301_BD_W2k3_18.qxd 5/12/04 2:20 PM Page 626 Ensuring Active Directory Availability In this chapter:  Understanding Active Directory Availability Issues  Performing Active Directory Maintenance Tasks  Backing Up and Restoring Active Directory  Troubleshooting Active Directory Availability Introduction In earlier chapters, we looked at the Active Directory (AD) infrastructure, as well as var- ious interacting elements, such as forest, sites, domains, and trusts. We also examined the Global Catalog, Schema, and Group Policy in order to fully understand AD in a Windows Server 2003 environment. Now that we’ve thoroughly reviewed this informa- tion, we can discuss how to ensure AD availability. This chapter deals with how to maintain high availability of your Active Directory services.You’ll learn about the Active Directory database, and the importance of system state data to Active Directory availability. We’ll discuss fault tolerance plans as well as Active Directory performance issues.You’ll find out how to perform necessary mainte- nance tasks, such as defragging the database, and you’ll learn how to monitor or move the database. Next, we’ll address backup and restoration of the Active Directory, and show you the different restoration methods that you can use and when each is appropriate. We’ll walk you through the steps of performing both an authoritative and a normal restore. Finally, you’ll learn how to troubleshoot Active Directory availability problems. Chapter 19 627 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 627 Understanding Active Directory Availability Issues In this section, we look at the core components of the Windows Server 2003 Active Directory ser- vice. First, we discuss the structure and type of database, including its files and related components. You’ll also learn how updates are written to the Active Directory database, and how it recovers in the event of a failure during the update process. We will review the key system configuration com- ponents that comprise the system state data, and look at fault tolerance and performance issues involving Active Directory. The Active Directory Database The Active Directory service is based on a transactional database system.The word transactional refers to the transaction logs that enable the system to have robust recovery and data tracking in the event of unscheduled hardware outages, data corruption, and other problems that can arise in a complex network operating system environment.The heart of the Active Directory service is the database and its related transactional log files, which include the following: ■ Ntds.dit This file is the primary Active Directory database file (sometimes referred to as the data store) that resides on each domain controller (DC). It stores all of the objects, attributes, and properties for the local domain, as well as the configuration and schema portions of the database. By default, this file is installed into the %SYSTEMROOT%\NTDS folder. Although not required, it is recommended that you store this file on an NTFS partition for security purposes. ■ Edb*.log This file format identifies transaction logs.Transaction log names can take one of several forms, including edb.log, edb00001.log, edb00002.log, and so forth. Each log file is a fixed 10MB in size, regardless of the amount of actual data stored in it.The current log file that is receiving updates to Active Directory is named edb.log. When this file is full, it is renamed to edb00001.log (or whatever the next number is in the sequence, if 00001 is taken), and a new empty edb.log is created. However, these logs don’t keep piling up for- ever; they are regularly purged through a process called garbage collection, discussed later in the chapter. ■ Res1.log and Res2.log These files are known as the reserved (Res) log files.Their pri- mary purpose is to ensure that Active Directory does not run out of disk space to use when logging transactions. If there is not enough free space to create a new transaction log, the reserved log is used. Because of this role, these log files are often referred to as placeholders. Like the edb.log files mentioned previously , these files are 10MB each. ■ Edb.chk The “checkpoint” file is used to track the updates that have been written to the Active Directory database.You can think of this file as a list that is checked off as updates are flushed to disk from the Active Directory log files. If you shut down the system before all transactions have been written to the database, the checkpoint file will be consulted when you reboot the system so that any remaining transactions can be written to Active Directory. 