Please take a look a the docs bellow 

http://www.symantec.com/docs/TECH184449

http://www.symantec.com/docs/TECH136148

http://www.symantec.com/docs/TECH36718

Thanks for the links - I had already seen them. Although the second link doesn't work.

Unfortunatley they say you need domain admin or admin rights. This is not an option for us in our environment. Surely there must be certain things I can give access short of full domain admin or admin?

What is the error code/message that you're seeing when the backup job fails out?

rather than give the system logon account domain admin rights perhaps you can add an admin/domain admin account as a restricted logon account in BE, give it the necessary rights and use it to back up the d.c. 

http://www.symantec.com/docs/HOWTO73278

When I create the backup job it shows the attached error. One thing to note is teh same account works fine on Backup Exec 2010.

Hi NBS,

Create a new Domain Admin Account and also take care of the permissions listed below for the newly created Domain Admin Account:

Act as part of the operating system  

Backup files and directories

Create a token object

Log on as a batch job Log on as a service 

Manage auditing and security log (BE 2010 R3 and later)

Restore files and directories

Take ownership of files and other objects

Group Memberships or equivalent access:

• Domain Admins or Administrators.
• Backup Operators.

Use the below TECH ARTICLE to change the BE services to use the new Domain Admin Account:

http://www.symantec.com/docs/TECH82969

NOTE: Make sure from services.msc that all the BE Services are changed to use the new Domain Admin Account, if not then manually change it by Right Click-> Properties-> Logon

Also, the Error Recording Service and RAWS Service and SQL (<Instance Name>) Service should be in Local System.

The creation of new Domain Account when the previous Domain Account was successfully working with previous version of BE may sound crazy troubleshooting step, but in many scenarios it works.

          Appreciate every help you get, to help yourself better
                                  & 
      Please mark 'SOLUTION' for the post which resolved your issue.

Thanks for the reply - however a domain admin acccount is not an acceptable account to use to backup. Is there no other level or right or permission that we could granularly assign to our service account?

Unfortunately NBS... i am not aware of any other rights/permissions that can be assigned to the service account to replace the need to grant it domain admin/admin rights.... would it be at all possible to not grant domain rights but local admin rights to the service account

It's a domain controller and therfore does not have local users or groups!

My appoligies that is correct.... but im am not aware any rights that can be granted the service account that would replace the need to grant admin rights.. 

NBS.. Please verify that all other permisions listed on the documents provided earlier are in place. Outside of this i would suggest creating a support case with Symantec so that the issue can be looked at a little more closely.

You need domain admin rights to backup AD.