The processes and procedures for maintaining Windows Server 2008 systems can be separated based on the appropriate time to maintain a particular aspect of Windows Server 2008/2012. Some maintenance procedures require daily attention, whereas others may require only yearly checkups. The maintenance processes and procedures that an organization follows depend strictly on the organization; however, the categories described in the following sections and their corresponding procedures are best practices for organizations of all sizes and varying IT infrastructures.
Certain maintenance procedures require more attention than others. The procedures that require the most attention are categorized as daily procedures. Therefore, it is recommended that an administrator take on these procedures each day to ensure system reliability, availability, performance, and security. There are three components to daily maintenance:
Verifying that Backups are Successful. To provide a more secure and fault-tolerant organization, it is imperative that a successful backup to tape be performed each night. In the event of a server failure, the administrator may be required to perform a restore from tape. Without a backup each night, the IT organization will be forced to rely on rebuilding the server without the data. Therefore, the administrator should always back up servers so that the IT organization can restore them with minimum downtime in the event of a disaster. Because of the importance of the tape backups, the first priority of the administrator each day needs to be verifying and maintaining the backup sets.
Although the Windows Server 2008 /2012 backup program does not offer alerting mechanisms to bring attention to unsuccessful backups, many third-party programs do. In addition, many of these third-party backup programs can send e-mail messages or pages reporting if backups are successful or unsuccessful.
Checking Overall Server Functionality. Although checking the overall server health and functionality may seem redundant or elementary, this procedure is critical to keeping the system environment running smoothly and users working productively. Some questions that should be addressed during the checking and verification process are the following:
- Can users access data on file servers?
- Are printers printing properly? Are there long queues for certain printers?
- Is there an exceptionally long wait to log on (that is, longer than usual)?
- Can users access messaging systems?
- Can users access external resources?
Monitoring the Event Viewer. The Event Viewer is used to check the System, Security, Application, and other logs on a local or remote system. These logs are an invaluable source of information regarding the system. The following event logs are present for Windows Server 2008/2012 systems:
- Security log. The Security log captures all security-related events that are being audited on a system. Auditing is turned on by default to record the success and failure of security events.
- Application log. Specific application information is stored in the Application log. This information includes services and any applications that are running on the server.
- System log. Windows Server 2008/2102–specific information is stored in the System log.
Domain controllers also have these additional logs:
- File Replication Service.
Any events relating to the File Replication Service are captured in this log.
- Directory Service. Events regarding Active Directory, such as connection problems with a global catalog server or replication problems, are recorded here.
- DNS Server. Anything having to do with the DNS service is cataloged in the DNS Server log.
Maintenance procedures that require slightly less attention than daily checking are categorized as weekly procedures:
- Checking Disk Space. Disk space is a precious commodity. Although the disk capacity of a Windows Server 2008 system can be virtually endless, the amount of free space on all drives should be checked daily. Serious problems can occur if there isn’t enough disk space. To prevent problems from occurring, administrators should keep the amount of free space to at least 25 percent. This should be verified through manual methods, or with the assistance of automated alerting software such as Microsoft Operations Manager (MOM) 2005.
- Verifying Hardware. Hardware components supported by Windows Server 2008 are reliable, but this doesn’t mean that they’ll always run continuously without failure. Hardware availability is measured in terms of mean time between failures (MTBF) and mean time to repair (MTTR). This includes downtime for both planned and unplanned events. These measurements provided by the manufacturer are good guidelines to follow; however, mechanical parts are bound to fail at one time or another. As a result, hardware should be monitored weekly to ensure efficient operation.
- Checking Archive Event Logs. The three event logs on all servers and the three extra logs on a domain controller can be archived manually or a script can be written to automate the task. You should archive the event logs to a central location for ease of management and retrieval. The specific amount of time to keep archived log files varies on a per-organization basis. For example, banks or other high-security organizations may be required to keep event logs up to a few years. As a best practice, organizations should keep event logs for at least three months.
- Running Disk Defragmenter. Whenever files are created, deleted, or modified, Windows Server 2008 assigns a group of clusters depending on the size of the file. As file size requirements fluctuate over time, so does the number of groups of clusters assigned to the file. Even though this process is efficient when using NTFS, the files and volumes become fragmented because the file doesn’t reside in a contiguous location on the disk. To minimize the amount of fragmentation and give performance a boost, the administrator should use Disk Defragmenter to defragment all volumes. Disk defragmentation can be manually performed or automated with the use of third-party tools or scripts that run on a designated basis.
- Running the Domain Controller Diagnostic Utility. The Domain Controller Diagnostic (DCDiag) utility provided in the Windows Server 2008 Support Tools is used to analyze the state of a domain controller. It runs a series of tests, analyzes the state of the DC, and verifies different areas of the system, such as connectivity, replication, topology integrity, security descriptors, netlogon rights, intersite health, roles, and trust verification. The DCDiag utility should be run on each DC on a weekly basis or as problems arise. For more information on the DCDiag utility, google dcdiag.exe.
It is recommended that you perform the tasks outlined in the section on a monthly basis.
As the name implies, quarterly maintenance is performed four times a year. Areas to maintain and manage on a quarterly basis are typically self-sufficient and self-sustaining. Infrequent maintenance is required to keep the system healthy. This doesn’t mean, however, that the tasks are simple or that they aren’t as critical as those tasks that require more frequent maintenance.
- Checking Storage Limits. Storage capacity on all volumes should be checked to ensure that all volumes have ample free space. Keep approximately 25 percent free space on all volumes.
- Changing Administrator Passwords. Administrator passwords should, at a minimum, be changed every quarter (90 days). Changing these passwords strengthens security measures so that systems can’t easily be compromised. In addition to changing passwords, other password requirements such as password age, history, length, and strength should be reviewed.
- Maintaining the Active Directory Database. Active Directory is the heart of the Windows Server 2008 environment. Objects such as users, groups, OUs, and more can be added, modified, or deleted from the Active Directory database. This interaction with the database can cause fragmentation. Windows Server 2008 performs online defragmentation nightly to reclaim space in the Active Directory database; however, the database size doesn’t shrink unless offline defragmentation is performed. Offline defragmentation of the Active Directory database can only be accomplished by taking the domain controller offline, restarting into Directory Services Restore Mode, and running defragmentation tools against the NTDS.DIT database file.