Active Directory Management and Monitoring - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Active Directory Management and Monitoring

Description:

Site links are created and assigned costs, replication frequency and availability ... AD tries to minimize replication latency for intra-site replication ... – PowerPoint PPT presentation

Number of Views:307
Avg rating:3.0/5.0
Slides: 20
Provided by: stuartb5
Category:

less

Transcript and Presenter's Notes

Title: Active Directory Management and Monitoring


1
(No Transcript)
2
Active Directory Management and Monitoring
  • Jenny Mulcahy, Regional Sales Manager
  • Juli Kerr, Sr Systems Engineer

3
Agenda
  • Architecture of AD
  • DC
  • Domains, trees, forest
  • Sites
  • OUs
  • Replication
  • What is replicated
  • How is it replicated
  • Monitoring
  • Critical processes
  • Best practices

4
Description of AD
  • A Directory is a hierarchical structure that
    stores information about objects on the network
  • Directory Service is the directory information
    and the services that make the information
    available
  • AD is a namespace integrated with the Internet
    Domain Name Service (DNS)
  • Extensible schema
  • Information Replication

5
Domain Controllers
  • A DC can host exactly one domain
  • Store domain wide directory data and manage user
    domain interactions
  • First DC in a domain houses a Global catalog
  • First DC in a domain houses the FSMO roles
  • Schema Master
  • Domain Naming Master
  • Infrastructure Master
  • RID Master
  • PDC Emulator

6
Information stored on DC
  • Every DC (whether it is a GC or not) stores three
    partitions (units of replication) of directory
    data
  • Domain data
  • Schema data
  • Configuration data
  • If DC contains a GC, it holds and replicates
    additional data from all other domain data
    partitions in the forest
  • Subset, read only

7
Domains
  • AD is one or more domains
  • Each domain is identified by a DNS domain name
  • Administrative boundary
  • Domainpartition or a naming contextunit of
    replication
  • Structure the network
  • Delegate administrative authority

8
Trees, forests
  • Tree is a set of one or more domains with
    contiguous name space.
  • May have more than one tree if company has
    additional unit that has its own DNS name and
    runs its own DNS servers.
  • Forest is one or more domains
  • A forest has a single root domain and it is the
    first domain created. Enterprise Admins and
    Schema Admins reside in this domain

9
Logical Structure
10
Domains in domain trees in a forest have the
following traits
  • Transitive trust relationships among domains in
    the tree
  • Transitive trust relationships among the domain
    trees in the forest
  • Share common configuration information
  • Share a common schema
  • Share a common global catalog

11
Organizational Units (OUs)
  • Directory object
  • Represented by a folder in AD Users and Computers
  • Logically store and organize objects in AD
  • Use as administrative authority

12
Sites
  • Set of computers in one or more IP subnets,
    connected using LAN technologies, or a set of
    LANS connected by a high speed backbone
  • Separate sites are connected by less than LAN
    speed
  • Site links are created and assigned costs,
    replication frequency and availability
  • AD creates connection objects as a result of Site
    links
  • Replication Protocols
  • IP and SMTP
  • Sites map the physical structure and are
    independent of domains
  • AD allows multiple domains in one site and
    multiple sites can consist of one domain

13
Physical Structure
Bridgehead server
Bridgehead server
14
Sites provide the following services
  • Clients can request service from a DC in the site
  • AD tries to minimize replication latency for
    intra-site replication
  • AD tries to minimize bandwidth consumption for
    inter-site replication
  • Sites let you schedule inter-site replication

15
Replication Topology
  • Automatically generated by the KCC
  • Connections between DCs for directory replication
  • KCC selects at least two connections for each DC
  • KCC re-evaluates the physical topology on a
    periodic basis to take in to account changes
    occurring on the network

16
Multi-master replication
  • Ensures data consistency over time
  • Update Sequence Numbers
  • 64-bit number maintained by each DC to track
    changes Propagation dampening
  • Maintains a table of USNs from all replication
    partners
  • Collision detection and Property Version Numbers

17
Why Should We Monitor?
  • There are a lot of moving pieces within AD, and
    they are dependent on each other for
    functionality
  • Reduce down time!
  • Guarantee resource access
  • Guarantee data is up-to-date and what we expect
  • Being pro-active reduces amount of critical, time
    consuming, hard-to-detect problems
  • Stop band-aiding a problem and get to the root
    cause
  • Know your network!

18
What Should We Be Monitoring?
  • Security access to resources
  • Changes to AD
  • Ensure backups are reliable
  • Physical hardware health, adequacy
  • WAN links, connectivity between sites
  • DNS
  • Domain Controllers
  • DCs with Global Catalogs
  • Replication progress
  • FSMO role holders

19
How Do We Monitor?
  • Use various tools within the Resource Kit
  • ReplMon, RepAdmin, Netstat, NTDSUtil, NetDiag,
    DNSCmd
  • Create scripts to automate
  • Review results!
  • Performance Monitor
  • MMC Snap ins
  • Check backups!
  • Change Control enforcement
  • Create SOPs and adhere to them
  • Use diagnostics that come with hardware (CIM)
  • Establish good communication with Telecom/DNS
    group
  • Third party solutions
Write a Comment
User Comments (0)
About PowerShow.com