tra study guide preview 041805


2/69





3/69

Microsoft 83-640 Guide

www.transcender.com

3

Contents

Contents ......................................................................................................................... 3About Your Transcender Study Guide .......................................................................................................... 4Configuring the Domain Name System (DNS) for Active Directory .......................... 5Configure Zones ............................................................................................................................................ 6Configure DNS server settings.................................................................................................................... 22Review Checklist: Configuring the Domain Name System (DNS) .............................................................. 38Configuring the Active Directory Infrastructure ....................................................... 39Configure a Forest or a Domain .................................................................................................................. 40Configure Trusts .......................................................................................................................................... 44Configure Sites ............................................................................................................................................ 48Configure Active Directory Replication ....................................................................................................... 51Configure the Global Catalog ...................................................................................................................... 54Configure Operations Masters .................................................................................................................... 56Review Checklist: Configuring the Active Directory Infrastructure.............................................................. 61Configuring Additional Active Directory Server Roles ............................................ 62Configuring Active Directory Lightweight Directory Service (AD LDS) ....................................................... 63Configuring Active Directory Rights Management Service (AD RMS)........................................................ 89Configuring a Read-only Domain Controller (RODC) Scope .................................................................... 93Configuring Active Directory Federation Services (AD FS) Scope ........................................................... 98Review Checklist: Configuring Additional Active Directory Server Roles ................................................. 115Creating and Maintaining Active Directory Objects ............................................... 116Automating the Creation of Active Directory Accounts ............................................................................. 117Maintaining Active Directory Accounts ...................................................................................................... 122Creating and Applying Group Policy Objects (GPOs) .............................................................................. 138Configuring GPO Templates Scope ......................................................................................................... 147Configuring Software Deployment GPOs ................................................................................................. 153Configuring Account Policies Scope ........................................................................................................ 156Review Checklist: Creating and Maintaining Active Directory Objects ..................................................... 162Maintaining the Active Directory Environment ....................................................... 163Configure Backup and Recovery .............................................................................................................. 164Perform Offline Maintenance .................................................................................................................... 185Monitor Active Directory ............................................................................................................................ 188Review Checklist: Maintaining the Active Directory Environment............................................................. 191Configuring Active Directory Certificate Services ................................................. 192Install Active Directory Certificate Services .............................................................................................. 193Configure CA Server Settings ................................................................................................................... 200Manage Certificate Templates .................................................................................................................. 211Manage Enrollments ................................................................................................................................. 217Manage Certificate Revocations ............................................................................................................... 224Review Checklist: Configuring Active Directory Certificate Services ........................................................ 233Test Taking Strategies .............................................................................................................................. 234


4/69


www.transcender.com

4

About Your Transcender Study Guide

IT professionals agree! Transcender has consistently been voted the industry's #1 practiceexam. This Study Guide complements your TranscenderCertTM practice exam.

The Study Guide is objective-driven and contains a variety of tools to help you focus your studyefforts. Each Study Guide contains structured sections to help you prepare for your certificationexam: Scope :: identifies the learning objectives for each section Focused Explanation :: provides definitions, in-depth discussions and examples Review Checklist :: highlights the key learning points at the end of each major section

Additional sections to further assist you are located at the end of each Study Guide: Test Taking Strategies General Tips Explanation of Test Item Types

The following study model will help you optimize your study time.

Transcenders commitment to product quality, to our team and to our customers continues todifferentiate us from other companies. Transcender uses an experienced team of certifiedsubject-matter experts, technical writers, and technical editors to create and edit the most in-depth and realistic study material. Every Transcender product goes through a rigorous, multi-stage editing process to ensure comprehensive coverage of exam objectives. Transcenderstudy materials reinforce learning objectives and validate knowledge so you know youreprepared on exam day.

Assess your currentknowledge level

Take a Transcenderpractice exam usingPreset Experience

The objective-basedscore report showsyou the areas whereyou are strong andthe areas where youneed to focus yourstudy efforts

Read the StudyGuide by objective

Use the practiceexam in OptimizeExperience mode

Study the test itemsby objective

Use the includedTranscenderFlashcards to review keyconcepts

Use your favoritereferences to getfurther informationon complex material

Take a Transcenderpractice exam usingPreset Experienceagain

If you didnt score 100%,go back to your studyplan and focus on weakareas

Study those objectiveareas where you didntscore 100%

Keep practicing untilyou consistently score100% in all areas

PrepareTo

Pass

Track yourprogress

Focus onweak areas

Assess yourknowledge

Develop aStudy Plan

Start early, at least6 weeks out

Dont try to cram

Set aside specific

study timesUse a disciplinedapproach so youcan thoroughlyprepare

Stick to your plan


5/69


www.transcender.com

39

Configuring the Active DirectoryInfrastructure


6/69


www.transcender.com

40

Configure a Forest or a Domain

Scope

Learn to install Active Directory Domain Services (AD DS).

Learn to remove a domain.

Learn to raise forest and domain functional levels.

Focused Explanation

Active Directory Domain Services (AD DS) is a server role of the Windows Server 2008 operating system.

AD DS provides a distributed directory service that can be used for centralized, secure management of a

network. AD DS is required for directory-enabled services.

Installing AD DS

Before installing the AD DS server role on a server, you must configure appropriate Transmission Control

Protocol/Internet Protocol (TCP/IP) and DNS server addresses.

You can add the AD DS server role by starting the Add Roles wizard from the Server Manager console.

This wizard installs files that are required to setup and configure AD DS on a server. After installing the

necessary files, the wizard prompts you to run the dcpromo command at the command-line.

Unattended Installation of AD DS

There are several new options in Windows Server to perform an AD DS unattended installation. The

unattended installation method is typically used for Server Core installations. The unattended installation

method to install AD DS is the same whether a server is running a full installation or a Server Core

installation of Windows Server 2008.

The dcpromo command provides you with two different methods to perform an unattended installation.

You can create an answer file that contains all the required parameters or you can use the /unattend

option and specify all the required parameters in the command line.

The syntax for thedcpromocommand is as follows:

dcpromo [/answer[:] | /unattend[:] | /unattend

Note: For the /answer option, you must specify the answer file name that contains installation parameters

and values. However, for the /unattend option, specifying an answer file name is optional.


7/69


www.transcender.com

41

Using Active Directory Migration Tool (ADMT) v3

The ADMT v3 simplifies the process of restructuring the operating environment to meet an organizations

requirement. You can use ADMT v3 to migrate users, groups, and computers from Microsoft Windows NT4.0 domains to Active Directory domains.

ADMT v3 can also be used to migrate between Active Directory domains in different forests, known as

interforest migration; and between Active Directory domains in the same forest, known as intraforest

migration. ADMT v3 also performs security translation from Windows NT 4.0 domains to Active Directory

domains and between Active Directory domains in different forests.

Using the Forestprep and Domainprep utilities

Adprep.exe is a command-line tool that extends the Active Directory schema and updates permissions toprepare a forest and domain for a Windows Server 2008 DC. The dcpromo command-line tool isaccessible from the Windows Server 2008 DVD. You can go to\sources\adprep folder to access the

adprep.exe command-line tool and use the elevated command prompt to run the command.

