What are the methods used to manage and administer the operation system of an organization
You can use System tools—such as Event Viewer and Reliability and Performance Monitor—and audit policies
What are the methods used to detect any problems occurring in the AD DS database?
You should audit the changes made to Active Directory Domain Services (AD DS) to detect any problems occurring in the AD DS database.
You need to maintain the AD DS domain controllers in your organization by managing, backing up, and restoring the AD DS data store.
What are the methods to monitor AD DS?
The Event Viewer allows you to browse, manage, and monitor events recorded in event logs.
The Event Viewer subscription allows you to specify which types of events are collected and from which event logs.
The Reliability Monitor tracks events and provides information about software installation and removal to help you identify the causes for reductions in reliability.
The Performance Monitor includes various counters to monitor the performance of AD DS.
You can use Data Collector Sets available in Reliability and Performance Monitor to organize multiple data collection points into a single component that you can use to review or log performance.
Features of the Reliability and Performance Monitor
You can use Reliability and Performance Monitor to analyze system performance.
To view the features of Reliability and Performance Monitor, you should run the Reliability and Performance Monitor tool.
In Windows Server 2008, Reliability and Performance Monitor includes features such as Resource View, Reliability Monitor, Performance Monitor, Data Collector Set, and Reports.
What's resource view?
The home page of Reliability and Performance Monitor is the new Resource View screen, which provides a real time, graphical overview of the CPU, disk, network, and memory usage.
By expanding each of these monitored elements, you can identify which processes are using which resources.
What's Performance Monitor?
The Performance Monitor displays built-in Windows performance counters, either in real time or as historical data.
You can add performance counters to the Performance Monitor by moving them from any Data Collector Set, or its template, to the Performance Monitor icon.
You can also create custom Data Collector Sets from a collection of counters that are already added to Performance Monitor. The Performance Monitor contains a visualization tool for viewing performance data in a graph, histogram, or report.
What's reliability monitor?
The Reliability Monitor is a new feature that provides the System Stability Chart.
The System Stability Chart displays a graph of the System Stability Index.
The chart is based on the number of software installations, application failures, hardware failures, operating system failures, and other types of failures.
The index number represents the current stability of the system. The index number will increase or decrease depending on the number of applications and the number of hardware failures that occur in the system. If failures occur in the system, the index number decreases.
If the system is stable over a period of time, the index number increases. The occurrence of an event will be plotted on the chart, and you can view those events.
The System Stability Report provides details to help you troubleshoot the root cause of reduced reliability.
What's Data Collector Set?
The Data Collector Set groups data collectors into reusable elements for use with different performance monitoring scenarios.
After you store a group of data collectors as a Data Collector Set, you can apply operations, such as scheduling, to the entire set through a single property change. You can create a Data Collector Set manually, or by using an existing template.
The Windows Reliability and Performance Monitor tool includes default Data Collector
Set templates to help you collect performance data specific to a server role or monitoring scenario.
What are reports?
You can create diagnosis reports from data that is collected by using any Data Collector Set.
You can repeat reports and assess how changes have affected the performance or the report recommendations.
The Windows Reliability and Performance Monitor tool has improved report-generation time.
What's event viewer?
In Windows Server 2008, you can monitor AD DS by using the Event Viewer tool.
Open the Event Viewer management console.
The Event Viewer displays detailed information about system events such as the Event Type, the date and time of the event, and the Event ID.
You can search, filter, sort, and view details of the events in the event log.
In the overview and summary pane, you can view the summary of administrative events such as the number of events, recently viewed nodes, and the log summary.
What are event viewer subscriptions?
The Event Viewer allows you to view events on a local or a single remote computer. To troubleshoot an issue, you need to examine a set of events stored in multiple logs on multiple computers.
You can collect copies of events from multiple remote computers and store them locally by using the Event Viewer.
You need to create an event subscription to specify the events to be collected.
When a subscription is active and events are collected, you can view and manipulate the forwarded events.
What's required in order to start subscriptions?
In subscriptions, a computer accesses the collector by using the Windows Event Collector service, while another computer functions as the source computer that can subscribe to these events.
