2008 R2 ADS Vocabulary - Session 4

Question 1

Monitor Active Directory
Windows Server 2008 R2 provides various tools for managing system and network events and resources. These tools include the following:

Answer 1

Network Monitor
Windows Task Manager
Event Viewer
Windows System Resource Manager (WSRM)
Windows Reliability and Performance Manager

Question 2

Network Monitor

Answer 2

The Network Monitor enables you to monitor and troubleshoot network performance by capturing data frames transferred between networked computers.
The latest version of Network Monitor, Microsoft Network Monitor 3.1, includes new technologies that enable you to capture and monitor wireless data transfers so that you can monitor a wireless network.

Question 3

Windows Task Manager

Answer 3

The Windows Task Manager enables you to manage running programs and processes, and analyze system performance on a local computer or server.

Question 4

Event Viewer

Answer 4

The Event Viewer enables you to identify and track events that indicate possible performance problems.

Question 5

Windows System Resource Manager

Answer 5

WSRM

Question 6

Windows System Resource Manager (WSRM)

Answer 6

The WSRM enables you to manage the allocation of system resources.

Question 7

Windows Reliability and Performance Manager

Answer 7

The Windows Reliability and Performance Manager enables you to analyze and monitor the performance of a system, including its hardware and software.

This tool replaces the Server Performance Advisor and System Monitor in earlier versions of Windows, because it provides the functionalities of both of these tools.
The Microsoft Network Monitor 3.1 utility is a protocol analyzer. It collects data relating to a network using a process known as capturing. It captures traffic, data, and management frames transferred between computers that share a specified network connection, and it displays information about these frames. You can use the Network Monitor to monitor network traffic, identify unwanted connections or protocol traffic, maintain statistics on network performance, and troubleshoot network problems such as malfunctioning servers.

Question 8

The Windows Task Manager includes six tabbed pages:

Answer 8

Applications
Processes
Services
Performance
Networking
Users

Question 9

Applications

Answer 9

The Applications tabbed page displays information about all applications running in the current Windows session. You can change the order in which entries are displayed by clicking the Task or Status column headers. Using this tabbed page, you can choose to end an application that is not responding, switch tasks, or create new tasks.

Question 10

Processes

Answer 10

The Processes tabbed page displays details of each process that is currently running. You can use this information to identify processes that are holding system resources or that are causing applications to not respond. Using the Processes tabbed page, you can right-click a process and then choose to end it or to view its properties.

Question 11

Services

Answer 11

The Services tabbed page is a new feature of the Task Manager in Windows Server 2008 R2. It displays details of all Windows services. Using this tabbed page, you can right-click a service and then choose to start or stop it, or to view the processes associated with it. The page also includes a Services button, which you can click to open the Services Microsoft Management Console (MMC) snap-in.

Question 12

Performance

Answer 12

The Performance tabbed page displays information about the system’s current memory and CPU performance, in graphical form and as listed statistics. It also contains a Resource Monitor button, which you can click to access the Resource Monitor

Question 13

Networking

Answer 13

The Networking tabbed page displays an analysis of the computer’s network connection. A graph on this tabbed page indicates the percentage utilization of the network.

Question 14

Users

Answer 14

The Users tabbed page lists details of currently logged in users of the local Windows Server 2008 R2 system. You can choose to manage the properties of a user, to disconnect or log off a user, or to send a message to a selected user.
In Windows Server 2008 R2, you can access two categories of event logs:
• Windows Logs, which are created for applications that affect the operating system
• Applications and Services Logs, which are new to Windows Server 2008 R2 and store events from a single application or component

Question 15

There are five types of Windows Logs:

Answer 15

Application
Security
Setup
System
Forwarded Events

Question 16

Application

Answer 16

The Application log contains events that are logged by applications or programs. For example, a database program may log a file error in the application log. Program developers decide on the events that need to be logged in the Application log.

Question 17

Security

Answer 17

The Security log contains events such as valid and invalid logon attempts, and events related to the use of resources, such as creating, opening, and deleting files or other objects. System administrators can specify the events that must be recorded in the Security log. For example, if logon auditing has been enabled on the system, then all attempts to log on to the system are recorded in the Security log.

