1 / 31

Module 12

Module 12. Monitoring, Managing, and Recovering AD DS . Module Overview. Monitoring AD DS Managing the AD DS Database AD DS Backup and Recovery Options for AD DS and Other Identity and Access Solutions. Lesson 1: Monitoring AD DS.

phuong
Télécharger la présentation

Module 12

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 12 Monitoring, Managing, and Recovering AD DS

  2. Module Overview • Monitoring AD DS Managing the AD DS Database AD DS Backup and Recovery Options for AD DS and Other Identity and Access Solutions

  3. Lesson 1: Monitoring AD DS • Understanding Performance and Bottlenecks Overview of Monitoring Tools Performance Monitor Data Collector Sets Demonstration: How to Monitor Performance

  4. Understanding Performance and Bottlenecks • Key system resources: • CPU • Disk • Memory • Network • A bottleneck is a resource that is currently at peak utilization

  5. Overview of Monitoring Tools Windows Server 2012 provides the following tools to help with monitoring performance issues: • Task Manager • Resource Monitor • Event Viewer • Performance Monitor

  6. Performance Monitor You can use Performance Monitor to view current performance statistics or historical data gathered by using data collector sets

  7. Data Collector Sets • You can use data collector sets to gather performance-related information • Data collector sets can contain the following types of data collectors: • Performance counters • Event trace data • System configuration information

  8. Demonstration: How to Monitor Performance In this demonstration, you will see how to: • Create a data collector set • Create a disk load on the server • Analyze the resulting data in a report

  9. Lab A: Monitoring AD DS • Exercise 1: Monitoring AD DS with Performance Monitor Logon Information Virtual machine:10969A-LON-DC1 User name: Adatum\Administrator Password: Pa$$w0rd Estimated Time: 40 minutes

  10. Lab Scenario Last month, the only domain controller in the Cambridge branch office failed. You now are required to monitor AD DS to help identify problems before they become critical.

  11. Lab Review • When analyzing the performance of a domain controller, aside from the AD DS–specific counters in Performance Monitor, what other factors can influence domain controller performance?

  12. Lesson 2: Managing the AD DS Database • Overview of the AD DS Database Managing the Database with NtdsUtil.exe Restartable AD DS Demonstration: Performing Database Management Managing AD DS Snapshots

  13. Overview of the AD DS Database The AD DS database holds all domain-based information in four or more partitions AD DS Database Domain Partition ConfigurationPartition Schema Partition Domain Controller ApplicationPartitions (optional)

  14. Managing the Database with NtdsUtil.exe • Manage and control single master operations • Perform AD DS database maintenance: • Perform offline defragmentation • Create and mount snapshots • Move database files • Clean domain controller metadata: • Domain controller removal or demotion while not connected to domain • Reset Directory Services Restore Mode: password • set dsrm

  15. Restartable AD DS • Use the Services console to start or stop AD DS • Three states of AD DS: • AD DS Started • AD DS Stopped • Directory Services Restore Mode • It is not possible to perform asystem state restore while AD DS is in Stopped state

  16. Demonstration: Performing Database Management In this demonstration, you will see how to: • Stop AD DS • Perform an offline defragmentation of the AD DS database • Check the integrity of the AD DS database • Start AD DS

  17. Managing AD DS Snapshots • Create a snapshot of AD DS with NTDSUtil • Mount the snapshot with NTDSUtil • Expose the snapshot: • Right-click the root node of Active Directory Users and Computers, then and choose Connect to Domain Controller • Enter serverFQDN:port • View read-only snapshot: • Cannot directly restore data from the snapshot • Recover data: • Connect to the mounted snapshot, and then export/reimport objects’ attributes with LDIFDE • Restore a backup from the same date as the snapshot • Manually reenter data

  18. Lesson 3: AD DS Backup and Recovery Options for AD DS and Other Identity and Access Solutions • Reanimating Deleted Objects Configuring the Active Directory Recycle Bin Demonstration: Implementing the Active Directory Recycle Bin Backup Technologies Backup and Recovery Tools AD DS Backup and Recovery Backup Options for AD CS Backup Options for AD RMS Backup Options for AD FS

  19. Reanimating Deleted Objects • Deleted objects are recovered through tombstone reanimation • When an object is deleted, most of its attributes are cleared • Authoritative restore requires AD DS downtime Garbage Collection Delete Physically Deleted Tombstoned Live Reanimate Tombstone/ Authoritative Restore

  20. Configuring the Active Directory Recycle Bin • Active Directory Recycle Bin provides a way to restore deleted objects without AD DS downtime • Uses Active Directory module for Windows PowerShell or the Active Directory Administrative Center to restore objects Garbage Collection Delete Recycle Physically Deleted Live Deleted Recycled Undelete/ Authoritative Restore Recycled Object Lifetime Deleted Object Lifetime

  21. Demonstration: Implementing the Active Directory Recycle Bin In this demonstration, you will see how to: • Enable the Active Directory Recycle Bin • Create and then delete test accounts • Restore deleted accounts

  22. Backup Technologies • The VSS backup technology solves data consistency issues by creating shadow copies • You can use streaming backups for older applications that are not VSS-aware

  23. Backup and Recovery Tools • Windows Server Backup • Windows Azure Online Backup • Data Protection Manager

  24. AD DS Backup and Recovery • Nonauthoritative or normal restore: • Restore domain controller to previously known good state • Domain controller updates by using standard replication from partners • Authoritative restore: • Restore domain controller to previously known good state • Mark objects that you want to be authoritative • Domain controller updates from its up-to-date-partners • Domain controller sends authoritative updates to its partners • Full server restore: • Typically performed in Windows Recovery Environment • Alternate location restore

  25. Backup Options for AD CS CA C:/ DPM Windows Server Backup Certutil.exe Tool

  26. Backup Options for AD RMS • Back up private keys and certificates • Ensure that the AD RMS database is backed up regularly • Export templates to back them up • Run AD RMS server as a virtual machine, and perform full server backup

  27. Backup Options for AD FS • Servers running AD FS components must be backed up based on the information in the following table: • %systemdrive%\ADFS • System state

  28. Lab B: Recovering Objects in AD DS • Exercise 1: Backing up and Restoring AD DS Exercise 2: Recovering Objects in AD DS Logon Information Virtual machines: 10969A-LON-DC1 10969A-LON-DC2 User name: Adatum\Administrator Password: Pa$$w0rd Estimated Time: 60 minutes

  29. Lab Scenario You were notified yesterday that one user account was deleted by accident. A few days ago, additional user accounts were deleted accidentally. You want to recover these accounts. It is your responsibility to ensure that the directory service is backed up. Today, you noticed that last night's backup did not run as scheduled. You therefore decided to perform an interactive backup. Shortly after the backup, a domain administrator accidentally deletes the IT OU. You must recover this OU.

  30. Lab Review • When you restore a deleted user, or an OU with user objects, by using authoritative restore, will the objects be exactly the same as before? Which attributes might not be the same? In the lab, would it be possible to restore these deleted objects if they were deleted before Active Directory Recycle Bin has been enabled?

  31. Module Review and Takeaways • Review Question

More Related