Planning and Troubleshooting Dcpromo Edward Gomes and Mike Resnick Support Professionals Directory S - PowerPoint PPT Presentation

1 / 32

About This Presentation

Title:

Planning and Troubleshooting Dcpromo Edward Gomes and Mike Resnick Support Professionals Directory S

Description:

Article on native mode. Pointer to help files. 8. Installing Active Directory. Run Dcpromo ... http://support.microsoft.com/support/kb/articles/q238/3/69.asp ... – PowerPoint PPT presentation

Number of Views:135

Avg rating:3.0/5.0

Slides: 33

Provided by: Heid78

Category:

more less

Transcript and Presenter's Notes

Title: Planning and Troubleshooting Dcpromo Edward Gomes and Mike Resnick Support Professionals Directory S

1
Planning and Troubleshooting Dcpromo Edward
Gomes and Mike ResnickSupport ProfessionalsDirec
tory Services and SecurityMicrosoft Corporation
2
Planning and Troubleshooting DCPROMO

Overview
What is Dcpromo?
Planning Active Directory
Installing of Active Directory
Verifying Active Directory
Installing replica domain controllers
Troubleshooting tools

3
Vocabulary

Dcpromo
Ntds.dit
Sysvol
Domain Name System (DNS)
Flexible Single Master Operations (FSMO)
Global catalog (GC)
NetBIOS
Primary domain controller (PDC)
Domain controller (DC)
Organizational Unit (OU)

4
What Is Dcpromo?

Executable that transitions Microsoft Windows
2000 member servers or stand-alone servers to
Active Directory domain controllers
Dcpromo converts registry SAM to Jet-based
directory
Builds system volume
Time synchronization
Modifies services

5
Planning Active Directory

Planning strategy for implementation
Upgrade from previous domain models
DNS structure
Domain structure
Domain controller placement
Delegation model
Organizational Unit structure
Operations master locations

6
Planning Active Directory (2)

Planning DNS structure

7
Planning Active Directory (3)

Planning Checklist
Backup, backup, and backup
Test
Access this computer from network
File permission (System and Admin should have FC
everyone should have at least read)
If upgrading from Microsoft Windows NT 4.0,
make sure there is at least one other BDC and do
not change the environment to native mode until
everything works perfectly
Article on native mode
Pointer to help files

8
Installing Active Directory

Run Dcpromo
Point to the right DNS server
Choose to be the first DC
Choose the proper location for the Sysvol and
Ntds.dit
Install and configure DNS

9
Verifying Active Directory

Make sure the Sysvol and all the other necessary
folders were created
Make sure that the proper folders are shared
Check the event logs to see if any errors are
being reported

10
Installing Replica Domain Controllers

At least the Enterprise Domain Controllers group
should be added under the Access this computer
from network right
The replica DC needs to point to the same DNS
server that hosts the zone for the Active
Directory that it is trying to join
Make sure the replica DC has access to FSMO role
holders and the global catalog server

11
Troubleshooting Tools

ADSI Edit low-level editor for Active Directory
Dcdiag diagnose the Active Directory
Ldp.exe find objects in the Active Directory
Log files
Netdiag diagnose network functionality
Netdom secure channel manipulations
Nltest secure channel manipulations
Nslookup DNS query tool
Ntdsutil manage objects in Active Directory
Ntfrsutil file replication management
Repadmin manage replication
Replmon monitor replication
Secedit check policies

12
Troubleshooting Tools (2)

ADSI Edit low-level editor for Active Directory
Add, delete, and move objects within the
directory
Change attributes of objects
Set permissions on objects

13
Troubleshooting Tools (3)

DCDIAG diagnose network functionality
dcdiag /v gtc\dcdiag.txt
dcdiag /fix
dcdiag /slocalhost
dcdiag /?

14
Troubleshooting Tools (4)

Ldp.exe find objects in the Active Directory
Query security descriptors
Find object GUID
Find schema container
View ACEs
View rootDSE attributes

15
Troubleshooting Tools (5)

Log files
DCPromo.log
DCPromos.log
DCPromoUI.log
Event logs Directory, DNS, File Replication,
System, and Application
Netsetup.log

16
Troubleshooting Tools (6)

NETDIAG diagnose network functionality
Netdiag /v gtc\netdiag.txt
Netdiag /fix
Netdiag /dcaccountEnum
Netdiag /?

17
Troubleshooting Tools (7)

Netdom secure channel manipulations
Join domains
Reset secure channel
Create machine accounts
Create and manage trusts

18
Troubleshooting Tools (8)

NLTEST secure channel manipulations
Force a synchronization
Reset secure channel
Changes in database replication (deltas)
Query all types of secure channels
Query time service
List domain controllers

19
Troubleshooting Tools (9)

Nslookup DNS query tool
Verifies name resolution for DNS

20
Troubleshooting Tools (10)

Ntdsutil manage objects in Active Directory
Authoritative restore
Domain management
Manage NTDS database files
Manage LDAP IP deny list
Manage LDAP policies
Clean up objects of decommissioned servers
Manage NTDS role owners tokens
Manage Security Account database - duplicate SID
cleanup
Semantic checker

21
Troubleshooting Tools (11)

Ntfrsutil file replication management
View FRS configuration in Active Directory
List replica sets

22
Troubleshooting Tools (12)

Repadmin manage replication
View current replication partners
Force replication between two servers
View the replication topography

23
Troubleshooting Tools (13)

Replmon graphical monitor replication
Detects all directory partitions on selected
server
View replication both directly and transitively
Display USN values
Trigger Knowledge Consistency Checker (KCC)
See objects needing replication

24
Troubleshooting Tools (14)

Secedit
Analyze system security
Configure system security
Refresh security settings
Export security settings
Validate a security configuration file

25
Summary

What is Dcpromo?
How to plan DNS and Active Directory
How to install Active Directory
How to tell if Active Directory was successful
How to install replica DCs
Tools to use to troubleshoot Dcpromo problems

26
Where to Get More Information

Q238369 Promoting and Demoting Domain Controller
http//support.microsoft.com/support/kb/articles/
q238/3/69.asp
Q216899 Best Practice Methods for W2K DC Setup
http//support.microsoft.com/support/kb/articles/
q216/8/99.asp
Q257338 Troubleshooting Missing SYSVOL and
NETLOGON Shares
http//support.microsoft.com/support/kb/articles/
q257/3/38.asp
Q254933 Adding or Removing a Domain During
Dcpromo Requires FSMO Access
http//support.microsoft.com/support/kb/artic
les/q254/9/33.asp
Planning AD Windows 2000 Resource kit Deployment
Guide Ch 9
http//www.microsoft.com/technet/win2000/dguide/c
hapt-9.asp

27
Where to Get More Information (2)

Q254680 DNS Namespace Planning
http//support.microsoft.com/support/kb/articles/
q254/6/80.asp
Q237675 Setting Up the Domain Name System for
Active Directory
http//support.microsoft.com/support/kb/articles/
q237/6/75.asp
Q241505 SRV Records Missing After Setup of AD and
DNS
http//support.microsoft.com/support/kb/articles/
q241/5/05.asp
Windows 2000 Networking White Papers
http//www.microsoft.com/windows2000/library/howi
tworks/communications/nameadrmgmt/default.asp

28
Where to Get More Information (3)