STANDARD OPERATING PROCEDURE - INFORMATION SYSTEMS
SECTION : INFRASTRUCTURE /SOP NO : IS323
TITLE : ROUTINE PROCEDURES – ACTIVE DIRECTORY MAINTENANCE AND SECURITY / ISSUE NO : 1PREPARED BY : DION BRUYNS / EFFECTIVE DATE : 20/01/2004
EXPIRES : 01/07/2005 / EXPECTED REVIEW : 05/01/2004
CHECKED BY :
QA MANAGEMENT
NAME:______
SIGNATURE:______
DATE:______/ APPROVED BY :
IS INFRASTRUCTURE MANAGER
NAME:______
SIGNATURE:______
DATE:______
/ APPROVED BY :
IS EXECUTIVE
NAME:______
SIGNATURE:______
DATE:______
DISTRIBUTION : / IHD Management, IS Executive
1. PURPOSE 2
2. SCOPE 2
3. RESPONSIBILITIES 2
4. BACKGROUND 2
5. PROCEDURE 2
5.1 Daily Tasks…………………………………………………………………………..2
Page 2 of 4STANDARD OPERATING PROCEDURE - INFORMATION SYSTEMS
SECTION : INFRASTRUCTURE /SOP NO : IS323
TITLE : ROUTINE PROCEDURES – ACTIVE DIRECTORY MAINTENANCE AND SECURITY / ISSUE NO : 11. PURPOSE
This Standard Operating Procedure (“SOP”) describes the routine activities to be performed to maintain the Active Directory Domain.
2. SCOPE
This procedure covers activities associated with Windows 2000 Domain Controllers under the care of the Network Engineers. Activities covered are normal routine administrative tasks required to monitor and maintain the Domain Controllers. Areas covered include Replication, Backups and Error Logs.
3. RESPONSIBILITIES
The Infrastructure Manager is responsible for the smooth running and availability of the IHD Domain, as per the Service Level Agreement negotiated with the company. In practice the actual performance of these procedures will be delegated to one or more Network Engineers.
4. BACKGROUND
The IHD domain has 7 domain controllers in total. Each site has its’ own domain controller and Johannesburg has 3 domain controllers with one machine being hosted by Internet Solutions. Replication is consistent between all sites and runs 4 times per hour.
If a change is made on a user account in Johannesburg, it should not take longer than 25 minutes for the change to replicate to the site servers. It is recommended that when a change needs to be made on a user account that is situated at one of the sites that it should be done on the server that resides on that site so that the users can see the changes immediately.
5. PROCEDURE
The tasks presented here are not in any particular order.
5.1 Daily Tasks
5.1.1 Backups
A system state backup is set up to run every night on all the Domain controllers. This is to ensure that we can recover the state of the Active Directory objects from the day before if need be. These backups are in turn backed up to tape every night.
5.1.2 Disk storage
Ensure that all the hard drives have sufficient space for the backup. A sudden increase in the size of the drives should indicate that the log files are growing at an excessive rate and should be checked.
5.1.3 Active Directory Replication
Ensure that replication is consistent to all Domain Controllers. In the Event Viewer check the Directory Service and the File Replication Service logs for any errors. If there are any errors in the logs, they should be read and diagnosed. If you cannot figure out why the errors are occurring then click on the following URL and do a search on the Event Id.
http://support.microsoft.com
On SRLPDC02 Active Directory Replication Monitor can be used to monitor the replication between the Domain Controllers. This tool can be installed on any of the Domain Controllers if need be. It can be found on the Windows 2000 Resource Kit.
5.1.4 Resources
Check the Resources on the Domain Controllers and make sure that none of them are running at maximum. A domain Controller is not a Resource Intensive machine and therefore should only utilise minimal resources.
5.1.5 Security
Make sure that the Domain Controllers have the latest patches on, as well as, check that they are running Trend Server Protect and have the latest pattern file.
Active Directory Domain Controllers have no local user accounts, so there is no need to change the Administrator username and password. The only time this is necessary is when you DC Promo the box down to a member server. It will prompt you for an Administrator password for the local machine.
HISTORY
21 January 2004
New Standard Operating Procedure