windows 2000 active directory diagnostics troubleshooting and recovery n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery PowerPoint Presentation
Download Presentation
Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery

Loading in 2 Seconds...

play fullscreen
1 / 42

Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery - PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on

Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery. 3 Leaf Solutions LLC. What we will cover:. Verifying Active Directory functionality Diagnosing and troubleshooting replication Locating Active Directory database files Backing up and recovering system state data

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery' - lucky


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what we will cover
What we will cover:
  • Verifying Active Directory functionality
  • Diagnosing and troubleshooting replication
  • Locating Active Directory database files
  • Backing up and recovering system state data
  • Seizing FSMO roles
prerequisite knowledge
Prerequisite Knowledge
  • Experience supporting Microsoft Networks
  • Experience administering Windows 2000 Servers
  • Experience administering Active Directory Domains

Level 200

agenda
Agenda
  • Verify Active Directory Functionality
  • Troubleshoot Replication
  • Active Directory Database Maintenance
  • Backup and Recovery
  • Seizing FSMO Roles
verify active directory functionality turn up active directory logging
Verify Active Directory FunctionalityTurn Up Active Directory Logging
  • A good first step when troubleshooting Active Directory
    • Requires editing the Registry
  • Allows for more verbose event logging
  • Can generate a lot of logged data
    • May need to increase the size of event logs
  • Check Event Viewer
    • Active Directory events are in Directory Service event log
verify active directory functionality dns
Verify Active Directory FunctionalityDNS
  • Critical for Active Directory name resolution
  • Windows 2000 domain controllers must register in DNS
    • Allows Windows 2000 servers and clients to locate domain controllers
  • NSLOOKUP Command-line tool
    • Displays information from DNS servers
    • Can determine if Windows 2000 domain controllers are registered in DNS correctly
verify active directory functionality windows 2000 support tools utilities
Verify Active Directory FunctionalityWindows 2000 Support Tools utilities
  • DCDIAG and NETDOM command-line utilities
  • DCDIAG
    • Analyze state of domain controllers in forest
    • Run several tests and report problems
  • NETDOM
    • Manages and verifies Windows 2000 domains and trust relationships
    • Verifies domain controllers have correct credentials, can replicate with partners, etc.
slide8

Demonstration 1Verify Active Directory FunctionalityTurn up loggingDNS and NSLOOKUPDCDIAG and NETDOM

agenda1
Agenda
  • Verify Active Directory Functionality
  • Troubleshoot Replication
  • Active Directory Database Maintenance
  • Backup and Recovery
  • Seize FSMO Roles
troubleshoot replication directory and file replication
Troubleshoot Replication Directory and File Replication
  • Directory Service Replication
    • Replicates computer and user accounts, and other directory objects
    • Provides enterprise-wide authentication
  • File Replication
    • Uses File Replication Service
    • Replicates logon scripts and policies
troubleshoot replication replication between domain controllers
Troubleshoot Replication Replication Between Domain Controllers

Directory Replication

Directory objects (users, computers, etc.)

File Replication Service

Domain

Controller

Domain

Controller

SYSVOL (logon scripts, policies, etc.)

troubleshoot replication active directory replication monitor
Troubleshoot ReplicationActive Directory Replication Monitor
  • Windows 2000 Support Tools utility
    • Also called REPLMON
  • View low-level status of Active Directory replication
  • View replication topology in graphical format
  • Force replication between domain controllers
    • Even across site boundaries
troubleshoot replication repadmin command line tool
Troubleshoot ReplicationREPADMIN Command-line Tool
  • Windows 2000 Support Tools utility
  • Diagnose replication problems between domain controllers
  • Show replication partners
  • Force replication between domain controllers
  • Discover from where domain objects are replicated
troubleshoot replication file replication service
Troubleshoot ReplicationFile Replication Service
  • FRS replicates the SYSVOL
    • Contains NETLOGON share
      • Stores logon scripts and system policies
    • Contains Group Policies in separate folders
    • Stores replication information in a JET database
  • Replaces Replication Manager found on Windows NT 4.0 servers
troubleshoot replication ntfrsutl command line tool
Troubleshoot ReplicationNTFRSUTL Command-line Tool
  • Examines state of File Replication Service on local or remote computers
  • Verifies that a server is a member and subscriber of the SYSVOL replica set
    • The replica set is the set of files and folders specified to replicate
  • View daily replication schedule
  • Troubleshoot FRS configuration problems
slide16

