Permissions required for the backup add-on in ADManager Plus
While enabling the backup add-on, it is recommended that you provide Domain Admin privileges to the service account used to configure the AD domains in ManageEngine ADManager Plus. However, if your organization’s policy restricts the use of the Domain Admin account, you can assign the service account with the least privileges required for the working of the backup add-on.
Action | Permissions |
Backup AD objects | Read permission, replicating directory changes, and replicating directory changes all permission for Domain, DomainDNSZones, ForestDNSZones, configuration, schema partitions. |
Backing up GPOs | Add the service account to Administrators group. |
To restore deleted GPOs | Add the service account to Group Policy Creator Owners group. |
To restore all AD objects | Write permission. |
Provide the service account with Read permission for Domain, DomainDNSZones, ForestDNSZones, configuration, and schema partitions in Active Directory.
Open ADSI Edit.
Click Action > Connect to.
In the Connection Settings dialog box that appears, provide the distinguished name of the Domain partition and click OK.
Right-click the domain in the left-pane and click on Properties.
In the dialog box that appears, select the service account from the field for Group or user names. In the Permissions section, select the check-box against Replicating Directory Changes, Replicating Directory Changes All, and Read, and click Apply.
Now that the user account has been provided with all permissions relating to domain partition, click Action > Settings in ADSI edit.
Add DomainDNSZones, ForestDNSZones, configuration and schema partitions to ADSI edit and repeat the steps to provide the account with all the required permissions.
With these permissions in place, the user account can be used to configure the domain to ADManager Plus and perform backup operations.
Performing restorations when you add your domain using a service account
The permissions you had given to the service account will only allow the product to take backups of your AD environment.
Backing up GPOs
To back up GPOs, the product has to run PowerShell commands to access the admin share folder and the service account has to be added to the Administrators group.
New to ADSelfService Plus?
Related Articles
How to integrate ADManager Plus with ServiceDesk Plus?
Objective: To integrate ADManager Plus with ServiceDesk Plus Solution: The ADManager Plus-ServiceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ...How to integrate ADManager Plus with ServiceDesk Plus
The ADManager Plus-SeviceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ServiceDesk Plus console, administrators or help desk technicians can perform ...How to integrate ADManager Plus with ActiveCampaign
Overview ActiveCampaign is a dynamic and comprehensive customer experience automation platform, offering organizations the tools to automate marketing, sales, and customer engagement processes, ensuring tailored interactions and efficient ...How to integrate ADManager Plus with ServiceDesk Plus On-Premises
OverviewServiceDesk Plus is an ITSM software solution developed by ManageEngine. It is designed to help organizations effectively manage and streamline their IT support and service desk operations. ServiceDesk Plus offers a range of features ...Microsoft365 License Management using ADManager Plus
Microsoft 365 License Management using ADManager Plus The M365 licenses can be managed by the following methods, Using the License Management section under Microsoft 365 tab. Managing licenses using user creation/modification templates. Using the ...