8/10/2019 70-640_Lesson11_PPT_041009.ppt
1/38
Active Directory Maintenance,
Troubleshooting, and
Disaster RecoveryLesson 11
8/10/2019 70-640_Lesson11_PPT_041009.ppt
2/38
Skills Matrix
Technology Skill Objective Domain Objective #
Backing Up ActiveDirectory
Configure backup andrecovery
5.1
Maintaining ActiveDirectory
Perform offlinemaintenance
5.2
Using the Reliability andPerformance Monitor
Monitor Active Directory 5.3
8/10/2019 70-640_Lesson11_PPT_041009.ppt
3/38
Maintaining Active Directory
After successfully implementing aMicrosoft Windows Server 2008
environment, it is important to develop
maintenance procedures to keep it runningsmoothly.
A solid monitoring and maintenance plan
can prevent potential problems.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
4/38
Maintaining Active Directory
Active Directory is a database based onthe Extensib le Storage Eng ine (ESE)format.
Responsible for managing changes to theActive Directory database.
Changes are referred to as transactions.
Active Directory writes the transaction to
the Transaction log file (edb.log).
Active Directory updates the edb.chkcheckpo int f i le (A reference for database
information written to disk).
8/10/2019 70-640_Lesson11_PPT_041009.ppt
5/38
Fragmentation
Like any database, modifications and changesto the Active Directory database can affectdatabase performance and data integrity.
As modifications are made to the database,
fragmentation can occur. Fragmentat ion refers to the condition of a disk
when data from the database is divided intopieces scattered across the disk.
As the database becomes more fragmented,searches for database information slow downand performance deteriorates.
The potential exists for database corruption.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
6/38
Defragmentation
Defragmentat ion is the process of takingfragmented database pieces and rearranging
them contiguously to make the entire database
more efficient.
Depending on the method used, the size of the
database can be reduced, making room for
additional objects.
Active Directory has two defragmentationmethods:
online defragmentation.
offline defragmentation.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
7/38
Online Defragmentation
Online defragmentation is an automaticprocess that occurs during the garbagecol lect ion process. The garbage collection process runs by
default every 12 hours on all domaincontrollers in the forest.
When the garbage collection processbegins, it removes all tombstones from the
database.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
8/38
Online Defragmentation
A tombstone is what is left of an object that hasbeen deleted.
Deleted objects are not completely removed fromthe Active Directory database; rather, they are
marked for deletion. Tombstone objects have a lifetime of 180 days, by
default.
When the lifetime expires, the objects are
permanently deleted during the garbage collectionprocess.
Additional free space is reclaimed during thegarbage collection process through the deletion oftombstone objects and unnecessary log files.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
9/38
Online Defragmentation
The advantage of an onlinedefragmentation is that it occurs
automatically and does not require the
server to be offline to run. An onlinedefragmentation does not reduce the
actual size of the Active Directory
database.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
10/38
Offline Defragmentation
Offline defragmentation is a manual process thatdefragments the Active Directory database inaddition to reducing its size.
Performing an offline defragmentation is not
considered to be a regular maintenance task. You should only perform an offline
defragmentation if you need to recover asignificant amount of disk space.
As its name suggests, offline defragmentationrequires that the server be taken offline so thatthe Active Directory database is closed and notin use.
An offline defragmentation cannot run while the
AD DS service is running.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
11/38
Offline Defragmentation
Performed while the server is booted toDirectory Services Restore Mode using
the ntdsutil command.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
12/38
Backing Up Active Directory
One of the most essential duties of anadministrator is ensuring that data and
operating system information is backed up
in case of a failure. Procedures that include the frequency of
backups in addition to the type of
information that needs to be backed upshould be planned and implemented in
every organization.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
13/38
Backing Up Active Directory
To back up Active Directory, you must install theWindow s Server Backup feature from the ServerManager console.
If you wish to perform backups from the command
line, you will also need to install WindowsPowerShell, which is a new command-line and task-based scripting technology that is included withWindows Server 2008.
In the present release of Windows Server 2008
PowerShell cannot be installed on Server Core. Windows Server Backup supports the use of CD and
DVD drives as backup destinations, but does notsupport magnetic tapes as backup media.
Additionally, you cannot perform backups to dynamicvolumes.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
14/38
Backing up Active Directory
Windows Server 2008 supports two typesof backup: Manual backup.
Scheduled backup.
Using Server Backup or the Wbadmin.execommand-line tool when a backup isneeded.
Must be a member of the Administratorsgroup or the Backup Operators group tolaunch a manual backup.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
15/38
Backing Up Active Directory
Windows Server 2008 does not back upor recover System State data in the
same way as servers that run Windows
Server 2003. In Windows Server 2008, you must back
up cr i t ical vo lumes rather than only
backing up the System State data.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
16/38
Backing Up Active Directory
Backing up critical volumes involves backing up thefollowing data: The sys tem vo lume, which hosts the boot files, which
consist of bootmgr.exe (the Windows boot loader) and theBoot Con figu rat ion Data (BCD) store, which describes boot
applications and boot application settings and replaces theboot.ini file in previous versions of Windows.
The boot vo lume, which hosts the Windows operatingsystem and the Registry.
The volume that hosts the SYSVOL share.
The volume that hosts the Active Directory database(Ntds.dit).
The volume that hosts the Active Directory database logfiles.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
17/38
Backing Up Active Directory
In Windows Server 2008, the system components that make upSystem State data depend on the roles installed on a particularcomputer and which volumes host the critical files used by theoperating system and its installed roles.