Demonstration 2Diagnosing and Troubleshooting ReplicationREPLMON toolREPADMIN toolTroubleshoot FRS with NTDSUTL

agenda2
Agenda
  • Verify Active Directory Functionality
  • Troubleshoot Replication
  • Active Directory Database Maintenance
  • Backup and Recovery
  • Seize FSMO Roles
active directory database maintenance ntdsutil command line utility
Active Directory Database MaintenanceNTDSUTIL Command-line Utility
  • Locate Active Directory database files
  • Perform database maintenance
  • Manage FSMO roles
  • Clean domain controller accounts
    • Left when domain controllers are improperly removed
  • May need to boot into Directory Services Restore Mode
slide20

Demonstration 3Active Directory Database MaintenanceView Active Directory Database and Log filesDatabase Maintenance

agenda3
Agenda
  • Verify Active Directory Functionality
  • Troubleshoot Replication
  • Active Directory Database Maintenance
  • Backup and Recovery
  • Seize FSMO Roles
backup and recovery what is the system state
Backup and RecoveryWhat is the system state?
  • Active Directory
  • Boot files
  • COM+ class registration database
    • Installed COM+ applications
  • Registry
  • SYSVOL
    • Group policies and logon scripts
  • Cluster service database information
backup and recovery backing up system state data
Backup and RecoveryBacking up system state data
  • Use Windows 2000 Backup utility
    • Easy to use and schedule backups
    • Can backup system state while the server is on-line an functioning
    • Can backup to a file or a network location
  • May generate large backup files
backup and recovery restoring system state data
Backup and RecoveryRestoring system state data
  • Use Windows 2000 Backup utility
    • Can restore to original or alternate location
    • Can specify whether to overwrite existing files
  • Non-authoritative restores
  • Authoritative restores
    • Recover deleted directory objects
    • Restore objects changed since backup
    • Use NTDSUTIL
backup and recovery authoritative restore

Use NTDSUTIL to mark restored

Active Directory objects as authoritative

Backup and RecoveryAuthoritative restore

Restore System State

from Backup media

Other Domain

Controllers

Authoritative data is replicated

to other domain controllers

Authoritatively restored Active Directory object (user, OU, etc)

Domain

Controller

slide26

Demonstration 4Backup and RecoveryBackup system stateDelete an OU and force replicationPerform an authoritative restore

agenda4
Agenda
  • Verify Active Directory Functionality
  • Troubleshoot Replication
  • Active Directory Database Files
  • Backup and Recovery
  • Seize FSMO Roles
seize fsmo roles what are fsmo roles
Seize FSMO RolesWhat are FSMO roles?
  • Forest and domain-level operations controlled by a single domain controller
  • Roles requiring single masters
    • Schema Master
    • Domain Naming Master
    • Primary Domain Controller (PDC) Emulator
    • Relative ID (RID) Master
    • Infrastructure Master
seize fsmo roles seizing fmso roles
Seize FSMO RolesSeizing FMSO roles
  • Necessary operation when a role-holding domain controller improperly removed
    • Not always possible due to hardware failure, etc.
  • Use NTDSUTIL
    • Allows you to transfer roles when role- holding server is still online
    • Allows you to seize any or all FSMO roles if role-holding server is unavailable
seize fsmo roles seizing the pdc role