The syntax of the adprep command is as follows:

adprep {/forestprep | /domainprep | /domainprep /gpprep | /rodcprep | /wssg | /silent}

The /forestprep option

The /forestprep option prepares a forest for a Windows Server 2008 DC.Running the adprep /forestprep command can only be run once and is performed at the forest level.This command should be run only on the DC that holds the schema operations master role. Theadministrator who runs this command must be a member in at least one of the following groups:

Schema Admins groupEnterprise Admins group

Domain Admins group

Domainprep is the option used to set up a domain for a Windows Server 2008-based domain controller.

First, run the adprep /forestprep command. After the changes replicate to all the DCs in the forest, run

the adprep /domainprep command in each domain that contains a Windows Server 2008 DC. However,

you must ensure that the DC holds the infrastructure operations master role for the domain. An

administrator must be a member of the DomainAdmins group to run this command.

You can also use the /domainprep with the /gpprep option. The /gpprep option also provides neededupdates, which are necessary for enabling the Resultant Set of Policy (RSoP) Planning Mode

functionality.


8/69


www.transcender.com

42

Removing a Domain

To remove an Active Directory domain, you must first demote all DCs that are associated with thedomain. If a DC is a global catalog, ensure that another global catalog is available before demoting it.

To remove a domain, you must hold a membership in one of the following groups:

Domain Admins group in the forest root domain

Enterprise Admins group

Before you attempt to remove a domain in your Active Directory environment, you must be aware thatremoving a domain will erase all domain records, such as user/computer accounts, group membershipaccounts, and more.

To remove a domain, perform the following steps:

1. Run the dcpromo command on the last DC in the domain.

2. When the Active Directory Installation wizardappears, click Next.

3. When the Remove Active Directory page appears, select the

This server is the last domain controller in the domain check box.

4. Click Next and follow the wizard prompts to complete the domain removal process.


9/69


www.transcender.com

43

Raising the Functional Levels of Windows Server 2008 Forests and Domains

Windows Server 2008 provides three domain and forest functional levels: Windows 2000, Windows

Server 2003, and Windows Server 2008. Windows 2000 is the default functional level for forests and

domains.

Once the functional level of a domain or forest is raised, DCs that are running previous versions ofWindows cannot be added. For example, if the domain or forest functional level is raised to WindowsServer 2003, then no Windows 2000 Server DCs can be added.

To raise a domains functional level, perform the following steps:

1. Open the Active Directory Domains and Trusts console from Administrative Tools.

2. Select the domain from the console tree. Open the Action menu and click Raise Domain

Functional Level.

3. When the Raise Domain Functional Level dialog box appears, select the appropriate functional

level from the drop down menu and click OK.

The available domain functional levels are as follows:

Windows Server 2003: Choose this level if your network infrastructure includes WindowsServer 2003-based DCs.

Windows Longhorn Server: Choose this level if your network infrastructure includes onlyWindows Server 2008-based DCs.

4. Click OK to confirm the domain functional level.

If you encounter problems in raising the functional level for a forest, click Save As in the Raise ForestFunctional Level dialog box. Doing so will save a log file that specifies which DCs in the forest need tobe upgraded.


10/69


www.transcender.com

44

Configure Trusts

Scope

Understand trust relationships.

Learn about selective authentication.

Learn about forest-wide authentication.

Focused Explanation

A trust relationship is a relationship between domains that allows the DC of one domain to authenticate

users from another domain. For example, if a trust relationship exists where Domain A trusts Domain B,

then Domain B users can access resources in Domain A and can log on to stations in Domain A with their

user accounts and passwords from Domain B. Trusts in a forest are created automatically during the

creation of domains.

Trusts can be configured in two directions: one-way, which is referred as non-transitive, or two-way, whichis referred to as transitive. Transitive trust is automatically created for all domains within a forest. In activedirectory, all trust relationships within a forest are two-way or transitive trusts. In a transitive trusts, therelationship between domains is not only two-way but also transitive. For example, Domain1 has atransitive trust relationship with Domain2 and Domain2 has a transitive trust relationship with Domain3. Inthis scenario, a transitive trust relationship is automatically formed between Domain1 and Domain3.

Transitive Trust Relationships

A transitive trust relationship is created automatically for all domains within a forest. Therefore, any

domain in the forest can authenticate any domain-based account from any domain within the forest. With

a single logon process, accounts with the proper permissions can access resources in any domain in the

forest..

You can use the New Trust Wizard to manually create various transitive trusts, such as a Shortcut trust, aForest trust, or a Realm trust. As its name implies, a shortcut trust will shorten the trust path. Shortcuttrusts are generally configured in a large and complex domain tree or forest in the Active Directoryenvironment where a transitive trust is formed between a domain in the same domain tree or forest. Aforest trust designed to form a transitive trust between the Forest root domain and a second forest rootdomain.

In case of a Realm trust, you form a transitive trust between the following:

Active Directory domain

Kerberos V5 realm


11/69


www.transcender.com

45

Configuring Shortcut Trusts

If users have to logon to different domains in a tree multiple times a day, and the domains are not directly

connected, the authentication request will traverse to the highest common domain. A shortcut trust

between two such domains eliminates the need for user logon authentication at each traversed domain.You can create a shortcut trust by using the netdomtrust command.

To configure a shortcut trust, you must perform the following steps:

1. Open the Active Directory Domains and Trusts console from Administrative Tools.

2. Right-click the domain node for the domain with which you want to establish a shortcut trust from

the console tree.

3. Click Properties and select the Trusts tab.

4. Click New Trust, then click Next to access the Trust Name page.

5. Specify the DNS and NetBIOS names for the domain, then click Next.

6. On the Direction of Trust page, perform one of the following actions:

For users in this domain and users in the specified domain to use this trust path, click Two-

way.

For only users in this domain to use this trust path, click One-way:incoming.

For only users in the specified domain to use this trust path, click One-way:outgoing.

7. Continue to follow the instructions in the wizard.

If you want to create both sides of a shortcut trust at the same time, click the Both this domain and the

specified domain option on the Sides of Trust page. To be able to perform this configuration, you must

have administrative rights in both domains to configure this type of trust relationship.

Selective Authentication

Trusts between forests can use legacy authentication settings or selective authentication. Selective

authentication is a security setting for external trusts and trusts between forests. With selective

authentication, administrators can choose the users who should have rights to access shared resources

in the trusting forest. Selective authentication helps enable Active Directory administrators grant

permission for specific users in another forest.

Configuring selective authentication

To enable selective authentication, you must use the following command:

Netdom trust TrustingDomainName /domain: TrustedDomainName /SelectiveAuth:Yes

/usero:domainadministratorAcct/password:domainadminpwd


12/69


www.transcender.com

46

To enable selective authentication over an external trust by using the Windows interface, you mustperform the following steps:

1. Open Active Directory Domains and Trusts console from Administrative Tools.

2. From the console tree, select the appropriate domain.

3. Open the Action menu and click Properties.

4. Open the Trusts tab and select the appropriate external trust:

Domains trusted by this domain (outgoing trusts)

Domains that trust this domain (incoming trusts)

5. Click Properties and select the Authentication tab.

6. Click the Selective Authentication option.

7. Click OK.

To enable selective authentication over a forest trust by using the Windows interface, you must perform

the following steps:

1. Open the Active Directory Domains and Trusts console.

2. In the console tree, right-click the domain node for the forest root domain, and click Properties.

3. On the Trusts tab, select the forest trust that you want to configure under either Domains

trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming

trusts), then click Properties.

4. On the Authentication tab, click Selective authentication, then click OK.


13/69


www.transcender.com

47

Forest-wide authentication

The forest-wide authentication setting permits unrestricted access to all available resources in any of

the domains in the trusting forest. This is the default authentication setting for forest trusts, and it is

representative of the way authentications can be routed without restriction.