As soon as you start subscriptions, you must start the Windows Event Collector service to work with subscriptions.
After you have started the Windows Event Collector service, you can create a new subscription.
You can also select the computer that you want to subscribe and the event to be collected from the computer.
What's necessary to create a subscription?
The event-collecting feature depends on the WinRM and the Windows Event Collector service services.
The WinRM and Windows Event Collector service services must run on computers that are involved in the forwarding and collecting processes.
To create a subscription, you must run the WinRM command on the source computers with the quickconfig parameter to enable WinRM.
You can also allow firewall exception.
To start the Windows Event Collector service, you need to run the Windows Event Collector utility with the global catalog parameter on the collector computer.
Finally, you must create a new subscription and specify the query to collect the events.
Collected events will appear in the Forwarded Events log.
What's AD DS performance monitor?
The Performance Monitor is a simple yet powerful visualization tool for viewing performance data, both in real time and from log files.
Performance counters are measurements of system state or activity, they can be included in the operating system or can be part of individual applications.
What are the Performance Monitor counters specific to Active Directory?
The Performance Monitor includes counters specific to Active Directory:
What's a NTDS DRA Inbound Bytes Total/sec counter?
This performance counter indicates the total number of bytes received through replication.
It is the sum of the number of bytes of uncompressed data and compressed data.
This counter should show activity over time.
If it does not, it usually indicates that the network is slowing replication.
What's a NTDS DRA Inbound Objects/sec counter?
This performance counter indicates the number of objects received from neighbors through inbound replication.
A neighbor is a domain controller from which the local domain controller replicates locally.
What's a NTDS DRA Outbound Bytes Total/sec counter?
This performance counter indicates the total number of bytes sent per second. This is the sum of the number of bytes of uncompressed data and compressed data.
This counter should show activity over time.
If it does not, it usually indicates that either server hardware or network problems are slowing the replication.
What's a NTDS DRA Pending Replication Synchronizations counter?
This performance counter indicates the number of directory synchronizations, which are queued for this server, are not yet processed.
This counter helps determine the replication backlog.
The higher the counter, the larger is the backlog.
This counter should be as low as possible.
If it is not, it usually indicates that server hardware is slowing the replication.
What's a NTDS Kerberos Authentications/sec counter?
This performance counter indicates the number of Kerberos authentications per second that are serviced by the domain controller.
This counter should show activity over time.
If it does not and the clients use Windows 2000, it usually indicates network problems.
What's a NTDS NTLM Authentications counter?
This performance counter indicates the number of NT LAN Manager (NTLM)authentications per second that are serviced by the domain controller.
This counter should show activity over time.
If it does not and the clients use Windows 98 or Windows NT, it usually indicates network-related problems.
What's a NTDS DS Threads in Use counter?
This performance counter indicates the current number of threads in use by the directory service.
This counter should show activity over time.
If it does not, it usually indicates that network problems are hindering the client requests.
What's the AD DS Data Collector Set?
Data Collector Sets group data collectors into reusable elements that you can use with various performance monitoring scenarios.
Data Collector Sets organize multiple data-collection elements into a single component that you can use to review or log performance.
You can create and record individual Data Collector Sets, group them with other Data Collector Sets, and then incorporate the sets into logs. Data Collector Sets can be used by other non-Microsoft applications, associated with rules for data collection scheduling at specific times, and used to run Windows Management Interface (WMI) tasks.
The Data Collector Sets can contain data collectors such as performance counters, event trace data, and system configuration information.
You can configure Data Collector Sets to generate alerts when thresholds on particular counters are reached.
There are four built-in Data Collector Sets—Active Directory diagnostics, local area network (LAN) diagnostics, system diagnostics, and system performance.
The Active Directory Diagnostics Data Collector Set collects registry keys, performance counters, and trace events that help in troubleshooting AD DS performance issues.
To create a Data Collector Set, you need to be a member of the Administrators group or any of the local Performance Log Users group.
You can create a Data Collector Set:
From an existing set of data collectors in a Performance Monitor view.
From an existing template. Manually by selecting individual data collectors and setting each individual option in the Data Collector Set properties.
