Professional Documents
Culture Documents
Troubleshooting,
and
Lesson
11
Disaster Recovery
Skills Matrix
Technology Skill
Objective Domain
Objective #
Backing Up Active
Directory
5.1
Maintaining Active
Directory
Perform offline
maintenance
5.2
5.3
Fragmentation
Like any database, modifications and changes
to the Active Directory database can affect
database performance and data integrity.
As modifications are made to the database,
fragmentation can occur.
Fragmentation refers to the condition of a
disk when data from the database is divided
into pieces scattered across the disk.
As the database becomes more fragmented,
searches for database information slow down
and performance deteriorates.
The potential exists for database corruption.
Defragmentation
Defragmentation is the process of taking
fragmented database pieces and
rearranging them contiguously to make the
entire database more efficient.
Depending on the method used, the size of
the database can be reduced, making room
for additional objects.
Active Directory has two defragmentation
methods:
online defragmentation.
offline defragmentation.
Online Defragmentation
Online defragmentation is an
automatic process that occurs during
the garbage collection process.
Online Defragmentation
A tombstone is what is left of an object that
has been deleted.
Deleted objects are not completely removed
from the Active Directory database; rather, they
are marked for deletion.
Tombstone objects have a lifetime of 180 days,
by default.
When the lifetime expires, the objects are
permanently deleted during the garbage
collection process.
Additional free space is reclaimed during the
garbage collection process through the deletion
of tombstone objects and unnecessary log files.
Online Defragmentation
The advantage of an online
defragmentation is that it occurs
automatically and does not require
the server to be offline to run. An
online defragmentation does not
reduce the actual size of the Active
Directory database.
Offline Defragmentation
Offline defragmentation is a manual process
that defragments the Active Directory
database in addition to reducing its size.
Performing an offline defragmentation is not
considered to be a regular maintenance task.
You should only perform an offline
defragmentation if you need to recover a
significant amount of disk space.
As its name suggests, offline defragmentation
requires that the server be taken offline so
that the Active Directory database is closed
and not in use.
An offline defragmentation cannot run while
the AD DS service is running.
Offline Defragmentation
Performed while the server is booted
to Directory Services Restore Mode
using the ntdsutil command.
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.
Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS)
metadirectory.
System files that are under Windows Resource
Protection.
Event Logs
Windows Server 2008 uses the Windows Event
Viewer to record system events, such as
security, application, and directory service
events.
Directory Services logs:
Events related to Active Directory are recorded
in the Directory Service log.
The Directory Service log is created when
Active Directory is installed.
It logs informational events such as service
start and stop messages, errors, and warnings.
This log should be the first place you look when
you suspect a problem with Active Directory.
Event Logs
Summary
Active Directory has two defragmentation
methods: online defragmentation and
offline defragmentation.
Online defragmentation is an automatic
process triggered by the garbage
collection process.
Offline defragmentation is a manual
process that requires the server to be
restarted in Directory Services Restore
mode.
The Ntdsutil command-line utility is used to
perform the offline defragmentation.
Summary
The Active Directory database can be moved
to a new location if you decide that there is a
need to relocate it due to space limitations.
This is accomplished with the Ntdsutil
command-line utility.
Summary
In the event of a domain controller
failure, two restore options are
available in Windows Server 2008:
authoritative and nonauthoritative.
An authoritative restore uses the
Ntdsutil command-line utility and
allows you to mark records that
supersede any existing records
during replication.
Summary
The nonauthoritative restore method
restores the Active Directory
database to its state before the
backup.
After a normal restore, replication of
more recent object information from
other domain controllers is used to
update the database to match all
other domain controllers.
Summary
Active Directory cannot be restored
from a backup that is older than the
default tombstone lifetime of 180
days.
Domain controllers keep track of
deleted objects only for the duration
of the tombstone lifetime.
Summary
When monitoring the health of Active
Directory, you can examine the
Directory Service log to obtain
information.
The Directory Service log is created
when Active Directory is installed.
By default, it logs informational
events, such as service start and stop
messages, errors, and warnings.
Additional diagnostic logging can be
achieved by modifying the registry.
Summary
The Reliability and Performance
Monitor in Windows Server 2008
allows you to collect real-time
information on your local computer
or from a specific computer to which
you have permissions.
This information can be viewed in a
number of different formats that
include charts, graphs, and
histograms.
Summary
The Reliability and Performance
Monitor uses performance objects, or
categories, and performance
counters to organize performance
information.
Performance counters are the specific
processes to monitor.
Many counters are available.