You can enable forest-wide authentication over a forest trust by using the New Trust wizard in Active

Directory Domains and Trusts or by using the Netdom command-line tool.

To enable forest-wide authentication over a forest trust by using the Windows interface, you must perform

the following steps:

1. Open the Active Directory Domains and Trusts console.

2. In the console tree, right-click the forest root domain, and click Properties.

3. On the Trusts tab, select the forest trust that you want to configure under either Domains

trusted by this domain (outgoing trusts) or Domains that trust this domain (incomingtrusts), then click Properties.

4. On the Authentication tab, click Forest-wide authentication, then click OK.

Note: Only the authentication settings for the outgoing trust are displayed when you click the

Authentication tab. To view the correct authentication settings for the incoming side of a two-way forest

trust, connect to a DC in the trusted domain, then use the Active Directory Domains and Trusts

console to view the authentication settings for the outgoing side of the same trust.


14/69


www.transcender.com

48

Configure Sites

Scope

Learn to create Active Directory subnets.

Learn to configure site links.

Learn to configure site infrastructure.

Focused Explanation

Sites are the physical structure, or topology, of a network. In a network, sites represent the physical

structure. Site objects and their contents are replicated to all DCs in the forest, regardless of the domain

or site.

You can use the Active Directory Sites and Services snap-in to manage the site, subnet, and site link

objects that combine to influence the replication topology.

Create a Subnet

A site consists of subnets. A subnet is the set of all addresses behind a single interface on a router. When

you associate a site with one or more subnets, you assign a set of IP addresses to the site. The address

prefix for an AD DS subnet must conform to the IP version 4 (IPv4) or IP version 6 (IPv6) format.

To create a subnet, you must access Active Directory Sites and Services console from AdministrativeTools, then perform the following steps:

1. Under console tree, expand Sites.

2. Select Subnets, access the Action menu and click the New Subnet option. The New Object

Subnet dialog box appears.

3. Type your subnet prefix, for example, IPv4 or IPv6, under the Prefix section.

4. At the bottom of the New Object Subnet dialog box, select the site that will be associated with

this subnet.

5. Click OK.


15/69


www.transcender.com

49

Site links

To provide the most updated Active Directory information, you replicate the Active Directory or the default

site associated with it. To replicate a site, you must create another site, then transfer the information to

the second site. The transfer of information is possible only if the sites are connected or if there is a routebetween the sites for the information to travel. The association or route between sites is referred to as a

site link. To create a site link, you must first access Active Directory Sites and Services from

Administrative Tools, and then perform the following steps:

1. Under console tree, expand Sites > Inter-Site Transport.

2. Select the inter-site transport protocol, for example IP or SMTP.

3. Click Action in the menu bar.

4. Click New Site Link. The New Object Site Link dialog box appears.

5. Specify a unique name for your new site link.

6. Under Sites not in this site link, select each site from the left pane and click the Add button.

Click the Remove button to remove any site from the list.

7. Click OK.

Site link costing

When more than one route is available between two sites, inter-site replication occurs on the route with

the least cost. If a DC is not available at the time that the replication topology is created, the next least-

cost route is used. All site links are transitive and the Bridge all site links option is enabled by default. A

site link bride creates a bridge between multiple sites. The site link bridge allows site links to have acommon site between different sites.

To configure site link cost, you must first access Active Directory Sites and Services console from

Administrative Tools, and then perform the following steps:

1. Under console tree, expand Sites > Inter-Site Transport.

2. Select the site link from the right pane then click Action from the menu bar

3. Click Properties.

4. Specify a value for the cost of replication. This needs to be performed in the Cost section in thesite link properties window.

5. Click OK.

Note: You cannot apply costs directly to site link bridges.


16/69


www.transcender.com

50

Configure Site Infrastructure

Site infrastructure is stored in the directory as site, subnet, and site link objects. When you add the AD DS

server role to create the first DC in a forest, a default site is created in AD DS. If this is the only site in thedirectory, all DCs are assigned to this site. If your forest has multiple sites, you must create subnets that

assign IP addresses to the default and additional sites.

Multiple subnets can be attached to a site. To associate a subnet with a site, you must access Active

Directory Sites and Services console from Administrative Tools, then perform the following steps:

1. Under console tree, expand Sites.

2. Select Subnets. Click Action from the menu bar.


4. Under the properties window of your subnet, select the site. You perform this step to associate

site with the subnet.

After you associate the subnets, you have to create site links with the other sites in your network. This

needs to be performed only if your network consists of multiple sites.


17/69


www.transcender.com

51

Configure Active Directory Replication

Scope

Learn to configure one-way replication.

Learn to configure a bridgehead server.

Learn to configure replication scheduling.

Learn to configure replication protocols.

Focused Explanation

The Active Directory database on any DC can be changed. All DCs in the Active Directory environment

maintain a record of any modification made to any DC in the forest. Replication in Active Directory

enhances the ability to maintain synchronized records on all DCs. In addition, it also ensures that any

modification made to the replica on one DC is updated in the records of other DCs. Replication canhappen only between two DCs, whereas information synchronization can be performed for an entire

forest of DCs in the Active Directory environment.

Configure One-way Replication

To configure Active Directory replication between two sites, replication should be performed on a

continual basis. A replication connection varies between a persistent connection and a one-way initiated

on-demand connection. If you imply a persistent connection, you can also configure replication

scheduling by specifying time intervals for replication to happen. A one-way initiated on-demand

connection is more of a manual process where Active Directory replication is initiated from a particular

site whenever there is a need. Microsoft recommends that you build a reciprocal replication when you

plan to initiate a one-way Initiated on-demand connection configuration by using the Active DirectoryService Interfaces (ADSI) Edit snap-in.

Great care should be taken when making any changes to the Active Directory object attributes in the

ADSI Edit snap-in. Incorrect changes could cause severe problems to the servers operating system ,

which may require reinstallation to correct.

To enable one-way replication on a site link, you must perform the following steps:

1. Use the adsiedit.mscrun command to open the ADSI Edit snap-in on a DC.

2. Under Connection Point choose Select a well know Naming Context. Choose

Configuration.

3. Navigate to the Configuration Sites Inter-Site Transports containers.

4. Select the CN=IP option.


18/69


www.transcender.com

52

5. Under the Details pane, right-click the desired site link object and click the Properties option.

Note: The site link objects that you choose are for the sites for which you wish to enable

reciprocal replication.

6. Under the Attributes box, double-click Options.

7. From the Integer Attribute Editor dialog box, you can perform one of the following actions:

Specify the value as 2, if the Value box displays the value as .

If a value is displayed, you should convert the integer value to a binary value. In addition,

use the binary or operation to join that value with the binary value of 0010, then specify

the outcome of the integer value under the Value box.

Configure a Bridgehead Server

When communication takes place between different sites, it is advantageous to reduce the amount ofbandwidth used. To accomplish this, the Knowledge Consistency Checker (KCC) automatically selects a

server that will handle communication for each site. These servers are known as bridgehead servers.

The selection process for a bridgehead server can be performed manually. You can select a server to

function as a primary bridgehead server. For added redundancy, you can also select multiple servers.

However, only one server can be active at any given time. The other servers function as backup servers

and only become active when the active bridgehead server fails. In the event that none of the designated

servers is available, the task of inter-site communication is handled by a DC.

