Active Directory Maintenance,
Troubleshooting, and
Disaster Recovery
Lesson 11
Skills Matrix
Technology Skill
Objective Domain
Objective #
Backing Up Active
Directory
Configure backup and
recovery
5.1
Maintaining Active
Directory
Perform offline
maintenance
5.2
Using the Reliability and
Performance Monitor
Monitor Active Directory
5.3
Maintaining Active Directory
• After successfully implementing a Microsoft
Windows Server 2008 environment, it is
important to develop maintenance
procedures to keep it running smoothly.
• A solid monitoring and maintenance plan
can prevent potential problems.
Maintaining Active Directory
• Active Directory is a database based on the
Extensible Storage Engine (ESE) format.
– Responsible for managing changes to the
Active Directory database.
– Changes are referred to as transactions.
– Active Directory writes the transaction to the
Transaction log file (edb.log).
– Active Directory updates the edb.chk
checkpoint file (A reference for database
information written to disk).
Fragmentation
• Like any database, modifications and changes to
the Active Directory database can affect database
performance and data integrity.
• As modifications are made to the database,
fragmentation can occur.
• Fragmentation refers to the condition of a disk
when data from the database is divided into pieces
scattered across the disk.
• As the database becomes more fragmented,
searches for database information slow down and
performance deteriorates.
– The potential exists for database corruption.
Defragmentation
• Defragmentation is the process of taking
fragmented database pieces and rearranging them
contiguously to make the entire database more
efficient.
• Depending on the method used, the size of the
database can be reduced, making room for
additional objects.
• Active Directory has two defragmentation methods:
– online defragmentation.
– offline defragmentation.
Online Defragmentation
• Online defragmentation is an automatic
process that occurs during the garbage
collection process.
– The garbage collection process runs by default
every 12 hours on all domain controllers in the
forest.
– When the garbage collection process begins, it
removes all tombstones from the database.
Online Defragmentation
• A tombstone is what is left of an object that has
been deleted.
– Deleted objects are not completely removed from the
Active Directory database; rather, they are marked for
deletion.
– Tombstone objects have a lifetime of 180 days, by
default.
– When the lifetime expires, the objects are
permanently deleted during the garbage collection
process.
– Additional free space is reclaimed during the garbage
collection process through the deletion of tombstone
objects and unnecessary log files.
Online Defragmentation
• The advantage of an online defragmentation
is that it occurs automatically and does not
require the server to be offline to run. An
online defragmentation does not reduce the
actual size of the Active Directory database.
Offline Defragmentation
• Offline defragmentation is a manual process that
defragments the Active Directory database in
addition to reducing its size.
• Performing an offline defragmentation is not
considered to be a regular maintenance task.
• You should only perform an offline
defragmentation if you need to recover a
significant amount of disk space.
• As its name suggests, offline defragmentation
requires that the server be taken offline so that the
Active Directory database is closed and not in use.
• An offline defragmentation cannot run while the AD
DS service is running.
Offline Defragmentation
• Performed while the server is booted to
Directory Services Restore Mode using the
ntdsutil command.
Backing Up Active Directory
• One of the most essential duties of an
administrator is ensuring that data and
operating system information is backed up
in case of a failure.
• Procedures that include the frequency of
backups in addition to the type of
information that needs to be backed up
should be planned and implemented in
every organization.
Backing Up Active Directory
• To back up Active Directory, you must install the Windows
Server Backup feature from the Server Manager console.
• If you wish to perform backups from the command line,
you will also need to install Windows PowerShell, which is
a new command-line and task-based scripting technology
that is included with Windows Server 2008.
– In the present release of Windows Server 2008
PowerShell cannot be installed on Server Core.
• Windows Server Backup supports the use of CD and DVD
drives as backup destinations, but does not support
magnetic tapes as backup media.
• Additionally, you cannot perform backups to dynamic
volumes.
Backing up Active Directory
• Windows Server 2008 supports two types of
backup:
– Manual backup.
– Scheduled backup.
• Using Server Backup or the Wbadmin.exe
command-line tool when a backup is
needed.
• Must be a member of the Administrators
group or the Backup Operators group to
launch a manual backup.
Backing Up Active Directory
• Windows Server 2008 does not back up or
recover System State data in the same way
as servers that run Windows Server 2003.
• In Windows Server 2008, you must back up
critical volumes rather than only backing
up the System State data.
Backing Up Active Directory
• Backing up critical volumes involves backing up the
following data:
– The system volume, which hosts the boot files, which consist of
bootmgr.exe (the Windows boot loader) and the Boot
Configuration Data (BCD) store, which describes boot
applications and boot application settings and replaces the
boot.ini file in previous versions of Windows.
– The boot volume, which hosts the Windows operating system
and the Registry.
– The volume that hosts the SYSVOL share.
– The volume that hosts the Active Directory database
(Ntds.dit).
– The volume that hosts the Active Directory database log files.
