Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 03 NTDS directory

Posted on 2012-03-31
10
Medium Priority
?
476 Views
Last Modified: 2012-04-18
I have a level 5 array on my Windows 03 server. One of the folders on this array is :

Windows\NTDS

Containing:

res2.log
res1.log
edb.log
edb003FF.log
edbtmp.log

I am beginning a process to replace the drives that make up this array so that I can have more space. This will involve backing everything up, rebuilding the array with larger drives, and than restoring the data onto the new drives.

My question is:

How should I handle this data in the NTDS folder?

Can I just go about my business and replace the files once I rebuild the array, or do I need to move this stuf first.

My concern here is that I don't want to interupt some live data and screw up my Active directory database.

Thanks much in advance.
0
Comment
Question by:RKoons
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 23

Expert Comment

by:yo_bee
ID: 37791279
I would use whatever utility that you are currently using to backup the entire data structure.
This backup will take all your SACL and other security attributes, tree structure and so on.  This backup will allow for you to rebuild your datastore.

NTBACKUP would be a fine utility if you are not using one already.  If you do not do routine backups you most likely will need some sort of media to write the backup and this media will need to be able to handle the total amount of data that needs to be backed up.

How are you going to handle the swing from old data location to new.
1: Are you going shutdown the file server, delete the array, then replace the drives?
2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?
3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

If you are going use option 2 or 3 you might want to try something like Robocopy or something comparable.
These utilities do a file level copy from source to destination.  They have a plethora of switch variables to accomplish many tasks.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37791349
Do you have other domain controllers in your environment other than this one?

Thanks

Mike
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791384
I am using Arcserve for the backups and the restore process.

1: Are you going shutdown the file server, delete the array, then replace the drives?

Once the backup is finished and verified I would leave the server running, delete the array, remove and replace the drives, format and then replace the data

2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?

No... I have told everyone that the server will be unavailable so no one is here.

3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

Nope, no new server, just replacing some drives.


Do you have other domain controllers in your environment other than this one?

Yes, in this site I have one.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 23

Expert Comment

by:yo_bee
ID: 37791404
Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791506
Does this server do anything other than be a domain controller?

If not, then you can demote this DC to a member server.  This will transfer all the FSMO role to the other domain controller.

Then you can label the drives before you pull them out, just in case you have to replace them.  Put your new drives in and create a new RAID 5.  Install the OS from scratch and promote the rebuilt server to a DC.

This keeps you from having to worry about messing up the time stamps when restoring AD if you don't do the correct procedure.  Plus, you get a freshly rebuilt server.  The time spend rebuilding could actually be less than backing up and restoring your system.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37791675
You sure that the FSMO roles are transfers automatically during the the demotion of a DC that host these roles?
I thought that this was a manually process utilizing various MMC's or scripted and not just automatic part of the dcpromo decommission process.
If I am wrong I am sorry, but I do want to warn the asker that it might note be automatic transfers of the FSMO roles and to take that into precaution.

http://support.microsoft.com/kb/324801
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791723
FSMO roles are automatically transferred during a demotion.  However, you will still want to manually confirm the transfer.  Just in case.
http://usefulglyphs.wordpress.com/2010/01/04/how-to-move-fsmo-roles-between-domain-controllers/
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791737
OK...

Now some of you have me worried...

 "awaggoner" - I thank you for the siggestion, but I am hoping that I will not have to go to that extreme...

Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx


As I read this article you suggested, I have one question:

It looks like I will want to do the first item in step 5...

As I follow the steps in the new article that this hyperlink brings up it gets to step 8 and says:

If you are moving the database file or log files temporarily, you can now perform any required updates to the original drive. After you update the drive, repeat steps 1 through 7 to move the files back to the original location.

If the path to the database file or log files has not changed, go to step 10.


Is it correct to assume here that even though the process "Temporarly moves" the log files, ultimatly, I am NOT permanantly moving the files, so I just move on to step 10 once finished here... Yes?
0
 
LVL 23

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 37793414
You are moving the files to prepare for your new array, but the files don't have to be moved back if you have enough space in the moved location.

I think the article assuming that you are doing this for the need to change the array and then put it back.

That is why i said confirm all works prior to decommissioning the array.  If all goes according to plan you should be able to decommission after confirming.
0
 
LVL 1

Author Comment

by:RKoons
ID: 37839800
I will be running this procedure this weekend...

I will post my conclusions and close the question once I am finished...


Thanks for the assistance.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question