Discussion: How to Troubleshoot Active Directory Domain Services Issues.. • What steps would you take to troubleshoot an Active Directory issue.[r]
(1)(2)Module Overview
• Troubleshooting Active Directory Domain Services
• Troubleshooting DNS Integration with AD DS
(3)Lesson 1: Troubleshooting Active Directory Domain Services
• Introduction to AD DS Troubleshooting
• Discussion: How to Troubleshoot Active Directory Domain Services Issues
• Troubleshooting User Access Errors
• Demonstration: Tools for Troubleshooting User Access Errors
(4)Introduction to AD DS Troubleshooting
Active Directory troubleshooting begins when:
• Users report authentication or authorization errors
• Active Directory related events appear in the Event Viewer
• Domain controller performance is degraded
• An alert is generated by a monitoring system
(5)
Discussion: How to Troubleshoot Active Directory Domain Services Issues
• What steps would you take to troubleshoot an Active Directory issue?
• What tools would you use?
(6)Troubleshooting User Access Errors
User access errors may be the result of:
• Network access errors
• Authentication errors
• Authorization errors
To address user access errors, verify:
• Network connectivity
• Time synchronization
• Domain controller availability
• User account and user lockout settings
(7)Demonstration: Tools for Troubleshooting User Access Errors
(8)Troubleshooting Domain Controller Performance Issues
Most common performance issues include:
• High CPU utilization
• High network utilization
To resolve performance issues: Identify the processes with high CPU utilization
Move applications or services to another server
Monitor application specific network traffic
Distribute Active Directory and DNS roles across
multiple servers
Review and modify the replication topology
Deploy domain controllers with 64 bit hardware
(9)Lesson 2: Troubleshooting DNS Integration with AD DS
• Overview of DNS and AD DS Troubleshooting
• Troubleshooting DNS Name Resolution
• Troubleshooting DNS Name Registration
(10)Overview of DNS and AD DS Troubleshooting Troubleshoot the integration of DNS and Active
Directory when:
• Users cannot log on to Active Directory
• Active Directory replication is failing
• Active Directory installation fails
To troubleshoot DNS and Active Directory integration, verify:
• DNS client and server configurations
• DNS name registration
(11)Troubleshooting DNS Name Resolution DNS name resolution may fail due to:
• Network connectivity issues
• Client configuration errors
• DNS server availability
• Name registration or DNS replication issues
To troubleshoot DNS name resolution:
• Test network connectivity by pinging the DNS server by IP address
• Use IPConfig to examine the client configuration
• Use NSLookup to verify server availability
• Flush the DNS cache
(12)Troubleshooting DNS Name Registration DNS name registration may fail due to:
• Client configuration errors
• DNS server availability
• DNS zone configuration
To troubleshoot DNS name registration:
• Verify that the client is configured to register in DNS
• Test DNS server availability
• Verify that the DNS zone is configured for dynamic updates
• Test DNS by using the DCDiag /Test:DNS command
(13)Troubleshooting DNS Zone Replication
Investigate DNS zone replication issues when:
• DNS-related issues are specific to certain DNS server clients
• Zone information is not consistent on different DNS servers
• DNS server availability
• Name registration or DNS replication issues
Troubleshoot Active Directory replication for Active Directory integrated zones
To troubleshoot standard zone transfer issues:
• Verify network connectivity
• Verify primary server and secondary server configuration
• Verify Start of Authority record
(14)Lesson 3: Troubleshooting AD DS Replication
• AD DS Replication Requirements
• Common Replication Issues
• What Is the Repadmin Tool?
• What Is the DCDiag Tool?
• Identifying the Cause of Replication Errors
• Discussion: Troubleshooting Inter-Site AD DS Replication Issues
(15)AD DS Replication Requirements Active Directory replication requires:
• Routable IP infrastructure
• DNS name resolution
• RPC or SMTP connectivity between domain controllers
• Kerberos v5 authentication
• LDAP connectivity to install new domain controllers
(16)Common Replication Issues Replication greatly increases network traffic Possible causes Replication does not finish or occur
Replication is slow Client computers receive a slow response
Symptom
• Sites not connected by site links
• No bridgehead server in the site group
• No domain controller online in client site
• Not enough domain controllers
• Inefficient site topology and schedule
(17)What Is the Repadmin Tool?
Use the Repadmin command-line tool to:
• View and manually create the replication topology
• Force replication events between domain controllers
• View the replication metadata
Syntax:
(18)What Is the DCDiag Tool?
Use the Dcdiag command-line tool to:
• Analyze the state of a domain controller and report any problems
• Perform a series of tests to verify different areas of the system
Syntax:
(19)Identifying the Cause of Replication Errors
• System monitor NTDS counters Testing method
Sites are not connected by site links
No bridgehead server in the site Inefficient site topology and schedule
Possible causes
• Dcdiag /test:Topology
• Repadmin /bridgeheads
• Repadmin /latency
No domain controller
online in the site •• Dcdiag /test:ReplicationDcdiag /test:Connectivity Not enough domain
controllers Incorrect site topology
• Active Directory Sites and Services
• Repadmin /latency
(20)Discussion: Troubleshooting Inter-Site AD DS Replication Issues
• What steps would you take to troubleshoot an Active Directory replication issue?
(21)Troubleshooting Distributed File Replication Issues
• Windows Server 2008 uses FRS or DFSR to replicate the SYSVOL directory between domain controllers
• Both FRS and DFRS require LDAP and RPC connectivity between domain controllers
• Use Ntfrsutl and FRSDiag to troubleshoot FRS replication
• Use DFSRAdmin to troubleshoot DFRS replication
(22)Lab: Troubleshooting Active Directory, DNS, and Replication Issues
• Exercise 1: Troubleshooting Authentication and Authorization Errors
• Exercise 2: Troubleshooting the Integration of DNS and AD DS
• Exercise 3: Troubleshooting AD DS Replication
Logon information
Virtual machine NYC-DC1CL1 ,
NYC-User name Administrator
Password Pa$$w0rd
(23)Lab Review
• If the Los Angeles office was configured as a separate site, what additional steps would you need to take to
troubleshoot Scenario #5?
(24)Module Review and Takeaways
• Considerations
• Tools
(25)Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and
course evaluations
Identify and sort the changes that students request, thereby
facilitating a quick team triage
Save data to a database in SQL Server that you can later
query
(26)Beta Feedback
• Overall flow of module:
Which topics did you think flowed smoothly, from topic to
topic?
Was something taught out of order?
• Pacing:
Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions? • Learner activities:
Which demos helped you learn the most? Why you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this knowledge in your work environment?
Were there any discussion questions or reflection questions