Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory

………..

Common AD CS Maintenance Tasks

Managing role-based administration
Configuring and monitoring CA event auditing
Monitoring system services
Renewing CA certificate
Backing up and restoring the CA

Configuration of CA Event Auditing

Back up and restore CA database
Issue and manage certificate requests
Revoke certificates and publish CRLs
Store and retrieve archived keys
Start and stop AD CS
Change the CA configuration
Change CA security settings

Demonstration: How To Configure CA
Event Auditing

• To configure the CA for auditing of object access
• To configure CA event auditing

AD LDS Maintenance Tasks
AD LDS Maintenance Tasks include :
Monitoring system events and services
Backing up and restoring AD LDS instances
Performing an authoritative restore of directory objects

Backing Up AD LDS
Consider the following when backing up AD LDS:
By default each instance stores Adamntds.dit and associated log files
in %Program Files%\Microsoft ADAM\<instancename>\data.
You can use Windows Server® Backup or any compatible third party
backup utility to backup AD LDS.
You should ensure that the instance is started before backing up its AD
LDS folder.
You should ensure that you are a member of the Administrators group
or equivalent.

Restoration of Data to an AD LDS Instance
Consider the following when restoring data to an existing AD LDS instance:
Stop the AD LDS instance for which the data will be restored.
Use the backup program to restore the instance and overwrite existing files.
Restart the AD LDS instance.
Consider the following when data to an new AD LDS instance that does not belong to a configuration set:
Create a new instance specifying the same settings used during the original AD LDS installation, without creating an application partition.
Stop the newly created AD LDS instance.
Use the backup program to restore the instance and overwrite existing files.
Restart the AD LDS instance.

Performing an Authoritative Restore of Data on  an AD LDS Instance
Stop the running AD LDS instance for which the data is restored.
Use the backup program to restore the instance and overwrite existing files.
Activate the instance by using dsdbutil, at a command prompt.
Use dsdbutil to perform an authoritative restore using one of the following commands:
restore database
restore object dn
restore subtree dn Authoritative Restore
dsdbutil
Back Up Program
AD LDS

……………..

Cours pdf

Télécharger aussi :

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *