Tag Archives: Domain Controller

Active Directory: Wait, you relocate the data stores, moving the NTDS Database, Sysvol and Logs from default? Why?

When you start building domain controllers, one of the simple ideas people bring up is that you always leave the Active Directory data (NTDS database, Sysvol and logs; also known as directory data) where the default in the windows directory.  The idea is they are tucked away and difficult to stumble across accidentally and start playing around with them.  Others simply say: it is where they belong.

I have been at this for so long that I hadn’t really thought about it till I received an email asking why I relocated the data stores in my blog post: A Visual Step by Step: Windows Server 2012, Active Directory 2012, time to build your first forest!

Well, it is probably obvious by now, that I disagree with the popular sentiment.

One of the problems is that most people confuse the Active Directory Domain Services role (making the server a Domain Controller) with the server. The reality is that the Active Directory Domain Services role is simply that: a role.  It is a role that when doing work in your lab, or troubleshooting and restoring your enterprise systems you need to be able to easily backup or even copy everything related to Active Directory.  Why hide it in the Windows directory with thousands of other files and folders?

When you isolate these folders and files into a single root level directory (I like C:\ADDS) you gain one directory to manage.  So it is one directory to manage.  One directory to isolate from antivirus; yes, you have to avoid the NTDS Database, Sysvol and Logs from anti-virus scanning (if you even put anti-virus on your domain controllers… another topic to discuss at a later date). It also allows you to easily copy everything to do with Active Directory with the right click of a mouse or a simple backup command (to get everything).  This is awesome when troubleshooting things like Journal Wrap or doing restoration of login scripts or even Active Directory itself.  It is a life saver for a quick directory restore operation.

The idea here is to make your management of Active Directory simpler.  Now comes some neat things you can do if you have additional physical volumes to move these files to.

In a large environment, placing the directory data (Sysvol, NTDS, Logs) on its own NTFS partition reduces disk I/O.  This can reduce some chances of error, such as FRS just not keeping up with changes.  Additionally, reducing disk I/O allows the Active Directory Domain Services server more efficiently as well.  This can be vital for an enterprise PDC Emulator.  More efficient, better I/O adds to the number of client requests that can be processed. From a performance point of view you could use three separate disk arrays. One disk array for your boot partition, one disk array for your Active Directory database and the Shared System Volume (SYSVOL) folder and one disk array for your Active Directory log files.

However remember, Active Directory is based on a database.  As such, if you want the absolute best performance possible… separate all three parts of the directory data onto three separate drives.  Granted, this is only done when an enterprise needs extreme responsiveness.  However, this starts to get to be a management headache, as you now have to backup three separate drives. Lets just keep it simple if we can, ok?

What are the negatives? If this is going to be a Domain Controller that is not going to be managed by trained staff… don’t do this.  Some administrators won’t realize that they should look for the directory data.  However, this is a situation where training can fix this.  Additionally, sometimes you may want to use simple step by steps found online… and will need the administrator to adjust the commands on the fly.

Is it doable with the negatives?  Yes.  Do I consider the advantages more valuable than the risks from the negatives? Absolutely.  It keeps things simple for backups, restores and troubleshooting.  You can isolate your directory data and make your life simpler.

A Visual Step by Step: Windows Server 2012, Active Directory 2012, time to build your first forest!

By Robert Meyers

 

Sometimes you just want to see how something is done. Well today, we are going to look at how to build a basic forest. This is for the first domain controller in your lab. Yes, I said lab. You want a lab. Why do you want a lab? This lets us see if anything is going to break? Or as close as we can ever get.

Now everyone, let’s work together to make the new IT modeus operendi: just say no to “blowing up” your Active Directory.

So, in sixty seven simple steps… let’s build the lab so we can make that new modeus operendi. Just follow the recorded steps.

