Home > Articles

Maintaining Active Directory

  • Jan 1, 2099
This chapter is from the book

This chapter is from the book

MCSA 70-742 Cert Guide: Identity with Windows Server 2016MCSA 70-742 Cert Guide: Identity with Windows Server 2016

Learn More Buy

This chapter is from the book

This chapter is from the book

MCSA 70-742 Cert Guide: Identity with Windows Server 2016MCSA 70-742 Cert Guide: Identity with Windows Server 2016

Learn More Buy

This chapter covers the following topics:

  • Configuring Active Directory Snapshots: This section describes how to build point-in-time snapshots of the Active Directory database.

  • Backing Up and Restoring Active Directory and SYSVOL: This section describes how to properly back up and restore both the Active Directory database and the SYSVOL database for proper disaster recovery procedures.

  • Managing Active Directory Offline: This section describes basic management tasks that can be performed while the Active Directory service is in an offline state.

  • Cleaning Up Metadata: This section describes how to clear leftover directory metadata from computer objects that were not properly removed from the directory.

  • Configuring Replication to Read-Only Domain Controllers (RODCs): This section describes how to configure database replication to Read-Only Domain Controllers (RODCs).

  • Monitoring and Managing Replication: This section describes the tools used to monitor the state of replication and troubleshoot any problems that occur.

Once Active Directory Domain Services has been deployed in your infrastructure, it is a mission-critical system. Users depend on it to perform their jobs every day. AD DS has a role in everything from logging on to the network and accessing file systems and databases to powering Rights Management Services and Certificate Services. Your users cannot afford to lose connectivity or access to AD DS for any amount of time.

This criticality means that proper system maintenance, especially data storage, backup, archival, and restoration, is just as important as any other administrative task. This chapter covers the many ways in which your AD DS installation can be configured for these tasks to meet the requirements of your disaster recovery and business continuity planning procedures.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 6-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

Table 6-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Configuring Active Directory Snapshots

1-2

Backing Up and Restoring Active Directory and SYSVOL

3-4

Managing Active Directory Offline

5-6

Cleaning Up Metadata

7

Configuring Replication to Read-Only Domain Controllers (RODCs)

8-9

Monitoring and Managing Replication

10

CAUTION

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

  1. Which utility would you use to create a current snapshot of the AD DS directory?

    1. repadmin

    2. ntdsutil

    3. dsamain

    4. PowerShell

  2. Which utility would you use to host a snapshot of the AD DS directory?

    1. repadmin

    2. ntdsutil

    3. dsamain

    4. PowerShell

  3. Which feature must be installed on the domain controller to back up AD DS?

    1. Domain Name Server (DNS)

    2. Global catalog

    3. WINS Server

    4. Windows Server Backup

  4. A domain controller becomes corrupted and must be restored from an earlier backup. You need all changes made to the directory to be replicated to the restored server after restoration. Which type of restore should you perform?

    1. Authoritative

    2. Single master

    3. Nonauthoritative

    4. Multimaster

  5. Which of the following operations will successfully bring the AD DS service offline? (Choose all that apply.)

    1. Reboot in DSRM.

    2. Remove the controller from the domain controllers container.

    3. Use the ntdsutil utility.

    4. Stop the AD DS service.

  6. Which utility is used to perform an offline defragmentation of the AD DS directory?

    1. repadmin

    2. ntdsutil

    3. dsamain

    4. PowerShell

  7. How is metadata cleared from the directory for a controller that was not demoted gracefully?

    1. Recover with an authoritative restore.

    2. Re-promote it to a domain controller and then demote it gracefully.

    3. Use ntdsutil.

    4. Delete the computer object from the domain controllers container.

  8. Which write operations will an RODC forward to a writeable domain controller? (Choose all that apply.)

    1. Security Group Membership change

    2. LastLogonTimeStamp

    3. Password changes

    4. Password Replication Policies

  9. Which accounts have their passwords cached on an RODC by default?

    1. Domain Users

    2. Enterprise Admins

    3. Domain Admins

    4. No accounts are cached by default.

  10. Which utility is used to monitor the status of replication events on the domain?

    1. repadmin

    2. ntdsutil

    3. dsamain

    4. PowerShell

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.