Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 9: Implementing an Active Directory M Domain Services Maintenance Plan.

Similar presentations


Presentation on theme: "Module 9: Implementing an Active Directory M Domain Services Maintenance Plan."— Presentation transcript:

1 Module 9: Implementing an Active Directory M Domain Services Maintenance Plan

2 Module Overview Maintaining the AD DS Domain Controllers Backing Up Active Directory Domain Services Restoring Active Directory Domain Services

3 Lesson 1: Maintaining the AD DS Domain Controllers The Active Directory Domain Services Database and Log Files How the AD DS Database Is Modified Managing the Active Directory Database Using NTDSUtil Tool What Is an AD DS Database Defragmentation? What Are Restartable Active Directory Domain Services? Demonstration: Performing AD DS Database Maintenance Tasks Locking Down Services on a AD DS Domain Controller

4 The Active Directory Domain Services Database and Log Files Description Ntds.dit Edb*.log Edb.chk File Is the Active Directory database file Stores all Active Directory objects on the domain controller Uses the default location systemroot\NTDS folder Is a transaction log file Uses the default transaction log file Edb.log Is a checkpoint file Tracks data not yet written to Active Directory database file ebdres00001.jrs ebdres00002.jrs Are the reserved transaction log files

5 How the AD DS Database Is Modified Write Request Transaction is initiated Write to the transaction buffer Write to the database on disk Ntds.dit on Disk EDB.log Write to the transaction log file Commit the transaction Update the checkpoint Edb.chk

6 Managing the Active Directory Database Using NTDSUtil Tool Ntdsutil.exe is a command-line tool used to manage some Active Directory components Use Ntdsutil.exe to: Perform Active Directory database maintenance Manage and control single master operations Move the Active Directory database files Remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled Type HELP at any NTDSUtil prompt for context-sensitive help

7 What Is an AD DS Database Defragmentation? The new file may be considerably smaller, depending on how fragmented the original database file was Active Directory performs online database defragmentation automatically every 12 hours Use the NTDSUtil command-line tool to perform offline defragmentation on a dismounted database Online defragmentation optimizes data storage in the database and reclaims space in the directory for new objects, but does not reduce the size of the database file Offline defragmentation creates a new, compacted version of the database file

8 What Are Restartable Active Directory Domain Services? Restartable AD DS services allows administrators to stop the Active Directory Domain Services without stopping any other services Use restartable AD DS services when: Applying updates that modify Active Directory service files on a domain controller Performing tasks such as offline defragmentation of the Active Directory database Directory Services Restore Mode must be used to restore Active Directory database

9 Demonstration: Performing AD DS Database Maintenance Tasks In this demonstration, you will see how to: Start and stop AD DS Services Move AD Database to a different drive using NTDSUtil Use NTDSUtil and AD DS Stopped mode for Offline Defrag

10 Locking Down Services on AD DS Domain Controllers Services required for AD DS to function correctly: Distributed File System DNS Server File Replication Service Kerberos Key Distribution Center Intersite Messaging Remote Procedure Call (RPC) Locator Minimize the number of server roles and applications installed on domain controllers Use the Security Configuration Wizard to lock down the services on a domain controller

11 Lesson 2: Backing Up Active Directory Domain Services Introduction to Backing Up AD DS Windows Backup Features Demonstration: Backing Up AD DS

12 Introduction to Backing Up AD DS To back up Active Directory, you must back up all critical volumes Critical volumes include: The system volume: the volume that hosts the boot files The boot volume: the volume that hosts the Windows operating system and the Registry The volume that hosts the SYSVOL tree The volume that hosts the Active Directory database (Ntds.dit) The volume that hosts the Active Directory database log files All of these files may be stored in a single volume or distributed across multiple volumes

13 Windows Backup Features Windows Server Backup is a Windows Server 2008 feature used to back up and recover the operating system and data With Windows Server Backup, you can: Recover the server without using third-party backup and recovery tools Perform manual or automatic backups Backup an entire server or selected volumes Recover items or entire volumes Use DVDs or CDs as backup media Windows Server Backup does not support backing up individual files or directories, only entire volumes