You are the network administrator at Adventure Works. Your organization has implemented Windows Server 2008 and uses AD DS to store directory data and manage communication between users and domains. You use the Windows Reliability and Performance Monitor tool to monitor the performance of applications and services. Which feature of this tool provides the System Stability Chart?
B) Reliability Monitor
That is correct. The Reliability Monitor is the new feature that provides the System Stability Chart. The System Stability Chart displays a graph of the System Stability Index.
Which performance counter indicates the number of objects received from neighbors through inbound replication?
D) NTDS DRA Inbound Objects/sec.
That is correct. The NTDS DRA Inbound Objects/sec performance counter indicates the number of objects received from neighbors through inbound replication.
What's the main database AS DS file?
The main database file is Ntds.dit, which is located in C:\WINNT\NTDS by default
What are log files?
The log files serve as a temporary storage location for database transactions.
The log files store the transactions until they are committed to the Active Directory database.
After the transactions are committed to the database, they are updated in the checkpoint file.
The Windows operating system automatically commits database transactions during times of limited activity.
Various log files and checkpoint files support the Active Directory database.
What's a Ntds.dit file?
Ntds.dit is the main Active Directory database. The Ntds.dit file on a particular domain controller contains all naming contexts hosted by that domain controller.
What's a Edb.chk file?
Edb.chk is the checkpoint file that the transaction logging system uses to mark the point at which updates are transferred from the log files to Ntds.dit.
The Edb.chk file is a pointer in the log sequence that maintains the status between the memory and the database file on disk.
In the event of a failure, it indicates the point in the log file from which the information store needs to start the recovery.
What's a Edb.log file?
Edbxxxxx.log and Edbtemp.log are auxiliary transaction logs used to store changes if the main Edb.log file becomes full before it is moved to Ntds.dit.
The Edbtemp.log file opens when the Edb.log file is full.
The original Edb.log file is renamed as Edb00001.log and Edbtemp.log is renamed as Edb.log.
What's a Temp.edb file?
Temp.edb is a temporary file that stores information about transactions in progress. This file also holds the pages that are pulled out of Ntds.dit during the compaction.
What are Edbres00001.jrs and Edbres00002.jrs reserve log files?
Edbres00001.jrs and Edbres00002.jrs are reserve log files.
If the hard drive is full when the system is attempting to create an Edbxxxxx.log file, the space reserved by the Edbres log files is used.
The system then prompts you to free up disk space quickly before Active Directory is corrupted.
What Is Offline AD DS Database Defragmentation?
The offline AD DS database defragmentation process recovers empty spaces in a database.
AD DS then creates a new compact version of the Ntds.dit database file, in a new location.
This new location can be either on the same computer or on a network-mapped drive.
However, to avoid network issues, you should perform offline defragmentation, locally.
For example, if you have replaced a large number of objects in AD DS, you can defragment it offline to save space.
How to perform an Offline AD DS Database Defragmentation?
To perform an AD DS offline defragmentation, you must stop AD DS, and then use the Ntdsutil tool to create a compact Ntds.dit file.
Then, you must copy the new compact version of the file to the Ntds folder.
You cannot create a compact database file when Active Directory is running.
After you place the compact file in a temporary location, you must copy the compact file to the original location.
You can also maintain a copy of the original database file by renaming it in its current location, or by copying the Ntds.dit file to an archival location.
Restartable AD DS is a feature in Windows Server 2008 that you can use to perform routine maintenance tasks, such as performing offline defragmentation on a domain controller without restarting the server.
What are the scenarios where you can perform an offline defragmentation?
The following are the scenarios in which you can perform offline defragmentation:
The disk space is very low.
You are not ready to move the database to a larger drive.
The domain controller was a global catalog server for a multiple domain forest, but no longer needs the space necessary to perform that function.
A large number of objects have been removed from the AD DS database.
The domain controller once had an AD DS–Integrated Domain Name System (DNS) zone, but that zone has been moved to a standard DNS server.
What's the procedure to perform an offline defragmentation?
