1 / 42

Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery

Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery. 3 Leaf Solutions LLC. What we will cover:. Verifying Active Directory functionality Diagnosing and troubleshooting replication Locating Active Directory database files Backing up and recovering system state data

lucky
Download Presentation

Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 2000 Active Directory Diagnostics, Troubleshooting and Recovery 3 Leaf Solutions LLC

  2. What we will cover: • Verifying Active Directory functionality • Diagnosing and troubleshooting replication • Locating Active Directory database files • Backing up and recovering system state data • Seizing FSMO roles

  3. Prerequisite Knowledge • Experience supporting Microsoft Networks • Experience administering Windows 2000 Servers • Experience administering Active Directory Domains Level 200

  4. Agenda • Verify Active Directory Functionality • Troubleshoot Replication • Active Directory Database Maintenance • Backup and Recovery • Seizing FSMO Roles

  5. Verify Active Directory FunctionalityTurn Up Active Directory Logging • A good first step when troubleshooting Active Directory • Requires editing the Registry • Allows for more verbose event logging • Can generate a lot of logged data • May need to increase the size of event logs • Check Event Viewer • Active Directory events are in Directory Service event log

  6. Verify Active Directory FunctionalityDNS • Critical for Active Directory name resolution • Windows 2000 domain controllers must register in DNS • Allows Windows 2000 servers and clients to locate domain controllers • NSLOOKUP Command-line tool • Displays information from DNS servers • Can determine if Windows 2000 domain controllers are registered in DNS correctly

  7. Verify Active Directory FunctionalityWindows 2000 Support Tools utilities • DCDIAG and NETDOM command-line utilities • DCDIAG • Analyze state of domain controllers in forest • Run several tests and report problems • NETDOM • Manages and verifies Windows 2000 domains and trust relationships • Verifies domain controllers have correct credentials, can replicate with partners, etc.

  8. Demonstration 1Verify Active Directory FunctionalityTurn up loggingDNS and NSLOOKUPDCDIAG and NETDOM

  9. Agenda • Verify Active Directory Functionality • Troubleshoot Replication • Active Directory Database Maintenance • Backup and Recovery • Seize FSMO Roles

  10. Troubleshoot Replication Directory and File Replication • Directory Service Replication • Replicates computer and user accounts, and other directory objects • Provides enterprise-wide authentication • File Replication • Uses File Replication Service • Replicates logon scripts and policies

  11. Troubleshoot Replication Replication Between Domain Controllers Directory Replication Directory objects (users, computers, etc.) File Replication Service Domain Controller Domain Controller SYSVOL (logon scripts, policies, etc.)

  12. Troubleshoot ReplicationActive Directory Replication Monitor • Windows 2000 Support Tools utility • Also called REPLMON • View low-level status of Active Directory replication • View replication topology in graphical format • Force replication between domain controllers • Even across site boundaries

  13. Troubleshoot ReplicationREPADMIN Command-line Tool • Windows 2000 Support Tools utility • Diagnose replication problems between domain controllers • Show replication partners • Force replication between domain controllers • Discover from where domain objects are replicated

  14. Troubleshoot ReplicationFile Replication Service • FRS replicates the SYSVOL • Contains NETLOGON share • Stores logon scripts and system policies • Contains Group Policies in separate folders • Stores replication information in a JET database • Replaces Replication Manager found on Windows NT 4.0 servers

  15. Troubleshoot ReplicationNTFRSUTL Command-line Tool • Examines state of File Replication Service on local or remote computers • Verifies that a server is a member and subscriber of the SYSVOL replica set • The replica set is the set of files and folders specified to replicate • View daily replication schedule • Troubleshoot FRS configuration problems

  16. Demonstration 2Diagnosing and Troubleshooting ReplicationREPLMON toolREPADMIN toolTroubleshoot FRS with NTDSUTL

  17. Agenda • Verify Active Directory Functionality • Troubleshoot Replication • Active Directory Database Maintenance • Backup and Recovery • Seize FSMO Roles

  18. Active Directory Database MaintenanceNTDSUTIL Command-line Utility • Locate Active Directory database files • Perform database maintenance • Manage FSMO roles • Clean domain controller accounts • Left when domain controllers are improperly removed • May need to boot into Directory Services Restore Mode

  19. Active Directory Database MaintenanceNTDSUTIL is an interactive tool

  20. Demonstration 3Active Directory Database MaintenanceView Active Directory Database and Log filesDatabase Maintenance

  21. Agenda • Verify Active Directory Functionality • Troubleshoot Replication • Active Directory Database Maintenance • Backup and Recovery • Seize FSMO Roles

  22. Backup and RecoveryWhat is the system state? • Active Directory • Boot files • COM+ class registration database • Installed COM+ applications • Registry • SYSVOL • Group policies and logon scripts • Cluster service database information