Backing Up Active Directory
• In Windows Server 2008, the system components that make up System
State data depend on the roles installed on a particular computer and
which volumes host the critical files used by the operating system and
its installed roles.
• At a minimum, the System State consists of the following data, plus any
additional data, depending on the server roles that are installed:
–
–
–
–
–
–
–
–
–
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.
Backing Up Active Directory
• At a minimum, the System State consists of the
following data, plus any additional data, depending on
the server roles that are installed:
–
–
–
–
–
–
–
–
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS)
metadirectory.
– System files that are under Windows Resource
Protection.
Backing Up Active Directory
Restoring Active Directory
• Windows Server 2008 offers the ability to
restore the Active Directory database.
– Restoring Active Directory using normal
replication.
– Restoring Active Directory using wbadmin
and ntdsutil.
Restoring Active Directory using Wbadmin
and Ntdsutil
• Windows Server 2008 allows several different
restoration methods, depending on the goals for
your restore.
• You can use wbadmin, which is the command-line
component of the Windows Server Backup snap-in,
to perform a nonauthoritative restore of Active
Directory, which restores a single Active Directory
domain controller to its state before the backup.
– This method can be used to restore a single domain
controller to a point in time when it was considered
to be good. If the domain has other domain
controllers, the replication process will update the
domain controller with the most recent information
after the restore is complete.
Monitoring Active Directory
• Monitoring the Active Directory service is an
important part of network administration.
• Monitoring enables you to take a proactive
approach to network management.
• By raising the awareness of possible
network problems before they occur, you
have better control over their impact.
Monitoring Active Directory
• Monitoring Active Directory can provide the
following benefits:
– Early alerts to potential problems.
– Improved system reliability.
– Fewer support calls to the helpdesk.
– Improved system performance.
Event Logs
• Windows Server 2008 uses the Windows Event
Viewer to record system events, such as security,
application, and directory service events.
• Directory Services logs:
– Events related to Active Directory are recorded in
the Directory Service log.
– The Directory Service log is created when Active
Directory is installed.
– It logs informational events such as service start
and stop messages, errors, and warnings.
– This log should be the first place you look when you
suspect a problem with Active Directory.
Event Logs
Reliability and Performance Monitor
• The Reliability and Performance Monitor is a
tool located within the Administrative Tools
folder that will collect real-time information
on your local computer or from a specific
computer to which you have permissions.
– This information can be viewed in a number
of different formats that include charts,
graphs, and histograms.
– The reports can be saved or printed for
documentation purposes.
Reliability and Performance Monitor
Diagnosing and Troubleshooting Active
Directory
• To assist you with obtaining more detailed
information in the event logs, you can set
the event logs to record diagnostic
information specific to processes related to
Active Directory.
– To enable, modify the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentCon
trolSet\Services\NTDS\Diagnostics
Active Directory Diagnostic Tools
Active Directory Diagnostic Tools
Summary
• Active Directory has two defragmentation
methods: online defragmentation and offline
defragmentation.
– Online defragmentation is an automatic
process triggered by the garbage collection
process.
– Offline defragmentation is a manual process
that requires the server to be restarted in
Directory Services Restore mode.
•The Ntdsutil command-line utility is used to
perform the offline defragmentation.
Summary
• The Active Directory database can be moved to a
new location if you decide that there is a need to
relocate it due to space limitations.
– This is accomplished with the Ntdsutil commandline utility.
• When you back up Active Directory, you must
include the System State data.
– The System State data includes operating systemspecific information needed for installed services
and operating system components to function.
Summary
• In the event of a domain controller failure,
two restore options are available in Windows
Server 2008: authoritative and
nonauthoritative.
• An authoritative restore uses the Ntdsutil
command-line utility and allows you to mark
records that supersede any existing records
during replication.
Summary
• The nonauthoritative restore method
restores the Active Directory database to its
state before the backup.
– After a normal restore, replication of more
recent object information from other domain
controllers is used to update the database to
match all other domain controllers.
Summary
• Active Directory cannot be restored from a
backup that is older than the default
tombstone lifetime of 180 days.
• Domain controllers keep track of deleted
objects only for the duration of the
tombstone lifetime.
Summary
• When monitoring the health of Active
Directory, you can examine the Directory
Service log to obtain information.
– The Directory Service log is created when
Active Directory is installed.
– By default, it logs informational events, such
as service start and stop messages, errors,
and warnings.
– Additional diagnostic logging can be achieved
by modifying the registry.
Summary
• The Reliability and Performance Monitor in
Windows Server 2008 allows you to collect
real-time information on your local computer
or from a specific computer to which you
have permissions.
– This information can be viewed in a number
of different formats that include charts,
graphs, and histograms.
Summary
• The Reliability and Performance Monitor
uses performance objects, or categories,
and performance counters to organize
performance information.
– Performance counters are the specific
processes to monitor.
– Many counters are available.