Active Directory Maintenance, Troubleshooting, and Disaster Recovery Lesson 11 Skills Matrix Technology Skill Objective Domain Objective # Backing Up Active Directory Configure backup and recovery 5.1 Maintaining Active Directory Perform offline maintenance 5.2 Using the Reliability and Performance Monitor Monitor Active Directory 5.3 Maintaining Active Directory • After successfully implementing a Microsoft Windows Server 2008 environment, it is important to develop maintenance procedures to keep it running smoothly. • A solid monitoring and maintenance plan can prevent potential problems. Maintaining Active Directory • Active Directory is a database based on the Extensible Storage Engine (ESE) format. – Responsible for managing changes to the Active Directory database. – Changes are referred to as transactions. – Active Directory writes the transaction to the Transaction log file (edb.log). – Active Directory updates the edb.chk checkpoint file (A reference for database information written to disk). Fragmentation • Like any database, modifications and changes to the Active Directory database can affect database performance and data integrity. • As modifications are made to the database, fragmentation can occur. • Fragmentation refers to the condition of a disk when data from the database is divided into pieces scattered across the disk. • As the database becomes more fragmented, searches for database information slow down and performance deteriorates. – The potential exists for database corruption. Defragmentation • Defragmentation is the process of taking fragmented database pieces and rearranging them contiguously to make the entire database more efficient. • Depending on the method used, the size of the database can be reduced, making room for additional objects. • Active Directory has two defragmentation methods: – online defragmentation. – offline defragmentation. Online Defragmentation • Online defragmentation is an automatic process that occurs during the garbage collection process. – The garbage collection process runs by default every 12 hours on all domain controllers in the forest. – When the garbage collection process begins, it removes all tombstones from the database. Online Defragmentation • A tombstone is what is left of an object that has been deleted. – Deleted objects are not completely removed from the Active Directory database; rather, they are marked for deletion. – Tombstone objects have a lifetime of 180 days, by default. – When the lifetime expires, the objects are permanently deleted during the garbage collection process. – Additional free space is reclaimed during the garbage collection process through the deletion of tombstone objects and unnecessary log files. Online Defragmentation • The advantage of an online defragmentation is that it occurs automatically and does not require the server to be offline to run. An online defragmentation does not reduce the actual size of the Active Directory database. Offline Defragmentation • Offline defragmentation is a manual process that defragments the Active Directory database in addition to reducing its size. • Performing an offline defragmentation is not considered to be a regular maintenance task. • You should only perform an offline defragmentation if you need to recover a significant amount of disk space. • As its name suggests, offline defragmentation requires that the server be taken offline so that the Active Directory database is closed and not in use. • An offline defragmentation cannot run while the AD DS service is running. Offline Defragmentation • Performed while the server is booted to Directory Services Restore Mode using the ntdsutil command. Backing Up Active Directory • One of the most essential duties of an administrator is ensuring that data and operating system information is backed up in case of a failure. • Procedures that include the frequency of backups in addition to the type of information that needs to be backed up should be planned and implemented in every organization. Backing Up Active Directory • To back up Active Directory, you must install the Windows Server Backup feature from the Server Manager console. • If you wish to perform backups from the command line, you will also need to install Windows PowerShell, which is a new command-line and task-based scripting technology that is included with Windows Server 2008. – In the present release of Windows Server 2008 PowerShell cannot be installed on Server Core. • Windows Server Backup supports the use of CD and DVD drives as backup destinations, but does not support magnetic tapes as backup media. • Additionally, you cannot perform backups to dynamic volumes. Backing up Active Directory • Windows Server 2008 supports two types of backup: – Manual backup. – Scheduled backup. • Using Server Backup or the Wbadmin.exe command-line tool when a backup is needed. • Must be a member of the Administrators group or the Backup Operators group to launch a manual backup. Backing Up Active Directory • Windows Server 2008 does not back up or recover System State data in the same way as servers that run Windows Server 2003. • In Windows Server 2008, you must back up critical volumes rather than only backing up the System State data. Backing Up Active Directory • Backing up critical volumes involves backing up the following data: – The system volume, which hosts the boot files, which consist of bootmgr.exe (the Windows boot loader) and the Boot Configuration Data (BCD) store, which describes boot applications and boot application settings and replaces the boot.ini file in previous versions of Windows. – The boot volume, which hosts the Windows operating system and the Registry. – The volume that hosts the SYSVOL share. – The volume that hosts the Active Directory database (Ntds.dit). – The volume that hosts the Active Directory database log files. Backing Up Active Directory • In Windows Server 2008, the system components that make up System State data depend on the roles installed on a particular computer and which volumes host the critical files used by the operating system and its installed roles. • At a minimum, the System State consists of the following data, plus any additional data, depending on the server roles that are installed: – – – – – – – – – Registry. COM Class Registration