Active Directory Maintenance,

Troubleshooting, and
Disaster Recovery
Lesson 11

Skills Matrix
Technology Skill

Objective Domain

Objective #

Backing Up Active
Directory

Configure backup and

recovery

5.1

Maintaining Active
Directory

Perform offline
maintenance

5.2

Using the Reliability and

Performance Monitor

Monitor Active Directory

5.3

Maintaining Active Directory

After successfully implementing a
Microsoft Windows Server 2008
environment, it is important to develop
maintenance procedures to keep it running
smoothly.
A solid monitoring and maintenance plan
can prevent potential problems.

Maintaining Active Directory

Active Directory is a database based on
the Extensible Storage Engine (ESE)
format.
Responsible for managing changes to the
Active Directory database.
Changes are referred to as transactions.
Active Directory writes the transaction to
the Transaction log file (edb.log).
Active Directory updates the edb.chk
checkpoint file (A reference for database
information written to disk).

Fragmentation
Like any database, modifications and changes
to the Active Directory database can affect
database performance and data integrity.
As modifications are made to the database,
fragmentation can occur.
Fragmentation refers to the condition of a disk
when data from the database is divided into
pieces scattered across the disk.
As the database becomes more fragmented,
searches for database information slow down
and performance deteriorates.
The potential exists for database corruption.

Defragmentation
Defragmentation is the process of taking
fragmented database pieces and rearranging
them contiguously to make the entire database
more efficient.
Depending on the method used, the size of the
database can be reduced, making room for
additional objects.
Active Directory has two defragmentation
methods:
online defragmentation.
offline defragmentation.

Online Defragmentation
Online defragmentation is an automatic
process that occurs during the garbage
collection process.
The garbage collection process runs by
default every 12 hours on all domain
controllers in the forest.
When the garbage collection process
begins, it removes all tombstones from the
database.

Online Defragmentation
A tombstone is what is left of an object that has
been deleted.
Deleted objects are not completely removed from
the Active Directory database; rather, they are
marked for deletion.
Tombstone objects have a lifetime of 180 days, by
default.
When the lifetime expires, the objects are
permanently deleted during the garbage collection
process.
Additional free space is reclaimed during the
garbage collection process through the deletion of
tombstone objects and unnecessary log files.

Online Defragmentation
The advantage of an online
defragmentation is that it occurs
automatically and does not require the
server to be offline to run. An online
defragmentation does not reduce the
actual size of the Active Directory
database.

Offline Defragmentation
Offline defragmentation is a manual process that
defragments the Active Directory database in
addition to reducing its size.
Performing an offline defragmentation is not
considered to be a regular maintenance task.
You should only perform an offline
defragmentation if you need to recover a
significant amount of disk space.
As its name suggests, offline defragmentation
requires that the server be taken offline so that
the Active Directory database is closed and not
in use.
An offline defragmentation cannot run while the
AD DS service is running.

Offline Defragmentation
Performed while the server is booted to
Directory Services Restore Mode using
the ntdsutil command.

Backing Up Active Directory

One of the most essential duties of an
administrator is ensuring that data and
operating system information is backed up
in case of a failure.
Procedures that include the frequency of
backups in addition to the type of
information that needs to be backed up
should be planned and implemented in
every organization.

Backing Up Active Directory

To back up Active Directory, you must install the
Windows Server Backup feature from the Server
Manager console.
If you wish to perform backups from the command
line, you will also need to install Windows
PowerShell, which is a new command-line and taskbased scripting technology that is included with
Windows Server 2008.
In the present release of Windows Server 2008
PowerShell cannot be installed on Server Core.
Windows Server Backup supports the use of CD and
DVD drives as backup destinations, but does not
support magnetic tapes as backup media.
Additionally, you cannot perform backups to dynamic
volumes.

Backing up Active Directory

Windows Server 2008 supports two types
of backup:
Manual backup.
Scheduled backup.

Using Server Backup or the Wbadmin.exe

command-line tool when a backup is
needed.
Must be a member of the Administrators
group or the Backup Operators group to
launch a manual backup.

Backing Up Active Directory

Windows Server 2008 does not back up

or recover System State data in the
same way as servers that run Windows
Server 2003.
In Windows Server 2008, you must back
up critical volumes rather than only
backing up the System State data.

Backing Up Active Directory

Backing up critical volumes involves backing up the
following data:
The system volume, which hosts the boot files, which
consist of bootmgr.exe (the Windows boot loader) and the
Boot Configuration Data (BCD) store, which describes boot
applications and boot application settings and replaces the
boot.ini file in previous versions of Windows.
The boot volume, which hosts the Windows operating
system and the Registry.
The volume that hosts the SYSVOL share.
The volume that hosts the Active Directory database
(Ntds.dit).
The volume that hosts the Active Directory database log
files.

