Because the Active Directory is a part of the core Windows 2000 operating system, it’s easy to take it for granted. After all, the Active Directory quietly works in the background, servicing the needs of your enterprise. You hardly ever hear so much as a peep out of it, unless there’s a major problem. Of course, we all know that the worst time to find out about a major problem is after the damage has been done. Fortunately, there are some ways to occasionally check your Active Directory’s health and make any necessary adjustments before a major problem develops. In this article series, I’ll share these techniques with you.
In this article, I’ll discuss some of the Active Directory support tools that are available to you. You can use these tools to diagnose and correct a variety of problems. Later in the series, I’ll explain how to use some performance monitoring techniques to pick up on more subtle signs of a developing problem.
Installing the Active Directory Support Tools
The basic Windows 2000 installation doesn’t include the Active Directory support tools. Instead, these tools are kept on the Windows 2000 installation CD until you manually install them. Installing the support tools requires a little over 18 MB of hard disk space.
To install the Active Directory support tools, log in as an administrator and insert your Windows 2000 installation CD. When you see the Windows 2000 splash screen, select the Browse This CD option. When the browse window opens, navigate through the CD’s directory to the SUPPORTTOOLS directory. Next, run the SETUP.EXE program.
When the Setup program completes, the support tools will be added to the Start menu under Start | Programs | Windows 2000 Support Tools | Tools. As you look at the menu options, keep in mind that they aren’t totally representative of your Active Directory diagnostic capabilities. As you’ve probably noticed, some tools on the menu (such as Disk Probe) have absolutely nothing to do with the Active Directory. Other Active Directory tools aren’t accessible through the menu.
Now that you’ve installed the Active Directory support tools, let’s begin looking at some of the individual tools.
Active Directory Administration Tool
As you may know, the Active Directory is Lightweight Directory Access Protocol (LDAP) based. The Active Directory Administration tool is nothing more than an LDAP tool. It allows the Administrator to perform basic LDAP functions on any LDAP directory. These functions may include such things as adding, deleting, searching for, or modifying objects.
When you first load the Active Directory Administration tool, you’re greeted with an empty window. To begin using the tool, select the Connect option from the Connection menu. When you do, you’ll be asked to supply some basic information, such as the name of the server and the LDAP port number. Once you’ve entered this information, there will be a brief delay while the Active Directory Administration tool connects to the server. When the connection has been made, you’ll see a summary of the server’s Active Directory status, as shown in Figure 1.
As you can see in the figure, the Active Directory Administration tool contains several menus. Each menu contains options you can use for interacting with the Active Directory, such as Search, Browse, Add, and Delete. Most of the menu options are self-explanatory.
|Replication in Windows 2000
As you may recall, in Windows NT 4.0, changes to the SAM could only be made on the primary domain controller (PDC). The PDC would then tell the backup domain controllers (BDCs) that a change had occurred. The BDCs would then download the changes when they had time.
The replication model I just described is in sharp contrast to Windows 2000’s multimaster replication model. In Windows 2000, when someone makes a change to the Active Directory, the change can be made to any domain controller. The change is then replicated to the other domain controllers. A number of factors are used to determine how often replication should occur and to avoid potential conflicts. For more information on this complex process, check out my series on replication (see the CrossLinks sidebar for links).
Active Directory Replication Monitor
The next support tool you should know about is the Active Directory Replication Monitor. As you may know, replication is a big deal in an Active Directory environment. Because of the complexity of replication in Windows 2000, there’s a lot of room for things to go wrong. Many administrators have a tendency to make sure that replication is working correctly as new domain controllers are added, but forget to occasionally check up on replication at other times. This is only natural, considering how busy most administrators are. However, unless you occasionally monitor the replication process, you may not notice that a minor replication problem exists until it grows into a big problem.
This is where the Active Directory Replication Monitor comes into play. This tool is designed to keep an eye on all your servers and make sure that replication is functioning correctly between them. Not only can you use this tool to view the current replication status, but you can also use the tool to manually force replication should you discover a problem.
Although the Active Directory Replication Monitor isn’t overly complicated to use, it has a lot of options. I’ll explore these options in detail in Part 2. I’ll then go on to discuss some other Active Directory support tools. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it’s impossible for him to respond to every message, although he does read them all.