Information Technology Reference
In-Depth Information
14. Open Active Directory Users and Computers, and click
TestOU
to verify that the objects
have been restored.
15. Close Active Directory Users and Computers, and stay logged on for the next activity.
To maintain performance and efficiency, the Active Directory database requires periodic main-
tenance in the form of defragmentation and compaction. There are two methods of Active
Directory defragmentation: online and offline.
Online defragmentation
occurs automatically
when Active Directory performs garbage collection. Garbage collection runs every 12 hours on
a DC and removes objects that have been deleted for more than 180 days. Objects that have been
deleted but not removed are referred to as “tombstoned.” When an Active Directory object is
deleted, it's not actually removed from the database, much as a deleted file isn't physically erased
from the file system. Instead, the object is marked for deletion and left in the database for a
period called the
tombstone lifetime
, which by default is 180 days. During garbage collection,
tombstoned objects older than the tombstone lifetime are removed from the database.
The tombstone lifetime has important implications for Active Directory backups. Suppose
the tombstone lifetime is set to its default 180 days, and the Active Directory database is backed
up on day 1. A user account, Julie, is deleted on day 3. On day 15, the database on a DC
becomes corrupted and must be restored from backup. The backup from day 1 is used for the
restore, which is before the Julie account was deleted. However, because other DCs still have a
record of the Julie account as being deleted, replication deletes the Julie account on the DC being
restored. Generally, this result is what you want.
Now suppose the tombstone period is only 10 days. In the same situation, the Julie account
is removed from the database during garbage collection on day 13. When the database is
restored, the Julie account is restored with it, but the other DCs have no record of the Julie
account being deleted, so the account remains, which probably isn't what you want. Because of
this potential database inconsistency, an Active Directory backup is considered invalid if it's
older than the tombstone lifetime. The tombstone lifetime applies to the entire forest and can be
changed by using Attribute Editor on the ForestRootDomain object.
Online defragmentation removes deleted objects and frees up space in the database, but it
doesn't compact the database to close up gaps that deleted objects create in the database.
Offline
defragmentation
is necessary to keep the database lean and efficient. In previous Windows Server
versions, you had to restart the DC in DSRM to perform offline defragmentation, which inter-
rupts other services running on the DC. In Windows Server 2008 Active Directory, offline main-
tenance is possible because the Active Directory service can be stopped for performing
maintenance and then restarted. Microsoft refers to this method as “restartable” Active
Directory. Using this method, a server restart isn't required. However, another DC must be online
before you can stop the Active Directory service so that users can continue to log on. While
Active Directory is stopped, DNS on that DC stops servicing queries, so client computers should
have the address of an alternate DNS server configured, too.
Like a file system, a database becomes fragmented over time because of object deletion and
creation. Where deleted objects once were, gaps in the database are created, which makes the
database less efficient in performance. Compacting the database removes the gaps, much as
defragmenting a hard drive does for the file system.
Active Directory compaction is performed with the Ntdsutil program. The database can't be
compacted in place, so a copy is made to a location you specify. After compaction is finished,
the compacted database is copied to the original location.
13
Activity 13-6: Performing Active Directory Maintenance
Time Required:
25 minutes
Objective:
Compact the Active Directory database.
Description:
Periodic Active Directory database compaction is recommended to keep Active
Directory in optimal condition. Your RODC (Server1XX) should be running while you're per-
forming this operation. Also, you should configure your server with the address of your RODC
Search WWH ::
Custom Search