Wednesday, November 25, 2009

Enable End-User Recover in DPM fails

When you want to enable End-User Recovery on a DPM servers run Windows 2008, you will probably run into an error

To enable End_user recovery you should click on the recovery tab and then under actions  click on “Configure end-user recovery” and click Configure Active Directory"

This will result in an error: “Active Directory could not be configured because the Active Directory domain could not be found. Make sure that the domain name is properly constructed. The following example shows a properly constructed domain name:” 


The reason is the way the security of Windows 2008 is configured

The workaround is to use the DPMADSchemaExtension.exe tool, located in C:\program files\Microsoft DPM\DPM\End User Recovery. In order to run this tool logon to a domain controller map to the directory above and run DPMADSchemaExtension.exe.

  1. Enter Data Protection Manager Computer Name –> Enter here the DPM server name : Note: this is not the FQDN name of the server, but just the server name.
  2. Enter Data Protection Manager Server domain name –> Enter here your domain name. Note: This will be the FQDN domain name so if your domain is yourdomain.local enter yourdomain.local
  3. Enter Protected Computer Domain Name –> This field can be left blank if the DPM server is in the same domain as the Domain Controller that owns the Schema master role.
  4. Click OK on the next to Information screens
  5. On the DPM server open the DPM 2007 Administrative Console, select the recovery tab and then under actions  click on “Configure end-user recovery”  Notice that the configure active directory button is grayed out and that you can place a check mark in the “Enable end-user recovery” check mark button.
  6. You will get a warning telling you that you must wait for a synchronization to take place before the setting change takes effect. Click OK


The information in this post is taken from the source below (Keith Hill). I was only able to find the result in the Google cache therefore I recreated this document.



  1. Very helpful. Thank you!

  2. im sorry, im a little confused on the wording. do i run this on the DPM server or the domain controller?

  3. On the Domain Controller. But you need a mapping to the correct directory on the DPM server

  4. Many thanks, worked like a charm! :)

  5. Thanks! It worked like a charm!

  6. Worked for me too! Thanks!

  7. Thank you for this!

  8. No I got the error at the end "Active Directory could not be configured"

  9. This also worked on DPM 2012 RC. Apparently they still havn't fixed this.

  10. Big thanks from us to Keith Hill and Matthijs Vreeken
    Our path was c:\program files\microsoft system centre 2012\dpm\dpm\end user recovery.

    Note the "dpm\dpm" ...i thought it was only amateurs like us that ended up with duplicate named subfolders. MS have known about this problem for some time, even if they are not able to fix it, what is wrong with a more inuitive message (perhaps checking if the DCs (AD?) are win2008?

  11. Perfect! Worked for me, after few days of investigation.