To designate a bridgehead server, you must access Active Directory Sites and Services console fromAdministrative Tools, then perform the following steps:

1. Expand the Sites branch node.

2. Expand the site node that contains the server.

3. Select the Servers container.

4. Right-click the server and select Properties.

5. Choose the protocol for which the server should function as a preferred bridgehead server. Then

click OK.


19/69


www.transcender.com

53

Configure replication scheduling

To control replication between two sites, also known as inter-site replication, and to configure settings on

the site link object to which the sites are added, you can use the Active Directory Sites and Services

snap-in. By configuring certain settings on a site link object, you can when and how often replicationoccurs between two or more sites.

To configure inter-site replication availability, you must access the Active Directory Sites and Servicesconsole from Administrative Tools, and perform the following steps:

1. In the console tree, select the inter-site transport folder that contains the site link for which you

are configuring inter-site replication availability.

2. Select the appropriate site link, then click Action from the Menu bar.


4. Click Change Schedule under the site link Properties window.

Note: When you are logged on with an account that does not have sufficient credentials to

change the schedule, you can still view the schedule by clicking View Schedule.

Select the block of time during which you want replication to be either available or not available, and click

Replication Not Available or Replication Available, respectively.

Force Inter-site Replication

A site object in Active Directory contains a compilation of IP subnets in which several sites are connectedto each other for replication. Active Directory site management involves the following:

the addition of new subnets

the addition of new site link objects

the configuring cost and scheduling for site l inks

For inter-site replication optimization, an administrator can perform cost and scheduling modifications.You can also remove sites and associated objects during the following circumstances:

if there is no need for replication

if clients do not require sites or discover network resources

Repadmin and replmon are the command-line tools that can be used to perform force replication.


20/69


www.transcender.com

54

Configure Replication Protocols

To define a route for replication data to travel across the network, a replication topology is created. Inorder to create a replication topology, Active Directory must identify each DCs replication schedule. Site

replication is performed by using the following protocols:

Simple Mail Transfer Protocol (SMTP)

Remote Procedure Call (RPC)

Microsoft recommends use of SMTP protocol because it offers a higher level of security when a firewall

boundary is crossed. You can also use Replication Monitor, which provides a graphical representation of

replication topology.

Configure the Global Catalog

Scope

Learn how to configure Universal Group Caching.

Focused Explanation

The global catalog (GC) is the set of all objects in a forest. GC, a DC in the Active Directory forest, isresponsible for maintaining the following:

Full copy records: Contains all objects of its host domain

Partial copy records: Contains a read only copy of all other domains in the forest

When you install AD DS, the first DC that you create in the Active Directory forest will automatically be

created in the same DC. However, it is also possible to provide GC functionalities to other DCs in theforest. If necessary, you can also remove the GC from a DC.

Universal Group Membership Caching

In some scenarios, a new domain that is added to a forest does not have a GC server. In such a domain,

if the DC is running Windows Server 2008, you can enable the Universal Group Membership Caching

feature. When this feature is enabled, the user's universal group membership information is cached on

the DC the first time that a user logs on to a domain. For subsequent logons, the DC uses cached

memberships to process the logon.


21/69


www.transcender.com

55

Enabling Universal Group Membership Caching

The Universal Group Membership Caching feature for a site can be enabled through the Active

Directory Sites and Services snap-in. This can be performed by accessing the Properties window of

the NTDS Site Settings and selecting the Enabling Universal Group Membership Caching check boxunder the Site Settings tab as displayed in Figure 2-1:

Figure 2-1: NTDS Site Settings Properties Window

When Universal Group Membership Caching is enabled, caching begins during the initial logon ofuniversal and global group memberships, after which the cache is updated on a regular basis. You canalso define which site is to be used by accessing the NTDS Site Settings Properties dialog box underthe Site Settings tab. This can be performed from Refresh cache from list. In some cases, when you donot define any site to use, the cost setting that has been configured will determine which cost effectiveconnection to be used to communicate with a GC server. To perform this action, the closest-sitemechanism is followed.

An Active Directory site should have a DC with a GC server and a DNS server installed. If you areconcerned about the amount of replication traffic that the GC server produces, you can enable UniversalGroup Membership Caching for Active Directory sites that have 100 users or less and remove the GCserver from the site.


22/69


www.transcender.com

56

Note: A local domain user can log on only to the local computer and will not be allowed to enter thedomain. This is true when the GC server is not available and the local domain user has not previouslylogged in to the domain. By default, the privilege of logging on to the domain without an available GC isassigned only to domain administrators as they are allowed to log in to a domain even in the absence ofGC server.

Configure Operations Masters

Scope

Understand Flexible Single Master Operations (FSMO) roles.

Learn to manage Operations Master roles.

Learn how to extend Active Directory schema.

Focused Explanation

Active Directory in a Windows-based environment is referred to as a multimaster-enabled database

system. This system consists of five Operations Master roles, or Flexible Single Master Operations

(FSMO):

Domain-Naming Master

Schema Operations Master

Relative Identifier (RID) Master

Infrastructure Master

Primary Domain Controller (PDC) Operations Master

As a multimaster-enabled database, Active Directory provides greater flexibility by allowing modifications

to occur on any DC in the forest. There are specific tasks allocated to each DC that contain one or more

Operations Master roles, thereby ensuring greater efficiency towards updates that occur in the Active

Directory database.

The domain-naming master and schema operations master roles are considered forest-wide roles. This

means that there will be only a single domain-naming master and schema operations master roles in the

entire forest. However, of the other Operations Master roles, the RID master, the infrastructure master

and the PDC operations master roles, are referred to as domain-wide roles. These roles are present in

each domain of a forest.


23/69


www.transcender.com

57

Manage Operations Master Roles

There are five operations master roles in Active Directory.

Domain-Naming Master Role: The DC that holds the domain-naming Master role is responsible formanaging the inclusion and exclusion of all domains in the directory partition. The following actions can

be performed by a DC that has been designated as the domain naming master role:

the removal of existing domains or addition of new domains to the forest

the removal of existing application directory partitions or addition of new application directory

partitions to the forest

the replication of existing application directory partitions and the addition of the replicas to other

DCs

the addition of cross reference objects to external directories

the removal of cross reference objects from external directories

the preparation of a forest in order to rename a domain

Schema Operations Master Role: The DC that holds the schema operations master role is the only DC

in the entire forest that can perform write operations to the Active Directory schema. The schema

operations master role in the Active Directory environment manages and performs updates that are

necessary to the Active Directory schema. The DC that acts as the schema master role performs the

necessary updates to the Active Directory schema; those updates are then replicated to the other DCs in

the forest. Update conflicts are reduced because the schema operations master role is a forest-wide role.

RID Master Role: The DC that holds the RID Master role is responsible for allocating blocks of RIDs to all

DCs in the domain. This DC assigns a unique security identifier (SID) to every new object it creates. The

SID is a combination of two identifiers: the domain SID and the RID. The domain SID uniquely identifies

the domain, and all objects within that domain are assigned the same domain SID. The RID is unique for

each object in a particular domain. These two identifiers form the SID for an object.

Infrastructure Master Role: The DC that holds the infrastructure master role is an important part of

managing updates to object references. The updates will be delayed in the Active Directory environment

in the absence of the infrastructure master. This role is responsible for updating object references locally

and keeping domain replicas updated by performing replications. The object reference consists of the

Globally unique identifier (GUID) and Distinguished name. The infrastructure master periodically updates

the distinguished name and the SID on the object reference and reflects all modifications that have been

made to the original objects.


24/69


www.transcender.com

58

PDC Operations Master Role: On a network environment where the client computers in a particular

network segment are operating without Active Directory client software or functioning without Windows

NT backup domain controllers (BDC), the computer that holds the PDC operations master role acts as a

Windows NT PDC to manage that network segment. It is also responsible for processing and managing

logon password changes. If a user supplies an incorrect password while attempting to log on to a DC, therequest for authentication is forwarded to the PDC operations master role before the DC rejects the

authentication request.

Reassigning Operations Master Roles

There are two methods of reassigning an Operations Master role: transfer or seizure. The transfer method

refers to moving the Operations Master role from one DC to another in the Active Directory environment.

When you transfer an Operations Master role from one DC to another, the former DC replicates all recent

updates to the new DC. This prevents information loss during the transfer. The former DC also

reconfigures itself to accept the role transfer and resumes its normal operations without the particular

Operations Master role.

Role seizure is performed when an Operations Master role must be forcibly removed from a DC and

assigned to another DC in the Active Directory domain. A disadvantage of performing a role seizure is

that any recent changes made to the role will not be updated to the new DC; they will be lost. The former

DC is not available to keep the updates and replicate the recent changes (as in the case of a transfer)

during the role seizure process. Therefore, it is recommended that role seizure be performed only when

no other option is available.

The Active Directory Schema snap-in enables you to move the schema operations master role to a

different DC. A domain-naming master role can also be moved to a different DC in the network by using

the Active Directory Domains and Trust snap-in or the ntdsutil tool. With ntdsutil, you can seize or

transfer any forest-wide and domain-wide role.

If you decide to use the Active Directory Schema snap-in for moving the schema operations master

role, then you should access the Active Directory Schema snap-in and perform the following steps:

1. Right-click Active Directory Schema from the console tree.

2. Click Change Domain Controller.

3. Click Specify Name to enter the DC to which the schema operations master role will be

transferred.

4. Right-click Active Directory Schema from the console tree.

5. Click Operations Master. Then click Change.


25/69


www.transcender.com

59

To move a domain-level Operations Master role from the Active Directory Schema snap-in, perform thefollowing steps:

1. Highlight Active Directory Users and Computers then click Action from the menu bar.

2. Click Connect to the Domain Controller.

3. Click the name of the server from the list of available DCs to which the role will be transferred..

4. Click OK.

5. Highlight Active Directory Users and Computers, then click Action from the Menu bar.

6. Click All tasks, then click Operations Masters. The current operations master role holders are

displayed in the lower box.

7. Click the tab that corresponds to the role that must be transferred: RID, PDC, or Infrastructure.

8. Click Change once the computer names that are displayed have been confirmed.

9. Click Yes to transfer the role.

10. Click OK.

To seize an Operations Master role, you can run the ntdsutil.exe command from a command prompt,and then perform the following steps:

1. Under the ntdsutil utility, type roles, then press the Enter key at the ntdsutil: prompt.

2. When the fsmomaintenance: prompt in the ntdsutil utility appears, type connections, thenpress the Enter key.

3. When the server connections: prompt appears, type connect to server , then

press the Enter key.

4. Once notified of a successful connection, type quit, then press Enter. Type the required

command and press the Enter key according to the role that must be seized. This step should be

performed at the fsmo maintenance: prompt in the ntdsutil utility. At the fsmo maintenance:

prompt, type the appropriate command for the role that must be seized and press the Enter key.


26/69


www.transcender.com

60

Table 2-1 shows a list of the available commands:

Role Credential Command

Domain-naming master Enterprise Admins Seize domain naming master

Schema operations master Enterprise Admins Seize schema master

Infrastructure master Domain Admins Seize infrastructure master

PDC operations master Domain Admins Seize pdc

RID master Domain Admins Seize rid master

Table 2-1: Seizing Role Commands

The system asks for confirmation. It then attempts to transfer the role. When the transfer fails, the errorinformation appears and the system proceeds with the seizure. After the seizure is complete, a list of the

roles and the LDAP name of the server that currently holds each role appears.

Note: During seizure of the RID master, the current role holder attempts to synchronize with its replication

partners. If it cannot establish a connection with a replication partner during the seizure operation, it

displays a warning and confirms that you want the role seizure to proceed. Click Yes to proceed.

Run the quit command twice to exit from ntdsutil utility.

Extending Active Directory Schema

Some features and server roles require corresponding updates to the Active Directory schema. Theseschema additions are automatically installed when you create an Active Directory forest. Before extendingthe Active Directory schema, you must ensure that all DCs in the Active Directory forest are online andare performing inbound replication.

Steps toextend the Active Directory schema

1. Log on to the computer that holds the schema operations master role as a member of the

Schema Admins group and the Enterprise Admins group.

Note: If you do not know which computer holds the schema operations master role, type Netdom

query FSMO at a command prompt, then press Enter:

2. Type repadmin /showrepl to verify that the schema operations master has performed inbound

replication of the schema directory partition since the last time server restarted.3. Type adprep /forestprep at the command prompt, then press the Enter key.

Note: When you change the schema on the schema operations master, the changes are automatically

propagated to all other DCs in the forest. Therefore, it is not necessary to perform this operation on other

DCs.


27/69


www.transcender.com

61

Review Checklist: Configuring the Active Directory Infrastructure

Learn to install Active Directory Domain Services (AD DS).

Learn to remove a domain.

Learn to raise forest and domain functional levels.

Understand trust relationships.

Learn about selective authentication.

Learn about forest-wide authentication.

Learn to create Active Directory subnets.

Learn to configure site links.

Learn to configure site infrastructure.

Learn to configure one-way replication.

Learn to configure a bridgehead server.

Learn to configure replication scheduling.

Learn to configure replication protocols.

Learn how to configure Universal Group Caching.

Understand Flexible Single Master Operations (FSMO) roles. Learn to manage OperationsMaster roles.

Learn how to extend Active Directory schema.


28/69


www.transcender.com

234

Test Taking Strategies

The Microsoft Certified Professional (MCP), Microsoft Certified System Administrator (MCSA), Microsoft

Certified System Engineer (MCSE), and Microsoft Technology Specialist (TS) credentials identify a

standard of competence for entry-level and professional job roles that utilize Microsoft products.

Microsoft's certification program is a recognized credential that signifies a proven level of knowledge and

ability. With each level of certification, a higher benchmark of ability is set for greater opportunities and

higher pay.

The 83-640 exam is a proctored exam, which may be taken at a Prometric testing center.

Microsoft Certification Roadmap

The 83-640 TS: Windows Server 2008 Active Directory, Configuring exam fulfills the requirement for the

Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration. For more

information on this certification, visit

http://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/default.mspx.

This exam can also be used to fulfill a core exam requirement for theMicrosoft Certified IT Professional:

Enterprise Administratorand theMicrosoft Certified IT Professional: Server Administratorcertifications.

A Microsoft candidate should combine training with on-the-job experience. Many of the exam questions

are based on real-world scenarios so hands-on experience with the software is vital.

