Archive: February, 2010

Documenting AD

1 comment February 10th, 2010

The documentation is a vital part of the admin’s day. It’s time consuming and when there are changes to the system, it’s you who got to update the documentation.  That can be boring!

Remember that outdated (or may I call it tombstoned?!) documentation can be worse than no documentation!

If you’re a System consultant that got the job setting up a domain, it’s always nice to hand over some documentation of the domain to the company that hired you.

Don’t worry, the help is out there just waiting for you! Microsoft have a great utility called “Active Directory Topology Diagrammer”. It reads the configuration of your domain/forest and generates/updates a Visio drawing of the hole domain/forest! Including all domain controllers, global catalogs, trusts, OU structure, sites, schema version, SP level, user count and so on.

 

Just tick the checkboxes you want and hit the “Discover” button. After a few seconds the discovery completes. Go get yourself a cup of nice warm coffee,  press the “Draw” button and enjoy your coffee while ADTD populates the Visio drawing for you

This tool can also draw your Exchange organization.

Download a free copy of ADTD here

If you don’t have Visio available you can download a 60 days free trial from MS here.

Backup

No comments February 9th, 2010

When the Tottenham manager (FYI: Harry Redknapp) picks his starting 11 before a match, he also chooses 7 additional players to sit on the bench. As backups. If ie. a player gets injured during the game, he always have a backup he can use that is sitting on the bench. Just waiting to be substituted.

What do you do if you got a flat tire in the middle of nowhere, and you find out that there isn’t a spare tire in the trunk? “Sh*t, I thought I had a backup!”

An OU with dozen of user objects can accidentally be deleted. Your single DC in the domain can say goodnight anytime (yeah right, who has the guts enough to have a single DC in his domain?!). Your SYSVOL with all your fancy GPOs vanished. “Hey! Where did they go?”

So, just like everything else, a good backup can be very good to have. Even in the Active Directory world. I quote Instan at the Microsoft CSS/PSS:

As my grandfather used to say, “it’s better to have a backup you don’t need than to need a backup you don’t have”

http://blogs.technet.com/instan/default.aspx

If you don’t have a backup routine of your domain controller, then now is a good time to implement it.

A quick way to see when the last backup occurred. Open cmd and type:

repadmin /showbackup *

(Repadmin is part of the Windows 2000/2003 support tools)
http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en

I have scheduled a System state backup running every night on three of my DC’s in the domain using NTbackup (or Windows backup). (We also have a Tivoli backup running that backup the entire server…Paranoid you know 😮
I store the backup files on a network share for easy access (by the admin *).

The name you give the backup file can be in great help for other admins to do a restore.

Naming of the backup file: http://technet.microsoft.com/en-us/library/cc785766(WS.10).aspx

Schedule System state backup: http://technet.microsoft.com/en-us/library/cc759092(WS.10).aspx

If you at least have a System state backup and a disaster do occur. Then you’ll probably be able to restore your domain back on track. Just be sure that backup file have not exceeded your domain Tombstone Lifetime (60 or 180 days).

* Security around how to protect the backup is out of the scope for this entry.