database. Boot files described earlier in this topic. Active Directory Certificate Services database. Active Directory Domain Services database. SYSVOL directory. Cluster service information. Microsoft Internet Information Services (IIS) metadirectory. System files that are under Windows Resource Protection. Backing Up Active Directory • At a minimum, the System State consists of the following data, plus any additional data, depending on the server roles that are installed: – – – – – – – – Registry. COM Class Registration database. Boot files described earlier in this topic. Active Directory Certificate Services database. Active Directory Domain Services database. SYSVOL directory. Cluster service information. Microsoft Internet Information Services (IIS) metadirectory. – System files that are under Windows Resource Protection. Backing Up Active Directory Restoring Active Directory • Windows Server 2008 offers the ability to restore the Active Directory database. – Restoring Active Directory using normal replication. – Restoring Active Directory using wbadmin and ntdsutil. Restoring Active Directory using Wbadmin and Ntdsutil • Windows Server 2008 allows several different restoration methods, depending on the goals for your restore. • You can use wbadmin, which is the command-line component of the Windows Server Backup snap-in, to perform a nonauthoritative restore of Active Directory, which restores a single Active Directory domain controller to its state before the backup. – This method can be used to restore a single domain controller to a point in time when it was considered to be good. If the domain has other domain controllers, the replication process will update the domain controller with the most recent information after the restore is complete. Monitoring Active Directory • Monitoring the Active Directory service is an important part of network administration. • Monitoring enables you to take a proactive approach to network management. • By raising the awareness of possible network problems before they occur, you have better control over their impact. Monitoring Active Directory • Monitoring Active Directory can provide the following benefits: – Early alerts to potential problems. – Improved system reliability. – Fewer support calls to the helpdesk. – Improved system performance. Event Logs • Windows Server 2008 uses the Windows Event Viewer to record system events, such as security, application, and directory service events. • Directory Services logs: – Events related to Active Directory are recorded in the Directory Service log. – The Directory Service log is created when Active Directory is installed. – It logs informational events such as service start and stop messages, errors, and warnings. – This log should be the first place you look when you suspect a problem with Active Directory. Event Logs Reliability and Performance Monitor • The Reliability and Performance Monitor is a tool located within the Administrative Tools folder that will collect real-time information on your local computer or from a specific computer to which you have permissions. – This information can be viewed in a number of different formats that include charts, graphs, and histograms. – The reports can be saved or printed for documentation purposes. Reliability and Performance Monitor Diagnosing and Troubleshooting Active Directory • To assist you with obtaining more detailed information in the event logs, you can set the event logs to record diagnostic information specific to processes related to Active Directory. – To enable, modify the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCon trolSet\Services\NTDS\Diagnostics Active Directory Diagnostic Tools Active Directory Diagnostic Tools Summary • Active Directory has two defragmentation methods: online defragmentation and offline defragmentation. – Online defragmentation is an automatic process triggered by the garbage collection process. – Offline defragmentation is a manual process that requires the server to be restarted in Directory Services Restore mode. •The Ntdsutil command-line utility is used to perform the offline defragmentation. Summary • The Active Directory database can be moved to a new location if you decide that there is a need to relocate it due to space limitations. – This is accomplished with the Ntdsutil commandline utility. • When you back up Active Directory, you must include the System State data. – The System State data includes operating systemspecific information needed for installed services and operating system components to function. Summary • In the event of a domain controller failure, two restore options are available in Windows Server 2008: authoritative and nonauthoritative. • An authoritative restore uses the Ntdsutil command-line utility and allows you to mark records that supersede any existing records during replication. Summary • The nonauthoritative restore method restores the Active Directory database to its state before the backup. – After a normal restore, replication of more recent object information from other domain controllers is used to update the database to match all other domain controllers. Summary • Active Directory cannot be restored from a backup that is older than the default tombstone lifetime of 180 days. • Domain controllers keep track of deleted objects only for the duration of the tombstone lifetime. Summary • When monitoring the health of Active Directory, you can examine the Directory Service log to obtain information. – The Directory Service log is created when Active Directory is installed. – By default, it logs informational events, such as service start and stop messages, errors, and warnings. – Additional diagnostic logging can be achieved by modifying the registry. Summary • The Reliability and Performance Monitor in Windows Server 2008 allows you to collect real-time information on your local computer or from a specific computer to which you have permissions. – This information can be viewed in a number of different formats that include charts, graphs, and histograms. Summary • The Reliability and Performance Monitor uses performance objects, or categories, and performance counters to organize performance information. – Performance counters are the specific processes to monitor. – Many counters are available.