Active Directory 2008: Restartable Active Directory Facts


Restartable Active Directory is the ability to stop and restart Active Directory Domain Services without shutting down the domain controller. This allows you to apply updates to the domain controller or perform offline defragmentation of the AD DS database. It also allows services that do not depend on AD DS, such as DHCP, to continue functioning and responding to user requests. Restartable AD DS is available on all domain controllers that run Windows Server 2008, regardless of functional level.

Restartable AD DS makes it possible for a domain controller to be in any of the three states described in the table.

State Description
AD DS Started This is the state in which Active Directory is running and   fully functional.
AD DS Stopped This is the state in which Active   Directory is stopped. A domain controller in this mode has the following   characteristics:

  • The Active Directory database        (Ntds.dit) on the local domain controller is offline.
  • The domain controller cannot        service domain logon requests.
    • Another domain controller,         if available, can be contacted for logon using domain credentials.
    • If another domain controller         is not available, you can log on to the domain controller in DSRM using         the DSRM password.
  • The server is joined to a        domain, allowing Group Policy and other settings to continue to be        applied to the domain controller.
  • The domain controller cannot        replicate with other domain controllers.
  • You can run the dcpromo /forceremoval command to remove AD DS from a domain controller in        this state.
Directory Services Restore Mode This state is almost identical to   the Directory Services Restore Mode in Windows Server 2003. The one exception   is that you can run the dcpromo /forceremoval command to remove   AD DS from a domain controller running in DSRM. This is the state in which   you must run the machine to restore Active Directory objects using the Ntdsutil   utility.

***You should know the following about restartable AD DS:

  • You      cannot start a Windows Server 2008 DC in the AD DS Stopped state, but you      can restart it into DSRM.
  • Services      such as File Replication Service (FRS), Kerberos Key Distribution Center      (KDC), and Intersite Messaging that depend on AD DS shut down before AD DS      stops. If they are running when you stop AD DS, they restart when you      restart AD DS.
  • If      the domain controller is a DNS server, it cannot respond to Active      Directory-integrated zone queries while AD DS is stopped. To prevent DNS      lookup failures, provide redundancy by configuring member computers,      application servers, and domain controllers to point to multiple DNS      servers.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: