Extending the schema for end-user recovery

  • Article

Your organization might be large enough that the keys to the Active Directory schema are closely held by select administrators. And as a result, when you want to enable end-user recovery for your DPM servers, you have to ask those administrators to run DPMADSchemaExtension.exe for you.

They come back to you, concerned because the tool requires the name of the DPM server -- and you have several. What's going on?

What we didn't make clear enough in our documentation is that, although the schema need only be extended once, you still must enable each DPM server individually -- whether through the DPM Administrator Console (if you have permissions to extend the schema) or by running DPMADSchemaExtension.exe. Either method authorizes end-user recovery for that DPM server.

So, you run DPMADSchemaExtension.exe and enter the name of the first DPM server. Schema is extended, and that server is authorized. Run it again and enter the name of the second DPM server. The schema has already been extended, so nothing more happens on that aspect, and the second DPM server is now authorized.

To quote from Data Protection Manager 2006 Schema Extensions:

The DPMADSchemaExtension tool performs the following tasks to support end-user recovery:

  • Extends the schema
  • Creates a container (MS-ShareMapConfiguration)
  • Grants the DPM server permissions to change the contents of the container
  • Adds mappings between source shares and shares on the replicas