Registering for the Exam

An exam candidate may register for the 83-640 athttp://www.prometric.com

Resources

There are several resources produced by Microsoft that you may use to prepare for this exam. These

resources include the Microsoft Official Curriculum courseware used in instructor-led training, Microsoft

Self-Paced Training Kits, and Microsoft Online Resources. For more information, see the 83-640

Preparation Guide athttp://www.microsoft.com/learning/en/us/exams/83-640.aspx.
http://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/default.mspxhttp://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/server/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/server/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/server/default.mspxhttp://www.prometric.com/http://www.prometric.com/http://www.prometric.com/http://www.microsoft.com/learning/en/us/exams/70-640.aspxhttp://www.microsoft.com/learning/en/us/exams/70-640.aspxhttp://www.microsoft.com/learning/en/us/exams/70-640.aspxhttp://www.microsoft.com/learning/en/us/exams/70-640.aspxhttp://www.prometric.com/http://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/server/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcitp/windowsserver/2008/enterprise/default.mspxhttp://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/default.mspx


29/69





30/69

Oracle 1Z0-050 Study Guide

www.transcender.com

3

Contents

Contents ......................................................................................................................... 3About your Transcender Study Guide ........................................................................................................... 5Installation and Upgrade Enhancements .................................................................... 6Install Oracle Database 11g.......................................................................................................................... 7Upgrade your Database to Oracle Database 11g......................................................................................... 8Oracle Direct NFS ....................................................................................................................................... 11Use Online Patching ................................................................................................................................... 13Review Checklist: Installation and Upgrade Inhancements ........................................................................ 15Storage Enhancements .............................................................................................. 16Set up ASM Fast Mirror Resync.................................................................................................................. 17Understand Scalability and Performance Enhancements .......................................................................... 20Set up ASM Disk Group Attributes .............................................................................................................. 22Use Various New Manageability Options .................................................................................................... 23Use the md_backup, md_restore, and remap ASMCMD extensions .................................................... 27Review Checklist: Storage Enhancements ................................................................................................. 31Intelligent Infrastructure Enhancements ................................................................... 32Creating and Using AWR Baselines ........................................................................................................... 33Setting AWR Baseline Metric Thresholds ................................................................................................... 36Control Automated Maintenance Tasks ...................................................................................................... 39Using Database Resource Manager New Features ................................................................................... 45Using New Scheduler Features .................................................................................................................. 48Review Checklist: Intelligent Infrastructure Enhancements ........................................................................ 51Performance Enhancements ...................................................................................... 52ADDM Enhancements ................................................................................................................................. 53Set up Automatic Memory Management ..................................................................................................... 57Enhancements in Statistics Collection ........................................................................................................ 59Review Checklist: Performance Enhancements ......................................................................................... 64Partitioning and Storage-Related Enhancements .................................................... 65Implement New Partitioning Methods ......................................................................................................... 66Employ Data Compression ......................................................................................................................... 70SQL Access Advisor Overview ................................................................................................................... 72Create SQL Access Advisor Analysis Session using PL/SQL .................................................................... 73Using RMAN Enhancements ...................................................................................... 76Managing Archive Logs ............................................................................................................................... 77Duplicating a Database ............................................................................................................................... 79Back up Large Files in Multiple Sections .................................................................................................... 82Perform Archival Backups ........................................................................................................................... 84Create a Virtual Private Catalog for RMAN ................................................................................................. 88Review Checklist: Using RMAN Enhancements ......................................................................................... 90Using Flashback and LogMiner ................................................................................. 91Overview of Flashback Data Archive .......................................................................................................... 92Manage Flashback Data Archive ................................................................................................................ 94Back out Transactions using Flashback Transactions ................................................................................ 97Working with LogMiner ................................................................................................................................ 98Review Checklist: Using Flashback and LogMiner ................................................................................... 100


31/69


www.transcender.com

4

Diagnosability Enhancements ................................................................................. 101Set up Automatic Diagnostic Repository ................................................................................................... 102Use Support Workbench ........................................................................................................................... 105Run Health Checks ................................................................................................................................... 108Use SQL Repair Advisor ........................................................................................................................... 110

Review Checklist: Diagnosability Enhancements ..................................................................................... 114Database Replay........................................................................................................ 115Overview of Workload Capture and Replay .............................................................................................. 116Using Workload Capture and Replay ........................................................................................................ 118Review Checklist: Database Replay ......................................................................................................... 122Using the Data Recovery Advisor ............................................................................ 123Overview of Data Recovery Advisor ......................................................................................................... 124Repairing Data Failure Using Data Recovery Advisor .............................................................................. 126Perform Proactive Health Check of the Database .................................................................................... 130Security: New Features ............................................................................................. 134Configure the Password File to use Case Sensitive Passwords .............................................................. 135Encrypt a Tablespace ............................................................................................................................... 139Configure Fine Grained Access to Network Services ............................................................................... 142Review Checklist: Security: New Features ............................................................................................... 144Oracle SecureFiles .................................................................................................... 145Use SecureFile LOBs to store documents with Compression, Encryption, De-duplication, and Caching 146Use SQL and PL/SQL APIs to Access SecureFile LOBs ......................................................................... 149Review Checklist: Oracle SecureFiles ...................................................................................................... 152Miscellaneous New Features ................................................................................... 153Describe and Use Online Table Redefinition ............................................................................................ 154Enhanced Fine Grained Dependency Management ................................................................................. 155Use Enhanced DDL Apply the Improved Table Lock Mechanism, Create Invisible Indexes ................ 156Use Query Result Cache and PL/SQL Result Cache ............................................................................... 158Adaptive Cursor Sharing ........................................................................................................................... 162Temporary Tablespace Enhancements .................................................................................................... 163Review Checklist: Miscellaneous New Features ...................................................................................... 166SQL Performance Analyzer ...................................................................................... 167Overview of SQL Performance Analyzer .................................................................................................. 168Using SQL Performance Analyzer ............................................................................................................ 169Review Checklist: SQL Performance Analyzer ......................................................................................... 173SQL Plan Management ............................................................................................. 174SQL Plan Baseline Architecture ................................................................................................................ 175Set up a SQL Plan Baseline...................................................................................................................... 177Using SQL Plan Baseline .......................................................................................................................... 182Review Checklist: SQL Plan Management ............................................................................................... 183Automatic SQL Tuning ............................................................................................. 184Set up and Modify Automatic SQL Tuning ................................................................................................ 185Interpret Reports Generated by Automatic SQL Tuning ........................................................................... 188Review Checklist: Automatic SQL Tuning ................................................................................................ 191Test Taking Strategies .............................................................................................................................. 192


32/69


www.transcender.com

5

About your Transcender Study Guide

IT professionals agree! Transcender has consistently been voted the industry's #1 practiceexam. This Study Guide complements your TranscenderCertTM practice exam.

The Study Guide is objective-driven and contains a variety of tools to help you focus your studyefforts. Each Study Guide contains structured sections to help you prepare for your certificationexam: Scope :: identifies the learning objectives for each section Focused Explanation :: provides definitions, in-depth discussions and examples Review Checklist :: highlights the key learning points at the end of each major section

Additional sections to further assist you are located at the end of each Study Guide: Test Taking Strategies General Tips Explanation of Test Item Types

The following study model will help you optimize your study time.

Transcenders commitment to product quality, to our team and to our customers continues todifferentiate us from other companies. Transcender uses an experienced team of certifiedsubject-matter experts, technical writers, and technical editors to create and edit the most in-depth and realistic study material. Every Transcender product goes through a rigorous, multi-stage editing process to ensure comprehensive coverage of exam objectives. Transcenderstudy materials reinforce learning objectives and validate knowledge so you know youreprepared on exam day.

