It has always been somewhat tricky to perform maintenance on domain controllers. With Windows Server 2008, administrators now have the ability to stop the Active Directory services for various reasons. This opens up a lot of functionality, as many administrators are weary of issues immediately being replicated through the Active Directory from unrelated maintenance.
Active Directory now shows up in the services’ MMC snap-in as Active Directory Domain Services and is available to be sent stop and start commands. If the service is to be stopped, the dependency services must also be stopped. This list includes DNS server, Kerberos key distribution center, intersite messaging, and DFS replication. Once the services are stopped, the server is available for the high-risk maintenance or other tasks that are better performed with Active Directory stopped.
When a domain controller has the Active Directory services stopped, it can log onto the domain against another domain controller. That is a little hard to grasp because historically that has not been the case. There are some configuration changes required to enable the logon to another domain controller from the stopped domain controller. Figure A shows the Active Directory services stopped.
Once the maintenance is complete, restarting just the Active Directory Domain Service is required, and the dependency services will restart. These tasks can also be interacted with the sc command, referring to the Active Directory services as NTDS. Along with the GlobalNames zone, these are two of the more compelling reasons to justify the migration to Windows Server 2008.
There is a lot of functionality available with this new feature of Windows Server 2008. The functionality is fully outlined in the TechNet article Windows Server 2008 Restartable AD DS Step-by-Step Guide.
Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!