Professional Documents
Culture Documents
Troubleshooting, and
Disaster Recovery
Lesson 11
Skills Matrix
Technology Skill
Objective Domain
Objective #
Backing Up Active
Directory
5.1
Maintaining Active
Directory
Perform offline
maintenance
5.2
5.3
Fragmentation
Like any database, modifications and changes
to the Active Directory database can affect
database performance and data integrity.
As modifications are made to the database,
fragmentation can occur.
Fragmentation refers to the condition of a disk
when data from the database is divided into
pieces scattered across the disk.
As the database becomes more fragmented,
searches for database information slow down
and performance deteriorates.
The potential exists for database corruption.
Defragmentation
Defragmentation is the process of taking
fragmented database pieces and rearranging
them contiguously to make the entire database
more efficient.
Depending on the method used, the size of the
database can be reduced, making room for
additional objects.
Active Directory has two defragmentation
methods:
online defragmentation.
offline defragmentation.
Online Defragmentation
Online defragmentation is an automatic
process that occurs during the garbage
collection process.
The garbage collection process runs by
default every 12 hours on all domain
controllers in the forest.
When the garbage collection process
begins, it removes all tombstones from the
database.
Online Defragmentation
A tombstone is what is left of an object that has
been deleted.
Deleted objects are not completely removed from
the Active Directory database; rather, they are
marked for deletion.
Tombstone objects have a lifetime of 180 days, by
default.
When the lifetime expires, the objects are
permanently deleted during the garbage collection
process.
Additional free space is reclaimed during the
garbage collection process through the deletion of
tombstone objects and unnecessary log files.
Online Defragmentation
The advantage of an online
defragmentation is that it occurs
automatically and does not require the
server to be offline to run. An online
defragmentation does not reduce the
actual size of the Active Directory
database.
Offline Defragmentation
Offline defragmentation is a manual process that
defragments the Active Directory database in
addition to reducing its size.
Performing an offline defragmentation is not
considered to be a regular maintenance task.
You should only perform an offline
defragmentation if you need to recover a
significant amount of disk space.
As its name suggests, offline defragmentation
requires that the server be taken offline so that
the Active Directory database is closed and not
in use.
An offline defragmentation cannot run while the
AD DS service is running.
Offline Defragmentation
Performed while the server is booted to
Directory Services Restore Mode using
the ntdsutil command.
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS)
metadirectory.
System files that are under Windows Resource
Protection.
Event Logs
Windows Server 2008 uses the Windows Event
Viewer to record system events, such as
security, application, and directory service
events.
Directory Services logs:
Events related to Active Directory are recorded in
the Directory Service log.
The Directory Service log is created when Active
Directory is installed.
It logs informational events such as service start
and stop messages, errors, and warnings.
This log should be the first place you look when
you suspect a problem with Active Directory.
Event Logs
Summary
Active Directory has two defragmentation
methods: online defragmentation and
offline defragmentation.
Online defragmentation is an automatic
process triggered by the garbage collection
process.
Offline defragmentation is a manual
process that requires the server to be
restarted in Directory Services Restore
mode.
The Ntdsutil command-line utility is used to
perform the offline defragmentation.
Summary
The Active Directory database can be moved to
a new location if you decide that there is a need
to relocate it due to space limitations.
This is accomplished with the Ntdsutil commandline utility.
Summary
In the event of a domain controller failure,
two restore options are available in
Windows Server 2008: authoritative and
nonauthoritative.
An authoritative restore uses the Ntdsutil
command-line utility and allows you to
mark records that supersede any existing
records during replication.
Summary
The nonauthoritative restore method
restores the Active Directory database to
its state before the backup.
After a normal restore, replication of more
recent object information from other
domain controllers is used to update the
database to match all other domain
controllers.
Summary
Active Directory cannot be restored from a
backup that is older than the default
tombstone lifetime of 180 days.
Domain controllers keep track of deleted
objects only for the duration of the
tombstone lifetime.
Summary
When monitoring the health of Active
Directory, you can examine the Directory
Service log to obtain information.
The Directory Service log is created when
Active Directory is installed.
By default, it logs informational events,
such as service start and stop messages,
errors, and warnings.
Additional diagnostic logging can be
achieved by modifying the registry.
Summary
The Reliability and Performance Monitor in
Windows Server 2008 allows you to collect
real-time information on your local
computer or from a specific computer to
which you have permissions.
This information can be viewed in a
number of different formats that include
charts, graphs, and histograms.
Summary
The Reliability and Performance Monitor
uses performance objects, or categories,
and performance counters to organize
performance information.
Performance counters are the specific
processes to monitor.
Many counters are available.