Configure Active Directory
In reference to this TechNet article, by configuring Active Directory Domain Services to support end-user recovery.
Start by launching the DPM console, and click on Management.
In the toolbar at the top of the screen, click on Options.
On the Options dialog, on the ‘End-User Recovery’ tab, click on the ‘Configure Active Directory’ button.
On the Configure Active Directory dialog, supply credentials with permissions to update Active Directory. Then press OK.
You will encounter the following message, click Yes.
You will also encounter this other message, press OK.
NOTE: You may encounter the following error message. Press OK.
We have to perform a workaround to accomplish this.
Extend Active Directory Schema
Since there is an issue with using the Configure Active Directory option, we have to perform a workaround.
The reason is the way the security of Windows 2008 is configured.
The workaround is to use the DPMADSchemaExtension tool, located in C:\Program Files\Microsoft System Center 2012\DPM\DPM\End User Recovery\. In order to run this tool logon to a domain controller map to the directory above and run DPMADSchemaExtension.exe.
Log onto a domain controller, and copy the DPMADSchemaExtension.exe tool from the DPM server to the domain controller. Right-click on the EXE and choose ‘Run as Administrator’.
On the following prompt, click Yes.
Enter Data Protection Manager Computer Name, note this is not the FQDN name of the server, but just the server name. Then press OK.
Enter Data Protection Manager Server domain name, note this will be the FQDN domain name so if your domain is yourdomain.local enter yourdomain.local. Then press OK.
Enter Protected Computer Domain Name. This field can be left blank if the DPM server is in the same domain as the Domain Controller that owns the Schema master role.
On this information dialog, press OK.
You may encounter the following prompt, especially if you are attempting this on Windows Server 2012. You will have to close this dialog, install .NET Framework 3.5 and then re-run the DPMADSchemaExtension.exe tool on the Domain Controller.
After having successfully installed .NET Framework 3.5, and re-running the DPMADSchemaExtension.exe tool, when it completes you should encounter this message. Press OK.
Log back into your DPM server, and open the Options window. On the End-User Recovery tab, you will notice that the ‘Configure Active Directory’ button is now disabled, and the ‘Enable End-User Recovery’ checkbox is available. Ensure that this checkbox is selected, and press OK.
You will encounter the following information message, press OK.