Use NTDSUTIL seize PDC role

Seize FSMO RolesSeizing the PDC role

PDC FSMO

Role Holder

PDC FSMO

Role Holder

Other Windows 2000 DC

seizes PDC role

X

Windows 2000

Domain Controller

Windows 2000

Domain Controller

Windows NT 4.0 Domain Controller

synchronizes with PDC role holder

Windows NT 4.0 Domain Controller

now synchronizes with new PDC

role holder

Windows NT 4.0 Domain

Controller no longer in sync

Windows NT 4.0

Domain Controller

session summary
Session Summary
  • Turn up Active Directory Logging to troubleshot Active Directory problems
  • Perform Active Directory Database Maintenance with NTDSUTIL
  • Backup System State on Domain Controllers to backup Active Directory
  • Authoritative Restores can recover deleted directory objects
  • Seize FSMO roles with NTDSUTIL.EXE
for more information
For More Information…
  • Main TechNet Web site at www.microsoft.com/technet
  • This session’s resource page

www.microsoft.com/technet//tnt1-76

ms press inside information for it professionals
MS PressInside information for IT Professionals

To find the latest IT Professional related titles visit

www.microsoft.com/mspress/it/

3rd party publications supplementary publications for it pro s
3rd Party PublicationsSupplementary publications for IT Pro’s

These books can be found and purchased at all good book stores and on-line retailers

training training resources for it professionals
TrainingTraining Resources for IT Professionals
  • Implementing and Administering Microsoft Windows 2000 Directory Services
    • Course Number: 2154
    • Availability: Current
    • Detailed Syllabus: www.microsoft.com/traincert

To locate a training provider, please access

www.microsoft.com/traincert

Microsoft Certified Technical Education Centers

are Microsoft’s premier partners for training services

become a microsoft certified systems administrator mcsa
Become a Microsoft Certified Systems Administrator (MCSA)
  • What is the MCSA certification?
    • For professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows 2000 platforms
  • How do I become an MCSA on Microsoft Windows 2000?
    • Pass 3 core exams
    • Pass 1 elective exam or 2 CompTIA certifications
  • Where do I get more information?
    • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcsa
become a microsoft certified systems engineer mcse
Become A Microsoft Certified Systems Engineer (MCSE)
  • What is the MCSE certification?
    • Premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Microsoft server software.
  • How do I become an MCSE on Microsoft Windows 2000?
    • Pass 4 core exams
    • Pass 1 design exam
    • Pass 2 elective exams from a comprehensive list
  • Where do I get more information?
    • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse
what is technet
What is TechNet?
  • Put the right answers at your fingertips
    • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy and manage Microsoft products successfully

TechNet Subscription

  • Monthly updates delivered on DVD or CD
    • The definitive resource to help you evaluate, deploy and maintain Microsoft products

TechNet Web Site

  • Accessible at www.microsoft.com/technet
    • Online resources and community
    • Subscriber-only Online Services

TechNet Flash

  • Bi-weekly e-newsletter
    • Security updates, new resources, and special offers

TechNet Events

and Web Casts

  • Briefings on the latest Microsoft products and technologies
    • Hands-on, “how to” information

TechNet Communities

  • User Groups
  • Managed Newsgroups
the technet subscription
The TechNet Subscription

TechNet is a monthly subscription service that provides the tools, software, and resources that an IT professional needs to efficiently plan, deploy, manage, and support Microsoft products.

A TechNet Subscription is proven to save you or your company time and money.

If you’re an IT professional working in technical support, network or systems administration, or technology architecture, TechNet was created for you.

“You have everything you need to solve problems in one place”

– Wayne Brown, VP Information Technology, Heald College

where can i get technet
Where Can I Get TechNet?
  • Visit TechNet Online atwww.microsoft.com/technet
  • Register for the TechNet Flash www.microsoft.com/technet/usingtn/register/flash.asp
  • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity
  • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe
  • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents