|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to do maintenance repair in ADHi all,
I'm just new on administering Windows servers. I was wondering if there is a utility that I can use to check the consistency of AD and repair it automatically if it found errors. Please advise. zorex "zorex" <zo***@discussions.microsoft.com> ha scritto nel messaggio What kind of errors?news:F5339A00-A928-4341-AD7F-B01F03236716@microsoft.com... > I was wondering if there is a utility that I can use to check the > consistency of AD and repair it automatically if it found errors. Database corruptions are the only thing I can think of, but they are definitely rare, thanks to the ESE architecture; and they're automatically detected by the software. Anyway, you should have at least two domain controllers, and I hope you do... if this is the case, they'll provide redundancy by replicating data between themselves (and detecting conflicts, if any). You could check the integrity of an AD database using ESEUTIL, of course, but to do this you'd have to shut down a domain controller and restart it in directory services restore mode, causing downtime... and it would be a totally useless operation: you wouldn't find anything bad, because if the database was actually corrupted, the DC would have warned you about that in the event log. All of this doesn't mean you shouldn't use RAID disks and do regular backups, of course :-) Massimo Massimo,
Thanks for your quick response. I have all those suggestions you mentioned in place. 2 DC, RAID, and backup except that I'm only running the standard version instead of Enterprise. I used to managed Netware server for 12 years and now we are switching to Windows. In Netware, there is a utility called DSREPAIR that you can run to check the integrity of eDir or NDS. And that is something I'm looking for in Windows. I just want to see and run a utility similar to DSREPAIR in Windows. Just to be comfort that I ran something that will that will take care of any problems it will find and see the results rather than just relying on something that I'm not really sure how it's doing it. Anyway, I don't see any errors in Directory services in Event Viewer for the last month. I'm hoping that if AD is starting to go bad that Windows will catch it in the background and notify me or, if it can, fix the problem automatically (but still notify me of what it's done). If it can't, I hope the door is open here and someone will be willing to give a helping hand. Thanks again. zorex Show quoteHide quote "Massimo" wrote: > "zorex" <zo***@discussions.microsoft.com> ha scritto nel messaggio > news:F5339A00-A928-4341-AD7F-B01F03236716@microsoft.com... > > > I was wondering if there is a utility that I can use to check the > > consistency of AD and repair it automatically if it found errors. > > What kind of errors? > > Database corruptions are the only thing I can think of, but they are > definitely rare, thanks to the ESE architecture; and they're automatically > detected by the software. Anyway, you should have at least two domain > controllers, and I hope you do... if this is the case, they'll provide > redundancy by replicating data between themselves (and detecting conflicts, > if any). > > You could check the integrity of an AD database using ESEUTIL, of course, > but to do this you'd have to shut down a domain controller and restart it in > directory services restore mode, causing downtime... and it would be a > totally useless operation: you wouldn't find anything bad, because if the > database was actually corrupted, the DC would have warned you about that in > the event log. > > All of this doesn't mean you shouldn't use RAID disks and do regular > backups, of course :-) > > > Massimo > > "zorex" <zo***@discussions.microsoft.com> ha scritto nel messaggio No problem about that, AD can't be clustered, anyway. And it sure doesn't news:AB7303C3-B0AD-47D1-B261-57B828ABA894@microsoft.com... > I have all those suggestions you mentioned in place. > 2 DC, RAID, and backup except that I'm only running the > standard version instead of Enterprise. need more than four CPUs :-) > I used to managed Netware server for 12 years and now we are switching In AD, changes are always replicated between all domain controllers, so, if > to Windows. In Netware, there is a utility called DSREPAIR that you > can run to check the integrity of eDir or NDS. And that is something > I'm looking for in Windows. I just want to see and run a utility similar > to > DSREPAIR in Windows. Just to be comfort that I ran something that will > that will take care of any problems it will find and see the results > rather > than just relying on something that I'm not really sure how it's doing it. ever one of them should have corrupted data (and not be aware of it), this would generate a replication conflict and the problem would emerge. Also, the database storage engine (ESE) is the same one used by Exchange, and it's quite reliable; it sure is capable of detecting database corruptions. If you really (*really*) want to check the database for consistency, you can take one domain controller offline and use NTDSUTIL to do some offline maintenance, like checking the status of the DB, moving it to a different path or defragmenting it. This is also the utility you should use to fix some specific problems (like deleting defunct domain controllers) and to restore backups, if you need to. Be warned that this is utility is really powerful, and a misplaced command can destroy your domain controller (or domain) quite easily. My advice: rely on the O.S. to take care of things for you, but learn anyway what tools are there to help you if in need. Massimo 
Other interesting topics
Modify bulk users in AD
Profile question Picking the right sized DC Resoter user object Group Policies and web proxy settings cleaning all user created files on logoff Unique userid attribute in Active Directory Identifying obsolete computer/user accounts in AD Universal groups and "Member Of" tab. Logon Problem on One Client |
|||||||||||||||||||||||
