In: Computer Science
The Active Directory database can be moved to a new location if you decide that there is a need to relocate it due to space limitations. How do you accomplish this? When you back up Active Directory, what must be included?
Explain the basic functions of a directory service and how Active Directory Domain Services fulfills them and describe how DNS names are formed out of domains and a hostname.
# Note: No plagiarism, please
we can move it to a different location with help of ntdsutil.exe. Let’s see in details how we can do it.
For my demo I am using a DC which holds its AD database files in default C:\Windows\NTDS\ folder. I need to move it to my new disk I added to the server. So new path I need to move it is E:\ADDB
Before we start this task we need to stop the active directory domain services. So make sure you aware of the impact it will make on network operations by stopping it.
1) Log in to the primary domain controller as
domain or enterprise administrator.
2) Server Manager > Tools > Services
3) Once mmc loaded right click on “Active Directory Domain Services” and click stop
4) Then it will ask if it’s okay to stop associated services. Click “yes” to continue.
Once services are stopped we can go ahead with the database move.
1) Right click on start button and click on “Command Prompt (Admin)”
2) Once command prompt load up type ntdsutil and press enter
3) Then type “activate instance
ntds” and press enter
4) Then type “files” and
enter
5) In the files maintenance we need to specify the command to move the db. So I need to move it to E:\ADDB so the command will be move db to E:\ADDB. If you using space in folder path make sure you put the folder path inside double colon(“”). Once it execute it will move the db file and give an output as following.
6) As you can see it move the database files successfully. But the logs are still in NTDS folder. To move the logs type move logs to E:\ADDB
7) Now it’s moved logs and database successfully to the new location.
8) Now it’s time to start the Active directory domain services again. Please go to services.mmc and start the service we stopped at the beginning of this step
What Data Must Be Backed Up?
Basic function of active directory-
Active Directory Domain Services (AD DS) are the core functions in Active Directory that manage users and computers and allow sysadmins to organize the data into logical hierarchies.
AD DS provides for security certificates, Single Sign-On (SSO), LDAP, and rights management.
Active Directory and DNS
Active Directory (AD) depends on DNS for name resolution and locating resources on a network. DNS has a database that maintains resource records, which helps identify various servers, domains, and services on the network. Some of the common types of DNS resource records are:
Record Type | Format | Purpose |
A |
abc.com. IN A 172.9.54.11 |
Maps a host name to an IPv4 address |
CNAME |
cba.com. IN CNAME abc.com. |
Makes one domain an alias of another domain |
PTR |
11.54.9.172.in-addr.arpa. IN PTR abc.com. |
Maps an IPv4 address to a host name |
MX |
*.ab.bc.com. 14400 IN MX 0 ms1.ab.bc.com. |
Identifies the mail server for a particular domain |
SRV |
_http._tcp.abc.com. IN SRV 0 5 80 ws1.abc.com. |
Maps a service to a particular server |
A domain controller (DC) registers an AD DNS entry at boot time with an A record. The DC also registers AD DNS Service (SRV) records which help in mapping services like Kerberos, LDAP, etc., to itself. When a client computer joins a network, it locates the DC by querying the DNS for the service name. DNS retrieves the SRV record from its database and provides the DC’s host name to the client. The client further queries the DNS using this host name to obtain the DC’s IP address. Thus, without the DNS, a client wouldn’t be able to authenticate into AD or find various services.
Active Directory DNS zones
The DNS has a distributed database i.e., the information about
all the domains, subdomains, and host mappings are not stored on
just one DNS server but distributed across many servers. The
management of the DNS database is made easy by dividing the DNS
name space into multiple zones and assigning the responsibility of
a zone to a particular server. An AD DNS zone is a collection of
hierarchial domain names with the root domain delegated to one or
more name servers. A zone contains all the information about a
domain except for the parts of the domain delegated to other name
servers. The zone files begin with a AD DNS SOA or Start of
Authority resource record that indicates the primary name server
for the zone.
Imagine a company, ABC, that has a name space abc.com delegated to
the name server ns1.abc.com. All the domains under
abc.com viz., sales, HR, finance, and admin can be
placed in one zone. However, let us now imagine that the company’s
HR, finance, and admin domains are administered in India and the
sales domain is administered in the USA. In order to simplify the
management of the DNS database, the HR, finance, admin, and abc
domains can be placed in zone 1 and the responsibility can be given
to ind.abc.com name server while the sales subdomain can be placed
in a separate zone (zone 2 as shown in the figure below) and its
responsibility can be delegated to us.sales.abc.com name
server.
Active Directory DNS delegation
The names within a zone can be delegated to another zone maintained by a different server. Thus the responsibility of a subdomain can be passed on to a different name server which will handle requests for the resource records through a process called AD DNS delegation. Delegation can be brought in to effect with the help of NS and A resource records as shown below:
sales.abc.com IN
NS ns1.sales.abc.com
ns1.sales.abc.com IN A 192.168.14.9
DNS plays a very important role in the smooth functioning of a
network. In the event of DNS failure, it would be difficult to find
the IP address of a host, and thereby difficult to access any
service. DNS acts as a bidirectional translator between IP
addresses and host names, thus making our network communications
easy.