Active Directory Maintenance,

Troubleshooting,
and
Lesson
11
Disaster Recovery

Skills Matrix
Technology Skill

Objective Domain

Objective #

Backing Up Active
Directory

Configure backup and

recovery

5.1

Maintaining Active
Directory

Perform offline
maintenance

5.2

Using the Reliability and

Performance Monitor

Monitor Active Directory

5.3

Maintaining Active Directory

After successfully implementing a
Microsoft Windows Server 2008
environment, it is important to
develop maintenance procedures to
keep it running smoothly.
A solid monitoring and maintenance
plan can prevent potential problems.

Maintaining Active Directory

Active Directory is a database based
on the Extensible Storage Engine
(ESE) format.
Responsible for managing changes to
the Active Directory database.
Changes are referred to as transactions.
Active Directory writes the transaction
to the Transaction log file (edb.log).
Active Directory updates the edb.chk
checkpoint file (A reference for
database information written to disk).

Fragmentation
Like any database, modifications and changes
to the Active Directory database can affect
database performance and data integrity.
As modifications are made to the database,
fragmentation can occur.
Fragmentation refers to the condition of a
disk when data from the database is divided
into pieces scattered across the disk.
As the database becomes more fragmented,
searches for database information slow down
and performance deteriorates.
The potential exists for database corruption.

Defragmentation
Defragmentation is the process of taking
fragmented database pieces and
rearranging them contiguously to make the
entire database more efficient.
Depending on the method used, the size of
the database can be reduced, making room
for additional objects.
Active Directory has two defragmentation
methods:
online defragmentation.
offline defragmentation.

Online Defragmentation
Online defragmentation is an
automatic process that occurs during
the garbage collection process.

The garbage collection process runs by

default every 12 hours on all domain
controllers in the forest.
When the garbage collection process
begins, it removes all tombstones from
the database.

Online Defragmentation
A tombstone is what is left of an object that
has been deleted.
Deleted objects are not completely removed
from the Active Directory database; rather, they
are marked for deletion.
Tombstone objects have a lifetime of 180 days,
by default.
When the lifetime expires, the objects are
permanently deleted during the garbage
collection process.
Additional free space is reclaimed during the
garbage collection process through the deletion
of tombstone objects and unnecessary log files.

Online Defragmentation
The advantage of an online
defragmentation is that it occurs
automatically and does not require
the server to be offline to run. An
online defragmentation does not
reduce the actual size of the Active
Directory database.

Offline Defragmentation
Offline defragmentation is a manual process
that defragments the Active Directory
database in addition to reducing its size.
Performing an offline defragmentation is not
considered to be a regular maintenance task.
You should only perform an offline
defragmentation if you need to recover a
significant amount of disk space.
As its name suggests, offline defragmentation
requires that the server be taken offline so
that the Active Directory database is closed
and not in use.
An offline defragmentation cannot run while
the AD DS service is running.

Offline Defragmentation
Performed while the server is booted
to Directory Services Restore Mode
using the ntdsutil command.

Backing Up Active Directory

One of the most essential duties of
an administrator is ensuring that data
and operating system information is
backed up in case of a failure.
Procedures that include the
frequency of backups in addition to
the type of information that needs to
be backed up should be planned and
implemented in every organization.

Backing Up Active Directory

To back up Active Directory, you must install the
Windows Server Backup feature from the Server
Manager console.
If you wish to perform backups from the command
line, you will also need to install Windows
PowerShell, which is a new command-line and taskbased scripting technology that is included with
Windows Server 2008.
In the present release of Windows Server 2008
PowerShell cannot be installed on Server Core.
Windows Server Backup supports the use of CD and
DVD drives as backup destinations, but does not
support magnetic tapes as backup media.
Additionally, you cannot perform backups to dynamic
volumes.

Backing up Active Directory

Windows Server 2008 supports two
types of backup:
Manual backup.
Scheduled backup.

Using Server Backup or the

Wbadmin.exe command-line tool
when a backup is needed.
Must be a member of the
Administrators group or the Backup
Operators group to launch a manual
backup.

Backing Up Active Directory

Windows Server 2008 does not back

up or recover System State data in
the same way as servers that run
Windows Server 2003.
In Windows Server 2008, you must
back up critical volumes rather
than only backing up the System
State data.

Backing Up Active Directory

Backing up critical volumes involves backing up
the following data:
The system volume, which hosts the boot files,
which consist of bootmgr.exe (the Windows boot
loader) and the Boot Configuration Data (BCD)
store, which describes boot applications and boot
application settings and replaces the boot.ini file in
previous versions of Windows.
The boot volume, which hosts the Windows
operating system and the Registry.
The volume that hosts the SYSVOL share.
The volume that hosts the Active Directory
database (Ntds.dit).
The volume that hosts the Active Directory
database log files.

