My understanding it that the best practice is to run Veeam B&R on a stand alone server, not domain joined. It should have rdp disabled. Veeam console should be installed on another server. Our B&R server is domain joined. I haven’t found any documentation on doing this type of migration. The processes run under the local system account. The credentials for things like vmware and storage arrays are stored in Veeam. What am I missing that would blow up when doing this migration? I would like to move it to a new server, not just remove the current one from the domain. Our repository servers are windows and domain joined as well. Should they be removed from the domain? Seems like yes and that might be biggest issue. Any insights appreciated.
Migrate from AD joined B&R server to stand alone
Best answer by wesmrt
We also have this KB with possible impacts of removing VBR from domain that can helps: https://www.veeam.com/kb4469
+21Just run a configuration backup and then restore that to the new VBR server you build. It will restore everything related to your Veeam environment including passwords, etc. This is the best way to move things.
You can remove other servers yes. We have domain joined Veeam but it is on its own domain separated from PROD with a one-way trust only as per best practices.
+5Further to what Chris said, here is a great page going over this exact question, and describing the one-way trust that he mentioned:
https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html
+4We also have this KB with possible impacts of removing VBR from domain that can helps: https://www.veeam.com/kb4469
+5We also have this KB with possible impacts of removing VBR from domain that can helps: https://www.veeam.com/kb4469
Wow, that’s a great KB that answers exactly what he’s asking regarding potential blow-ups. I’ve seen at least 5 of those happen out in the wild.
+11
Hi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.