Assess your currentknowledge level

Take a Transcenderpractice exam using

Preset ExperienceThe objective-basedscore report showsyou the areas whereyou are strong andthe areas where youneed to focus yourstudy efforts

Read the StudyGuide by objective

Use the practiceexam in Optimize

Experience modeStudy the test itemsby objective

Use the includedTranscenderFlashcards to review keyconcepts

Use your favoritereferences to getfurther informationon complex material

Take a Transcenderpractice exam usingPreset Experienceagain

If you didnt score 100%,go back to your studyplan and focus on weakareas

Study those objectiveareas where you didntscore 100%

Keep practicing untilyou consistently score100% in all areas

PrepareTo

Pass

Track yourprogress

Focus onweak areas

Assess yourknowledge

Develop aStudy Plan

Start early, at least6 weeks out

Dont try to cram

Set aside specific

study timesUse a disciplinedapproach so youcan thoroughlyprepare

Stick to your plan


33/69


www.transcender.com

52

Performance Enhancements


34/69


www.transcender.com

53

ADDM Enhancements

Scope

Understand the enhancements to ADDM in Oracle 11g, including support for RAC environments.

Use the DBMS_ADDM package for ADDM management.

Focused Explanation

Automatic Database Diagnostic Monitor (ADDM) is a feature of Oracle Database that is used to detect

possible performance problems and possible solutions for those problems. After data is captured in the

Automatic Workload Repository (AWR), ADDM processes the data to identify the root cause of

performance problems.

In Oracle Database 11g, ADDM works at both the database and instance levels. Oracle Database 11g

introduces a new mode for running ADDM at the cluster level, called database ADDM mode. In databaseADDM mode, ADDM analyzes data associated with an Oracle Real Application Clusters (RAC) database.

This mode is used to tune all global resources. To view the reports generated by ADDM, you can use

Enterprise Manager.

ADDM reports only time-consuming issues. Time-consuming issues are issues that take up a significant

amount of instance or database time. Instance time is the time for which a specific resource is used by a

single instance. Database time is the sum of instance times of all instances in a database. Database time

does not include time taken by the Automatic Storage Management (ASM) instances. The data generated

by ADDM is in the form of findings. There are two types of findings, database and instance. Database

findings are issues that affect multiple instances or a shared resource of the database. Instance f indings

are issues related to only one instance. If any instance time is a huge part of the database time, the issue

might be recorded as a database finding.

An issue is associated with a suggested solution. Each suggestion reflects the amount of database

instance time that will be saved by implementing the suggestion. Each suggestion also explains the

reasons for suggested solutions. At times, the suggestion contains instructions for implementing the

suggested solutions. An issue might have several possible solutions suggested. The user can decide

whether to implement the solutions.

Working with ADDM

You can run ADDM using the DBMS_ADDM package. This package allows you to run ADDM in the

different available modes, to view repots, insert directives to findings, and delete directives for findings.To run the

DBMS_ADDMpackage, you must have the

ADVISORprivilege.

Note: You can also use Oracle Enterprise Manager to run ADDM.

To analyze all instances of Oracle RAC databases, run ADDM in the database mode. To enable thedatabase mode, you should use the DBMS_ADDM.ANALYZE_DB procedure.


35/69


www.transcender.com

54

Syntax

DBMS_ADDM.ANALYZE_DB(task_name, begin_snapshot, end_snapshot, db_id);

The task_name parameter specifies the name of the analysis task to be created. The begin_snapshotand end_snapshot parameters specify the range of snapshots to be analyzed or the time period to be

analyzed. The db_id parameter is the database identifier of the database to be analyzed. The default

value of this parameter is the database identifier of the local database.

To analyze a single instance of the database, you should run ADDM in the instance mode. To enableADDM in the instance mode, use the DBMS_ADDM.ANALYZE_INST procedure.

Syntax

DBMS_ADDM.ANALYZE_INST(task_name, begin_snapshot, end_snapshot,

instance_number, db_id);

The instance_number parameter specifies the instance to be analyzed. If unspecified, the defaultvalue is the current instance to which you are connected. All the other parameters are the same as for theDBMS_ADDM.ANALYZE_DB procedure.

If you want to analyze only some instances of a database, you can run ADDM in partial mode. In partialmode, ADDM analyzes only the specified instances. Instances to be analyzed are indicated by theirassociated instance_number parameters. To initialize ADDM in partial mode, run the

DBMS_ADDM.ANALYZE_PARTIAL procedure.

Syntax

DBMS_ADDM.ANALYZE_PARTIAL(task_name, instance_numbers, begin_snapshot,

end_snapshot, db_id);

The instance_numbers parameter specifies the instances to be analyzed. The parameter is specified

as a list of instance numbers, separated by commas.

To display the findings of ADDM, you can use the DBMS_ADDM.GET_REPORT function. The return type of

the function is CLOB, formatted to fit a line size of 80.

Syntax

DBMS_ADDM.GET_REPORT (task_name, RETURN CLOB);

For example, to display reports despite any directives for the task task1, you would use the followingstatement:

SELECT DBMS_ADVISOR.GET_TASK_REPORT('task1', 'TEXT', 'ALL') FROM DUAL;


36/69


www.transcender.com

55

Inserting Directives

To limit reporting of specific types of findings, you can create directives and apply them to ADDM tasks.

Note: A directive can be created for a specific task or for all ADDM tasks globally. The directive is applied

to all ADDM tasks created after the directive is specified. It does not affect pre-existing tasks. Such

directives are called system directives. Directives can suppress ADDM findings related to specific

parameters, SQL statements, or segments.

You can create a finding directive using the INSERT_FINDING_DIRECTIVE procedure.

Syntax

DBMS_ADDM.INSERT_FINDING_DIRECTIVE (task_name, dir_name, finding_name,

min_active_sessions, min_perc_impact);

The task_name and finding_name parameters specify the name of the task and the ADDM finding

with which the directive is assocaiated, respectively. The dir_name parameter specifes a unique namefor the directive.

The min_active_sessions and min_perc_impact parameters define the criteria for the ADDM

finding to be a part of ADDM results. If the minimum number of active sessions is less than the valuespecified in the min_active_sessions parameter, the ADDM finding will not be included in the ADDM

results. The min_perc_impact parameter specifies the mimum time that a particular finding should

have taken when compared to the total time. If the minimum percentage of time taken by the finding isless than the percentage specified in the min_perc_impact parameter, the finding will not be included

in the overall ADDM analysis. For example, if you have set the min_perc_impact parameter to 10 and

the database time is 10 hours, then any ADDM finding that takes less than one hour, which is 10 percent

of 10 hours, will not be included in the ADDM analysis report.

If you want to stop ADDM from suggesting actions regarding a specific system parameter, you can createparameter directives. Parameter directives are created using theDBMS_ADDM.INSERT_PARAMETER_DIRECTIVE procedure. After you create a parameter directive, all

suggestions containing actions associated with the specified parameter will be omitted from the report.

Syntax

DBMS_ADDM.INSERT_PARAMETER_DIRECTIVE (task_name, dir_name, parameter_name);

The parameter_name parameter specifies the parameter for which suggestions will not be reported.

If you do not want ADDM to suggest running the Segment Advisor as a solution, you can create asegment directive. This directive is created using the DBMS_ADDM.INSERT_SEGMENT_DIRECTIVE

procedure. You can use this directive to suppress the findings related to specific users, partitions, orsegments.


