType4
possSuperiorsContainer
possSuperiorsorganizationalUnit
subClassOfTop
governsID1.2.840.113556.1.6.33.1.22
mustContainms-backupSrvShare
mustContainms-productionSrvShare
rDNAttIDCn
showInAdvancedViewOnlyTRUE
adminDisplayNamems-SrvShareMapping
lDAPDisplayNamems-SrvShareMapping
adminDescriptionMaps servers with shared resources.
objectClassCategory1

DPM adds two attributes to Active Directory when you enable end-user recovery. The following table lists the added attributes:

AttributeDescription
ms-BackupSrv-Share AttributeProvides the DPM share name and DPM computer name in a string.
ms-ProductionSrv-Share AttributeProvides the protected computer share name and protected computer computer name in a string.

ms-BackupSrv-Share Attribute

The following table provides a detailed description of the ms-BackupSrv-Share attribute:

AttributeValue
objectClassTop
objectClassattributeSchema
attributeID1.2.840.113556.1.6.33.2.23
attributeSyntax2.5.5.12
rangeUpper260
isSingleValuedTRUE
showInAdvancedViewOnlyTRUE
adminDisplayNamems-BackupSrv-Share
adminDescriptionIdentifies a server with shared resources.
oMSyntax64
IDAPDisplayNamems-backupSrvShare
objectCategoryCN=Attribute-Schema,<SchemaContainerDN>

ms-ProductionSrv-Share Attribute

The following table provides a detailed description of the ms-ProductionSrv-Share attribute:

AttributeValue
objectClassTop
objectClassattributeSchema
attributeID1.2.840.113556.1.6.33.2.24
attributeSyntax2.5.5.12
rangeUpper260
isSingleValuedTRUE
showInAdvancedViewOnlyTRUE
adminDisplayNamems-ProductionSrv-Share
adminDescriptionIdentifies a computer with shared resources.
oMSyntax64
IDAPDisplayNamems-productionSrvShare
objectCategoryCN=Attribute-Schema,<SchemaContainerDN>
Show: