Windows Server: Chapter 14 - Performance Monitoring

Questions and Answers

Which of the following is the primary purpose of SYSVOL in Active Directory?

• Centralizing login scripts, group policies, and DFS staging data. (correct)
• Storing user profile data and personal documents.
• Managing system hardware drivers and configurations.
• Providing a repository for application installation files.

When should a nonauthoritative restore of Active Directory be performed?

• When corruption is isolated to a single domain controller and hasn't replicated. (correct)
• When corruption has spread to multiple domain controllers in the forest.
• When the entire Active Directory forest needs to be recovered from a disaster.
• When schema modifications need to be rolled back to a previous state.

Which tool is primarily used to create an Active Directory snapshot?

• ntdsutil.exe. (correct)
• Windows Backup.
• Active Directory Users and Computers.
• Server Manager.

What is the key characteristic of an authoritative restore in Active Directory?

It replicates restored data to all other domain controllers, overwriting their current data. (A)

Which action is not possible when viewing an Active Directory snapshot?

Modifying object attributes. (C)

Which of the following is true regarding backing up system state data?

It backs up components not contained in a single file. (B)

What is the primary requirement for a user to perform a backup using Windows Backup?

Membership in the Backup Operators or Administrators group. (D)

Which of the following is not part of the System State data?

User Documents (A)

An application server is experiencing performance issues. Which component is MOST likely to be the bottleneck?

CPU (A)

Which Windows Server tool provides the MOST detailed information about real-time resource usage?

Resource Monitor (A)

You suspect that a recently installed application is causing system instability. Which Event Viewer log would be the MOST relevant to check first?

Application Logs (B)

A system administrator needs to establish a performance baseline for a server. Which feature of Performance Monitor is BEST suited for this task?

Data Collector Sets (D)

Which Performance Monitor view is BEST for visually identifying performance trends over a period of time?

Line Chart (C)

A domain controller is experiencing slow authentication times. Which Performance Monitor counter would be MOST helpful in diagnosing Kerberos-related issues?

Kerberos Authentication (C)

Which tool provides basic system information, including hardware resources, software environment, and system drivers?

MSinfo (C)

Why is it crucial to regularly back up the Active Directory database?

To prevent data loss and corruption. (B)

Besides magnetic tapes and hard disks, what is another viable backup media location for Active Directory?

Cloud storage (C)

Where is the Active Directory database (ntds.dit) typically stored on a Windows Server system?

C:\Windows\NTDS\ (B)

Flashcards

System State Data

A collection of components not contained in a single file, easily backed up.

SYSVOL Directory

A shared directory that stores login scripts and group policies for AD.

Group Policy

Configuration settings that manage user and computer environments in AD.

Windows Backup

A tool in Windows for backing up servers, must be installed via server manager.

Non-authoritative Restore

Restore option for a single DC corruption, not replicated elsewhere.

Authoritative Restore

Restores data and replicates it to other DCs, overriding existing data.

Active Directory Snapshots

Create and view read-only copies of AD objects for backup purposes.

Active Directory Recycle Bin

Feature that allows recovery of deleted AD objects easily.

Bottleneck

A part that impacts server performance, slowing down processes.

Common bottlenecks

Typical components that can limit performance: CPU, disk, memory, and network.

Task Manager

Windows tool that shows real-time resource usage and app status.

Resource Manager

Provides more detailed resource usage information than Task Manager.

Performance Monitor

Tracks performance data with various counters in real time.

Event Viewer

Logs events that may affect server performance and enables alerts.

Active Directory Backup

The process of making copies of AD data to recover from data loss.

Backup Media Locations

Storage options for backups: tapes, disks, DVDs, cloud.

NTDS.dit

The actual Active Directory database file.

edb.log

Transaction log file for tracking changes in Microsoft databases.

Study Notes

Chapter 14: Performance Bottlenecks and Monitoring Tools

• Performance Bottlenecks: A bottleneck is a component impacting server performance. Common bottlenecks include the processor, disk subsystem, memory, and network subsystem. The specific bottlenecks can vary depending on the server's role (e.g., file server vs. application server). File servers often rely on fast disks and networks, while application servers might require a fast CPU.

Monitoring Tools in Windows Server

• Task Manager: This tool displays real-time usage of processor, memory, disk, and network resources. It also identifies processors with high resource consumption.

Event Viewer

• Functionality: Shows logs that can affect performance. Users can create custom views, set triggers for alerts, and review event details.
• Major Event Viewer Logs: Includes application logs, security logs, setup logs, system logs, forwarded events, and other logs. These logs provide detailed information relevant to server performance.

Performance Monitor

• Functionality: Supports monitoring performance in real-time, both locally and remotely, through logged performance counters.
• Data Collection: Data is collected and stored in log files, which can act as baselines for future comparisons. The tool can be used to spot trends over time.
• Views: Performance Monitor displays real-time data in various views, including line charts, histograms, and reports.

Monitoring AD Performance

• Domain Controllers: Domain controllers provide services for authentication, directory search, and replication.
• NTDS Object Counters: Tools can track performance with NTDS (NT Domain Security) object counters such as directory read/sec, search/sec, and write/sec. In addition, inbound/outbound bytes per second (total) can be monitored.
• Security System Counters: Wide-ranging performance counters for the security system are tracked.

Other Handy Tools

• MSConfig: A utility for configuring system settings.
• MSinfo: Provides system information.

Backing Up and Restoring Active Directory

• Backup Importance: Backups copy data for restoration after data loss.
• Active Directory Database: Backing up the AD Database is critical, as AD often contains large amounts of information.
• Backup Methods: Backups can restore an entire system, specific files, or objects. Backups are useful in various scenarios, including corruption and recovery from large scale outages.
• Backup Media: Backup media includes magnetic tapes, hard disks, DVDs, and cloud storage options.

Types of System Data to Backup

• AD Database: Critically important to back up to prevent corruption
• Size Support: AD supports up to over 2 billion objects and 16 terabytes of size.
• NTDS: Files are stored in C:\Windows\NTDS.
• Transaction Logs: edb.log is a transaction log; a crucial file for keeping track of system changes.
• System State: A collection of components not in a single file, backed up easily.
• SYSVOL: A shared directory, storing login scripts, and group policies. It is crucial to back up for stability and security.
• DFS: The distributed file system (DFS) staging folder and corresponding files help synchronize data between domain controllers.

Performing Active Directory Restore

• Restoration Types: Active Directory restores have "non-authoritative" and "authoritative" restoration types.
• Non-Authoritative: Used when corruption impacts only a single domain controller (DC) and not replicated across other DCs. Restore requires booting into directory service repair mode.
• Authoritative: Overriding any existing information when the restore needs to propagate across other domain controllers. Starting the backup program begins the recovery process.

Active Directory Recycle Bin

• Enabling: There are several ways to enable the recycle bin feature. One method involves the Active Directory Administrative Center. Another method uses PowerShell commands.
• Restoration and Removal: Items deleted must be restored from the bin before removal is fully processed.

Description

Chapter 14 discusses performance bottlenecks in Windows Server, such as processor, disk, memory, and network. It also introduces key monitoring tools like Task Manager and Event Viewer. Event Viewer tracks application, security, and system logs to identify issues.