Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 03 NTDS directory

Posted on 2012-03-31
10
Medium Priority
?
483 Views
Last Modified: 2012-04-18
I have a level 5 array on my Windows 03 server. One of the folders on this array is :

Windows\NTDS

Containing:

res2.log
res1.log
edb.log
edb003FF.log
edbtmp.log

I am beginning a process to replace the drives that make up this array so that I can have more space. This will involve backing everything up, rebuilding the array with larger drives, and than restoring the data onto the new drives.

My question is:

How should I handle this data in the NTDS folder?

Can I just go about my business and replace the files once I rebuild the array, or do I need to move this stuf first.

My concern here is that I don't want to interupt some live data and screw up my Active directory database.

Thanks much in advance.
0
Comment
Question by:RKoons
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Expert Comment

by:yo_bee
ID: 37791279
I would use whatever utility that you are currently using to backup the entire data structure.
This backup will take all your SACL and other security attributes, tree structure and so on.  This backup will allow for you to rebuild your datastore.

NTBACKUP would be a fine utility if you are not using one already.  If you do not do routine backups you most likely will need some sort of media to write the backup and this media will need to be able to handle the total amount of data that needs to be backed up.

How are you going to handle the swing from old data location to new.
1: Are you going shutdown the file server, delete the array, then replace the drives?
2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?
3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

If you are going use option 2 or 3 you might want to try something like Robocopy or something comparable.
These utilities do a file level copy from source to destination.  They have a plethora of switch variables to accomplish many tasks.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37791349
Do you have other domain controllers in your environment other than this one?

Thanks

Mike
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791384
I am using Arcserve for the backups and the restore process.

1: Are you going shutdown the file server, delete the array, then replace the drives?

Once the backup is finished and verified I would leave the server running, delete the array, remove and replace the drives, format and then replace the data

2: Are you going to have an attached storage or swing machine so the file server is still available to the users while you migrate the data?

No... I have told everyone that the server will be unavailable so no one is here.

3: If you are going to be using a completely new server for this role with a new server name and share I would recommend leverage your DNS or DFS services so for future migration and/or upgrades the changes are much less to the end users.

Nope, no new server, just replacing some drives.


Do you have other domain controllers in your environment other than this one?

Yes, in this site I have one.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 24

Expert Comment

by:yo_bee
ID: 37791404
Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791506
Does this server do anything other than be a domain controller?

If not, then you can demote this DC to a member server.  This will transfer all the FSMO role to the other domain controller.

Then you can label the drives before you pull them out, just in case you have to replace them.  Put your new drives in and create a new RAID 5.  Install the OS from scratch and promote the rebuilt server to a DC.

This keeps you from having to worry about messing up the time stamps when restoring AD if you don't do the correct procedure.  Plus, you get a freshly rebuilt server.  The time spend rebuilding could actually be less than backing up and restoring your system.
0
 
LVL 24

Expert Comment

by:yo_bee
ID: 37791675
You sure that the FSMO roles are transfers automatically during the the demotion of a DC that host these roles?
I thought that this was a manually process utilizing various MMC's or scripted and not just automatic part of the dcpromo decommission process.
If I am wrong I am sorry, but I do want to warn the asker that it might note be automatic transfers of the FSMO roles and to take that into precaution.

http://support.microsoft.com/kb/324801
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37791723
FSMO roles are automatically transferred during a demotion.  However, you will still want to manually confirm the transfer.  Just in case.
http://usefulglyphs.wordpress.com/2010/01/04/how-to-move-fsmo-roles-between-domain-controllers/
0
 
LVL 1

Author Comment

by:RKoons
ID: 37791737
OK...

Now some of you have me worried...

 "awaggoner" - I thank you for the siggestion, but I am hoping that I will not have to go to that extreme...

Nice Catch Mike,
I would look into moving/relocating  the NTDS folder prior to decommissioning the array and drives.

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx


As I read this article you suggested, I have one question:

It looks like I will want to do the first item in step 5...

As I follow the steps in the new article that this hyperlink brings up it gets to step 8 and says:

If you are moving the database file or log files temporarily, you can now perform any required updates to the original drive. After you update the drive, repeat steps 1 through 7 to move the files back to the original location.

If the path to the database file or log files has not changed, go to step 10.


Is it correct to assume here that even though the process "Temporarly moves" the log files, ultimatly, I am NOT permanantly moving the files, so I just move on to step 10 once finished here... Yes?
0
 
LVL 24

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 37793414
You are moving the files to prepare for your new array, but the files don't have to be moved back if you have enough space in the moved location.

I think the article assuming that you are doing this for the need to change the array and then put it back.

That is why i said confirm all works prior to decommissioning the array.  If all goes according to plan you should be able to decommission after confirming.
0
 
LVL 1

Author Comment

by:RKoons
ID: 37839800
I will be running this procedure this weekend...

I will post my conclusions and close the question once I am finished...


Thanks for the assistance.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question