1 Start the domain controller in DSRM.
2 Run the Ntdsutil utility at the command prompt.
3 Compact the database by using the compact to <<location>> command at the file maintenance: prompt.
4 In case the defragmentation fails, repeat the procedure from the beginning.
If defragmentation succeeds:Delete all the log files.
What Is Restartable AD DS?
In Windows Server 2008, you can use the restartable AD DS feature to perform routine maintenance tasks on a domain controller, such as applying updates or performing offline defragmentation without restarting the domain controller.
Restartable AD DS reduces the time required to perform offline operations.
It also improves the availability of services such as Dynamic Host Configuration Protocol (DHCP) running on a domain controller when AD DS is stopped.
What are the considerations that should be taken while using Restartable AD DS on Windows Server 2008?
You cannot stop AD DS and then restart the domain controller without AD DS starting up.
You can only restart the domain controller in Directory Services Restore Mode (DSRM).
You can stop and start AD DS, but you cannot pause it.
You can only enable the startup type as automatic.
Services that do not depend on AD DS continue to run when AD DS is stopped.
However, services that depend on AD DS—such as the Kerberos Key Distribution Center (KDC), Inter-Site Messaging, Domain Name System (DNS) server, and File Replication services—shut down before AD DS shuts down.
If the domain controller is a DNS server, it will not respond to any queries for Active Directory–integrated zones when AD DS is stopped.
When AD DS is stopped, options for logon depend on whether another domain controller can respond to the domain logon requests.
If another domain controller responds to the logon request, the computer on which AD DS is stopped acts as the member server.
If another domain controller cannot respond to the domain logon request, you can only log on to the server in DSRM.
What are the three modes for a domain controller running Windows Server 2008?
In the AD DS Started mode, the directory service is up and running.
In the AD DS Stopped mode, the domain controller functions as a member server. The directory service is temporarily down until you restart the service.
In DSRM, the domain controller functions as a member server, and the directory service does not start. You can back up or restore the Active Directory database in this mode.
What are some examples of maintenance procedures that require the directory service to be offline?
Restoring the AD DS database from backup. The database has to be in DSRM mode for restoration from backup.
Performing an offline defragmentation.
Moving the AD DS database or log files.
What's Windows Server Backup?
Windows Server Backup is the backup utility in Windows Server 2008 that provides a backup and recovery solution for servers.
The wbadmin.exe command-line tool enables you to back up and restore your computer, volumes, and files from the command prompt.
Windows Server Backup enables you to perform scheduled backups, on-demand backups, and system-state backups.
How to install Windows Server Backup?
You can install Windows Server Backup by using the Add Features Wizard in Server Manager.
Windows Server Backup helps you to back up the entire volume that hosts the files that you want to back up.
However, Windows Server Backup does not support the backing up of individual files or directories.
You can back up critical volumes instead of backing up just system-state data.
What are the critical volumes included in the Windows Server Backup?
The system volume that hosts boot files, which consists of the Bootmgr file and the Boot Configuration Data (BCD) store
The boot volume that hosts the Windows operating system and the Registry
The volume that hosts the SYSVOL tree
The volume that hosts the Active Directory database in the Ntds.dit file
The volume that hosts the Active Directory database log files
What are the minimum components of system data included?
COM+ Class Registration database
Active Directory Certificate Services (AD CS) database
AD DS database
Cluster service information
Microsoft Internet Information Services (IIS) metadirectory
System files that are under Windows Resource Protection
Besides Windows Server Backup, what's the alternative way to backup servers?
Besides Windows Server Backup, you can use the wbadmin.exe tool to run backup commands from the command line and restore your computer, volumes, and files.
To use this tool, you need to install Windows PowerShell.
In Windows Server 2008, the wbadmin command replaces the Ntbackup command.
By using wbadmin.exe, you cannot recover backups that you created with the Ntbackup command.wbadmin.exe allows you to back up and restore only the system-state data on a domain controller.
For example, to back up only the system-state data, you need to run the wbadmin start systemstatebackup –backuptarget:e: command. In this command, the e: parameter is the drive letter for storing the backup files.
What are the features of Windows Server Backup?