Backing Up Active Directory

In Windows Server 2008, the system components that make up
System State data depend on the roles installed on a particular
computer and which volumes host the critical files used by the
operating system and its installed roles.
At a minimum, the System State consists of the following data, plus
any additional data, depending on the server roles that are installed:

Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.

Backing Up Active Directory

At a minimum, the System State consists of the
following data, plus any additional data, depending
on the server roles that are installed:

Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS)
metadirectory.
System files that are under Windows Resource
Protection.

Backing Up Active Directory

Restoring Active Directory

Windows Server 2008 offers the ability to
restore the Active Directory database.
Restoring Active Directory using normal
replication.
Restoring Active Directory using wbadmin
and ntdsutil.

Restoring Active Directory using Wbadmin

and Ntdsutil
Windows Server 2008 allows several different
restoration methods, depending on the goals for
your restore.
You can use wbadmin, which is the commandline component of the Windows Server Backup
snap-in, to perform a nonauthoritative restore
of Active Directory, which restores a single
Active Directory domain controller to its state
before the backup.
This method can be used to restore a single
domain controller to a point in time when it was
considered to be good. If the domain has other
domain controllers, the replication process will
update the domain controller with the most recent
information after the restore is complete.

Monitoring Active Directory

Monitoring the Active Directory service is
an important part of network
administration.
Monitoring enables you to take a proactive
approach to network management.
By raising the awareness of possible
network problems before they occur, you
have better control over their impact.

Monitoring Active Directory

Monitoring Active Directory can provide
the following benefits:
Early alerts to potential problems.
Improved system reliability.
Fewer support calls to the helpdesk.
Improved system performance.

Event Logs
Windows Server 2008 uses the Windows Event
Viewer to record system events, such as
security, application, and directory service
events.
Directory Services logs:
Events related to Active Directory are recorded in
the Directory Service log.
The Directory Service log is created when Active
Directory is installed.
It logs informational events such as service start
and stop messages, errors, and warnings.
This log should be the first place you look when
you suspect a problem with Active Directory.

Event Logs

Reliability and Performance Monitor

The Reliability and Performance
Monitor is a tool located within the
Administrative Tools folder that will collect
real-time information on your local
computer or from a specific computer to
which you have permissions.
This information can be viewed in a
number of different formats that include
charts, graphs, and histograms.
The reports can be saved or printed for
documentation purposes.

Reliability and Performance Monitor

Diagnosing and Troubleshooting Active

Directory
To assist you with obtaining more detailed
information in the event logs, you can set
the event logs to record diagnostic
information specific to processes related to
Active Directory.
To enable, modify the following registry
key:
HKEY_LOCAL_MACHINE\SYSTEM\Curre
ntControlSet\Services\NTDS\Diagnostics

Active Directory Diagnostic Tools

Active Directory Diagnostic Tools

Summary
Active Directory has two defragmentation
methods: online defragmentation and
offline defragmentation.
Online defragmentation is an automatic
process triggered by the garbage collection
process.
Offline defragmentation is a manual
process that requires the server to be
restarted in Directory Services Restore
mode.
The Ntdsutil command-line utility is used to
perform the offline defragmentation.

Summary
The Active Directory database can be moved to
a new location if you decide that there is a need
to relocate it due to space limitations.
This is accomplished with the Ntdsutil commandline utility.

When you back up Active Directory, you must

include the System State data.
The System State data includes operating
system-specific information needed for installed
services and operating system components to
function.

Summary
In the event of a domain controller failure,
two restore options are available in
Windows Server 2008: authoritative and
nonauthoritative.
An authoritative restore uses the Ntdsutil
command-line utility and allows you to
mark records that supersede any existing
records during replication.

Summary
The nonauthoritative restore method
restores the Active Directory database to
its state before the backup.
After a normal restore, replication of more
recent object information from other
domain controllers is used to update the
database to match all other domain
controllers.

Summary
Active Directory cannot be restored from a
backup that is older than the default
tombstone lifetime of 180 days.
Domain controllers keep track of deleted
objects only for the duration of the
tombstone lifetime.

Summary
When monitoring the health of Active
Directory, you can examine the Directory
Service log to obtain information.
The Directory Service log is created when
Active Directory is installed.
By default, it logs informational events,
such as service start and stop messages,
errors, and warnings.
Additional diagnostic logging can be
achieved by modifying the registry.

Summary
The Reliability and Performance Monitor in
Windows Server 2008 allows you to collect
real-time information on your local
computer or from a specific computer to
which you have permissions.
This information can be viewed in a
number of different formats that include
charts, graphs, and histograms.

Summary
The Reliability and Performance Monitor
uses performance objects, or categories,
and performance counters to organize
performance information.
Performance counters are the specific
processes to monitor.
Many counters are available.