628 Chapter 19 • Ensuring Active Directory Availability 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 628 Microsoft recommends that you place the database and the log files on different physical disks, for performance purposes. Now, let’s take a deeper look at how Active Directory works, and the roles these files play in the process of updating and storing data. Data Modification to the Active Directory Database The Extensible Storage Engine (ESE) lies at the heart of the Active Directory database system. Changes to the Active Directory database on a DC occur through two primary means: ■ An administrator creates, deletes, or updates objects in the database. ■ Replication information, which contains new objects, deletion requests, or changes to existing objects is received from other DCs. When changes to the database occur, the ESE captures each change as a single unit known as a transaction.A transaction contains the changed data and a set of metadata.This metadata can include the Globally Unique Identifier (GUID) assigned to the object, a timestamp, version, and other infor- mation. It’s important to note that this update procedure applies to all changes in Active Directory, including objects, properties, and attributes. A write request occurs when a change is made to the Active Directory.This initiates a transac- tion that consists of the changes, as well as the metadata described previously. ESE writes the trans- action to the transaction buffer in memory, and then writes the transaction to the Edb.log file. After it has been successfully written in the log file, it is written to the Active Directory database file. If a failure occurs, when Active Directory recovers, it examines the Edb.chk file to determine which transactions have not been written to the database.Transactions are not marked as written in this file until they have been fully committed to the database.This ensures that a failure that occurs partially through the process of writing data will not be marked as completed and leave inconsistent data in the Active Directory database. When a transaction has been committed, Active Directory compares the information written to the database with the information contained in the log file(s). When the two have been verified as identical, the Edb.chk file is updated and the transaction is marked as committed to the database. Windows Server 2003 uses circular transaction logging.This means that, with the exception of the Edb.log, Res1.log, and Res2.log files, the log files are deleted after all of the transactions they contain have been committed to the database.Another important note about logging is that when you back up Active Directory by backing up the system state data (a process we discuss in the next section of this chapter), all events currently waiting to be written in your transaction logs are com- mitted.The logs are fully committed when you shut down or reboot your server. Figure 19.1 illus- trates this process. Ensuring Active Directory Availability • Chapter 19 629 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 629 The Tombstone and Garbage Collection Processes The use of transaction logs is designed to ensure the integrity of data that changes on a single DC. Other mechanisms assure the integrity of changed information in relation to the Active Directory replication process. One of these is the tombstone process, which is used to replicate deletions from one DC to another. When an object is deleted within Active Directory, the ESE engine creates a transaction for it (as described in the previous section) and it is moved to the deleted object’s container within the database. It is important to note that the object is not immediately purged from the database.There is a delay between when the item is deleted and when it is finally removed from the database alto- gether.This delay is known as the tombstone interval and is set at 60 days by default.The tombstone process exists to support the multimaster replication strategy of Windows Server 2003’s Active Directory service. Each DC holds the object in its deleted items container for the length of the tombstone interval.The default of 60 days allows for plenty of time to pass and ensures that all DCs on the network have sufficient time to receive the delete request. When this interval is reached, the object is marked as expired. You should ensure that backups are performed during the tombstone interval. Restores of direc- tory service data older than the tombstone interval should not be performed to prevent the reintro- duction of objects that were deleted during this period but have since been purged from the database. The garbage collection process works in conjunction with the tombstone process. It runs every 12 hours on DCs by default, and one of its primary functions is to purge expired objects from the database. After the expired objects are purged, any remaining unnecessary log files are deleted and an online defragmentation of the database occurs.This consolidates the free space that was generated by the deletions and increases the performance of the database. 