At a minimum, the System State consists of the following data, plusany additional data, depending on the server roles that are installed:
Registry. COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information. Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
18/38
Backing Up Active Directory
At a minimum, the System State consists of thefollowing data, plus any additional data, dependingon the server roles that are installed: Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information. Microsoft Internet Information Services (IIS)
metadirectory.
System files that are under Windows ResourceProtection.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
19/38
Backing Up Active Directory
8/10/2019 70-640_Lesson11_PPT_041009.ppt
20/38
Restoring Active Directory
Windows Server 2008 offers the ability torestore the Active Directory database.
Restoring Active Directory using normal
replication. Restoring Active Directory using wbadmin
and ntdsutil.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
21/38
Restoring ctive Directory using Wbadmin
and Ntdsutil
Windows Server 2008 allows several differentrestoration methods, depending on the goals foryour restore.
You can use wbadmin, which is the command-
line component of the Windows Server Backupsnap-in, to perform a nonauthor i tat ive resto reof Active Directory, which restores a single
Active Directory domain controller to its statebefore the backup.
This method can be used to restore a singledomain controller to a point in time when it wasconsidered to be good. If the domain has otherdomain controllers, the replication process willupdate the domain controller with the most recent
information after the restore is complete.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
22/38
Monitoring Active Directory
Monitoring the Active Directory service isan important part of network
administration.
Monitoring enables you to take a proactiveapproach to network management.
By raising the awareness of possible
network problems before they occur, youhave better control over their impact.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
23/38
Monitoring Active Directory
Monitoring Active Directory can providethe following benefits:
Early alerts to potential problems.
Improved system reliability.
Fewer support calls to the helpdesk.
Improved system performance.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
24/38
Event Logs
Windows Server 2008 uses the Windows EventViewer to record system events, such assecurity, application, and directory serviceevents.
Directory Services logs: Events related to Active Directory are recorded in
the Directory Service log.
The Directory Service log is created when Active
Directory is installed. It logs informational events such as service start
and stop messages, errors, and warnings.
This log should be the first place you look when
you suspect a problem with Active Directory.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
25/38
Event Logs
8/10/2019 70-640_Lesson11_PPT_041009.ppt
26/38
Reliability and Performance Monitor
The Reliab i l i ty and Perfo rmanceMoni tor is a tool located within the
Administrative Tools folder that will collect
real-time information on your localcomputer or from a specific computer to
which you have permissions.
This information can be viewed in anumber of different formats that include
charts, graphs, and histograms.
The reports can be saved or printed for
documentation ur oses.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
27/38
Reliability and Performance Monitor
8/10/2019 70-640_Lesson11_PPT_041009.ppt
28/38
Diagnosing and Troubleshooting Active
Directory
To assist you with obtaining more detailedinformation in the event logs, you can set
the event logs to record diagnostic
information specific to processes related toActive Directory.
To enable, modify the following registry
key:HKEY_LOCAL_MACHINE\SYSTEM\Curre
ntControlSet\Services\NTDS\Diagnostics
8/10/2019 70-640_Lesson11_PPT_041009.ppt
29/38
Active Directory Diagnostic Tools
8/10/2019 70-640_Lesson11_PPT_041009.ppt
30/38
Active Directory Diagnostic Tools
8/10/2019 70-640_Lesson11_PPT_041009.ppt
31/38
Summary
Active Directory has two defragmentationmethods: online defragmentation andoffline defragmentation.
Online defragmentation is an automaticprocess triggered by the garbage collectionprocess.
Offline defragmentation is a manual
process that requires the server to berestarted in Directory Services Restoremode.
The Ntdsutil command-line utility is used to
perform the offline defragmentation.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
32/38
Summary
The Active Directory database can be moved toa new location if you decide that there is a need
to relocate it due to space limitations.
This is accomplished with the Ntdsutil command-
line utility.
When you back up Active Directory, you must
include the System State data.
The System State data includes operatingsystem-specific information needed for installed
services and operating system components to
function.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
33/38
Summary
In the event of a domain controller failure,two restore options are available in
Windows Server 2008: authoritative and
nonauthoritative. An authoritative restore uses the Ntdsutil
command-line utility and allows you to
mark records that supersede any existingrecords during replication.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
34/38
Summary
The nonauthoritative restore methodrestores the Active Directory database to
its state before the backup.
After a normal restore, replication of morerecent object information from other
domain controllers is used to update the
database to match all other domain
controllers.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
35/38
Summary
Active Directory cannot be restored from abackup that is older than the default
tombstone lifetime of 180 days.
Domain controllers keep track of deletedobjects only for the duration of the
tombstone lifetime.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
36/38
Summary
When monitoring the health of ActiveDirectory, you can examine the DirectoryService log to obtain information.
The Directory Service log is created whenActive Directory is installed.
By default, it logs informational events,such as service start and stop messages,
errors, and warnings.Additional diagnostic logging can be
achieved by modifying the registry.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
37/38
Summary
The Reliability and Performance Monitor inWindows Server 2008 allows you to collect
real-time information on your local
computer or from a specific computer towhich you have permissions.
This information can be viewed in a
number of different formats that includecharts, graphs, and histograms.
8/10/2019 70-640_Lesson11_PPT_041009.ppt
38/38
Summary
The Reliability and Performance Monitoruses performance objects, or categories,
and performance counters to organize
performance information. Performance counters are the specific
processes to monitor.
Many counters are available.