1 / 21

CN1276 Server

CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 11: Active Directory Maintenance, Troubleshooting, and Disaster Recovery Quiz Exercise. Maintaining Active Directory.

dwight
Download Presentation

CN1276 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 11: Active Directory Maintenance, Troubleshooting, and Disaster Recovery • Quiz • Exercise

  3. Maintaining Active Directory • Active Directory is a database based on the Extensible Storage Engine (ESE) format • Changes made to AD database are referred to as transactions • Active Directory writes the transaction to the Transaction log file (edb.log) • Active Directory updates the edb.chk checkpoint file

  4. Fragmentation • What is Fragmentation? • Fragmentation can occur when modifications are made to the database • As the database becomes more fragmented, searches for database information slow down and performance deteriorates. • The potential exists for database corruption

  5. Defragmentation • The process of taking fragmented database pieces and rearranging them contiguously to make the entire database more efficient • Active Directory has two defragmentation methods: • online defragmentation • offline defragmentation

  6. Online Defragmentation • Online defragmentation is an automatic process that occurs during the garbage collection process (GC) • By default, it runs every 12 hours on all domain controllers in the forest. • It removes all tombstones from the database • Marked for deletion • Tombstone objects have a lifetime of 180 days, by default • Additional free space is reclaimed during the GC process through the deletion of tombstone objects and unnecessary log files

  7. Online Defragmentation • The advantage of an online defragmentation is • It occurs automatically • Does not require the server to be offline to run • An online defragmentation does not reduce the actual size of the Active Directory database.

  8. Offline Defragmentation • A manual process that defragments the Active Directory database in addition to reducing its size • An offline defragmentation cannot run while the AD DS service is running • You have to stop Restartable AD Domain Services • OR restart and boot into Directory Service Restore Mode (DSRM) • Using the ntdsutil command

  9. Offline Defragmentation (Cont.) • Pre-Offline Defragmentation tasks: • Back up the volume containing the AD database • Create a temporary folder to store the compacted database • Verify that you have free space 1.15 time the size of the current database

  10. Backing Up AD • To back up Active Directory, you must install • Windows Server Backup feature from the Server Manager console. • PowerShell, if you want to do via command line • Windows Server Backup supports • the use of CD and DVD drives as backup destinations • Does not support magnetic tapes as backup media or dynamic volumes

  11. Backing Up AD (Cont.) • Windows Server 2008 supports two types of backup: • Manual backup • Scheduled backup • Will reformat the target drive • Using Server Backup or the Wbadmin.exe • Must be a member of the Administrators group or the Backup Operators group

  12. Backing Up AD (Cont.) • In Windows Server 2008, Critical volumes will be back up rather than System State data • Critical volumes are: • The system volume, which hosts the boot files, which consist of bootmgr.exe and the Boot Configuration Data store • The boot volume, which hosts the Windows OS and the Registry • The volume that hosts the SYSVOL share, AD database, and database log files

  13. Backing Up AD (Cont.) • System State consists of the following data, plus any additional data, depending on the server roles that are installed: • Registry • Active Directory Domain Services database • SYSVOL directory • System files that are under Windows Resource Protection • See the rest on Page 226

  14. Restoring Active Directory • Windows Server 2008 offers the ability to restore the Active Directory database. • Restoring Active Directory using normal replication. • Restoring Active Directory using wbadmin and ntdsutil.

  15. Restoring AD using Wbadmin and Ntdsutil • Use wbadmin to perform a nonauthoritative restore of Active Directory • This method can be used to restore a single domain controller • If the domain has other domain controllers, the replication process will update the domain controller with the most recent information after the restore is complete

  16. Restoring AD using Wbadmin and Ntdsutil (Cont.) • Use ntdsutil to perform a authoritative restore of Active Directory • When you need to correct the mistake such as delete wrong OU • Perform a normal restore then increment the VersionID of the objects by an extremely high number (default value is by 100,000) • You need to know the distinguished name of the object • The process will create a back-links files you to use LDIFDE to restore the group membership • See Figure 11-11 on Page 234

  17. Monitoring Active Directory • Monitoring Active Directory can provide the following benefits: • Early alerts to potential problems • Improved system reliability • Fewer support calls to the helpdesk • Improved system performance

  18. Event Logs • Directory Services logs: • Events related to Active Directory are recorded in the Directory Service log • The Directory Service log is created when Active Directory is installed • It logs informational events such as service start and stop messages, errors, and warnings • This log should be the first place you look when you suspect a problem with Active Directory

  19. Reliability and Performance Monitor • The Reliability and Performance Monitor is a tool located within the Administrative Tools folder • This information can be viewed in a number of different formats that include charts, graphs, and histograms • The reports can be saved or printed for documentation purposes • See Table 11-1 on Page 236 - 237

  20. Diagnosing and Troubleshooting Active Directory • You can set the event logs to record diagnostic information specific to processes related to AD for more detailed information • To enable, modify the following registry key: • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics • Value are range from 0 (Only critical events) to 5 (logs all events) • Make sure to adjust the log file size to accommodate the logged information • See Figure 11-15 on Page 239

  21. Assignment • Matching • 1-10 • Multiple Choice • 1-10 • Online Lab 11

More Related