Question 18

Setup

Answer 18

The Setup log contains events related to the installation of new applications.

Question 19

System

Answer 19

The System log contains events that are logged by Windows system components, such as the failure of a driver or other system components that load during system startup.

Question 20

Forwarded Events

Answer 20

The Forwarded Events log stores events that are collected from remote computers.

Question 21

The Reliability and Performance Monitor collects and logs performance-specific data in Data Collector Sets using three tools:

Answer 21

Resource Overview
Performance Monitor
Reliability Monitor

Question 22

Resource Overview

Answer 22

The Resource Overview screen is the home page of the Windows Reliability and Performance Monitor. After logging in with the local administrator account, you can use the Resource Overview screen to monitor the performance of resources such as disk space, memory, and CPU capacity. You can also determine the processes that occupy these resources.

Question 23

Performance Monitor

Answer 23

The Performance Monitor provides a graphical representation of system performance, using various performance counters. Each performance counter provides details relating to the performance of a particular component. You can add performance counters directly or you can create customized Data Collector Sets to add specified performance counters to the Performance Monitor.

Question 24

Reliability Monitor

Answer 24

The Reliability Monitor continuously checks the stability of the system and displays a warning if it detects any hardware or software that represents a potential threat to the functioning of the system. This tool starts functioning at the time of the installation of the system. It analyzes all programs to determine their impact on system stability. If a warning message related to the possible impact of software or hardware installation is displayed, you need to take the appropriate actions to prevent system problems or failure.

Question 25

Resultant Set of Policy

Answer 25

(RSoP)

Question 26

Resultant Set of Policy (RSoP)

Answer 26

In an AD environment, several Group Policies may apply to the same users and computers. Because of the way policies interact, it can be difficult to determine their cumulative effect, known as the RSoP.

Question 27

The RSoP snap-in can be run in one of two modes:

Answer 27

Logging Mode

Planning Mode

Question 28

Logging Mode

Answer 28

In Logging mode, you can view and analyze policy settings only for users that are logged on and the computers they are logged on to.

Question 29

Planning Mode

Answer 29

In Planning mode, you can use simulations to view the RSoP for policy settings to apply to users and computers. This enables you to test the effects of policies before you apply them.

Question 30

Offline Maintenance

Answer 30

As an administrator, you will need to perform maintenance tasks, such as backing up data and defragmenting storage media, on each DC in a Windows Server 2008 R2 network environment. The AD database is managed through automatic maintenance procedures, such as creating routine backups. However, you need to manage AD database settings to prevent problems such as low storage space or hardware failure from affecting it. Maintenance tasks that you perform when AD DS is running are known as online maintenance tasks, and those performed when AD DS is stopped are known as offline maintenance tasks.

Question 31

Performing Offline Defragmentation

Answer 31

Fragmentation is the presence of empty spaces, which are known as white spaces, between contiguously allocated blocks of data. These white spaces occur in the AD database when data is deleted. When you delete data from AD DS, the storage space allocated to it is vacated and an empty space is left between two contiguous blocks of data.

Question 32

You can defragment the AD data on a DC in either of the following ways:

Answer 32

Online

Offline

Question 33

Online

Answer 33

Online defragmentation of the AD database occurs automatically, by default every 12 hours, on all servers running AD DS. This process manages disposed objects and increases the usable storage space in the AD database. However, it does not defragment the AD file system, which includes the ntds.dit file.

Question 34

Offline

Answer 34

Offline defragmentation, also known as compaction, removes white space from the AD database and file system, including the ntds.dit file. This file is a different size on each DC because changes are regularly made to it through automated updates.
Because offline defragmentation removes white space from both database and file system data, it can free a considerable amount of storage space. (use ntdsutil.exe)

Question 35

use ntdsutil.exe

Answer 35

Because offline defragmentation removes white space from both database and file system data, it can free a considerable amount of storage space

Question 36

ntds.dit database file stores the

Answer 36

directory data for AD DS

Question 37

Moving a Database File

Answer 37

The ntds.dit database file stores the directory data for AD DS. However, any changes made to the AD are saved to the transaction log files before they are saved to the directory data database and the ntds.dit file. When AD DS is installed on a DC running Windows Server 2008 R2, the ntds.dit file and the transaction logs are stored on the same hard disk. By default, this is in the %systemroot%\ntds folder. For more efficient read/write performance, it is preferable that you store the transaction log files and the ntds.dit file on different hard disks.
If you move the ntds.dit file and transaction logs, you need to ensure that enough free space is available to store the files at the destination location. (use ntdsutil.exe)

Question 38

Disk space requirements depend on whether you move the file and transaction logs to:

Answer 38

Separate Hard Drive Partitions
The Same Hard Drive Partition
DSRM or net stop ntds

Question 39

The Same Hard Drive Partition

Answer 39

If you store the ntds.dit file and the transaction log files on the same hard drive partition, you will need to maintain 1 GB or 20% of the combined file sizes, whichever is higher, as free space in the partition.

Question 40

DSRM or net stop ntds

Answer 40

In order to perform offline maintenance the AD DS database must by definition be offline. In the past this required the server to reboot into the special safe mode known as Directory Services Restore Mode, based upon logging on using the DSRM password defined at logon. In 2008 and later, however, the NTDS service can be stopped in the services console, or using the sc stop ntds command, the net stop ntds command, or the PowerShell cmdlet Stop-Service ntds –Force command. Then the Defragmentation or database movement can be performed, then the database service can be simply started again. Other server services that do not depend on AD running on this server (especially) if other DCs are running on the network) will continue to function

Question 41

Configure Backups

Windows Server Backup

Answer 41

Windows Server 2008 R2 provides the Windows Server Backup feature, which enables you to back up the entire system, specific volumes, files, and application data.
Backing up the contents of a server is important because it enables you to recover essential data if it is damaged or lost (for example, after a hardware failure).

Question 42

Using Windows Server Backup, you can choose to back up

Answer 42

• The full contents of all volumes, including all applications, files, data, and the system state
• Only specified volumes on a server

Question 43

A backup of critical volumes on a DC includes

Answer 43

data about boot files, the Windows operating system and registry, the SYSVOL tree, and AD database and log files.

Question 44

You can choose to back up your data to the following locations:

Answer 44

A Shared Folder
A DVD or Other Removable or Optical Media
An Internal Hard Disk
An External Hard Disk

Question 45

A Shared Folder

Answer 45

You can back up server data to a remote shared folder. However, new backups to the same folder will automatically overwrite existing ones. If the backup procedure fails and an old backup has been overwritten, all backup data will be lost.
To prevent this, you need to organize the shared folder carefully, ensuring that each backup is saved to a separate subfolder.

Question 46

A DVD or Other Removable or Optical Media

Answer 46

You can choose to back up server data to a DVD or other removable or optical media, provided 1 GB or more of free disk space is available on the media. If less than this amount of disk space is available, a disk will not be detected as an available backup destination.
You can recover full volumes of data from backups on DVD or other removable media. However, you cannot recover individual applications or files.

Question 47

An Internal Hard Disk

Answer 47

You can save backups to an internal hard disk and then use them to recover files, folders, applications, and volumes. You can also perform critical system state and operating system recoveries from the backups.
However, recovery of the operating system is not possible if the backup is on the same physical disk as one or more original, critical volumes.

Question 48

An External Hard Disk

Answer 48

You can save backups to an external hard disk and use these backups to recover files, folders, applications, and volumes. You can also perform critical system state and operating system recoveries from these backups.
The backup stored in an external hard disk can be easily moved to an offsite location for disaster protection.
The new Windows Server Backup provides several enhancements to the backup features in earlier versions of Windows Server.
Some of these enhancements include the following:
• Faster backup technologies
• Improved scheduling
• Automatic compression and volume recognition
• Automatic management of disk use
• Support for DVDs as backup media
• Extensive command-line support
• Better support for rotating backups
• Remote administration

Question 49

The limitations of Windows Server Backup are as follows:

Answer 49

Support Only for NTFS

Question 50

Support Only for NTFS

Answer 50

Windows Server Backup works only with NTFS; it does not support the File Allocation Table (FAT) and exFAT file systems. NTFS has several advantages over the FAT file system, such as support of metadata and advanced data structures. An advanced data structure improves performance, reliability, and disk space utilization.

