Skip to main content

what is Active Directory!!

Windows 2000 Active Directory data store, the actual database file, is %SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects. Back to the real world. Only the Jet database can maniuplate information within the AD datastore.
For information on domain controller configuration to optimize Active Directory, see Optimize Active Directory Disk Performance

The Active Directory ESE database, NTDS.DIT, consists of the following tables:

Schema table
the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table.
Link table
contains linked attributes, which contain values referring to other objects in the Active Directory. Take the MemberOf attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table.
Data table
users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as GivenName.
From a different perspective, Active Directory has three types of data

Schema information
definitional details about objects and attributes that one CAN store in the AD. Replicates to all domain controllers. Static in nature.
Configuration information
configuration data about forest and trees. Replicates to all domain controllers. Static as your forest is.
Domain information
object information for a domain. Replicates to all domain controllers within a domain. The object portion becomes part of Global Catalog. The attribute values (the actual bulk of data) only replicates within the domain.
Although GUIDs are unique, they are large. AD uses distinguished name tag ( DNT ). DNT is a 4-byte DWORD value which is incremented when a new object is created in the store. The DNT represents the object's database row number. It is an example of a fixed column. Each object's parent relationship is stored as a parent distinguished name tag ( PDNT ). Resolution of parent-child relationships is optimized because the DNT and PDNT are indexed fields in the database. For more technical info on the AD datastore and its organization, a good starting point is the Active Directory Database Sizing document.

The size of ntds.dit will often be different sizes across the domain controllers in a domain. Remember that Active Directory is a multi-master independent model where updates are occuring in each of the ADs with the changes being replicated over time to the other domain controllers. The changed data is replicated between domain controllers, not the database, so there is no guarantee that the files are going to be the same size across all domain controllers.

Active Directory routinely performs online database defragmentation, but this is limited to the disposal of tombstoned objects. The database file cannot be compacted while Active Directory is mounted. An ntds.dit file that has been defragmented offline ( compacted ), can be much smaller than the ntds.dit file on its peers. To defrag ntds.dit offline:

Back up the Active Directory using Windows 2000 Backup. W2K backup natively supports backing up Active Directory while online. This occurs automatically when you select the option to back up everything on the computer in the Backup Wizard, or independently by selecting to back up System State in the backup wizard.
Reboot
Select the appropriate installation from the boot menu, and press F8 to display the Windows 2000 Advanced Options menu.
Choose Directory Services Restore Mode and press ENTER. Press ENTER again to start the boot process.
Logon using the password defined for the local Administrator account in the offline SAM.
Click Start, Programs, Accessories, and then click Command Prompt.
At the command prompt, run the ntdsutil command.
When ntdsutil has started
Type files and press ENTER.
Type info and then press ENTER. This will display current information about the path and size of the Active Directory database and its log files.
Type compact to drive:\directory, and press ENTER. Be sure that the drive specified has enough drive space for the compacted database to be created. I know, you don't know how big the compacted version will be, but if there is enough space for the uncompacted version, you should be OK. A gotcha!: You must specify a directory path and if the path name has spaces, the command will not work unless you use quotation marks
compact to "c:\my new folder"

Type quit and press Enter.
Type quit and press Enter to return to the command prompt. A new compacted database named Ntds.dit can be found in the folder you specified.
Copy the new ntds.dit file over the old ntds.dit file. You have successfully compacted the Active Directory database. If you believe in belts and suspenders, I would copy the old uncompacted database somewhere else before I overwrote it with the new compacted version.
Reboot and see if all is normal.
This is a server by server task. Monitor the size of ntds.dit and if it starts growing and performance is slow and you can not see why either situation should apply, consider offline defrags.
If ntds.dit gets corrupted or deleted or is missing ( can happen if the promotion process to domain controller goes bad ), you have to manually recover it using Windows 2000 Backup. Now you did do W2K backups right?:

