Service Account Requirement
1. Normal AD backup (This way we will not able to restore individual AD Objects)
* Below Permissions are required to be configured on “Default Domain Controllers Group Policy”. In Windows 2008 R2 Domain Controller you will find this GPO by opening GPMC.MSC -> Domain -> Domain Controllers -> Right click “Default Domain Controllers Policy & Edit * Act as part of the operating system
* Create a token object (which can be used to access any local resources) * Log on as service
* Log on as a batch job (allows a user to be logged on by means of a batch-queue facility)
* Backup files and directories (provides rights to backup files and directories)
* Restore files and directories (provides rights to restore files and directories) * Manage auditing and security log
* Official Reference: http://www.symantec.com/business/support/index?page=content&id=TECH136148
2. Backup Exec 2010 R2 software GRT (Granular Recovery Technology) based backup features. GRT feature enables us to restore single objects, even single attributes of a user object. * Domain Admin privilege
* Official Reference: http://www.symantec.com/business/support/index?page=content&id=TECH130255
3. If you are going to use native domain DC, in which Backup server is member off, You can push/install the BackupExec agent from the console itself.
4. If you are going to use a different domain DC in the same/other forest, in which Backup server is member off, follow below steps to perform the installation. Else you will receive remote registry error.
* Add the service account to the local administrator of Backup Server
* Logon to Backup Server using the same service account & push backup exec agents to the concern domain controller
* After installation make sure you configure the BackupExec client with Backup server’s FQDN & IP Address. Else you will not able to see the server name in backup servers selection list panel.
Create Selection List & Backup Jobs
5. If you are backing a Different Domain DC in the same/other forest.
* Register the “Network Logon” Account at BackupExec Console -> Network Menu -> Logon Accounts
6. Create a selection list & use the above account as logon account for the same
7. Connect the selection list to right backup policy