Maintain Active Directory

Question 1

What are two ways to take AD offline?

Answer 1

1. Directory Services Restore Mode

2. Restartable AD DS Service

Question 2

How do you take AD offline using DSRM?

Answer 2

1. Open command prompt, type:
   bcdedit /set safeboot dsrepair
2. shutdown -t 0 -r

Question 3

Within Safe Mode, how do you bring AD back online?

Answer 3

1. Log in as local admin
2. Open cmd prompt
3. bcdedit /deletevalue safeboot

Question 4

How do you perform a defrag of an AD Database?

Answer 4

1. Open cmd prompt
2. ntdsutil > activate instance ntds
3. files > compact to c:\
4. integrity
5. quit > quit
6. copy c:\ntds.dit c:\windows\ntds\ntds.dit
7. del c:\windows\ntds*.log

Question 5

What is the classic method of taking AD offline?

Answer 5

DSRM

Question 6

How do you clean up metadata?

Answer 6

Within ADUC, delete the DC from the Domain Controllers OU.

Within ADSS, delete the DC from the Servers container within Sites

Question 7

How do you backup Active Directory?

Answer 7

1. Install Windows Server Backup feature
2. Create backup partition utilizing Disk Management
3. Within Windows Server Backup, set schedule or run Backup Once, System State

Question 8

What is the difference between an authoritative and non-authoritative restore?

Answer 8

An authoritative restore performs the restore without receiving any updates from any DCs.

A non-authoritative restore performs the restore as well as accepts any updates from any DCs.

Question 9

How do you perform a restore of AD?

Answer 9

1. Reboot the server in DSRM by typing:
bcdedit /set safeboot dsrepair
shutdown -t 0 -r
2. Within Safe Mode, open Windows Server Backup and select Recover and walk through Recovery Wizard
3. bcdedit /deletevalue safeboot

Question 10

How do you restore objects in AD Recycle Bin?

Answer 10

1. Enable AD Recycle Bin by going to AD Admin Center.

2. The objects can be restored within the Deleted Objects folder in AD Admin Center.

Question 11

How long can objects last in the Deleted Objects folder in AD Admin Center?

Answer 11

180 days.

Question 12

What tool is used to configure snapshots?

Answer 12

ntdsutil

Question 13

How do you access the ntds snapshot utility?

Answer 13

1. Open a command prompt

2. ntdsutil > activate ntds > snapshot

Question 14

Within the ntds snapshot utility, what command lists all available snapshots?

Answer 14

List all

Question 15

Within the ntds snapshot utility, what command is used to create a new snapshot?

Answer 15

Create

Question 16

How do you mount an AD snapshot?

Answer 16

Within the ntds snapshot utility, type Mount .

Outside of the ntds snapshot utility, type dsamain -dbpath \windows\ntds\ntds.dit -ldapport

Question 17

How do you open a mounted AD snapshot?

Answer 17

Within ADUC, right click on top container and select Change Directory Server

Change to “This Domain Controller or AD LDS instance”

Enter :

Question 18

How do you unmount an AD snapshot?

Answer 18

1. ntdsutil > activate instance ntds > snapshot
2. List all
3. Unmount

Question 19

How do you manually trigger replication between DCs?

Answer 19

1. Within ADSS, navigate to the NTDS settings of the DC that needs replicating.
2. Right click and select Replicate Now

Question 20

What command-line tool is used to manually trigger Active Directory replication?

Answer 20

repadmin

Question 21

Using the repadmin command-line tool, how do you trigger a manual replication?

Answer 21

repadmin /syncall dc=,dc=com /d /e /a

Question 22

How do you check whether replication is running successfully with your RODCs?

Answer 22

repadmin /kcc