Question 51

The three Windows RE tools are as follows:

Answer 51

• The Windows Complete PC Restore tool enables you to recover all applications, data, and settings after a hardware failure
• The Windows Memory Diagnostic Tool enables you to detect RAM problems on a system
• The Command Prompt tool enables you to access the command prompt window from where you can use the Wbadmin command-line utility to recover data from a backup

Question 52

Directory Services Snapshots

Answer 52

Windows Server 2008 allows administrators to create snapshots of the AD database for offline use: Snapshots can be mounted under a different set of ports and have read-only and accessed via LDAP. Then when values of AD objects change and administrators need to revert to the previous values, a previous snapshot can be mounted to an alternate port and the required attributes of the changed objects easily exported. Then the values could be imported into the production instance of AD DS. An administrator could similarly use this technique to restore deleted objects or audit the system at a point in time. Snapshots are taken using ntdsutil.exe. Snapshots can be mounted to an available path and port using dsamain.exe. Snapshots can be viewed using the Idap viewer of Idp.exe, adsiedit, or even dsa.msc.

Question 53

Snapshots are taken using

Answer 53

ntdsutil.exe

Question 54

Snapshots can be mounted to an available path and port using

Answer 54

dsamain.exe

Question 55

Snapshots can be viewed using the

Answer 55

Idap viewer of Idp.exe, adsiedit, or even dsa.msc

Question 56

Directory Services Recovery Mode
Using a nonauthoritative restore (a restore from backup), you can recover data from the following three types of backups:

Answer 56

System State Backups
Critical Volume Backups
Full Server Backups

Question 57

System State Backups

Answer 57

A system state backup of a DC includes at least the Active Directory Certificate Services (AD CS) database, registry, AD database (Ntds.dit), boot files, SYSVOL directory, Cluster Service information, COM+ class registration database, Microsoft Internet Information Services (IIS) meta directory, and system files under Windows Resource Protection. It also includes data for additional components, depending on which server roles are installed.

Question 58

Critical Volume Backups

Answer 58

A critical volume backup stores all data for a critical volume. This includes an AD database (Ntds.dit), AD database log files, boot files (including the bootmgr file and the Boot Configuration Data (BCD) store), the SYSVOL tree, and the Windows operating system and registry.

Question 59

Full Server Backups

Answer 59

A full server backup contains all data for a server; therefore, it is larger than a system state or critical volume backup. This type of backup enables you to recover all AD DS data and all volumes.
After a nonauthoritative restore an administrator can bring the server online and it will download any new updates from other online domain controllers. If the goal of the restore from backup was to overwrite the current AD database with the older version, you must perform an authoritative restore (this is a process of marking data as a higher version number so that it will overwrite more current data on other domain controllers) The authoritative AD DS restore is done from ntdsutil and can be done for the entire database or just a portion (an OU that was deleted, for example)

Question 60

authoritative restore

Answer 60

(this is a process of marking data as a higher version number so that it will overwrite more current data on other domain controllers)

Question 61

The authoritative AD DS restore is done from

Answer 61

ntdsutil and can be done for the entire database or just a portion (an OU that was deleted, for example)

Question 62

Directory Services Recycle Bin

Answer 62

Instead of performing an authoritative restore, Server 2008R2 allows administrators to configure and use the AD DS Recycle bin to rescue deleted objects within the 180 day period after they have been deleted but before they have been recycled. This feature requires a Server 2008 R2 Forest Functionality and the use of Idp.exe and PowerShell. Restored objects will retain their pre-existing SIDs.