Backing Up Active Directory

In Windows Server 2008, the system components that
make up System State data depend on the roles installed
on a particular computer and which volumes host the
critical files used by the operating system and its installed
roles.
At a minimum, the System State consists of the following
data, plus any additional data, depending on the server
roles that are installed:

Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS) metadirectory.
System files that are under Windows Resource Protection.

Backing Up Active Directory

At a minimum, the System State consists of the
following data, plus any additional data,
depending on the server roles that are installed:

Registry.
COM Class Registration database.
Boot files described earlier in this topic.
Active Directory Certificate Services database.
Active Directory Domain Services database.
SYSVOL directory.
Cluster service information.
Microsoft Internet Information Services (IIS)
metadirectory.
System files that are under Windows Resource
Protection.

Backing Up Active Directory

Restoring Active Directory

Windows Server 2008 offers the
ability to restore the Active Directory
database.
Restoring Active Directory using
normal replication.
Restoring Active Directory using
wbadmin and ntdsutil.

Restoring Active Directory using

Wbadmin and Ntdsutil
Windows Server 2008 allows several different
restoration methods, depending on the goals
for your restore.
You can use wbadmin, which is the commandline component of the Windows Server Backup
snap-in, to perform a nonauthoritative
restore of Active Directory, which restores a
single Active Directory domain controller to its
state before the backup.
This method can be used to restore a single
domain controller to a point in time when it was
considered to be good. If the domain has other
domain controllers, the replication process will
update the domain controller with the most
recent information after the restore is complete.

Monitoring Active Directory

Monitoring the Active Directory service
is an important part of network
administration.
Monitoring enables you to take a
proactive approach to network
management.
By raising the awareness of possible
network problems before they occur,
you have better control over their
impact.

Monitoring Active Directory

Monitoring Active Directory can
provide the following benefits:
Early alerts to potential problems.
Improved system reliability.
Fewer support calls to the helpdesk.
Improved system performance.

Event Logs
Windows Server 2008 uses the Windows Event
Viewer to record system events, such as
security, application, and directory service
events.
Directory Services logs:
Events related to Active Directory are recorded
in the Directory Service log.
The Directory Service log is created when
Active Directory is installed.
It logs informational events such as service
start and stop messages, errors, and warnings.
This log should be the first place you look when
you suspect a problem with Active Directory.

Event Logs

Reliability and Performance Monitor

The Reliability and Performance
Monitor is a tool located within the
Administrative Tools folder that will collect
real-time information on your local
computer or from a specific computer to
which you have permissions.
This information can be viewed in a
number of different formats that include
charts, graphs, and histograms.
The reports can be saved or printed for
documentation purposes.

Reliability and Performance Monitor

Diagnosing and Troubleshooting Active

Directory
To assist you with obtaining more
detailed information in the event logs,
you can set the event logs to record
diagnostic information specific to
processes related to Active Directory.
To enable, modify the following registry
key:
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Services\NTDS\Diagnostics

Active Directory Diagnostic Tools

Active Directory Diagnostic Tools

Summary
Active Directory has two defragmentation
methods: online defragmentation and
offline defragmentation.
Online defragmentation is an automatic
process triggered by the garbage
collection process.
Offline defragmentation is a manual
process that requires the server to be
restarted in Directory Services Restore
mode.
The Ntdsutil command-line utility is used to
perform the offline defragmentation.

Summary
The Active Directory database can be moved
to a new location if you decide that there is a
need to relocate it due to space limitations.
This is accomplished with the Ntdsutil
command-line utility.

When you back up Active Directory, you

must include the System State data.
The System State data includes operating
system-specific information needed for
installed services and operating system
components to function.

Summary
In the event of a domain controller
failure, two restore options are
available in Windows Server 2008:
authoritative and nonauthoritative.
An authoritative restore uses the
Ntdsutil command-line utility and
allows you to mark records that
supersede any existing records
during replication.

Summary
The nonauthoritative restore method
restores the Active Directory
database to its state before the
backup.
After a normal restore, replication of
more recent object information from
other domain controllers is used to
update the database to match all
other domain controllers.

Summary
Active Directory cannot be restored
from a backup that is older than the
default tombstone lifetime of 180
days.
Domain controllers keep track of
deleted objects only for the duration
of the tombstone lifetime.

Summary
When monitoring the health of Active
Directory, you can examine the
Directory Service log to obtain
information.
The Directory Service log is created
when Active Directory is installed.
By default, it logs informational
events, such as service start and stop
messages, errors, and warnings.
Additional diagnostic logging can be
achieved by modifying the registry.

Summary
The Reliability and Performance
Monitor in Windows Server 2008
allows you to collect real-time
information on your local computer
or from a specific computer to which
you have permissions.
This information can be viewed in a
number of different formats that
include charts, graphs, and
histograms.

Summary
The Reliability and Performance
Monitor uses performance objects, or
categories, and performance
counters to organize performance
information.
Performance counters are the specific
processes to monitor.
Many counters are available.