Upload File

how active directory database really works · michael grafnetter how active directory database...

  • Home
  • Documents
  • How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:
52
Michael Grafnetter www.dsinternals.com How Active Directory Database Really Works Gold partner: Generální partner:

Upload: duongdat

Post on 17-Sep-2018

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Michael Grafnetter

www.dsinternals.com

How Active Directory Database

Really Works

Gold partner: Generální partner:

Page 2: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Agenda

AD Database Structure

– Tables

– Columns

– Links

– Indices

Query Optimization

DB Maintenance

Page 3: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory

Page 4: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory Architecture

Page 5: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory Data Store

Page 6: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Dsamain

Page 7: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Veeam Explorer for Active Directory

Page 8: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Esent Workbench

Page 9: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 10: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Datatable

DNT PDNT RDN objectClass sAMAccountName unicodePwd isDeleted

50 10 contoso domain false

100 50 Employees ou false

101 100 Bob user bob 2c4871c894… false

102 100 John user john d70c62e716… false

200 50 Computers container false

201 200 PC01 computer PC01$ 8bc50a4045… false

Page 11: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Partitions

Page 12: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Schema

Page 13: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 14: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Security Descriptors

Page 15: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 16: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Linked Multivalued Attributes

Page 17: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Linked Multivalued Attributes

Page 18: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 19: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Phantom Objects

Page 20: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Hidden Table

DC Object Link

DC OS Version

Highest Commited USN

Epoch

Last Backu USN

...

Page 21: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 22: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Query Optimization

Page 23: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Query Performance Matters

Page 24: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 25: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Creating a Large AD Database

Page 26: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Creating a Large AD Database

Page 27: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory Index Types

Attribute Index

Containerized Index (PDNT+Attribute)

Tuple Index

Subtree Index (Virtual List View Support)

Page 28: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Tuple Index"Active Dir"

"ctive Dire"

"tive Direc"

"ive Direct"

"ve Directo"

"e Director"

" Directory"

"Directory"

"irectory"

"rectory"

"ectory"

"ctory"

"tory"

"ory"

Page 29: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

SearchFlags Attribute

Page 30: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Indexed Attributes

Page 31: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

ANR Queries

Page 32: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 33: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory Diagnostics

Page 34: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Active Directory Diagnostics

Page 35: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 36: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Enabling Diagnostic Events

Expensive queries: Visit too many objects

Inefficient queries: return less than 10% of visited objects

HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

– 15 Field Engineering = 5 (Default = 0)

HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

– Expensive Search Results Threshold = 10 000

– Inefficient Search Results Threshold = 1 000

Page 37: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Inefficient Query Event

Page 38: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 39: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

LDAP Search Statistics Control

Page 40: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 41: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Deferred Index Creation (2012+)

Page 42: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Database Maintenance

Page 43: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

IFM Backup

Page 44: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Space Usage

Page 45: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Index-Attribute Mapping

Page 46: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 47: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Highest DNT (2012+)

Page 48: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Database Integrity Checks

Header – DB file staus

Checkpoint – Checkpoint file status

Checksum – Page checksum test

Recover – Copy commited transactions from log to DB

Integrity – Binary level checks

Semantic Database Analysis – Indexes, Security

Descriptors, Links,…

Page 49: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 50: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Database Epoch

Page 51: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

DEMO

Page 52: How Active Directory Database Really Works · Michael Grafnetter How Active Directory Database Really Works Gold partner: Generální partner:

Michael Grafnetter

www.dsinternals.com

How Active Directory Database

Really Works

Gold partner: Generální partner:


10 Sites I Really Really Need

REALLY, REALLY SIMPLE ACCOUNTING

Windows PowerShell 5 Preview April 2015 - DSInternals Grafnetter Windows PowerShell 5 Preview April 2015 Gold partner: Generální partner:

Generální ředitelství – Vězeňská služba České …...pr.-ice. a sport (Muller. Zisk:ini a upevneni n.ivvku pracovat tvyšuje ve mite soweného na reintegraci do demokratické

Active Directory Windows2003 Server. Agenda What is Active Directory What is Active Directory Building an Active Directory Building an Active Directory

Vermont Directory of Municipal Officialslocalroads.vermont.gov/.../Directory-of-Municipal-Officials.pdfVermont Directory of Municipal Officials . DIRECTORY OF TOWN OFFICIALS .

