1

Directory Service Continuity

• Monitor Active Directory

• Manage the Active Directory Database

• Back Up and Restore AD DS and Domain Controllers

2

Understand Performance and Bottlenecks

• Key system resources CPU

Disk

Memory

Network

• Bottleneck: Resource that is currently at peak utilization

• Tools Task Manager

Event Viewer

Resource Monitor

Reliability Monitor

Performance Monitor

System Center Operations Manager

3

Task Manager• Starting taskmgr.exe

CTRL+SHIFT+ESC

CTRL+ALT+DEL

Right-click taskbar

Start taskmgr.exe

• Real-time performance Applications

Processes

Services

Performance

• High-level CPU, network, memory

• No disk counters

Logged-on users

• Entry point to Resource Monitor

4

Resource Monitor

• Full view of key system components

Click each graph to expand/collapse the component

• Launching Resource Monitor

Task Manager Performance Resource Monitor

Start perfmon /res

Home view of Windows Reliability and Performance Monitor (WRPM) snap-in

5

Event Viewer

• What you see

Many more logs

Summary and custom views based on cross-log queries

Role-based views in Server Managers

More detailed events

• What you can do

Integrate with Task Scheduler: E-mails or actions based on event

Subscribe to events from other computers

6

Demonstration: Event Viewer

In this demonstration, we will

• Explore Event Viewer

• Identify the Active Directory logs

Directory Service

Domain Name System (DNS)

Distributed File System Replication (DFSR)

Group Policy Operational log

• Discover the new features in the Windows Server 2008 Event Viewer

7

Custom Views

• Aggregate events from multiple logs

• Filter

• Reuse

• Export for import to other computers

Event 1Security log

Event 2System log

Event 3 DFS logEvent ViewerEvent Viewer

8

Subscriptions

• Collect events from one or more computers

• Store the events locally

• Use Windows Remote Management (WinRM)

• Require WinRM exceptions in firewall

9

Windows Reliability and Performance Monitor (WRPM)

• Track system changes (Reliability Monitor)

• Display real-time or logged performance data(Performance Monitor)

Generate reports or graphical views of performance

Generate alerts

Take action when thresholds are reached

• Collect data (Data Collector Sets and Reports)

Generate reports

Generate graphical views of logged performance

10

Reliability Monitor

• Tracks system changes

Software install/uninstall

Application failures

Windows failures

Hardware failures

11

Performance Monitor

• Useful counters in any server baseline

Memory \ Pages/sec

PhysicalDisk \ Avg. Disk Queue Length

Processor \ %Processor Time

• Useful counters for monitoring Active Directory

NTDS\ DRA Inbound Bytes Total/sec

NTDS\ DRA Inbound Object

NTDS\ DRA Outbound Bytes Total/sec

NTDS\ DRA Pending Replication Synchronizations

NTDS \ Kerberos Authentications/sec

NTDS\ NTLM Authentications

12

Data Collector Sets• Collections of data points

Performance counters Event trace data System configuration information (registry keys)

• Use to View real-time performance with Performance Monitor Create a log (manually invoked or scheduled) and then view Reports Generate alerts based on thresholds Use by other applications

• Create Start from a template; role templates added by Windows Save an existing set of counters in a Performance Monitor view Manually specify and configure data collectors in a set Export/import data collector set as XML

13

Monitoring Best Practices

1. Monitor early to establish baselines!

Document performance when things are working well

Include server and role-related counters during idle and busy times

2. Monitor often to identify potential problems

Compare to baseline and watch for troublesome deviation

3. Know how to monitor and interpret performancebefore a meltdown

Establish Data Collector Sets

Build the skills to interpret performance counters

4. Capture appropriately

Don’t overcapture

• Degrades performance

• Creates “noise,” making it difficult to identify real problems

14

Active Directory Database Files

Description

NTDS.dit

EDB*.log

EDB.chk

File

• The AD DS database file• All AD DS partitions and objects on the domain

controller• Default location: systemroot\NTDS

• Transaction log• Default transaction log: EDB.log• Overflow logs: Edb000x.log

• Checkpoint file• Pointer into transaction log: which transactions

have or have not been committed

ebdres00001.jrs ebdres00002.jrs

• Reserved transaction log files• Used if disk runs out of space, so that

transaction logs do not crash

15

How the Database Is Modified

Write RequestWrite Request

Transaction is initiated

Write to the transaction buffer

Write to the database on disk

NTDS.dit on DiskNTDS.dit on Disk

EDB.logEDB.log

Write to the transaction log file

Commit the transaction

Update the checkpoint

EDB.chkEDB.chk

16

NTDSUtil

• Manage and control single master operations (Module 11)

