Hands-On Microsoft Windows Server 2003 Active Directory

Chapter 9
Active Directory Maintenance And Data Recovery

Objectives
Describe the file structure used by Active Directory Describe how data is written to the Active Directory database Defragment the Active Directory database Move the Active Directory database to a different location on disk

Hands-On Microsoft Windows Server 2003 Active Directory

Objectives (continued)
Back up Active Directory Recover the Active Directory database and restore it, if necessary, from a backup Manage which domain controllers (DCs) hold the operations master roles

Hands-On Microsoft Windows Server 2003 Active Directory

Active Directory File Structure

Active Directory uses a transactional database based on the Extensible Storage Engine (ESE) A transaction is an addition, modification, or deletion Database changes are recorded in log files before being made to the database files A pointer to the last completed transaction is written to a checkpoint file Rollback is the removal of incomplete transactions in the event of a failure
Hands-On Microsoft Windows Server 2003 Active Directory

Active Directory File Structure (continued)

The database file, NTDS.DIT, consists of
The schema table The link table The data table

EDB.LOG is the current transaction log file EDB.LOG is rewritten as EDBXXXXX.LOG when full EDB.CHK is the checkpoint file RES1.LOG and RES2.LOG are reserve log files TEMP.EDB is a temporary storage space
Hands-On Microsoft Windows Server 2003 Active Directory

Active Directory Files

Hands-On Microsoft Windows Server 2003 Active Directory

How Data Is Written to Active Directory

The data to be modified is loaded into RAM The transaction is recorded in EDB.LOG The transaction is then written to NTDS.DIT The EDB.CHK file is updated with a new pointer An object marked for deletion and moved into the Deleted Objects folder creates a tombstone Backups older than the tombstone lifetime cannot be restored
Hands-On Microsoft Windows Server 2003 Active Directory

Defragmenting the Database

Fragmentation means that related information is spread out in little chunks Online defragmentation (garbage collection) purges deleted objects whose tombstone lifetimes have expired without compacting the database Offline defragmentation is performed to compact the database
Hands-On Microsoft Windows Server 2003 Active Directory

Compacting the Active Directory Database

Hands-On Microsoft Windows Server 2003 Active Directory

Moving the Active Directory Database

Problems can occur if the partition storing Active Directory runs out of space The location of Active Directory can be selected during installation using dcpromo To move the database file
Restart the DC in Directory Services Restore Mode Run Ntdsutil Use the files command
Hands-On Microsoft Windows Server 2003 Active Directory

10

Backing Up Active Directory

Active Directory is backed up as part of the system state

Hands-On Microsoft Windows Server 2003 Active Directory

11

Recovering Active Directory

Esentutl.exe performs a soft recovery by replaying the log files A non-authoritative restore is used to restore a damaged Active Directory database from a good system state backup
Cannot be used to restore a deleted object

An authoritative restore restores objects that were mistakenly deleted or modified Reinstalling Active Directory is another option for fixing corruption
Contents supplied from another DC by replication
Hands-On Microsoft Windows Server 2003 Active Directory

12

Recovering the Active Directory Database Using Ntdutil

Hands-On Microsoft Windows Server 2003 Active Directory

13

Repair Warning Message

Hands-On Microsoft Windows Server 2003 Active Directory

14

Operations Master Roles

A transfer is performed when both the DC holding the role and the target DC are available on the network Seizing the role is done when the DC holding the role is not available on the network

Hands-On Microsoft Windows Server 2003 Active Directory

15

Role Seizure Confirmation Message

Hands-On Microsoft Windows Server 2003 Active Directory

16

Chapter Summary
NTDS.DIT is the Active Directory database EDB.LOG is a transaction log for changes to NTDS.DIT and maintains a constant size of 10MB; EDBxxxxx.LOG is an old version of EDB.LOG EDB.CHK is a checkpoint file that tracks which transactions in EDB.LOG have been written to NTDS.DIT RES1.LOG and RES2.LOG are used as reserve space if the disk holding EDB.LOG runs out of disk space
Hands-On Microsoft Windows Server 2003 Active Directory

17

Chapter Summary (continued)

Deleted objects are marked with a tombstone for 60 days, by default; when restoring Active Directory, the age of the backup must be less than the tombstone lifetime Online defragmentation of Active Directory is automatically performed every 12 hours, but does not compact the database Offline defragmentation of Active Directory must be performed manually and does compact the database
Hands-On Microsoft Windows Server 2003 Active Directory

18

Chapter Summary (continued)

The location of the Active Directory database and log files can be moved Active Directory is backed up as part of a system state backup on a DC A soft recovery scans log files and ensures that all transactions are written to the database

Hands-On Microsoft Windows Server 2003 Active Directory

19

Chapter Summary (continued)

A repair performs a structural rebuild of the database A non-authoritative restore is used to replace a corrupted database An authoritative restore is used to replace accidentally deleted or corrupted objects

Hands-On Microsoft Windows Server 2003 Active Directory

20

Chapter Summary (continued)

The five flexible single master operations are: schema master, domain naming master, PDC emulator, RID master, and infrastructure master FSMO roles are transferred to another DC when the DC performing the role is removed. When the DC performing an FSMO role is unavailable, the role must be seized
Hands-On Microsoft Windows Server 2003 Active Directory

21