Install dpm agent untrusted domain

This configure security accounts, permissions, and firewall exceptions for the agent to communicate with the server. If you added the computer to the DPM server before you installed the agent, the server begins to create backups for the protected computer.

If you installed the agent before you added the computer to the DPM server, you must attach the computer before the DPM server begins to create backups. On the primary domain controller, create and then populate the following security groups, where the protected server name is the name of the RODC on which you plan to install the protection agent:.

Ensure that the security groups that you created earlier have replicated on the RODC. Then, manually install the protection agent on the RODC. Click General , and then set the Authentication Level to Default. Click Location , and then ensure that only Run application on this computer is selected.

On the RODC, from an elevated command prompt, run the command setagentcfg. Attach the protection agent to the DPM server, as detailed in the following section.

In the Actions pane, click Install. The Protection Agent Installation Wizard opens. If this is the first time you have used the wizard, DPM queries Active Directory to get a list of potential computers. After the first installation, DPM displays the list of computers in its database, which is updated once each day by the auto-discovery process. To add multiple computers by using a text file, click the Add From File button, and in the Add From File dialog box, type the location of the text file or click Browse to navigate to its location.

This account may belong to the domain that the DPM server is located in or to a trusted domain. If you are installing a protection agent on a computer across a trusted domain, enter your current domain user credentials. You can be a member of any trusted domain, and you must be a member of the local Administrators group on all selected computers that you want to protect.

Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? In this article. However, you can configure this range by using Component Services. Note that for DPM-Agent communication you must open the upper ports To do this, take a look at the example in the next section. On the computer, run SetDpmServer. Example to configure a workgroup computer with conflicting NetBIOS names after the agent is installed.

On the workgroup computer, run SetDpmServer. The revocation servers of the associated Certificate Authorities are online and accessible by both the protected server and DPM server. Configure a certificate on the DPM server. Configure a certificate on the protected computer. You can optionally set up a DPM template for web enrollment. If you do want to do this, select a template that has Client Authentication and Server Authentication as its intended purpose.

For example:. Right-click it and select Duplicate Template. In the General tab, change the template display name to something recognizable. For example DPM Authentication. Make sure the setting Publish certificate in Active Directory is enabled.

In the Request Handling tab, make sure Allow private key to be exported is enabled. After you've created the template make it available for use. Open the Certificate Authority snap-in. Now the template will be available when you obtain a certificate. If you want to optionally configure the template for enrollment or autoenrollment, click the Subject Name tab in the template properties.

When you configure enrollment the template can be selected in the MMC. If you configure autoenrollment the certificate is automatically assigned to all computers in the domain. For enrollment, in the Subject Name tab of the template properties, enable Select Build from this Active Directory information.

Then go to the Security tab and assign the Enroll permission to authenticated users. For autoenrollment, go to the Security tab and assign the Autoenroll permission to authenticated users.

With this setting enabled the certificate will be automatically assigned to all computers in the domain. If you've configured enrollment you'll be able to request a new certificate in the MMC, based on the template.

In Request Certificates you'll see the template. Expand Details and click Properties. Select the General tab and provide a friendly name. Answered by:. Archived Forums. Data Protection Manager - General. Sign in to vote. I'm attempting to setup DPM backup agent on a server in another domain.

Saturday, February 9, AM. Every 30 days, you have to change the password unfortunately on both the target server and the DPM server. It's OK to set the same password as before however. Hope this helps! Friday, February 15, AM. I also tried from wizard with different configurations using attach agent to untrusted domain. Thursday, February 14, AM. Your title shows "untrusted domain" however your text contains "Username: I'm using domainadmin from DomainA as its trusted in the DomainB", which contradicts the title.

Can you confirm, are the domains trusted, or not trusted?