37/69


www.transcender.com

56

Syntax

DBMS_ADDM.INSERT_SEGMENT_DIRECTIVE (task_name, dir_name, owner_name,

object_name, sub_object_name);

dir_name specifies a unique name of the directive to be created.

owner_name specifies the name of the user who owns the segment on which you are performing

the filter action.

object_name specifies the particular object that will be filtered.

sub_object_name specifies the name of the sub-object, such as a partition or sub-partitionwithin the object being filtered.

object_number specifies the unique ID number to identify the specific object or sub-object tobeing filtered.

When you execute the INSERT_SEGMENT_DIRECTIVE procedure, you need to ensure that the task has

been reset to its initial state; otherwise, the code will fail.

If you do not want ADDM to display any findings for a specific SQL statement, you should create a SQLdirective. To create a SQL directive, you can use the DBMS_ADDM.INSERT_SQL_DIRECTIVE procedure.

Syntax

DBMS_ADDM.INSERT_SQL_DIRECTIVE (task_name, dir_name, sql_id,

min_active_sessions, min_response_time);

Most of the parameters used in the INSERT_SQL_DIRECTIVE procedure have been covered in the

procedures discussed earlier, except for thesql_id

parameter and themin_response_time

parameter. The sql_id parameter specifies the unique SQL ID number to identify the SQL statement to

be filtered. The min_response_time parameter specifies the minimum response time for the SQL

statement required for it to be included in the ADDM analysis. This time is measured in microseconds.

Deleting ADDM Tasks and Directives

To delete a task created for running ADDM in instance mode, you should use the DBMS_ADDM.DELETE

procedure. For tasks created to run ADDM in database or partial mode, this procedure deletes the localtasks associated with the main task.


38/69


www.transcender.com

57

Syntax

DBMS_ADDM.DELETE (task_name);

To delete a finding directive, use the DBMS_ADDM.DELETE_FINDING_DIRECTIVE procedure:

DBMS_ADDM.DELETE_FINDING_DIRECTIVE(task_name, dir_name);

To delete a parameter directive, use the DBMS_ADDM.DELETE_PARAMETER_DIRECTIVE procedure. Itremoves system directive for parameters. Subsequently created ADDM tasks are not affected by thedirective.

DBMS_ADDM.DELETE_PARAMETER_DIRECTIVE (task_name, dir_name);

To delete a segment directive, use the DBMS_ADDM.DELETE_SEGMENT_DIRECTIVE procedure:

DBMS_ADDM.DELETE_SEGMENT_DIRECTIVE (task_name, dir_name);

To delete a SQL directive, use the DBMS_ADDM.DELETE_SQL_DIRECTIVE procedure:

DBMS_ADDM.DELETE_SQL_DIRECTIVE (task_name, dir_name);

Set up Automatic Memory Management

Scope

Understand and use the new memory management initialization parameters.

Enable automatic memory management using Enterprise Manager.

Focused Explanation

Memory management involves managing how memory is allocated between the system global area andthe instance program global area. Automatic memory management is a feature of Oracle 11gthat helpsyou configure Oracle to allocate memory to database instances automatically. In previous versions ofOracle, two initialization parameters, SGA_TARGET and PGA_AGGREGATE_TARGET, were used to manage

memory allocation. Oracle 11guses two new parameters, MEMORY_TARGET and MEMORY_MAX_TARGET,

to automatically manage memory allocation.

In previous versions of Oracle, the SGA_TARGET parameter value specified the amount of memory to be

allocated to the system global area. Another parameter that was used was PGA_AGGREGATE_TARGET,which specified the maximum amount of memory to be allocated to the instance program global area. The

instance program global area is the sum of all program global areas of an instance. Memory would beallocated to the SGA and PGA according to these two parameter values. The amount of memoryallocated to both of them was fixed. In addition, the space between the two could not be used as needed.For example, if the SGA required 10 MB of free space and the PGA had 12 MB of free space, the SGAcould not use the free space.


39/69


www.transcender.com

58

In Oracle 11g, you can specify the amount of memory to be allocated to an instance by using theMEMORY_TARGET parameter. This is the only required parameter. The MEMORY_TARGET parameter

represents the total amount of memory that can be allocated to the SGA and PGA. Oracle automaticallycalculates values for the SGA_TARGET and PGA_TARGET parameters. The memory between the SGA and

PGA is adjustable according to the amount of memory each requires. The MEMORY_TARGET parameter iscalled the maximum memory size initialization parameter. This parameter is dynamic and can be modifiedwithout having to restart the database. If the SGA_TARGET and PGA_AGGREGATE_TARGET parameters

are specified, MEMORY_TARGET should be equal to or more than the sum of the SGA_TARGET and

PGA_AGGREGATE_TARGET parameter values. If no value is specified, the default value is 0.

The other new parameter is the MEMORY_MAX_TARGET parameter. This is a static parameter that

specifies the maximum possible value for the MEMORY_TARGET parameter. It ensures that you do not set

the target memory size too high so that sufficient memory space is left for the Oracle Database instance.Specifying a value for this parameter is optional. Because some SGA components require a minimumamount of memory, the instance prevents you from setting the target memory size too low. If unspecified,the value of MEMORY_MAX_TARGET is set to the value of MEMORY_TARGET. If MEMORY_TARGET is

unspecified, then the value of MEMORY_MAX_TARGET is also 0.

Enabling Automatic Memory Management

You can enable automatic memory management after you have installed a database.

Steps to enable automatic memory management:

1. Log in to the database as the SYS user.

2. At the top of the Database Home page, click Server.

3. In the Server subpage, in the Database Configuration section, click Memory Advisors. The

Memory Advisors page appears with the SGA subtab displayed by default.

4. In the Maximum SGA Size (MB) field, enter the maximum permissible size for database memory

and click Apply.

5. In the page prompting you to restart the database, click Yes.

6. In the Restart Database: Specify Host and Target Database Credentials page, enter the

credentials for the SYS user for the host and database, and click OK.

7. On the Restart Database: Confirmation page, click Yes to restart the database automatically.

8. After a few minutes, click Refresh. The Database Home page appears.

9. Return to the Memory Advisors page. On the Memory Advisors page, next to Automatic

Memory Management Disabled, click Enable.

10. On the Enable Automatic Memory Management page, in the Total Memory Size for

Automatic Memory Management field, enter the desired amount of memory to allocate to the

database, and click OK.


40/69


www.transcender.com

59

You can also enable automatic memory management when you install the Oracle database. While

installing, if you choose the basic installation option, automatic memory management is enabled by

default. If you choose the advanced installation option, DBCA enables you to select from the three

memory management modes.

Enhancements in Statistics Collection

Scope

Learn to gather statistics incrementally for partitioned tables.

Understand and use extended statistics, including multicolumn statistics and expression statistics.

Understand the difference between pending and current statistics.

Learn to gather pending statistics and publish them later.

Focused Explanation

The automatic statistics-gathering feature was introduced in the previous versions of Oracle Database.

This feature reduced the effort required to gather data for processing. The only disadvantage of this

feature was that it did not have object-level control. If you wanted to analyze data or statistics for a small

subset of an object, such as a subpartition of a schema, you would have to disable the automatic

statistics-gathering feature and gather and analyze the data manually.

In Oracle Database 11g, the Statistics Preferences feature has been introduced. This feature enhancesthe automated statistics-gathering feature by making it more flexible. Statistics preferences allows you to

configure different attributes or parameters of the GATHER_*_STATS procedure while gathering data.These attributes override the default behavior of the gathering procedure at the object or schem

tra study guide preview 041805

Documents