1 00:00:00,940 --> 00:00:04,240 To use Restartable AD DS on a domain controller, 2 00:00:04,240 --> 00:00:09,090 you can just do a net stop ntds, and it stops the service on the machine, 3 00:00:09,090 --> 00:00:14,290 and it also stops dependent services, like if you're doing FRS replication, 4 00:00:14,290 --> 00:00:17,770 certainly the Kerberos key distribution center, 5 00:00:17,770 --> 00:00:19,820 DNS, and most importantly, 6 00:00:19,820 --> 00:00:23,470 the Active Directory database on that domain controller is 7 00:00:23,470 --> 00:00:26,740 inaccessible, and that would also affect FISMO roles. 8 00:00:26,740 --> 00:00:28,470 However, what do you get in return? 9 00:00:28,470 --> 00:00:28,610 Well, 10 00:00:28,610 --> 00:00:31,440 you don't have to keep rebooting the machine. Because the 11 00:00:31,440 --> 00:00:34,650 machine is still up, network connected, and online, you 12 00:00:34,650 --> 00:00:36,540 can do your object restores, 13 00:00:36,540 --> 00:00:40,440 you can do system state backup and restore, you can do your offline 14 00:00:40,440 --> 00:00:47,470 de‑fragmentation, and then simply do a net start ntds to start up AD DS and its 15 00:00:47,470 --> 00:00:51,670 dependent services again. You see what I mean? Now a best practice here is to 16 00:00:51,670 --> 00:00:55,140 make sure you have regular system state backup. 17 00:00:55,140 --> 00:00:59,180 System state backup, you might know, is a way to back up the core 18 00:00:59,180 --> 00:01:02,770 state of a domain controller. Particularly, it will back up the 19 00:01:02,770 --> 00:01:06,060 entire Active Directory database. 20 00:01:06,060 --> 00:01:10,290 And why do I say you should keep your system state within a 180‑day 21 00:01:10,290 --> 00:01:13,240 window? Hopefully, you back it up a lot more than that. 22 00:01:13,240 --> 00:01:17,020 It's that tombstone lifetime. You never want to be in a situation 23 00:01:17,020 --> 00:01:20,940 where you're restoring a system state and your conflicting with 24 00:01:20,940 --> 00:01:23,690 objects that have been deleted and tombstoned out. 25 00:01:23,690 --> 00:01:24,730 No, you don't want that. 26 00:01:24,730 --> 00:01:28,140 You want to make sure that you've got a recent system state. 27 00:01:28,140 --> 00:01:31,830 Lastly, let's troubleshoot Active Directory replication. Now, 28 00:01:31,830 --> 00:01:35,940 of course, we can use the Active Directory Sites and Services console, 29 00:01:35,940 --> 00:01:38,100 but for the purposes of AZ‑801, 30 00:01:38,100 --> 00:01:41,780 it's important that you know just a little bit about the old repadmin 31 00:01:41,780 --> 00:01:47,860 command line executable that uses syntax that takes us before Windows 32 00:01:47,860 --> 00:01:52,410 into MS‑DOS. If any of you are old like me, 33 00:01:52,410 --> 00:01:55,350 you remember DOS. We can do repadmin on a domain 34 00:01:55,350 --> 00:01:59,460 controller with /? to get syntax help. 35 00:01:59,460 --> 00:02:02,950 Some important commands you should know: showing overall 36 00:02:02,950 --> 00:02:05,440 replication help with replsummary, 37 00:02:05,440 --> 00:02:07,950 showing your replication partner for the current 38 00:02:07,950 --> 00:02:10,240 domain controller in its status. 39 00:02:10,240 --> 00:02:15,540 Remember that replication is a pull operation in AD. Show only replication 40 00:02:15,540 --> 00:02:20,210 errors. Basically, we're filtering showrepl. Show the replication queue. What 41 00:02:20,210 --> 00:02:24,040 changes haven't yet been replicated? Redadmin /queue. 42 00:02:24,040 --> 00:02:28,690 And then very importantly, to force a pull, that is on that domain controller, 43 00:02:28,690 --> 00:02:33,240 to query its replication partner and pull changes from it. 44 00:02:33,240 --> 00:02:39,440 Repadmin /syncall, and then you specify the /AeD. Yes, 45 00:02:39,440 --> 00:02:43,140 this helps me. I don't know about you, but it helps me appreciate the 46 00:02:43,140 --> 00:02:52,000 consistency of PowerShell syntax as opposed to these old command line tools that each have their own unique syntax.