Module 10: Maintaining Active Directory
Overview
Introduction to Maintaining Active Directory
Moving and Defragmenting the Active Directory Database
Backing Up Active Directory
Restoring Active Directory
Planning for Monitoring Active Directory
Lesson: Introduction to Maintaining Active Directory
Multimedia: The Active Directory Data Modification Process
The Active Directory Database and Log Files
Multimedia: The Active Directory Data Modification Process
Write RequestWrite Request
Transaction is initiated
Write to the transaction
buffer
Write to the database on
disk
Ntds.dit on DiskNtds.dit on Disk
EDB.logEDB.log
Write to the transaction
log file
Commit the transaction
Update the checkpoint
Edb.chkEdb.chk
The Active Directory Database and Log Files
File Description
Ntds.dit Is the Active Directory database fileStores all Active Directory objects on the domain controller Use the default location systemroot\NTDS folder
Edb*.log Is a transaction log file Uses the default transaction log file Edb.log
Edb.chk Is a checkpoint fileTracks data not yet written to Active Directory database file
Res1.log Res2.log Are the reserved transaction log files
Lesson: Moving and Defragmenting an Active Directory Database
How to Move the Active Directory Database and Log Files
How to Defragment the Active Directory Database
How to Move the Active Directory Database and Log Files
Your instructor will demonstrate how to move the Active Directory database and log file by using the Ntdsutil command-line tool in Directory Services Restore Mode
Your instructor will demonstrate how to move the Active Directory database and log file by using the Ntdsutil command-line tool in Directory Services Restore Mode
How to Defragment an Active Directory Database
Your instructor will demonstrate how to defragment the Active Directory database by using the Directory Services Restore Mode
Your instructor will demonstrate how to defragment the Active Directory database by using the Directory Services Restore Mode
Practice: Moving and Defragmenting the Active Directory Database
In this practice, you will:
Move the database to another location and then perform an offline defragmentation
Perform a database integrity check
Perform a semantic database analysis on the defragmented database
Lesson: Backing Up Active Directory
Components of the System State Data
How to Back Up Active Directory
Components of the System State Data
You can back up the system state data:You can back up the system state data:
Separately
During a regular backup procedure
While the domain controller is online
Separately
During a regular backup procedure
While the domain controller is online
System State DataSystem State Data
SYSVOL shared folderSYSVOL shared folder
RegistryRegistry
System startup filesSystem startup files
COM+ class registration databaseCOM+ class registration database
Certificate services databaseCertificate services database
Active DirectoryActive Directory
How to Back Up Active Directory
Your instructor will demonstrate how to back up Active Directory by using the Backup utilityYour instructor will demonstrate how to back up Active Directory by using the Backup utility
Practice: Backing Up Active Directory
In this practice, you will create a test organizational unit that you will delete after a backup of the computer’s system state data
Lesson: Restoring Active Directory
Multimedia: Active Directory Restore Methods
How to Perform a Primary Restore
How to Perform a Normal Restore
How to Perform an Authoritative Restore
Multimedia: Active Directory Restore Methods
Domain Controller Domain Controller
Back up of thesystem state data
Back up of thesystem state data
Primary restorePrimary restore
Normal restoreNormal restore
Authoritative restoreAuthoritative restore
How to Perform a Primary Restore
Your instructor will demonstrate how to perform a primary restore by using the Backup utilityYour instructor will demonstrate how to perform a primary restore by using the Backup utility
How to Perform a Normal Restore
Your instructor will demonstrate how to perform a normal restore by using the Backup utilityYour instructor will demonstrate how to perform a normal restore by using the Backup utility
How to Perform an Authoritative Restore
Your instructor will demonstrate how to perform an authoritative restore by using the Ntdsutil command-line tool
Your instructor will demonstrate how to perform an authoritative restore by using the Ntdsutil command-line tool
Practice: Restoring Active Directory
In this practice, you will:
Restore the most recent backup before you delete the test organizational units
Verify that the restore operation was successful by examining the nonauthoritative data
Lesson: Planning for Monitoring Active Directory
Overview of Monitoring Active Directory
Events to Monitor
Performance Counters to Monitor
Guidelines for Monitoring Active Directory
Overview of Monitoring Active Directory
Monitor Active Directory to:Monitor Active Directory to:
Resolve problems in a timely manner
Gain a centralized view of Active Directory
Resolve problems in a timely manner
Gain a centralized view of Active Directory
Determine the level of monitoring by:Determine the level of monitoring by:
Comparing the cost
Examining the time required
Considering the size of an organization
Comparing the cost
Examining the time required
Considering the size of an organization
Events to Monitor
An effective monitoring solution can significantly reduce the number of events by consolidating themAn effective monitoring solution can significantly reduce the number of events by consolidating them
Monitor events for:Monitor events for:
The domain controller on the network
Core Active Directory functionality
SYSVOL replication or the application of Group Policy
Authentication
The domain controller on the network
Core Active Directory functionality
SYSVOL replication or the application of Group Policy
AuthenticationAdministratorAdministrator
Monitor performance counters for:Monitor performance counters for:
Quantity of replicated data
Core Active Directory functions and services
Key security volumes
Core operating system indicators
Quantity of replicated data
Core Active Directory functions and services
Key security volumes
Core operating system indicators
AdministratorAdministrator
Performance Counters to Monitor
Use performance counters to evaluate overall domain controller healthUse performance counters to evaluate overall domain controller health
Guidelines for Monitoring Active Directory
Associate clear actions with warnings or alertsAssociate clear actions with warnings or alerts
Generate alerts only to indicate when a problem requires attentionGenerate alerts only to indicate when a problem requires attention
Monitor critical services that Active Directory relies onMonitor critical services that Active Directory relies on
Determine a reliable baseline for thresholdsDetermine a reliable baseline for thresholds
Minimize resource use when monitoring Active DirectoryMinimize resource use when monitoring Active Directory
Verify free disk space for Active Directory database and log files Verify free disk space for Active Directory database and log files
Lab A: Maintaining Active Directory
Backing Up Active Directory
Restoring Active Directory
Verifying the Results of an Active Directory Restore