Windows Server 2008 R2 Unleashed (139 page)

so does the number of groups of clusters assigned to the file. Even though this process is

efficient when using NTFS, the files and volumes become fragmented because the file

doesn’t reside in a contiguous location on the disk.

As fragmentation levels increase, disk access slows. The system must take additional

resources and time to find all the cluster groups to use the file. To minimize the amount

690

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

of fragmentation and give performance a boost, the administrator should use the Disk

Defragmenter to defragment all volumes. As mentioned earlier in the chapter, the Disk

Defragmenter is a built-in utility that can analyze and defragment volume fragmentation.

Fragmentation negatively affects performance because files aren’t efficiently read from

disk. There is a command-line version of the tool and a graphical user interface version

of the tool.

To use the graphical user interface version of the Disk Defragmenter, do the following:

1. Start Disk Defragmenter by choosing Start, Run.

2. Enter dfrgui and click OK.

3. The tool automatically analyzes all the drives and suggests whether to defragment.

This only happens if disk defragmentation is not scheduled to run automatically.

4. Select the volumes to defragment.

5. Click Defragment Disk to defragment immediately.

6. The defragmentation runs independently of the Disk Defragmenter GUI, so you can

exit the tool while the defragmentation is running by clicking Close.

Unlike previous versions of the software, the Windows Server 2008 R2 Disk Defragmenter

does not show a graphical view of the Disk Defragmenter.

ptg

The Disk Defragmenter also enables the administrator to set up a schedule for the backup.

This modifies the ScheduledDefrag task in the Task Scheduler (located in Task

Scheduler\Task Scheduler Library\Microsoft\Windows\Defrag\). After selecting the

Run on a Schedule option, the schedule can be set by clicking the Modify Schedule button

and the volumes to be defragmented can be selected by clicking the Select Volumes

button. New volumes will automatically be defragmented by the task.

Running the Domain Controller Diagnosis Utility

The Domain Controller Diagnosis (DCDIAG) utility is installed with the Active Directory

Domain Services roles in Windows Server 2008 R2 and is used to analyze the state of a

domain controller (DC) and the domain services. It runs a series of tests, analyzes the state

of the DC, and verifies different areas of the system, such as the following:

. Connectivity

. Replication

. Topology integrity

. Security descriptors

. Netlogon rights

. Intersite health

. Roles

. Trust verification

Maintaining Windows Server 2008 R2

691

DCDIAG should be run on each DC on a weekly basis or as problems arise. DCDIAG’s

syntax is as follows:

dcdiag.exe /s:[:] [/u:\

/p:*||””]

[/hqv] [/n:] [/f:] [/x:XMLLog.xml]

[/skip:] [/test:]

Parameters for this utility are as follows:

.
/h
—Display this help screen.

.
/s
—Use as the home server. This is ignored for DCPromo and

RegisterInDNS tests, which can only be run locally.

.
/n
—Use as the naming context to test. Domains can be specified

in NetBIOS, DNS, or distinguished name (DN) format.

.
/u
—Use domain\username credentials for binding with a password. Must also use

the /p option.

.
/p
—Use as the password. Must also use the /u option.

ptg

.
/a
—Test all the servers in this site.

.
/e
—Test all the servers in the entire enterprise. This parameter overrides the /a

parameter.

.
/q
—Quiet; print only error messages.

.
/v
—Verbose; print extended information.

.
/i
—Ignore; ignore superfluous error messages.

.
/fix
—Fix; make safe repairs.

.
/f
—Redirect all output to a file ; /ferr will redirect error output separately.

.
/ferr:
—Redirect fatal error output to a separate file .

.
/c
—Comprehensive; run all tests, including nondefault tests but excluding

DCPromo and RegisterInDNS. Can use with /skip.

.
/skip:
—Skip the named test. Do not use in a command with /test.

.
/test:
—Test only the specified test. Required tests will still be run. Do not

20

use with the /skip parameter.

.
/x:
—Redirect XML output to . Currently works with

the /test:dns option only.

.
/xsl:
—Add the processing instructions

that reference a specified style sheet. Works with the /test:dns /x:

option only.

692

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

The command supports a variety of tests, which can be selected. Some tests are run by

default and others need to be requested specifically. The command line supports selecting

tests explicitly (/test) and skipping tests (/skip). Table 20.10 shows valid tests that can be

run consistently.

TABLE 20.10

DCDIAG Tests

Test Name

Description

Advertising

Checks whether each DC is advertising itself and whether it is

advertising itself as having the capabilities of a DC.

CheckSDRefDom

Checks that all application directory partitions have appropriate

security descriptor reference domains.

CheckSecurityError

Locates security errors and performs the initial diagnosis of the

problem. This test is not run by default and has to be requested

with the /test option.

Connectivity

Tests whether DCs are DNS registered, pingable, and have

LDAP/RPC connectivity. This is a required test and cannot be

skipped with the /skip option.

CrossRefValidation

This test looks for cross-references that are in some way invalid.

ptg

CutoffServers

Checks for servers that won’t receive replications because their

partners are down. This test is not run by default and has to be

requested with the /test option.

DCPromo

Tests the existing DNS infrastructure for promotion to the domain

controller.

DNS

Checks the health of DNS settings for the whole enterprise. This

test is not run by default and has to be requested with the /test

option.

FrsEvent

Checks to see if there are any operation errors in the file replication

server (FRS). Failing replication of the sysvol share can cause policy

problems.

DFSREvent

Checks to see if there are any operation errors in the DFS.

DFSREvent

Checks to see if there are any operation errors in the DFS.

LocatorCheck

Checks that global role holders are known, can be located, and are

responding.

Intersite

Checks for failures that would prevent or temporarily hold up inter-

site replication.

Kccevent

Checks that the Knowledge Consistency Checker is completing

without errors.

KnowsOfRoleHolders

Checks whether the DC thinks it knows the role holders of the five

FSMO roles.

Maintaining Windows Server 2008 R2

693

TABLE 20.10

DCDIAG Tests

Test Name

Description

MachineAccount

Checks to see whether the machine account has the proper informa-

tion. Use the /RecreateMachineAccount parameter to attempt a

repair if the local machine account is missing. Use

/FixMachineAccount if the machine’s account flags are incorrect.

NCSecDesc

Checks that the security descriptors on the naming context heads

have appropriate permissions for replication.

NetLogons

Checks that the appropriate logon privileges allow replication to

proceed.

ObjectsReplicated

Checks that machine account and DSA objects have replicated. You

can use /objectdn: with /n: to specify an additional

object to check.

OutboundSecureChannels

Verifies that secure channels exist from all the DCs in the domain to

the domains specified by /testdomain. The /nositerestriction

parameter prevents the test from being limited to the DCs in the

site. This test is not run by default and has to be requested with the

/test option.

ptg

RegisterInDNS

Tests whether this domain controller can register the Domain

Controller Locator DNS records. These records must be present in

DNS for other computers to locate this domain controller for the

domain. Reports whether

any modifications to the existing DNS infrastructure are required.

Requires the /DnsDomain:

argument.

Replications

Checks for timely replication between domain controllers.

RidManager

Checks to see whether RID master is accessible and whether it

contains the proper information.

Services

Checks to see whether DC services are running on a system.

Systemlog

Checks that the system is running without errors.

Topology

Checks that the generated topology is fully connected for all DCs.

This test is not run by default and has to be requested with the

/test option.

20

VerifyEnterpriseReferences Verifies that certain system references are intact for the FRS and

replication infrastructure across all objects in the enterprise. This

test is not run by default and has to be requested with the /test

option.

VerifyReferences

Verifies that certain system references are intact for the FRS and

replication infrastructure.

694

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

TABLE 20.10

DCDIAG Tests

Test Name

Description

VerifyReplicas

Verifies that all application directory partitions are fully instantiated

on all replica servers. This test is not run by default and has to be

requested with the /test option.

Monthly Maintenance

It is recommended that you perform the tasks examined in the following sections on a

monthly basis.

Maintaining File System Integrity

CHKDSK scans for file system integrity and can check for lost clusters, cross-linked files,

and more. If Windows Server 2008 R2 senses a problem, it will run CHKDSK automatically

at startup.

Administrators can maintain FAT, FAT32, and NTFS file system integrity by running

CHKDSK once a month. To run CHKDSK, do the following:

1. At the command prompt, change to the partition that you want to check.

ptg

2. Type CHKDSK without any parameters to check only for file system errors. No

changes will be made.

3. If any errors are found, run the CHKDSK utility with the /f parameter to attempt to

correct the errors found.

Testing the UPS

An uninterruptible power supply (UPS) can be used to protect the system or group of

systems from power failures (such as spikes and surges) and keep the system running long

enough after a power outage so that an administrator can gracefully shut down the system.

It is recommended that an administrator follow the UPS guidelines provided by the manu-

facturer at least once a month. Also, monthly scheduled battery tests should be performed.

Validating Backups

Once a month, an administrator should validate backups by restoring the backups to a

server located in a lab environment. This is in addition to verifying that backups were

successful from log files or the backup program’s management interface. A restore gives

the administrator the opportunity to verify the backups and to practice the restore proce-

dures that would be used when recovering the server during a real disaster. In addition,

this procedure tests the state of the backup media to ensure that they are in working order

and builds administrator confidence for recovering from a true disaster.

Updating Documentation

An integral part of managing and maintaining any IT environment is to document the

network infrastructure and procedures. The following are just a few of the documents you

should consider having on hand:

Maintaining Windows Server 2008 R2

695

. Server build guides

. Disaster recovery guides and procedures

. Checklists

. Configuration settings

. Change configuration logs

. Historical performance data

. Special user rights assignments

. Special application settings

As systems and services are built and procedures are ascertained, document these facts to

reduce learning curves, administration, and maintenance.

It is not only important to adequately document the IT environment, but it’s often even

more important to keep those documents up to date. Otherwise, documents can quickly