14 Demonstration: Backing Up AD DS In this demonstration, you will see how to back up AD DS

15 Lesson 3: Restoring Active Directory Domain Services Overview of Restoring AD DS What Is a Nonauthoritative AD DS Restore? What Is an Authoritative AD DS Restore? What Is the Database Mounting Tool? Demonstration: Using the Database Mounting Tool Reanimating Tombstoned AD DS Objects

16 Overview of Restoring AD DS Options for restoring Active Directory Domain Services include: Normal Restore Authoritative Restore Full Server Restore Alternate Location Restore

17 What Is a Nonauthoritative AD DS Restore? A nonauthoritative or normal AD DS restore returns the directory service to its state at the time that the backup was created AD DS replication updates the domain controller with changes that have occurred since the backup was created Restart the domain controller in Directory Services Restore Mode to perform a nonauthoritative restore Press F8 when restarting the server and choose Directory Services Restore Mode or type the command bcdedit /set safeboot dsrepair and restart the server 1 1 Provide the Directory Services Restore Mode password 2 2

18 What Is an Authoritative AD DS Restore? Authoritative restore is a four-step process: Start the domain controller in DSRM 1 1 Use Ntdsutil.exe to mark desired objects, containers, or partitions as authoritative 3 3 Restart the domain in normal mode to replicate the changes 4 4 Restore the desired backup, which is typically the most recent backup 2 2 Authoritative restore provides a method to recover objects and containers that have been deleted from AD DS To mark an object as authoritative, use a command like : restore subtree OU=Marketing,DC=EMEA,DC=WoodgroveBank,DC=com

19 What Is the Database Mounting Tool? The Database Mounting Tool can be used to: Create and view snapshots of data that is stored in AD DS Improve recovery processes for your organizations by providing a means to compare data as it exists in snapshots that are taken at different times Eliminate the need to restore multiple backups to compare the Active Directory data that they contain View, but not restore, deleted objects and containers

20 Demonstration: Using the Database Mounting Tool In this demonstration, you will see how to use the Database Mounting Tool to view deleted AD DS objects

21 Reanimating Tombstoned AD DS Objects You can reanimate deleted objects manually in AD DS when: You do not have current AD DS backups in a domain where user accounts or security groups were deleted The deleted object has not yet been scavenged from the Active Directory database The deletion occurred in domains that contain only Windows Server 2003 or later domain controllers To reanimate tombstoned AD DS objects : Use LDP.exe to locate the deleted object Modify the objects isDeleted attribute and provide a distinguished name Enable the object and reconfigure the object attributes

22 Lab: Implementing an Active Directory Domain Services Maintenance Plan Exercise 1: Maintaining AD DS Domain Controllers Exercise 2: Backing Up AD DS Exercise 3: Performing a Nonauthoritative Restore of the AD DS Database Exercise 4: Performing an Authoritative Restore of the AD DS Database Exercise 5: Restoring Data Using the AD DS Data Mining Tool Logon information Virtual machine 6425A-NYC-DC1, 6425A-NYC-DC2 User nameAdministrator Password Pa$$w0rd Estimated time: 75 minutes

23 Lab Review How could you apply the security policy you created in Exercise 1 to multiple domain controllers? What concerns would you have with doing this? Why is a Nonauthoritative AD DS restore overwritten by replication? How does an authoritative restore prevent this from happening? What is the difference between restoring an AD DS object by undeleting it and just recreating the object?

24 Module Review and Takeaways Review questions Considerations Tools

25 Beta Feedback Tool Beta feedback tool helps: Collect student roster information, module feedback, and course evaluations. Identify and sort the changes that students request, thereby facilitating a quick team triage. Save data to a database in SQL Server that you can later query. Walkthrough of the tool

26 Beta Feedback Overall flow of module: Which topics did you think flowed smoothly, from topic to topic? Was something taught out of order? Pacing: Were you able to keep up? Are there any places where the pace felt too slow? Were you able to process what the instructor said before moving on to next topic? Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions? Learner activities: Which demos helped you learn the most? Why do you think that is? Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment? Were there any discussion questions or reflection questions that really made you think? Were there questions you thought werent helpful?


Download ppt "Module 9: Implementing an Active Directory M Domain Services Maintenance Plan."

Similar presentations


Ads by Google