• Perform AD DS database maintenance (Module 13)

Perform offline defragmentation

Create and mount snapshots

Move database files

• Clean domain controller metadata

Domain controller removal or demotion while not connected to domain

• Reset Directory Services Restore Mode password

set dsrm

17

Perform Database Maintenance

• Garbage collection

Scavenging: Removing deleted items that have reached their tombstone lifetime

• Defragmentation

Online defrag (part of garbage collection): reclaims unused space

Offline defrag (manual): releases unused space, reduces file size

• Use NTDSUtil

• Restartable AD DS

You can stop AD DS in Services just like any other service

For applying updates that affect AD DS files

Before performing offline defragmentation

18

Active Directory Snapshots• Create a snapshot of Active Directory

NTDSUtil

• Mount the snapshot to a unique port

NTDSUtil

• Expose the snapshot

Right-click the root node of Active Directory Users and Computers and choose Connect to Domain Controller

Enter serverFQDN:port

• View (read-only) snapshot

Cannot directly restore data from the snapshot

• Recover data

Manually re-enter data or

Restore a backup from the same date as the snapshot

19

Restore Deleted Objects

• When an object is deleted

Stripped of almost every attribute except

• SID, objectGUID, lastKnownParent, sAMAccountName

Moved to Deleted Objects container, marked as isDeleted

• You can restore (“reanimate”) deleted (“tombstoned”) objects when

Domain functional level is Windows Server 2003 or greater

Deleted object has not yet been scavenged

• Steps

LDP.exe

• Modify isDeleted

• Provide distinguished name (DN)

Repopulate all other attributes

20

Backup and Recovery Tools

• Windows Server Backup snap-in (use locally or remotely)

Back up a full server (all volumes)

Back up selected volume(s)

Back up system state (includes all critical volumes)

Recover volumes, folders, files, or system state

• wbadmin.exe

• Perform manual or automated backup

• Back up to CD/DVD/HDD

No tape!

Use a dedicated HDD for backup: recommended or required

21

Overview of AD DS and Domain Controller Backup

• You must back up all critical volumes

System volume: The volume that contains boot files

Boot volume: The volume that contains the Windows operating system and the registry

Volume(s) hosting SYSVOL, AD DS database (NTDS.dit), logs

Do not store other data on these volumes as it will increase backup and restore times

• Windows Server Backup (wbadmin.exe)

22

Other Backup and Recovery Tools

• Active Directory Snapshots

• PowerShell cmdlets

• Windows Recovery Environment

Boot to Windows Server 2008 DVD and choose System Recovery Options

Install locally as a boot option

Useful for full system recovery

• Microsoft System Center Data Protection Manager 2007

23

Active Directory Restore Options

• Nonauthoritative (normal) restore Restore domain controller to previously known good state of Active

Directory Domain controller will be updated using standard replication from up-

to-date partners

• Authoritative restore Restore domain controller to previously known good state of Active

Directory “Mark” objects that you want to be authoritative

• Windows sets the version numbers very high Domain controller is updated from its up-to-date-partners Domain controller sends authoritative updates to its partners

• Full Server Restore Typically performed in Windows Recovery Environment

• Alternate Location Restore

24

Nonauthoritative Restore• Restart the domain controller in DSRM

Locally: Press F8 on restart

Remotely using remote desktop:

• Configure restart in DSRM: bcdedit /set safeboot dsarepair

• Restart: shutdown -t 0 -r

• Log on with the Administrator account and the DSRM password

• Perform the nonauthoritative restore

Use Windows Server Backup (wbadmin.exe) to restore AD DS

• Restart

Set normal restart: bcdedit /deletevalue safeboot dsarepair

Restart: shutdown -t 0 -r

• Domain controller replicates all changes since date of backup from its partners

25

Authoritative Restore• Restart the domain controller in DSRM

• Log on with the Administrator account and the DSRM password

• Perform the nonauthoritative restore

Use Windows Server Backup (wbadmin.exe) to restore AD DS

• Mark selected objects as authoritative

restore [object|subtree] “objectDN"

Authoritative changes have a higher version number than on partners

• Restart

• Restored domain controller replicates changes since date of backup

• Partners see authoritative changes with high version numbers

Partners pull the authoritative changes from the restored domain controller