Reboot the domain controller and press F8 to display the Windows 2000 Advanced Options menu.
Select Directory Services Restore Mode and then press ENTER.
Select the correct installation, and then press ENTER to start the boot process.
Logon using the administrator account and password you specified during the promotion process. When you ran Dcpromo.exe to install Active Directory, it requested a password to be used for the Administrator password for Active Directory Restore Mode. This password is not stored in Active Directory. It is stored in an NT4-style SAM file and is the only account available when the AD is corrupted.
Click OK. This acknowledges the warning message that you are using Safe mode.
Click Start, Programs, Accessories, System Tools, and then click Backup.
Select the Restore tab.
Click the + symbol next to the following items to expand them:
File
Media Created
System Drive
Winnt
NTDS
Click the NTDS folder to display the files in the folder.
Click to select the ntds.dit check box.
Leave the Restore files to box set to Original Location. This check box provides the option to restore to an alternative location. If you restore to an alternative location, you will have to copy the ntds.dit file into the %SystemRoot%\ntds folder.
Click Start Restore.
To move a database or log file :

Reboot the domain controller and press F8 to display the Windows 2000 Advanced Options menu.
Select Directory Services Restore Mode and then press ENTER.
Select the correct installation, and then press ENTER to start the boot process.
Logon using the administrator account and password you specified during the promotion process. When you ran Dcpromo.exe to install Active Directory, it requested a password to be used for the Administrator password for Active Directory Restore Mode. This password is not stored in Active Directory. It is stored in an NT4-style SAM file and is the only account available when the AD is corrupted.
Start a command prompt, and then type ntdsutil.exe .
At a Ntdsutil prompt, type files.
At the File Maintenance prompt
To move a database, type move db to %s
where %s is the drive and folder where you want the database moved.
To move log files, type move logs to %s
where %s is the drive and folder where you want the log files moved.
To view the log files or database, type info.
To verify the integrity of the database at its new location, type integrity.
Type quit
Type quit to return to a command prompt.
Restart the computer in Normal mode.
When you move the database and log files, you must back up the domain controller

Popular posts from this blog

How to schedule an Automatic Reboot of WatchGuard Firebox?

We have a Customer who having some issues with the WatchGuard Firewall,
We want to schedule a Reboot of the Firebox Each morning at 04:30AM so that when customer arrive in the office he would not face any problem.
For this :
1) Click on WatchGuard Firebox ICON (You may be having a Shortcut on your Desktop)
2) Give the Password to connect to Concern Firewall
3) Once you Connected, Go to File > Connect to Device > Choose the Firewall IP and Click on Connect. It may ask for the password, Please provide that.
4) Once you connected it will show you the Firewall with all the configuration.
5) Right Click on it and Go to Policy manager > When Policy manager Open, Click on "Setup" and then "Global Settings", At the Last you will found an option to define the time when you want a Schedule Reboot.

After making the change, Don't forget to make it Save in the Firewall Config File.

"Options" option not working on OWA (Outlook Web Access)

When we opening a OWA and Going to options to change the password/Configure the Out of Office or something else, We are getting logged out.

Solutions:-

To resolve this you must have to connect to your Exchange Server.
Go to EMC > Server Configuration > Exchange Control Panel > ECP > Properties. Made the change the ECP Settings (changed from Use Form based authentication to Basic Authentication). It will work now. http://technet.microsoft.com/en-in/library/dd876904(v=exchg.141).aspx

Unable to install AVG, Error code:0xC0070643, Solved...!!

We want to install AVG Business edition for one of our Server having Windows Server 2008 R2.
Whenever we trying to install getting the "Error Code:0xC0070643. Installing 3rd parties redistributables.,MSI action failed.".
I tried to run the AVg Remover, Still not resolved. Chcked and found that OS is updated with latest Hotfixes, So there is no issue with Windows Updates.Rebooted the Server, Still not resolved.Finally I found one Link from AVG Support center, Fix for 0xC0070643, I run the tool and its Showing me that Error not solved, But Still I tried to run the Installer.exe again. And finally its installed successfully.
Let me know if you have any questions..!!