Volume Shadow Copy Service (VSS) backup
Describe the Schedule backup feature.
You can use Windows Server Backup or wbadmin.exe command-line tool to perform a scheduled backup.
You must store the scheduled backup on a local physical drive that does not host any critical volumes.
A scheduled backup reformats the target drive and captures all volumes on the server.
What are the requirements for scheduling daily domain controller backups?
The destination volume for the backup must be on a separate hard disk from the source volumes.
You cannot perform a scheduled backup to a network share.
The external storage device must be connected to the domain controller that you back up.
You must be a member of the built-in Administrators group to perform a scheduled backup.
Describe backup media feature.
Windows Server Backup supports DVDs or CDs as backup media.
You cannot use magnetic tape cartridges and dynamic volumes for the backup of data.
Describe backup management feature.
After you configure a disk for a scheduled backup, Windows Server Backup manages the disk usage automatically.
When you create a new backup, it deletes old backups and reuses the space automatically.
Windows Server Backup displays the backups that are available and the disk-usage information. You can use this information to plan for additional storage.
Describe VSS backup feature.
The VSS and block-level backup technology helps you to back up and recover your operating system, files, and folders, and volumes.
VSS provides the backup infrastructure and the mechanism for creating shadow copies or consistent point-in-time copies of data.
Describe On-demand backup feature.
A member of the Administrators group or the Backup Operators group can initiate a manual or on-demand backup by using the Server Backup tool or the wbadmin.exe tool.
You can create manual backups on a remote network share, on a volume, or on a local hard disk drive, without including the target volume in the backup set.
You are the network administrator at Adventure Works. Your organization has implemented Windows Server 2008 and uses AD DS to store directory data and manage communication between users and domains. You need to back up AD DS by using Windows Server Backup. Which wizard should you use to install Windows Server Backup?
B) Add Features Wizard
That is correct. You should install Windows Server Backup by using the Add Features Wizard in Server Manager.
Which feature of Windows Server Backup provides the backup infrastructure and the mechanism for creating shadow copies or consistent point-in-time copies of data?
That is correct. VSS provides the backup infrastructure and the mechanism for creating shadow copies or consistent point-in-time copies of data.
How AD DS Restoration Works?
In Windows Server 2008, you have several options available for restoring AD DS.
The option that you choose depends on the disaster-recovery scenario that you need to address.
You can use restore modes such as normal, authoritative, and full server to restore AD DS.
What's the Normal Restore feature?
A normal or nonauthoritative restore returns the directory service to its state at the time of creating the backup.
The data is then updated by using the normal replication process.
You should perform a normal restore only when you want to restore a single domain controller to a previous good state.
You can use normal restore to recover a corrupted AD DS database and recover from system disk failure.
What's the authorative restore feature?
An authoritative restore provides a method to recover individual objects in a domain that has multiple domain controllers.
You can use authoritative restore to restore objects that are deleted accidentally.
To perform an authoritative restore, you need to perform a normal restore and then mark specific data as authoritative to prevent replication from overwriting that data.
However, you will lose all changes to the restored object that occurred after the backup.
By using authoritative restore, you can also recover a deleted OU and replicate restored data to other servers.
What's the full server restore feature?
A full server restore is used to restore a failed domain controller on to new hardware or if all other attempts to recover the server on the existing hardware fail.
Full server restore performs a bare metal restoration of the system and data volumes to a point-in-time before the failure occurred.
A full server recovery recovers every server volume.
When you do a full server restore, the backup reformats and repartitions all disks that are attached to the server.
What Is a Nonauthoritative AD DS Restore?
You can use a nonauthoritative restore when the data in Active Directory is lost or corrupt.
A nonauthoritative restore allows the entire directory to be restored in a domain controller without changing the objects that you have modified.
The most common use of a nonauthoritative restore is the restoration of Active Directory to a functioning state.
How to perform a Nonauthoritative AD DS Restore?
To perform a nonauthoritative restore of AD DS, you must start the domain controller in DSRM.
You also need a critical-volume backup that contains system-state information.
To start the domain controller in DSRM mode, you need to restart the domain controller.