PHP Advantage 2020 Provider Directory Provider Directory . H7646_20-034_C . PHP Medicare . HMO-POS . Provider Directory . Provider Directory . This directory is current as of January

FactoryTalkimg.xuegongkong.com/Attachment/201310/...--FactoryTalk Directory HMI FactoryTalk Directory FactoryTalk Directory, HMI FactoryTalk Directory • • RSLogix RSLinx OPC RSLinx

Active directory basics- active directory

The Scale of the Cosmos “ The Universe is a big place. ” “ The Universe is a big place. ” Really big. Really big. Really, really big! Really, really big!

Operating Systems - user.it.uu.seuser.it.uu.se/~leomu203/osvt08/lec11.pdf · lm/os-vt08-l11-6 5/12/08 Directory Structure •Not really a hierarchy! –Many systems allow directory

Jiří Devát, generální ředitel Cisco Systems...2014/02/04  · Cisco Annual Security Report: 2014 Author Kevin Parra Created Date 2/5/2014 10:53:38 AM

The Internet Is Really Really Good

Generic Mapping Tool (GMT) 2017+ - University of Tokyookino/gmtscripts/GMT...Make new directory and check if new directory is really created. mkdir testdir File System / home users

Generální ředitelství – Vězeňská služba České republiky ... · my jsmc peedtim dospéli k byli razeni nesprávne. vyhrzili. po- tom musi respektovat rozhodnutí soudu

Colours of Ostrava 2016 / Program - img.cncenter.cz · Lucky Chops Nathaniel Rateliff & The Night Sweats Beth Ditto ... The Eagle Rock Gospel Singers Generální partner CESKÁ±

Really Wild Parties Really Wild Parties

Prezentace aplikace PowerPoint - UNECE€¦ · Generální partner Greenways Greenways The role of environmental NGOs in promoting walking and cycling. Daniel Mourek, CEG coordinator,

‘Just because it’s really, really cheap’

Test Doc PDF - with really long title with really long title with really long title with really long title with really long title with really long title with really long title with

Barnsley Directory for Professional LearningBC905/08 HENRY (Health, Exercise & Nutrition in the Really Young) 31/03/2017 Page 11 ... Exemplification materials 2015/16 Please Note

Student Engagement is really, really hard!

Understanding Active Directory Domains and Trusts …...Understanding Active Directory Domains and Trusts Active Directory Active Directory is the Microsoft implementation of directory

Stars Really Pick Stocks? New Evidence from a Bootstrap ...rady.ucsd.edu/faculty/directory/timmermann/pub/docs/bootstrap.pdf · alphas of star mutual fund managers survive, and are

Really, really good questions Pop Quiz

A QUICK WAY TO WRITE REALLY, REALLY BIG OR REALLY, REALLY SMALL NUMBERS. Scientific Notation

Mine Nationalization Critique- Really Really Awesome

India business directory list, India business list, India Business Directory & Post Free Ads, B2B, B2C directory services, Manufacturers directory, local services directory, India

Network Architecture & Active Directory … Architecture & Active Directory ... contents/articles/active-directory-replication-over ... Network Architecture & Active Directory Considerations

really really really awesome php application with bdd behat and iterfaces

Really Really Cool Photos

What Really, REALLY Bugs Me...Someimes

Really, Really Basic SEO

CONTENTS.cdn.cityofsydney.nsw.gov.au/learn/history/archives/sands/1920-1924/... · contents. city streets directory suburban directory alphabetical directory - trades directory. country

Join Our New Parish Picture Directory!...Join Our New Parish Picture Directory! How do I sign up? It’s really easy! Just go to the Parish Website () and click on the link or contact