The information in this article applies to:
SUMMARYBefore placing Windows 2000 domain controllers and member servers into production, system administrators may want to validate the servers' configuration. This checklist discusses some of the areas to focus on. Some of the topics mentioned require research beyond the scope of this article. MORE INFORMATIONReview Installation and Boot Process in Event ViewerCheck Event Viewer (Eventvwr.msc) for error and warning messages associated with the installation or boot process. Resolve component and service-related events as required.Set Event Viewer Log Size and Wrap SettingEvent Log size and log wrapping (overwrite as needed, clear log manually or overwrite after n days) should be defined to match business and security requirements. Consider implementing a system policy at the site, domain or organizational unit level that implements the appropriate configuration.Review Service StartupFrom the Services folder in the Computer Management snap-in, confirm that all services set to Automatic in the Start Up column started without user intervention or multiple retries.Disable Unnecessary ServicesSet the startup value for unnecessary or unused services to Manual. Candidates for review include:
Server Service OptimizationSet the Server Optimization setting in the Network tool in Control Panel to match the role the computer will play in your organization, particularly for computers changing roles from domain controllers to member servers if consolidating domains. The Server Service for dedicated Terminal Server or IIS servers should be optimized for "Maximize data throughput for network applications."Check IP, DNS, WINS and Default Gateway SettingsFrom the command prompt, type IPCONFIG /ALL to verify correct IP, DNS, WINS, and default gateway configuration. For Windows 2000 servers (particularly domain controllers) that are WINS clients but also running the WINS Server service, both WINS address should point to a remote WINS server to avoid cross-registration.Run Netdiag to Test Network Connectivity and DNS\WINS RegistrationFrom the command prompt, type netdiag /v >c:\netdiag.mmddyy.txt where mmddyy maps to today's date. Review the text file for good network connectivity and DNS\WINS registration. Save and update this file to a local folder on all servers so it can be reviewed whenever changes are made to the server configuration or network problems are encountered.View the Fully Qualified Computer NameFrom the command prompt, type net config rdr to view the fully qualified computer name. Compare the results against the Active Directory name to confirm they match or vary as intended.Pagefile Sizing and StagingSet the pagefile size and placement based on memory size and server usage. Pagefile size may range from RAM SIZE + 12 MB to RAMSIZE * 2. For mission critical servers, a pagefile equal to or larger than RAM size should be placed on the same partition as the operating system to allow crash dumps to be recorded. For better performance, the pagefile can be placed on a dedicated physical drive separate from the drive hosting Windows NT, a hardware drive array, or staged across multiple physical drives where reads and writes occur in "round-robin-like" fashion until available space is consumed. For additional information, please see the following article in the Microsoft Knowledge Base:Q197379 Configuring Page Files for Optimization and Recovery Add the /DEBUG Switch to the Boot.ini File to DebugAdd the /DEBUG switch to the Boot.ini file to enable post-mortem debugs of your servers. Adding the debug switch causes a 2-3 percent decrease in server performance but allows a debugger to be hooked up once a crash has occurred for post-mortem debugging. For additional information, please see the following article in the Microsoft Knowledge Base:Q121543 Setting Up for Remote DebuggingKeep matching symbol files for the core operating system, service packs, and hotfixes on the server at all times. FSMO Availability and PlacementWindows NT performs an initial placement of roles on domain controllers. This placement is often correct for directories with few domain controllers. In a directory with many domain controllers the default placement is unlikely to be the best match to your network. A discussion on DFSMO role placement is beyond the scope of this document but as a general rule:
Perform a Backup of the DS and Key ServicesUse the Windows 2000 Backup Automated System Recovery option or equivalent to back up the system. Develop and maintain a backup process for the directory service and all critical services.Practice restorations of the entire computer as well as authoritative and non-authoritative restorations of the DS and individual services in a lab environment that emulates your production network infrastructure in terms of speed, capacity, and hardware. EFS Recovery PolicyDevelop a plan for storage and recovery of Encrypted File System (EFS) certificates that take into consideration security and personnel access at the times they will likely be needed. Servers are typically rebuilt during an off-peak hour some 6-36 months after the original deployment).Additional query words:
Keywords : ntdomain |
|
Last Reviewed: December 29, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |