Hello,
I have an environment where I have a domain controller, a domain joined server with a sql server installed. I want to install veeam backup & replication on another server 2022. Do I need to join the veeam server to the domain?
Best regards
Answer
Install veeam backup & replication
Best answer by MicoolPaul
Hi, you don’t need to, and shouldn’t add it to your production domain :)
Either a separate management domain, or standalone workgroup will be better!
+23Hi, you don’t need to, and shouldn’t add it to your production domain :)
Either a separate management domain, or standalone workgroup will be better!
Michael Paul - Opinions are my own and do not necessarily reflect the opinion of Veeam | https://micoolpaul.com | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.com
+21Hi
Welcome to the Community. No...you don't need to join it to the domain, but it's a bit less complex to set up when it is on the domain. You can view Veeam Best Practices here.
https://bp.veeam.com/vbr/2_Design_Structures/D_Veeam_Components/D_VBR_server/backup_server.html
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+16For me it’s best practice to NOT domain join the backup server.
The domain is an additional attack vector for the backup server. It is no problem to operate the Veeam server as a standalone server and you can use domain accounts to login to system for application-aware backup. But the server cannot be attacked with a compromised domain (admin) account.
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | X: @JoMeix | BlueSky: @jmeixner.bsky.social
+21As others have mentioned and as per Veeam the best practice is no domain but if you follow the design doc Shane posted you can do a separate domain but ensure you follow Security best practices for this. That is the path we are going to be taking here with our setup as the downside to no domain is Access Management to the server using local accounts, etc.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+8I have many that are both but best practices and what I'm going with moving forward is to be standalone (non-domain joined).
Derek M. Loseke, Senior Systems Engineer | Veeam Vanguard 2025 | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
+11Hi
Based on Best practice, and secure deployment, you will have to add the Veeam components to a management domain that resides in a separate Active Directory Forest. You will find this link very useful: https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html
Also, the discussion here: https://forums.veeam.com/veeam-backup-replication-f2/veeam-on-workgroup-or-separate-ad-domain-t49090.html. If you choose the workgroup route, you will find this link very useful as well:
[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
+6It is not recommended to join your Veeam backup Server to your production domain.
Moustafa Hindawi | Blogger | Nutanix Technology Champion | NCSE | NCM-MCI | VMCE | 2xVCAP-DTM & DCV | 2xVCP-NV & CMA | LinkedIn: https://www.linkedin.com/in/moustafaadelmoustafa/ | My Blog: https://cloudwhales.co.uk/author/mhindawi/
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.