Universal Policy Administrator Documentation
< All Topics
Print

UPA Disaster Recovery Guide

This guide explains what must be backed up to fully restore your Universal Policy Administrator (UPA) environment in the event of hardware failure, system corruption, or a server rebuild.

What to Back Up

To ensure a complete and reliable recovery, the following components must be backed up regularly:

  1. UPA SQL Database
    This contains all Universal Policies, configuration data, metadata, permissions, audit history, and system state.  Back up the entire SQL database (Full, Differentials, or as required by your backup strategy).
  2. UPA Configuration Directory
    %PROGRAMDATA%\FullArmor\AD Bridge

This directory includes encrypted configuration files, service settings, and locally cached UPA data needed for a consistent restore.

  1. Owner Portal Credentials
    The credentials used during the original UPA installation are required during recovery to validate ownership and complete the installation process.
    These are not stored in the backup and must be retained securely.
Restoring Your UPA Environment

When rebuilding your UPA server or moving to new hardware, follow this process in order:

  1. Recreate the Configuration Directory
    • Manually create the folder:
    • %PROGRAMDATA%\FullArmor\AD Bridge
    • Copy your backed-up contents into this location before installing UPA.
  2. Reinstall UPA
    • Run the UPA installer on the restored or new server.
    • The installer will detect the presence of the configuration directory and continue with recovery mode automatically.
  3. Reconnect to the Existing SQL Database
    • When prompted for database connection information, enter the exact SQL database name that was previously used by UPA.
    • Ensure the SQL instance is reachable and the UPA service account has the correct permissions.
  4. Re-enter Owner Portal Credentials
    • When prompted by the installer, supply the same Owner Portal credentials used during the initial installation.
    • These must match exactly to complete validation and align the restored instance with your existing configuration.
Post-Restore Notes
  • If you have the UP-GPO Sync check time or the Syslog file configured, you will need to update the web.config file again with your settings.
  • If using SSL certificates, ensure the certificate used for the original deployment is still available or re-bind the new certificate in IIS.

In This Article