Does Anyone Do Pro-Active Maintenance?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have posted before, but have not received a reply (as yet)

I would like to know from my fellow professionals if anyone performs pro-active database maintenance on Microsoft Windows 2000 Active Directory. I am working on a large implementation and would like to build in some pro-active directory maintenance tasks (Off-line defragmentation, database integrity check, semantic database analysis etc.), and would like to know if anyone else is doing this sort of thing, what processes they have in-place, and the frequency

Any information is appreciated

Regard
FN
 
I would like to know from my fellow professionals if anyone performs
pro-active database maintenance on Microsoft Windows 2000 Active Directory.
I am working on a large implementation and would like to build in some
Click to expand...
pro-active directory maintenance tasks

Probably you should spend your time on Updates and monitoring
security.
(Off-line defragmentation,
Click to expand...

Almost never necessary and seldom useful. It's misnamed.
Defragmentation is automoatic and online.

Offline "defrag" is really compaction and has no real effect
unless you delete 1000 and 1000 of objects, like removing
a GC setting in a 100,000+ Forest.
database integrity check,
Click to expand...

What specifically?
semantic database analysis etc.),
Click to expand...

NEVER do this!!! Unless you lose you LAST DC and your backup.
and would like to know if anyone else is doing this sort of thing, what
Click to expand...
processes they have in-place, and the frequency.

No.
 
We have about 70,000 objects in our forest and haven't found a need to do
any of the tasks you list. AD takes care of things automatically.


FNB said:
I have posted before, but have not received a reply (as yet)!

I would like to know from my fellow professionals if anyone performs
Click to expand...
pro-active database maintenance on Microsoft Windows 2000 Active Directory.
I am working on a large implementation and would like to build in some
pro-active directory maintenance tasks (Off-line defragmentation, database
integrity check, semantic database analysis etc.), and would like to know if
anyone else is doing this sort of thing, what processes they have in-place,
and the frequency.
 
Eric

Thanks for the feedback..>>>We have about 70,000 objects in our forest and haven't found a need to d
This sounds like Microsoft marketing speak.

I come from the world of Novell NDS/eDirectory and have managed several environment with 100,000+ objects. When Novell first released NetWare 4 with NDS v6 they said..."It'll take care of itself, it uses synchronization and timestamps to ensure all is ok" however, after a couple of years all the NDS users needed to run regular DSREPAIR's to ensure data integrity and keep the tree healthy, the one's that didn't often had inconsistencies across the tree. Some of the issues that I have seen in the NDS/eDirectory world where updates not been written to disk, physical database file corruption, packets dropping off the wire, background processes failing. I'm sure that Novell do not have a monopoly on these type (or similar) failures. I suspect that if I do not run pro-active maintenance on Active Directory when we have completed our roll-out (36,000+ users) we will have many errors in the ADS domain.

Regard
FN
 
FNB said:
Eric,

Thanks for the feedback..>>>We have about 70,000 objects in our forest and haven't found a need to do

This sounds like Microsoft marketing speak.

I come from the world of Novell NDS/eDirectory and have managed several
Click to expand...
environment with 100,000+ objects. When Novell first released NetWare 4 with
NDS v6 they said..."It'll take care of itself, it uses synchronization and
timestamps to ensure all is ok" however, after a couple of years all the NDS
users needed to run regular DSREPAIR's to ensure data integrity and keep the
tree healthy, the one's that didn't often had inconsistencies across the
tree. Some of the issues that I have seen in the NDS/eDirectory world where
updates not been written to disk, physical database file corruption, packets
dropping off the wire, background processes failing. I'm sure that Novell do
not have a monopoly on these type (or similar) failures. I suspect that if I
do not run pro-active maintenance on Active Directory when we have completed
our roll-out (36,000+ users) we will have many errors in the ADS domain.
I'm not familiar with Novell, I stopped using it at 3.12. I can only speak
for our environment which has been running for three years with 65,000 users
and 15% annual account turnover without any directory integrity problems. I
imagine that multi-master replication has to work pretty reliably or we
would see all kinds of problems. As a check, our daily synchronization from
iPlanet would also show any anomalies in the synchronization error logs when
the directory differentials are built.
 
This sounds like Microsoft marketing speak.


--
Herb Martin
FNB said:
Eric,

Thanks for the feedback..>>>We have about 70,000 objects in our forest and haven't found a need to do

This sounds like Microsoft marketing speak.

I come from the world of Novell NDS/eDirectory and have managed several
Click to expand...
environment with 100,000+ objects. When Novell first released NetWare 4 with
NDS v6 they said..."It'll take care of itself, it uses synchronization and
timestamps to ensure all is ok" however, after a couple of years all the NDS
users needed to run regular DSREPAIR's to ensure data integrity and keep the
tree healthy, the one's that didn't often had inconsistencies across the
tree. Some of the issues that I have seen in the NDS/eDirectory world where
updates not been written to disk, physical database file corruption, packets
dropping off the wire, background processes failing. I'm sure that Novell do
not have a monopoly on these type (or similar) failures. I suspect that if I
do not run pro-active maintenance on Active Directory when we have completed
our roll-out (36,000+ users) we will have many errors in the ADS domain.
 
Thanks for the feedback..>>>We have about 70,000 objects in our forest and
haven't found a need to do
This sounds like Microsoft marketing speak.
Click to expand...

It's not. There are much larger larger forests and many more
smaller ones and no one really sees a problem.

Microsoft benefited from the troubles Novell went through with
NDS, hired some of their top people too, and did a better job.

Also Banyan, and years of Exchange.

AD is really at about version 6 even though there have only been
2 official releases.
 
Thanks for the feedback folks...If what you are saying is accurate (and I have no reason to doubt you) then Active Directory is a much better product than I initially thought!

My next question is what type of pre checks you perform BEFORE installing a new domain controller etc.

Keep it coming guys, this is good stuff

Regard
FNB
 
FNB said:
Thanks for the feedback folks...If what you are saying is accurate (and I
Click to expand...
have no reason to doubt you) then Active Directory is a much better product
than I initially thought!
My next question is what type of pre checks you perform BEFORE installing
Click to expand...
a new domain controller etc.?

Generally, nothing if things are properly setup.

But it never hurts to run DCDiag on one or every DC.
(Send output to text file and search for FAIL, WARN, IGNORE)
....and to make sure your replication is "complete" with RepAdmin
or Replmon.exe.

Keep it coming guys, this is good stuff!
Click to expand...

Almost all AD problems (authenticaton and replication) are really
DNS problems -- assuming you have basic network connectivity
and server functionality.
 
FNB said:
Herb,

Thanx...I'll put you on my christmas card list..
Click to expand...

Cool.

You might also find searching for the word "Checklist" or
"Checklist in the server built-in help to be useful; including
the subject with that keyword is also useful:

[active directory checklist]

Almost every major (and many minor) service or product
area has a "checklist" and this will get you to the "area" in
help where the other "Major" topics for each subject are
located.

These "topics" typically include (with sub-topics):
Checklists
New ways to do familiar tasks (great for upgraders)
Best practices
How to...
Concepts
Troubleshooting

Many people believe they are beyond using such, but the
help is MUCH better than they likely know, and I myself
use it daily.

You may need to synchonize (Locate in contents) a specific
page to see the topical outline format.

Then there is the Google search (you can search Microsoft
better with Google than with "Micrsoft"):

[ "active directory" "best pratices" site:microsoft.com ]
[ "active directory" "best pratices" microsoft: ]

In the latter there is a colon: after microsoft: to search the
'special Microsoft:' Google collection (web wide, Microsoft
focused.)

Of course, if you use these things, you may not need me and
I might not continue on your Christmas list -- <grin>
 
Back
Top