Question

In: Computer Science

The Active Directory database can be moved to a new location if you decide that there...

The Active Directory database can be moved to a new location if you decide that there is a need to relocate it due to space limitations. How do you accomplish this? When you back up Active Directory, what must be included?

Explain the basic functions of a directory service and how Active Directory Domain Services fulfills them and describe how DNS names are formed out of domains and a hostname.

# Note: No plagiarism, please

Solutions

Expert Solution

we can move it to a different location with help of ntdsutil.exe. Let’s see in details how we can do it.

For my demo I am using a DC which holds its AD database files in default C:\Windows\NTDS\ folder. I need to move it to my new disk I added to the server. So new path I need to move it is E:\ADDB

Before we start this task we need to stop the active directory domain services. So make sure you aware of the impact it will make on network operations by stopping it.

1)    Log in to the primary domain controller as domain or enterprise administrator.
2)    Server Manager > Tools > Services

3)    Once mmc loaded right click on “Active Directory Domain Services” and click stop

4)    Then it will ask if it’s okay to stop associated services. Click “yes” to continue.

Once services are stopped we can go ahead with the database move.

1)    Right click on start button and click on “Command Prompt (Admin)

2)    Once command prompt load up type ntdsutil and press enter

3)    Then type “activate instance ntds” and press enter
4)    Then type “files” and enter

5)    In the files maintenance we need to specify the command to move the db. So I need to move it to E:\ADDB so the command will be move db to E:\ADDB. If you using space in folder path make sure you put the folder path inside double colon(“”). Once it execute it will move the db file and give an output as following.

6)    As you can see it move the database files successfully. But the logs are still in NTDS folder. To move the logs type move logs to E:\ADDB

7)    Now it’s moved logs and database successfully to the new location.

8)    Now it’s time to start the Active directory domain services again. Please go to services.mmc and start the service we stopped at the beginning of this step

What Data Must Be Backed Up?

  • Active Directory Domain Services
  • Domain Controller System Registry
  • Sysvol directory
  • COM+ class registration database
  • DNS zone information integrated with Active Directory
  • System files and boot files
  • Cluster service information
  • Certificate services database (if your Domain Controller is a certificate service server)
  • IIS meta folders (if Microsoft Internet Information Services are installed on your Domain Control

Basic function of active directory-

Active Directory Domain Services (AD DS) are the core functions in Active Directory that manage users and computers and allow sysadmins to organize the data into logical hierarchies.

AD DS provides for security certificates, Single Sign-On (SSO), LDAP, and rights management.

Active Directory and DNS

Active Directory (AD) depends on DNS for name resolution and locating resources on a network. DNS has a database that maintains resource records, which helps identify various servers, domains, and services on the network. Some of the common types of DNS resource records are:

Record Type Format Purpose
A

abc.com. IN A 172.9.54.11

Maps a host name to an IPv4 address

CNAME

cba.com. IN CNAME abc.com.

Makes one domain an alias of another domain

PTR

11.54.9.172.in-addr.arpa. IN PTR abc.com.

Maps an IPv4 address to a host name

MX

*.ab.bc.com. 14400 IN MX 0 ms1.ab.bc.com.

Identifies the mail server for a particular domain

SRV

_http._tcp.abc.com. IN SRV 0 5 80 ws1.abc.com.

Maps a service to a particular server

A domain controller (DC) registers an AD DNS entry at boot time with an A record. The DC also registers AD DNS Service (SRV) records which help in mapping services like Kerberos, LDAP, etc., to itself. When a client computer joins a network, it locates the DC by querying the DNS for the service name. DNS retrieves the SRV record from its database and provides the DC’s host name to the client. The client further queries the DNS using this host name to obtain the DC’s IP address. Thus, without the DNS, a client wouldn’t be able to authenticate into AD or find various services.

Active Directory DNS zones

The DNS has a distributed database i.e., the information about all the domains, subdomains, and host mappings are not stored on just one DNS server but distributed across many servers. The management of the DNS database is made easy by dividing the DNS name space into multiple zones and assigning the responsibility of a zone to a particular server. An AD DNS zone is a collection of hierarchial domain names with the root domain delegated to one or more name servers. A zone contains all the information about a domain except for the parts of the domain delegated to other name servers. The zone files begin with a AD DNS SOA or Start of Authority resource record that indicates the primary name server for the zone.
Imagine a company, ABC, that has a name space abc.com delegated to the name server ns1.abc.com. All the domains under abc.com  viz., sales, HR, finance, and admin can be placed in one zone. However, let us now imagine that the company’s HR, finance, and admin domains are administered in India and the sales domain is administered in the USA. In order to simplify the management of the DNS database, the HR, finance, admin, and abc domains can be placed in zone 1 and the responsibility can be given to ind.abc.com name server while the sales subdomain can be placed in a separate zone (zone 2 as shown in the figure below) and its responsibility can be delegated to us.sales.abc.com name server.

Active Directory DNS delegation

The names within a zone can be delegated to another zone maintained by a different server. Thus the responsibility of a subdomain can be passed on to a different name server which will handle requests for the resource records through a process called AD DNS delegation. Delegation can be brought in to effect with the help of NS and A resource records as shown below:

sales.abc.com IN NS             ns1.sales.abc.com
ns1.sales.abc.com IN A 192.168.14.9
DNS plays a very important role in the smooth functioning of a network. In the event of DNS failure, it would be difficult to find the IP address of a host, and thereby difficult to access any service. DNS acts as a bidirectional translator between IP addresses and host names, thus making our network communications easy.


Related Solutions

You have an Active Directory forest named csmtech.local and two Active Directory domains in the forest...
You have an Active Directory forest named csmtech.local and two Active Directory domains in the forest named csmpub.local and csmsales.local. You want the DNS servers in each domain to be able to handle DNS queries from client computers for any of the other domains. DNS servers in the csmtech.local and csmpub.local domains should be authoritative for their own domains and the csmsales.local domain. However, DNS servers in csmsales. local should be authoritative only for csmsales.local. How should you set up...
Explain the types of information that can be stored in an Active Directory user record. What...
Explain the types of information that can be stored in an Active Directory user record. What are some of the additional tabs which are available in the Active Directory Users and Computers "Advanced Features" mode? What are some of the specific challenges and risks associated with account management in a large infrastructure? How can inadequate access controls or access management leave critical information vulnerable? What protections does encryption offer and how important is key management to keeping any encryption system...
Active Directory Domain Services Installation Wizard
Active Directory Domain Services Installation Wizard
When a large Omaha Department store moved to a new location, Linda Butler was hired as...
When a large Omaha Department store moved to a new location, Linda Butler was hired as the new shoe department manager. Harold Knox, who retired, had been the manager at the old location. Linda’s boss, Samantha Sanders, is concerned about the poor performance since Linda became shoe department manager. The new store location is much larger than the old store location - not all of the space is currently needed. The extra space is divided up among the various departments...
Marilyn Helm Retailers is attempting to decide on a location for a new retail outlet. At...
Marilyn Helm Retailers is attempting to decide on a location for a new retail outlet. At the​ moment, the firm has three​ alternatives: stay where it is but enlarge the​ facility; locate along the main street in nearby Newbury​; or locate in a new shopping mall in Hyde Park. The company has selected the four factors listed in the following table as the basis for evaluation and has assigned weights as​ shown:                                                                                                                                                                         Factor Factor Description Weight Present Location Newbury...
Marilyn Helm Retailers is attempting to decide on a location for a new retail outlet. At...
Marilyn Helm Retailers is attempting to decide on a location for a new retail outlet. At the​ moment, the firm has three​ alternatives: stay where it is but enlarge the​ facility; locate along the main street in nearby Newbury​; or locate in a new shopping mall in Hyde Park. The company has selected the four factors listed in the following table as the basis for evaluation and has assigned weights as​ shown:                                                                                                                                                                                 Factor Factor Description Weight Present LocationPresent Location...
Organizational Unit diagram Active Directory: Design an OU Structure for your company. You should have at...
Organizational Unit diagram Active Directory: Design an OU Structure for your company. You should have at least 4 separate IT Sub-groups that will need to be delegated access to their own OU sub-structures. Plan for separating Users, Computers, Groups, and resources like Printers. Also plan to have a separated Privileged IT Accounts section. You also have a Helpdesk Group. Plan for appropriate rights for them. They will need to reset User Passwords. A diagram of the OU hierarchy A list...
How are a stub zone records updated if the stub zone is Active Directory integrated?
How are a stub zone records updated if the stub zone is Active Directory integrated?
Complete Critical Thinking Activity 3: Configuring Zones. You have an Active Directory forest named csmtech.local and...
Complete Critical Thinking Activity 3: Configuring Zones. You have an Active Directory forest named csmtech.local and two Active Directory domains in the forest named csmpub.local and csmsales.local. You want the DNS servers in each domain to be able to handle DNS queries from client computers for any of the other domains. DNS servers in the csmtech.local and csmpub.local domains should be authoritative for their own domains and the csmsales.local domain. However, DNS servers in csmsales. local should be authoritative only...
try to find articles that deal with Active Directory Group Policies. Find articles that discuss the...
try to find articles that deal with Active Directory Group Policies. Find articles that discuss the proper configurations or what happens when inherent policies override permissions.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT