Solved

Windows 03 NTDS directory

Posted on 2012-03-31
10
465 Views
Last Modified: 2012-04-18
I have a level 5 array on my Windows 03 server. One of the folders on this array is :

Windows\NTDS

Containing:

res2.log
res1.log
edb.log
edb003FF.log
edbtmp.log

I am beginning a process to replace the drives that make up this array so that I can have more space. This will involve backing everything up, rebuilding the array with larger drives, and than restoring the data onto the new drives.

My question is:

How should I handle this data in the NTDS folder?

Can I just go about my business and replace the files once I rebuild the array, or do I need to move this stuf first.

My concern here is that I don't want to interupt some live data and screw up my Active directory database.

Thanks much in advance.
0
Comment
Question by:RKoons
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 37791279
I would use whatever utility that you are currently using to backup the entire data structure.
This backup will take all your SACL and other security attributes, tree structure and so on.  This backup will allow for you to rebuild your datastore.

NTBACKUP would be a fine utility if you are not using one already.  If you do not do routine backups you most likely will need some sort of media to write the backup and this media will need to be able to handle the total amount of data that needs to be backed up.

How are you going to handle the swing from old data location to new.
1: Are you going shutdown the file server, delete the array, then replace the drives?
2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?
3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

If you are going use option 2 or 3 you might want to try something like Robocopy or something comparable.
These utilities do a file level copy from source to destination.  They have a plethora of switch variables to accomplish many tasks.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37791349
Do you have other domain controllers in your environment other than this one?

Thanks

Mike
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791384
I am using Arcserve for the backups and the restore process.

1: Are you going shutdown the file server, delete the array, then replace the drives?

Once the backup is finished and verified I would leave the server running, delete the array, remove and replace the drives, format and then replace the data

2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?

No... I have told everyone that the server will be unavailable so no one is here.

3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

Nope, no new server, just replacing some drives.


Do you have other domain controllers in your environment other than this one?

Yes, in this site I have one.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 22

Expert Comment

by:yo_bee
ID: 37791404
Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791506
Does this server do anything other than be a domain controller?

If not, then you can demote this DC to a member server.  This will transfer all the FSMO role to the other domain controller.

Then you can label the drives before you pull them out, just in case you have to replace them.  Put your new drives in and create a new RAID 5.  Install the OS from scratch and promote the rebuilt server to a DC.

This keeps you from having to worry about messing up the time stamps when restoring AD if you don't do the correct procedure.  Plus, you get a freshly rebuilt server.  The time spend rebuilding could actually be less than backing up and restoring your system.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 37791675
You sure that the FSMO roles are transfers automatically during the the demotion of a DC that host these roles?
I thought that this was a manually process utilizing various MMC's or scripted and not just automatic part of the dcpromo decommission process.
If I am wrong I am sorry, but I do want to warn the asker that it might note be automatic transfers of the FSMO roles and to take that into precaution.

http://support.microsoft.com/kb/324801
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791723
FSMO roles are automatically transferred during a demotion.  However, you will still want to manually confirm the transfer.  Just in case.
http://usefulglyphs.wordpress.com/2010/01/04/how-to-move-fsmo-roles-between-domain-controllers/
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791737
OK...

Now some of you have me worried...

 "awaggoner" - I thank you for the siggestion, but I am hoping that I will not have to go to that extreme...

Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx


As I read this article you suggested, I have one question:

It looks like I will want to do the first item in step 5...

As I follow the steps in the new article that this hyperlink brings up it gets to step 8 and says:

If you are moving the database file or log files temporarily, you can now perform any required updates to the original drive. After you update the drive, repeat steps 1 through 7 to move the files back to the original location.

If the path to the database file or log files has not changed, go to step 10.


Is it correct to assume here that even though the process "Temporarly moves" the log files, ultimatly, I am NOT permanantly moving the files, so I just move on to step 10 once finished here... Yes?
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 37793414
You are moving the files to prepare for your new array, but the files don't have to be moved back if you have enough space in the moved location.

I think the article assuming that you are doing this for the need to change the array and then put it back.

That is why i said confirm all works prior to decommissioning the array.  If all goes according to plan you should be able to decommission after confirming.
0
 
LVL 1

Author Comment

by:RKoons
ID: 37839800
I will be running this procedure this weekend...

I will post my conclusions and close the question once I am finished...


Thanks for the assistance.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question