11-03-2021 03:12 AM - edited 11-03-2021 03:13 AM
Hi all,
The customer refuses to use the domain admin account for the NetBackup Client Service logon for internal security stuff.
Can anyone inform us what are the exact privileges and roles needed of an account that we create and we use it for the NetBackup Client Service logon in place of the domain admin in order to backup a dag exchange and to do granular recovery.
Thank you very much in advance.
11-03-2021 03:29 AM
Hi @Riadh_R17
From the deep pits of my mind I recall these tech notes:
https://www.veritas.com/support/en_US/article.100011017
https://www.veritas.com/support/en_US/article.100027103
Best Regards
Nicolai
11-03-2021 06:53 AM
Hi @Nicolai
Thank you very much for your help.
We will define an account as described in the links and try a backup job.
:)
11-03-2021 01:57 PM - edited 11-03-2021 02:35 PM
First, run the NetBackup Client Service as LocalSystem. That changed in NetBackup 7.6. Everyone stop telling customers to run it as the domain admin.
Second, we have documented the "minimal Exchange user" in the NetBackup for Exchange admin guide since 7.5.
Whether you use the minimal user or a more privileged one, you configure the credentials for this account in the client host properties for every Exchange server in your DAG.
The minimal user has one restriction. You can only use the active database copy option in your policy. This is a limitation in the Microsoft Active Directory API (ADSI). It won't enumerate the passive database copies unless we are running as a member of Organization Management. Domain Admins are members of Organization Management.