When the recovery menu appears, select the DSRM option.
Then, log on to the domain controller that you want to restore by using the DSRM password.
At the Windows logon screen, use the Switch User option to log on to the domain controller as an administrator.
How to identify the version that you want to restore from the backup?
Use the wbadmin get versions command.
This command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer.
Then, you can use the systemstaterecovery command to restore the version from the backup.
After you restore the Active Directory from the backup media, replication partners use the standard replication protocols to update Active Directory in the restored domain controller.
If you have multiple good backups for each domain, you can restore multiple domain controllers from backups to reduce replication overhead.However, you also need to consider the following:
You must test each backup thoroughly.
Restoring multiple domain controllers from backup is riskier than restoring a single domain controller from backup. This is especially true when the source of the forest-wide failure is not obvious because there is a higher chance that you will reintroduce dangerous data into the restored forest.
Backups of various domain controllers can take place at different times.
For a nonauthoritative restore operation, objects recovered from the most recent backup take precedence in replication because they have a more recent timestamp.
Also, restoring backups that were taken at different times increases the likelihood of introducing lingering objects on global catalog servers.
You should designate one domain controller in each domain and mark only this restored domain controller as primary for SYSVOL in the domain.
What Is an Authoritative AD DS Restore?
In Windows Server 2008, when you delete an object from Active Directory, it is marked for deletion and becomes tombstoned.
The object will not be deleted from the Active Directory until the tombstone expires.
When you restore the deleted object from an existing backup, the Update Sequence Number (USN) of the restored object will be lower than the tombstoned version of the same object.Therefore, you require a mechanism to raise the USN value of the restored object to make it the authoritative version of the object.
You can recover the objects that have been deleted from AD DS by using the authoritative restore method.
How to perform an Authoritative AD DS Restore?
To perform an authoritative restore, you need to start the domain controller in DSRM.
Then, you need to perform a nonauthoritative restore without restarting the domain controller.
You also need to mark the deleted content as authoritative, so that it will not be overwritten through replication.
You can use the Ntdsutil.exe utility to mark the objects or partitions as authoritative by raising the USN number of the restored object.
Finally, you should restart the computer in normal mode.
The restored object is then replicated to the other domain controllers in that domain.
Which command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer?
That is correct. The wbadmin get versions command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer.
wbadmin start systemstaterecovery command.That is not correct. The wbadmin start systemstaterecovery command runs a system-state recovery. The wbadmin get versions command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer.
wbadmin start recovery command.That is not correct. The wbadmin start recovery command restores a critical-volume backup. The wbadmin get versions command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer.
wbadmin start systemstatebackup command. That is not correct. The wbadmin start systemstatebackup command runs a system-state backup. The wbadmin get versions command lists the details of backups that are recoverable from the local computer, or, if another location is specified, from another computer.
You are the network administrator at Adventure Works. Your organization has implemented Windows Server 2008 and uses AD DS to store directory data and manage communication between users and domains. You need to back up and restore the AD DS database. Which of the following statements is true about the AD DS restoration process?
A) DSRM ensures that all necessary services are stopped.That is correct. In an authoritative restore, restarting a domain controller in DSRM ensures that all necessary services are stopped.
Normal restore is used to restore data that is accidentally deleted.That is not correct. Normal restore is used to recover the AD DS database on a domain controller where the database has been corrupted. Authoritative restore is used to restore data that has been accidentally deleted.
Tombstone objects replicate in an authoritative restore.That is not correct. An authoritative restore ensures that tombstone objects do not overwrite the newly-restored objects by marking the restored Active Directory objects as authoritative. In a nonauthoritative restore, tombstone objects replicate from the domain controllers in a domain.
Authoritative restore is used to restore a domain controller that has failed because of a hardware failure.That is not correct. Authoritative restore is used to restore data that has been accidentally deleted. Full server restore is used to restore a domain controller that has failed because of a hardware failure.
Implementing an AD DS Monitoring and Maintenance Plan in Windows Server® 2008
Implementing an AD DS Monitoring and Maintenance Plan in Windows Server® 2008