  23. Backup and RecoveryBacking up system state data • Use Windows 2000 Backup utility • Easy to use and schedule backups • Can backup system state while the server is on-line an functioning • Can backup to a file or a network location • May generate large backup files

  24. Backup and RecoveryRestoring system state data • Use Windows 2000 Backup utility • Can restore to original or alternate location • Can specify whether to overwrite existing files • Non-authoritative restores • Authoritative restores • Recover deleted directory objects • Restore objects changed since backup • Use NTDSUTIL

  25. Use NTDSUTIL to mark restored Active Directory objects as authoritative Backup and RecoveryAuthoritative restore Restore System State from Backup media Other Domain Controllers Authoritative data is replicated to other domain controllers Authoritatively restored Active Directory object (user, OU, etc) Domain Controller

  26. Demonstration 4Backup and RecoveryBackup system stateDelete an OU and force replicationPerform an authoritative restore

  27. Agenda • Verify Active Directory Functionality • Troubleshoot Replication • Active Directory Database Files • Backup and Recovery • Seize FSMO Roles

  28. Seize FSMO RolesWhat are FSMO roles? • Forest and domain-level operations controlled by a single domain controller • Roles requiring single masters • Schema Master • Domain Naming Master • Primary Domain Controller (PDC) Emulator • Relative ID (RID) Master • Infrastructure Master

  29. Seize FSMO RolesSeizing FMSO roles • Necessary operation when a role-holding domain controller improperly removed • Not always possible due to hardware failure, etc. • Use NTDSUTIL • Allows you to transfer roles when role- holding server is still online • Allows you to seize any or all FSMO roles if role-holding server is unavailable

  30. Use NTDSUTIL seize PDC role Seize FSMO RolesSeizing the PDC role PDC FSMO Role Holder PDC FSMO Role Holder Other Windows 2000 DC seizes PDC role X Windows 2000 Domain Controller Windows 2000 Domain Controller Windows NT 4.0 Domain Controller synchronizes with PDC role holder Windows NT 4.0 Domain Controller now synchronizes with new PDC role holder Windows NT 4.0 Domain Controller no longer in sync Windows NT 4.0 Domain Controller

  31. Demonstration 5Seizing FSMO RolesSeize FSMO roles using NTDSUTL

  32. Session Summary • Turn up Active Directory Logging to troubleshot Active Directory problems • Perform Active Directory Database Maintenance with NTDSUTIL • Backup System State on Domain Controllers to backup Active Directory • Authoritative Restores can recover deleted directory objects • Seize FSMO roles with NTDSUTIL.EXE

  33. For More Information… • Main TechNet Web site at www.microsoft.com/technet • This session’s resource page www.microsoft.com/technet//tnt1-76

  34. MS PressInside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/mspress/it/

  35. 3rd Party PublicationsSupplementary publications for IT Pro’s These books can be found and purchased at all good book stores and on-line retailers

  36. TrainingTraining Resources for IT Professionals • Implementing and Administering Microsoft Windows 2000 Directory Services • Course Number: 2154 • Availability: Current • Detailed Syllabus: www.microsoft.com/traincert To locate a training provider, please access www.microsoft.com/traincert Microsoft Certified Technical Education Centers are Microsoft’s premier partners for training services

  37. Become a Microsoft Certified Systems Administrator (MCSA) • What is the MCSA certification? • For professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows 2000 platforms • How do I become an MCSA on Microsoft Windows 2000? • Pass 3 core exams • Pass 1 elective exam or 2 CompTIA certifications • Where do I get more information? • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcsa

  38. Become A Microsoft Certified Systems Engineer (MCSE) • What is the MCSE certification? • Premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Microsoft server software. • How do I become an MCSE on Microsoft Windows 2000? • Pass 4 core exams • Pass 1 design exam • Pass 2 elective exams from a comprehensive list • Where do I get more information? • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse

  39. What is TechNet? • Put the right answers at your fingertips • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy and manage Microsoft products successfully TechNet Subscription • Monthly updates delivered on DVD or CD • The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Web Site • Accessible at www.microsoft.com/technet • Online resources and community • Subscriber-only Online Services TechNet Flash • Bi-weekly e-newsletter • Security updates, new resources, and special offers TechNet Events and Web Casts • Briefings on the latest Microsoft products and technologies • Hands-on, “how to” information TechNet Communities • User Groups • Managed Newsgroups

  40. The TechNet Subscription TechNet is a monthly subscription service that provides the tools, software, and resources that an IT professional needs to efficiently plan, deploy, manage, and support Microsoft products. A TechNet Subscription is proven to save you or your company time and money. If you’re an IT professional working in technical support, network or systems administration, or technology architecture, TechNet was created for you. “You have everything you need to solve problems in one place” – Wayne Brown, VP Information Technology, Heald College

  41. Where Can I Get TechNet? • Visit TechNet Online atwww.microsoft.com/technet • Register for the TechNet Flash www.microsoft.com/technet/usingtn/register/flash.asp • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents

More Related