Prepare recovery site manually

This article provides general guidance on how to create a recovery site manually. The recovery site consists of virtual machines, storage with backups, Cayosoft Guardian Server and network configuration, and other components that might be required to successfully accomplish the forest recovery process.

Virtual machine requirements

1. Prepare target virtual machines in a network-isolated recovery site for each domain controller you plan to recover.
2. The target machine must have the same OS version as the original domain controller in the source environment.
3. Target machines must have the same disk layout as source DCs.
4. To simplify the configuration of the recovery plan consider using the same login name and password for a local administrator account that will be used to access these machines.
5. To simplify the configuration of the recovery plan consider using the same IP addresses for your domain controllers in the recovery site as in the source environment.
6. Time must be synced on all target machines andCayosoft Guardian server before recovery.
7. As target machines will be rebooted several times during the recovery, the installation of the updates might affect reboot time. It is strongly recommended to install all necessary updates prior to verification or recovery and then isolate target machines from the Internet.

Cayosoft Guardian Server requirements

1. Cayosoft Guardian must be installed and a license with Forest Recovery features support must be added.

Backup Locations

1. Backup locations with backups of Active Directory domain controllers must be added in the Cayosoft Guardian web portal. Learn more in: Forest Recovery: Add backup locations.

Network requirements

1. Cayosoft Guardian Server, virtual machines, and backup locations must be in the same network.
2. It is strongly recommended to isolate this network.
3. Cayosoft Guardian uses WinRM and agents to perform recovery tasks on the target virtual machines and the network must be configured to allow traffic on the specific ports. Learn more about ports that Cayosoft Guardian uses. Learn more in: Required ports for Cayosoft Guardian.

List of checks performed on verification

Cayosoft Guardiann provides an automated verification process that allows checking recovery site configuration, detecting issues, and reporting these issues. It is strongly recommended to run verification for a recovery site in advance as it sufficiently increases the chances of successful recovery. Learn more in: Verify a forest recovery plan.

Below there are some predefined checks performed by Cayosoft Guardian.

Name	Description	Scope
One DC per domain must be recovered using a Recover to clean OS method	For each domain in the forest, at least one DC should be restored with the Recover to clean OS method before other DC can be promoted. An error will be shown in case there are DC(s) to be promoted and there is no DC with the Recover to clean OS method.	Plan	Error
Domains that will not be recovered	To recover a domain in the Active Directory forest, at least one DC should be recovered. In case the plan doesn't contain domain controllers from a specific domain, a warning will be shown. Ignore this warning in case this domain should not be recovered.	Plan	Warning
Only one forest can be recovered with a single recovery plan	An error will be shown in case of backups from multiple forests were selected. Select backups only from a single forest.	Plan	Error
Connection to a target machine could not be established.	An error is shown when a connection to a target machine could not be established.	Domain Controller	Error
An existing domain controller can not be used as a target machine for recovery.	An error is shown in case the target machine belongs to Active Directory Forest.	Domain Controller	Error
OS version on the target machine must be the same as the OS version of the original domain controller where a backup was created.	An error is shown in case the OS version on the target machines is not the same as the OS version of the original domain controller where a backup was created.	Domain Controller	Error
Not enough space to perform the recovery	An error is shown in case there is not enough free space on the target machine.	Domain Controller	Error
A backup is not selected	An error is shown in case backup is not selected.	Domain Controller	Error
A DNS server could not be contacted	An error is shown in case DNS cannot be contacted.	Domain Controller	Error
A backup file cannot be accessed	An error is shown in case an agent can't connect to storage or a backup file is not found.	Domain Controller	Error
A source forest is not isolated from the recovery site.	An error is shown in case an agent can connect to a source forest.	Domain Controller	Error
A Global Catalog role is disabled for a DC to be recovered.	A warning is shown when the Global Catalog setting is disabled. To comply with Microsoft guidance for Infrastructure Master FSMO role placement in multidomain environment enable Global Catalog on all DCs during recovery.	Domain Controller	Error