I

T
2
2
UNIT 10
2

A
C
T
I
V Active Directory Maintenance
E
and Troubleshooting
D
I
R
E
C
T
O
R
Y DPW
I
T
2 Writing to the Database
2
2

A
• Active Directory Database.
C – Managed by Extensible Storage Engine
T
I (ESE).
V – Changes to the database are made as
E
transactions.
D – Fist from buffer to transaction log file
I
R (default size 10 MB) stored in
E c:\windows\ntds folder
C
T – Second from buffer to database
O
R
– Compares and if same adds to checkpoint
Y file DPW
I
T
2
2
Database Maintenance
2
• Database fragmentation occurs over time.
A – Garbage collection process does automatic
C defrag
T – Every 12 hours by default to remove tombstones
I – Tombstones have a lifetime of 60 days by
V default then they are permanently deleted
E
• Manual defrag
D – Server must be
I offline
R – Then restarted in
E Directory Services
C Restore mode
T – ntdsutil.exe
O command line utility
R is used to compact
or replace DPW
Y
I
T
2
2
SYSTEM STATE DATA
2 • Active Directory database - NTDS.dit located in the
C:\Windows\Ntds folder.
A
C • Sysvol shared folder - Group Policy templates and
T logon scripts.
I
• Registry - domain controller’s computer
V
E configuration, including hardware settings.
• System startup files - boot files and system files
D required to start Windows Server 2003
I
R • Component Object Model (COM+) Class
E Registration database
C • Certificate Services database - Certificate Services if
T
O
installed and configured.
R • Cluster service information – if clustering is being
Y DPW
used
I
T
2
2
System State Backup and Restore
2
• Use NT Backup and select system state to
A backup up the system state data
C
T • Normal restore - restores state before the
I backup
V
E • Primary restore - required when all Active
Directory information is lost
D
I • Authoritative restore - Ntdsutil command line
R utility used with the normal restore to allow
E
C certain database information to be marked
T as authoritative, or most current, so that the
O
R
replication process will not overwrite this
Y data DPW
I
T
2
2
Monitoring Active Directory
2

A
C
T
I
V
E

D
I
R
E
C
T
O
R
Y DPW
I
T
2
2
Performance Monitor
2

A
C
T
I
V
E

D
I
R
E
C
T
O
R
Y DPW
I
T
2
2
DIAGNOSTIC TOOLS
2
• Dcdiag - analyze the state of the domain
A controllers in the forest or enterprise
C
T • Dsastat - compare directory information on
I domain controllers and detect differences
V
E • Replmon - display replication topology,
monitor replication status, including group
D
I
policies, and force replication events and
R knowledge consistency checker (KCC)
E recalculation
C
T • Repadmin - check replication consistency
O
R
between replication partners, monitor
Y replication status DPW
I
T
2
2
DIAGNOSTIC TOOLS
2
• Netdom - manage and verify trusts, join
A
C
computers to domains, and verify replication
T ability and permissions between partners
I
V
• Ntfrsutl - list the active replica sets and FRS
E data
D • Netdiag - domain controller discovery, DNS,
I Kerberos, and IPSec.
R
E • ADSIEdit - add, delete, and edit Active Directory
C objects
T
O • LDP – graphic active directory database editor
R
Y DPW
I
T
2
2
DIAGNOSTIC TOOLS
2

A
• Kerbtray - display ticket information for
C a computer running the Kerberos
T
I protocol
V
E • Nltest - verify trusts and check
replication
D
I • DSAcls - display or modify permissions
R
E of an Active Directory object
C
T
O
R
Y DPW
I
T
2
2
Required System Services
2
• Distributed file system – needed for the
A sysvol share in Active Directory
C • File replication – replicates data
T
I • Intersite messaging – used for replication
V • Kerberos key distribution – need for users to
E
logon
D • Remote procedure call (RPC)
I
R • DNS server – provides name service
E • Net logon – allows users to logon to the
C
T
domain
O • Windows time – provides time
R synchronization
Y DPW