Recorded Steps

 

 

Step 1: (‎9/‎6/‎2012 7:02:23 AM) User right click on “Server Manager (button)”
 

 

Step 2: (‎9/‎6/‎2012 7:02:25 AM) User right click on “Server Manager (list item)” in “Jump List”
 
Step 3: (‎9/‎6/‎2012 7:02:26 AM) User left click on “Run as administrator (menu item)”
 
Step 4: (‎9/‎6/‎2012 7:02:30 AM) User left click on “Add roles and features (button)” in “Server Manager”
 
Step 5: (‎9/‎6/‎2012 7:02:33 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 6: (‎9/‎6/‎2012 7:02:35 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 7: (‎9/‎6/‎2012 7:02:37 AM) User left click on “Microsoft Windows Server 2012 Standard Evaluation (text)” in “Add Roles and Features Wizard”
 
Step 8: (‎9/‎6/‎2012 7:02:38 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 9: (‎9/‎6/‎2012 7:02:41 AM) User left click on “Active Directory Domain Services (tree view item)” in “Add Roles and Features Wizard”
 
Step 10: (‎9/‎6/‎2012 7:02:44 AM) User left click on “Add Features (text)” in “Add Roles and Features Wizard”
 
Step 11: (‎9/‎6/‎2012 7:02:47 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 12: (‎9/‎6/‎2012 7:02:53 AM) User left click in “Add Roles and Features Wizard”
 
Step 13: (‎9/‎6/‎2012 7:02:57 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 14: (‎9/‎6/‎2012 7:02:59 AM) User left click on “_Next > (text)” in “Add Roles and Features Wizard”
 
Step 15: (‎9/‎6/‎2012 7:03:02 AM) User left click on “Install (button)” in “Add Roles and Features Wizard”
 
Step 16: (‎9/‎6/‎2012 7:04:04 AM) User left click on “Export configuration settings (text)” in “Add Roles and Features Wizard”
 
Step 17: (‎9/‎6/‎2012 7:04:07 AM) User left click on “Page down (button)” in “Save As”
 
Step 18: (‎9/‎6/‎2012 7:04:08 AM) User left click on “Local Disk (C:) (tree item)” in “Save As”. You should always save a copy of a configuration that you are using.
 
Step 19: (‎9/‎6/‎2012 7:04:11 AM) User left click on “Save (button)” in “Save As”
 
Step 20: (‎9/‎6/‎2012 7:04:20 AM) User left click on “Promote this server to a domain controller (text)” in “Add Roles and Features Wizard”
 
Step 21: (‎9/‎6/‎2012 7:04:24 AM) User left click on “Add a new _forest (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 22: (‎9/‎6/‎2012 7:04:25 AM) User left click on “_Root domain name: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 23: (‎9/‎6/‎2012 7:04:28 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” […]
 
Step 24: (‎9/‎6/‎2012 7:04:36 AM) User left click on “_Next > (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 25: (‎9/‎6/‎2012 7:05:10 AM) User left click on “Passwor_d: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 26: (‎9/‎6/‎2012 7:05:31 AM) User left click on “Passwor_d: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 27: (‎9/‎6/‎2012 7:05:34 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” [… Shift … Tab …]
 
Step 28: (‎9/‎6/‎2012 7:05:42 AM) User left click on “_Next > (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 29: (‎9/‎6/‎2012 7:05:52 AM) User left click on “Show more (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 30: (‎9/‎6/‎2012 7:06:04 AM) User left click on “OK (button)” in “DNS Options”. Since it looks like an informative link, please take a moment and read it.
 