630 Chapter 19 • Ensuring Active Directory Availability Figure 19.1 The Active Directory Data Commitment Process Additions, Changes, and Deletions Extensible Storage Engine (ESE) creates transaction Transaction written to memory Transaction written to log file (Edb.log) Transaction committed to database Check point file (Edb.chk) updated 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 630 System State Data System state data is a term Microsoft uses to refer to a set of core configuration information in Windows 2000, XP, and 2003.The actual information included in the system state depends on the underlying configuration of the operating system, and which components are installed. System state data is most commonly associated with backup and restore operations.The backup tool released with Windows 2000 (and all subsequent versions) included the option to back up all of these critical open resources by selecting the system state backup option. Fault Tolerance and Performance You can take several key actions to ensure fault tolerance and maximize performance for the Active Directory database. Maintaining proper backups is, by far, the most important action you can take to provide fault tolerance. We discuss this in more detail later in the chapter. Defragmentation of the Active Directory database is also is a key performance component, and we cover this later in the chapter as well. For performance reasons, Microsoft recommends that the Active Directory database and log files be on separate physical disk drives attached to separate hard drive controllers or channels. In other words, they recommend that each disk be in its own data path so that there is no contention between these components in the file system.This means that both drives can be read from and/or written to at the same time.This provides both fault tolerance and improved performance. Performing Active Directory Maintenance Tasks In this section, we’ll look at some of the day-to-day and less routine tasks that you can expect to perform in the process of managing your Active Directory environment including offline and online AD defragmentation, moving the database files and backing up and restoring AD. Defragmenting the Database As mentioned previously, by default, Windows Server 2003 begins a maintenance cycle every 12 hours, known as the garbage collection process.The final portion of the Garbage Collection process is the performance of an online defragmentation and re-index of the Active Directory database.This is done to improve the performance of the database. The Offline Defragmentation Process Although Windows Server 2003 runs an online defragmentation twice per day by default, there might be times when you need to actually recover available free space from the Active Directory database file.This can only be done by performing an offline defragmentation.This type of defragmen- tation process is much more invasive than its online counterpart, and should be done only when absolutely necessary. For example, when the GC role is removed from a server, this information is deleted from its Active Directory database file, leaving a large amount of free space that can be recovered. Ensuring Active Directory Availability • Chapter 19 631 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 631 As with many invasive Active Directory database operations, you must be booted into a special mode known as the Directory Services Restore Mode to perform an offline defragmentation.The local administrator account is used when performing database maintenance operations in Directory Services Restore Mode. You can access the Directory Services Restore Mode by booting or rebooting the computer, pressing the F8 key when prompted, and selecting Directory Services Restore Mode from the Windows Advanced Options menu.You will be prompted to log on, and you must use the adminis- trator account. Note that this account is not the domain administrator account; it is a special local account.The password for this local account is set during the installation of directory services on the local computer. After you are authenticated by the local SAM, you can perform advanced directory services maintenance functions. Many of these are performed with the Ntdsutil utility. To perform an offline defragmentation of the Active Directory database, use the following steps. Perform an Offline Defragmentation of the Active Directory Database 1. Back up the system state data for fault tolerance purposes. See the Backing Up Active Directory section later in this chapter for more information. 2. Boot or reboot the computer. 3. When prompted, press F8 during Windows Server 2003 startup. 4. Select Directory Services Restore Mode (Windows DCs only) on the Windows Advanced Options menu that appears, and press the Enter key. 5. Select your operating system (for example, Windows Server 2003, Enterprise), and press the Enter key. 6. You will see a number of checks performed while the system is booting, and you eventu- ally will receive the Safe Mode logon prompt. 7. Log on by providing the password for the local administrator account and clicking the OK button. 8. Click the OK button in the dialog box that notifies you that Windows is running in safe mode. 9. Open a command prompt. 10. Type ntdsutil to enter the Ntdsutil utility. Note that this is a command-line utility, so the command prompt will change to ntdsutil:. 11. Type files.The command prompt should change to display file maintenance. 12. Type compact to <drive>:\<directory> to create a defragmented and compacted copy of the Active Directory database in the specified new location. For example, compact to C:\ADTemp creates a defragmented, re-indexed, and re-sized database file in the C:\ADTemp directory, as shown in Figure 19.2.The location specified can be on a local disk or on a mapped network drive. If there are spaces in the path where the file needs to be placed, it must be surrounded in quotes; for example, “compact to c:\ad\july defrag”. 