Windows

Restarting Active Directory as a service in Windows Server 2008

With Windows Server 2008, administrators have the ability to explicitly restart the Active Directory services. Rick Vanover showcases this functionality in this Windows Server tip.

It has always been somewhat tricky to perform maintenance on domain controllers. With Windows Server 2008, administrators now have the ability to stop the Active Directory services for various reasons. This opens up a lot of functionality, as many administrators are weary of issues immediately being replicated through the Active Directory from unrelated maintenance.

Active Directory now shows up in the services' MMC snap-in as Active Directory Domain Services and is available to be sent stop and start commands. If the service is to be stopped, the dependency services must also be stopped. This list includes DNS server, Kerberos key distribution center, intersite messaging, and DFS replication. Once the services are stopped, the server is available for the high-risk maintenance or other tasks that are better performed with Active Directory stopped.

When a domain controller has the Active Directory services stopped, it can log onto the domain against another domain controller. That is a little hard to grasp because historically that has not been the case. There are some configuration changes required to enable the logon to another domain controller from the stopped domain controller. Figure A shows the Active Directory services stopped. Figure A

Figure A

Once the maintenance is complete, restarting just the Active Directory Domain Service is required, and the dependency services will restart. These tasks can also be interacted with the sc command, referring to the Active Directory services as NTDS. Along with the GlobalNames zone, these are two of the more compelling reasons to justify the migration to Windows Server 2008.

There is a lot of functionality available with this new feature of Windows Server 2008. The functionality is fully outlined in the TechNet article Windows Server 2008 Restartable AD DS Step-by-Step Guide.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

3 comments
Beoweolf
Beoweolf

I've been running Server 2008 since it was still called 'LongHorn'. Just for practice I have stopped AD, re-started it and even performed off-line maintenace functions, which in earlier versions would require, interruption (on a production server, this meant after work, middle of the night or weekend down time). With Server 2008, I can actually get one or two more unfettered hours of sleep, an occasional weekend to mow the lawn while the sun is still up. If only we could get the staff educated enough to not.... nah - thats asking too much?

b4real
b4real

It is very appealing to be able to perform maintenance on a server without it processing AD logon requests.

Editor's Picks