Active Directory Site and Services with Replication
FSMO Roles-Move and Seize theory
Active Directory Group Policy-I
FSMO Roles-Move and Seize theory
Active Directory Group Policy-I
Hello Professionals,
Lab Setup:
1.Active Directory server-
2. Access and Availability of other drive.
It is very much recommended to perform cleanup and maintenance of database if you are facing performance issue in AD level. Before starting this activity make sure you have healthy system state backup of this Domain Controller, Copy of NTDS data with robocopy tool and double sure no AD database level critical error and make sure to export the output for comparison os permission of get-cacls or get-acl.
This activity some times improve the performance of Active Directory.
1. You can do this with Directory services safe mode
2. Log in with Administrator Account and Stop the AD DS Service
2. Log in with Administrator Account and Stop the AD DS Service
Before moving of the AD database, first stop the AD DS service from Service console or command prompt. To Stop from command enter net stop ntds and it will ask your confirmation to stop finally. If you do this from service console it will pop up like this
Click Yes and it will stop all dependency service too.
Now open command prompt with Administrative Access and type ntdsutil
then activate instance ntds
then files
then type the drive path where you are planning to move, i did it for E Drive.
type move db to E:\NTDS
after this you will see on below its shows Move database is successfully.
Now will move the logs, type move logs to E:\NTDS
and same it shows successfully.
and after this you can see all files moved to New Drive.
After all make sure to verify the permission level must be as were on old path.Then Start the AD DS service from command or from Service console.
At the time of activity the registry entries that Ntdsutil.exe updates when you move the database file are as follows:
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
Parameters:
Database backup path
Directory System Agent (DSA) database file
DSA working directory
At the registry entry that Ntdsutil.exe updates when you move the log files is as follows:
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
Parameters:
Database log files path
Parameters:
Database backup path
Directory System Agent (DSA) database file
DSA working directory
At the registry entry that Ntdsutil.exe updates when you move the log files is as follows:
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
Parameters:
Database log files path
And in Event viewer you can see below alerts
Event ID 1046. “The Active Directory database engine caused an exception with the following parameters.” In this case, AD DS cannot recover from this error and you must restore AD DS from backup.Event ID 1168. “Internal error: An Active Directory error has occurred.” In this case, information is missing from the registry and you must restore AD DS from backup.
Feel free to comment, put a question and share it. We will be happy to assist.
Dont let sleep your zeal to learn and earn with share the knowledge.
Dont let sleep your zeal to learn and earn with share the knowledge.
Active Directory Site and Services with Replication
FSMO Roles-Move and Seize theory
Active Directory Group Policy-I
FSMO Roles-Move and Seize theory
Active Directory Group Policy-I
No comments:
Post a Comment