This article describes, how to install Acronis Cyber Protect/Acronis Backup products successfully on a Microsoft Windows Read-Only Domain Controller.
Before installing the product on a read-only domain controller (RODC), log on to the primary (writeable) domain controller and perform one or more of the following steps, depending on which components you are installing on the read-only domain controller:
Expand All / Hide All
When installing Acronis Agent:
Add the account for the agent service to the Backup Operators group. We also recommend adding this account to the Administrators group .
Create a group RODC $ Cyber Operators in Active Directory on the main domain controller. Here, RODC stands for the NetBIOS name of the read-only domain controller. Add the account for the agent service to this group.
Configure group SID manually:
Find the SID of the Cyber Operators group using the following command:
Get-ADGroup -Identity '<hostname> $ Cyber Operators' | select SID
where <hostname> is the name of the RODC
Open Windows Registry Editor, and create a new key in HKLM\SOFTWARE\Acronis\Installer\CreatedUserGroups with name 'Cyber Operators ' and value being the SID you found in previous step.
After adding the new key, restart Acronis Service Manager service.
Assign the following user rights to the account:
Log on as a service;
Adjust memory quotas for a process;
Replace a process level token;
Modify firmware environment values;
You will find these steps here: Acronis Backup: Adding Necessary Rights
3. If that does not help and the error is the same you should add a new user and grant him the respective privileges and use that user for installation.
When installing Acronis Storage Node:
Add the account for the storage node service to the Backup Operators group. We also recommend adding this account to the Administrators group .
Assign the Log on as a service user right to the account.
You will find these steps here: Acronis Backup: Adding Necessary Rights
When installing Acronis Management Server:
Create a group RODC $ Acronis Centralized Admins in Active Directory on the main domain controller. Here, RODC stands for the NetBIOS name of the read-only domain controller.
Configure group SID manually:
Find the SID of the Acronis Centralized Admins group using the following command:
Get-ADGroup -Identity '<hostname> $ Acronis Centralized Admins' | select SID
where <hostname> is the name of the RODC
Open Windows Registry Editor, and create a new key in in HKLM\SOFTWARE\Acronis\Installer\CreatedUserGroups with name 'Acronis Centralized Admins ' and value being the SID you found in previous step.
After adding the new key, restart Acronis Service Manager service.
Additional steps for Acronis Cyber Protect 15:
Create a group RODC $ Acronis ApiGateway Users in Active Directory on the main domain controller.
Configure group SID manually:
Find the sid of Acronis Centralized Admins group using the following command:
Get-ADGroup -Identity '<hostname> $ Acronis ApiGateway Users' | select SID
where <hostname> is the name of the RODC
Open Windows Registry Editor, and create a new key in in HKLM\SOFTWARE\Acronis\Installer\CreatedUserGroups with name 'Acronis ApiGateway Users ' and value being the SID you found on previous step.
After adding the new key, restart Acronis Service Manager service.
Add the account for the management server service to the group you have created.
Assign the Log on as a service user right to the account.
When using remote connect to Acronis Agent or Acronis Management Server:
Create a group RODC $ Acronis Remote Users in Active Directory on the main domain controller. Here, RODC stands for the NetBIOS name of the read-only domain controller.
Add to this group the users or groups that you want to allow to connect remotely. For example, add the Administrators group to this group.
See also: