What is a one sentence summary of your feature request?
Support configurable or alternative backup target paths for the Identity Recovery agent to enable bare metal restore and GPO backup file transfers in no-trust, multi-domain environments.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
When Identity Recovery is deployed in no-trust, multi-domain environments, the agent installed on domain controllers requires reachback access to a centralized SMB file share to copy:
-bare metal restore data
-GPO backup files
In isolated environments, domain controllers cannot reach a file share in another domain or forest without relaxing security controls - which defeats the purpose of a no-trust architecture.
A supported solution could allow the agent to write backups to a local target within the same network segment, or provide a relay component that handles the transfer without requiring direct cross-domain SMB access.
How do you currently solve the challenges you have by not having this feature?
Organizations must either relax network segmentation controls, deploy separate independent instances per domain, or accept that bare metal restore capability is unavailable in isolated environments.