632 Chapter 19 • Ensuring Active Directory Availability 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 632 13. Type quit to return to the ntdsutil: prompt. 14. Type quit again to exit the utility. 15. Open Windows Explorer and rename the previously used ntds.dit file to ntds.old.dit. NOTE Step 15 is not specified in Microsoft’s instructions, but we recommend it for fault tol- erance purposes. As mentioned, an offline defragmentation is very invasive. It is pos- sible that the compacted file will be corrupt and that Active Directory will not start after the procedure. If you don’t take this step, you will be forced to do a system state restore to recover the previous database file. By simply renaming the file, you can boot back into Directory Services Restore Mode, delete the corrupt file, and rename ntds.old.dit back to ntds.dit to recover the system. 16. In Windows Explorer, copy the new ntds.dit file from the location you specified, using the compact to command to specify the location of the primary ntds.dit file location. 17. In Windows Explorer, delete all files that end with the .LOG extension in your Active Directory log files folder. 18. Close the command prompt window and reboot the server normally. Moving the Database or Log Files At some point, it might become necessary to move the Active Directory database or log files. Most often, this occurs because you need to move the files to a new hard drive or array of hard drives. Performance might dictate this decision. New faster drives and controllers can be used to replace slower ones as usage increases.The decision might also be dictated by a lack of free space as the Active Directory database and components grow. Ensuring Active Directory Availability • Chapter 19 633 Figure 19.2 The Ntdsutil Compact To Command 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 633 Moving the database or log files is relatively simple. It is done from the command line using the Ntdsutil utility. Because the database and log files cannot be open when they are moved, the opera- tion must be carried out while in Directory Services Restore Mode.The following steps outline how to move the Active Directory database and log files. 1. Back up the system state data for fault tolerance purposes. See the Backing Up Active Directory section later in this chapter for more information. 2. Boot or reboot the computer. 3. When prompted, press F8 during Windows Server 2003 startup. 4. Select Directory Services Restore Mode (Windows DCs only) on the Windows Advanced Options menu that appears, and press the Enter key. 5. Select your operating system (for example, Windows Server 2003, Enterprise), and press the Enter key. 6. You will see a number of checks performed while the system is booting, and eventually you will receive the Safe Mode logon prompt. 7. Log on by providing the password for the local administrator account and clicking the OK button. 8. Click the OK button in the dialog box that notifies you that Windows is running in safe mode. 9. Open a command prompt. 10. Type ntdsutil to enter the Ntdsutil utility.This is a command-line utility so the command prompt will change to ntdsutil:. 11. Type files.The command prompt should change to display file maintenance:. 12. Use one of the following commands to move the Active Directory database or log files, or update their paths. ■ Type move DB to <drive>:\<directory> to move the ntds.dit database file to the new location specified. For example, move DB to C:\AD moves the database file to the C:\AD directory and updates the Registry to point to this new location, as shown in Figures 19.3 and 19.4. ■ Type move logs to <drive>:\<directory> to move the Active Directory log files to the new location specified. For example, move logs to C:\AD moves the log files to the C:\AD directory and updates the Registry to point to this new location. 634 Chapter 19 • Ensuring Active Directory Availability 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 634 13. Ensure that the database (or log files) is now referenced in the proper location by typing info. 14. Type quit to return to the ntdsutil: prompt. 15. Type quit again to exit the utility. 16. Close the command prompt window and reboot the server normally. Ensuring Active Directory Availability • Chapter 19 635 Figure 19.3 Moving the Active Directory Database with Ntdsutil, First Screen Portion Figure 19.4 Moving the Active Directory Database with Ntdsutil, Second Portion of the Screen 301_BD_W2k3_19.qxd 5/12/04 2:21 PM Page 635 . database. Windows Server 2003 uses circular transaction logging.This means that, with the exception of the Edb.log, Res1.log, and Res2.log files, the log files are deleted after all of the transactions they contain. Mode (Windows DCs only) on the Windows Advanced Options menu that appears, and press the Enter key. 5. Select your operating system (for example, Windows Server 2003, Enterprise), and press the. default .The tombstone process exists to support the multimaster replication strategy of Windows Server 2003 s Active Directory service. Each DC holds the object in its deleted items container for the