Step 31: (‎9/‎6/‎2012 7:06:06 AM) User left click on “_Next > (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 32: (‎9/‎6/‎2012 7:06:09 AM) User left click on “The NetBIOS domain name: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 33: (‎9/‎6/‎2012 7:06:21 AM) User left click on “_Next > (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 34: (‎9/‎6/‎2012 7:06:33 AM) User left click on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 35: (‎9/‎6/‎2012 7:06:34 AM) User left click on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 36: (‎9/‎6/‎2012 7:06:35 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” […]
 
Step 37: (‎9/‎6/‎2012 7:06:40 AM) User left click on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 38: (‎9/‎6/‎2012 7:06:41 AM) User left click on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 39: (‎9/‎6/‎2012 7:06:43 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” […]
 
Step 40: (‎9/‎6/‎2012 7:06:52 AM) User mouse drag start on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 41: (‎9/‎6/‎2012 7:06:53 AM) User mouse drag end on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 42: (‎9/‎6/‎2012 7:06:53 AM) User left click on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 43: (‎9/‎6/‎2012 7:06:54 AM) User mouse drag start on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 44: (‎9/‎6/‎2012 7:06:56 AM) User mouse drag end on “_Database folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 45: (‎9/‎6/‎2012 7:06:56 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” […]
 
Step 46: (‎9/‎6/‎2012 7:07:00 AM) User mouse drag start on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 47: (‎9/‎6/‎2012 7:07:01 AM) User mouse drag end on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 48: (‎9/‎6/‎2012 7:07:01 AM) User left click on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 49: (‎9/‎6/‎2012 7:07:02 AM) User mouse drag start on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 50: (‎9/‎6/‎2012 7:07:05 AM) User mouse drag end on “_Log files folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 51: (‎9/‎6/‎2012 7:07:05 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard” […]
5
 
Step 52: (‎9/‎6/‎2012 7:07:08 AM) User left click on “S_YSVOL folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 

 

Previous
Next
Step 53: (‎9/‎6/‎2012 7:07:09 AM) User left click on “S_YSVOL folder: (edit)” in “Active Directory Domain Services Configuration Wizard”
 
Step 54: (‎9/‎6/‎2012 7:07:11 AM) User keyboard input on “Active Directory Domain Services Configuration Wizard (window)” in “Active Directory Domain Services Configuration Wizard”. I have never liked having important folders hidden among everything else. As such, I like to break out the NTDS locations.
 
Step 55: (‎9/‎6/‎2012 7:07:20 AM) User left click on “Next > (button)” in “Active Directory Domain Services Configuration Wizard”
 
Step 56: (‎9/‎6/‎2012 7:07:24 AM) User left click on “_View script (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 57: (‎9/‎6/‎2012 7:07:35 AM) User left click on “File (menu item)” in “tmpF8A.tmp – Notepad”
 
Step 58: (‎9/‎6/‎2012 7:07:37 AM) User left click on “Save As… (menu item)”
 
Step 59: (‎9/‎6/‎2012 7:07:41 AM) User keyboard input on “File name: (edit)” in “Save As” […]
 

 

Previous
Next
Step 60: (‎9/‎6/‎2012 7:07:54 AM) User left click on “Save (button)” in “Save As”
 
Step 61: (‎9/‎6/‎2012 7:07:57 AM) User left click on “Close (button)” in “ADDS Deployment – Notepad”. Once again, check out the script.
 
Step 62: (‎9/‎6/‎2012 7:08:00 AM) User left click on “_Next > (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 63: (‎9/‎6/‎2012 7:08:58 AM) User mouse drag start on “_View results (group)” in “Active Directory Domain Services Configuration Wizard”
 
Step 64: (‎9/‎6/‎2012 7:09:02 AM) User mouse drag end on “_View results (group)” in “Active Directory Domain Services Configuration Wizard”
 
Step 65: (‎9/‎6/‎2012 7:09:05 AM) User left click on “_Install (text)” in “Active Directory Domain Services Configuration Wizard”
 
Step 66: (‎9/‎6/‎2012 7:11:17 AM) User left click on “Close (button)” in “You’re about to be signed off”
 
Step 67: (‎9/‎6/‎2012 7:11:19 AM) User left click on “Steps Recorder – Recording Now (button)”. And we are done.
 
This site is using Web Stats, created by emailextractor14.com