Special instructions must be followed to install ZCB on a Read-Only Domain Controller (RODC). These instructions are largely centered around the amandabackup user.
The amandabackup user is an integral part of ZCB functionality. Please see What is the amandabackup user? for more details.
Step 1: Create the amandabackup user
By definition, users cannot be added to Active Directory on a Read-Only Domain Controller. The amandabackup user must be created on another machine on the domain. ZCB cannot be installed on a RODC until amandabackup is created as a domain user.
There are two options available to create the amandabackup user in Active Directory prior to installation on a Read-Only Domain Controller.
Option 1: Create amandabackup automatically by installing ZCB on another domain machine.
The amandabackup user can be created automatically. Simply install ZCB on another machine on the same domain as the RODC. If no amandabackup user exists, the installer will attempt to create it.
You must choose to create amandabackup as a Domain user during this step. Creating a local amandabackup user is not sufficient.
The machine used for this purpose must not be a Read-Only Domain Controller.
Option 2: Create amandabackup manually in Active Directory
The amandabackup user can be created manually by following these steps.
- Open Active Directory Users and Computers and connect to a writable Domain Controller.
- Create a new user named amandabackup
- Grant the following roles to the new amandabackup user.
- Domain Users
- Backup Operators
It is only necessary to create the domain amandabackup user once on any given domain. Once created, any subsequent ZCB installation on any machine, including Read-Only Domain Controllers, will detect the domain amandabackup user and prompt for the password.
Thus, if ZCB needs to be installed on multiple Read-Only Domain Controllers in a single domain, Step 1 only needs to be performed once. All subsequent RODC installs can begin with step #2.
Step 2: Verify that the domain amandabackup user was replicated to the Read-Only Domain Controller
In most cases, users added to Active Directory will automatically appear on other Domain Controllers, including Read-Only Domain Controllers, via scheduled replication processes.
Replication can be triggered manually between Domain Controllers using the Active Directory Site and Services tool.
Step 3: Install ZCB on the Read-Only Domain Controller
Once amandabackup is available on the RODC, install ZCB.
During installation, the domain amandabackup user created in step 1 will be detected. The installer will prompt you for the user password.
Enter the user password. Installation will proceed.
Step 4: Configure your backups
Once ZCB is installed, configure your backups!
All backup types are available on a RODC, just like any other Windows machine.