Windows Server Support Interview Questions and Answers (L2)
What is the difference between Authorized DHCP and Non Authorized DHCP?
To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000 must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server in the network it stop serving the clients
Difference between inter-site and intra-site replication. Protocols using for replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication can be done between two different sites over WAN links
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site replication can be done B/w BHS in one site and BHS in another site.
We can use RPC over IP or SMTP as a replication protocols where as Domain partition is not possible to replicate using SMTP
How to monitor replication
We can user Replmon tool from support tools
Brief explanation of RAID Levels
Microsoft Windows XP, Windows 2000 and Windows Server 2003 offer two types of disk storage: basic and dynamic.
Basic Disk Storage
Basic storage uses normal partition tables supported by MS-DOS, Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Millennium Edition (Me), Microsoft Windows NT, Microsoft Windows 2000, Windows Server 2003 and Windows XP. A disk initialized for basic storage is called a basic disk. A basic disk contains basic volumes, such as primary partitions, extended partitions, and logical drives. Additionally, basic volumes include multidisk volumes that are created by using Windows NT 4.0 or earlier, such as volume sets, stripe sets, mirror sets, and stripe sets with parity. Windows XP does not support these multidisk basic volumes. Any volume sets, stripe sets, mirror sets, or stripe sets with parity must be backed up and deleted or converted to dynamic disks before you install Windows XP Professional.
Dynamic Disk Storage
Dynamic storage is supported in Windows XP Professional, Windows 2000 and Windows Server 2003. A disk initialized for dynamic storage is called a dynamic disk. A dynamic disk contains dynamic volumes, such as simple volumes, spanned volumes, striped volumes, mirrored volumes, and RAID-5 volumes. With dynamic storage, you can perform disk and volume management without the need to restart Windows.
Note: Dynamic disks are not supported on portable computers or on Windows XP Home Edition-based computers.
You cannot create mirrored volumes or RAID-5 volumes on Windows XP Home Edition, Windows XP Professional, or Windows XP 64-Bit Edition-based computers. However, you can use a Windows XP Professional-based computer to create a mirrored or RAID-5 volume on remote computers that are running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server, or the Standard, Enterprise and Data Center versions of Windows Server 2003.
Storage types are separate from the file system type. A basic or dynamic disk can contain any combination of FAT16, FAT32, or NTFS partitions or volumes.
A disk system can contain any combination of storage types. However, all volumes on the same disk must use the same storage type.
To convert a Basic Disk to a Dynamic Disk:
Use the Disk Management snap-in in Windows XP/2000/2003 to convert a basic disk to a dynamic disk. To do this, follow these steps:
1. Log on as Administrator or as a member of the Administrators group.
2. Click Start, and then click Control Panel.
3. Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management. You can also right-click My Computer and choose Manage if you have My Computer displayed on your desktop.
4. In the left pane, click Disk Management.
5. In the lower-right pane, right-click the basic disk that you want to convert, and then click Convert to Dynamic Disk. You must right-click the gray area that contains the disk title on the left side of the Details pane.
6. Select the check box that is next to the disk that you want to convert (if it is not already selected), and then click OK.
7. Click Details if you want to view the list of volumes in the disk. Click Convert.
8. Click Yes when you are prompted to convert the disk, and then click OK.
Warning: After you convert a basic disk to a dynamic disk, local access to the dynamic disk is limited to Windows XP Professional, Windows 2000 and Windows Server 2003. Additionally, after you convert a basic disk to a dynamic disk, the dynamic volumes cannot be changed back to partitions. You must first delete all dynamic volumes on the disk and then convert the dynamic disk back to a basic disk. If you want to keep your data, you must first back up the data or move it to another volume.
Dynamic Storage Terms
A volume is a storage unit made from free space on one or more disks. It can be formatted with a file system and assigned a drive letter. Volumes on dynamic disks can have any of the following layouts: simple, spanned, mirrored, striped, or RAID-5.
A simple volume uses free space from a single disk. It can be a single region on a disk or consist of multiple, concatenated regions. A simple volume can be extended within the same disk or onto additional disks. If a simple volume is extended across multiple disks, it becomes a spanned volume.
A spanned volume is created from free disk space that is linked together from multiple disks. You can extend a spanned volume onto a maximum of 32 disks. A spanned volume cannot be mirrored and is not fault-tolerant.
A striped volume is a volume whose data is interleaved across two or more physical disks. The data on this type of volume is allocated alternately and evenly to each of the physical disks. A striped volume cannot be mirrored or extended and is not fault-tolerant. Striping is also known as RAID-0.
A mirrored volume is a fault-tolerant volume whose data is duplicated on two physical disks. All of the data on one volume is copied to another disk to provide data redundancy. If one of the disks fails, the data can still be accessed from the remaining disk. A mirrored volume cannot be extended. Mirroring is also known as RAID-1.
A RAID-5 volume is a fault-tolerant volume whose data is striped across an array of three or more disks. Parity (a calculated value that can be used to reconstruct data after a failure) is also striped across the disk array. If a physical disk fails, the portion of the RAID-5 volume that was on that failed disk can be re-created from the remaining data and the parity. A RAID-5 volume cannot be mirrored or extended.
The system volume contains the hardware-specific files that are needed to load Windows (for example, Ntldr, Boot.ini, and Ntdetect.com). The system volume can be, but does not have to be, the same as the boot volume.
The boot volume contains the Windows operating system files that are located in the %Systemroot% and %Systemroot%\System32 folders. The boot volume can be, but does not have to be, the same as the system volume.
RAID 0 – Striping
RAID 1- Mirroring (minimum 2 HDD required)
RAID 5 – Striping With Parity (Minimum 3 HDD required)
RAID levels 1 and 5 only gives redundancy
What are the different backup strategies are available
Normal Backup
Incremental Backup
Differential Backup
Daily Backup
Copy Backup
What is a global catalog
Global catalog is a role, which maintains Indexes about objects. It contains full information of the objects in its own domain and partial information of the objects in other domains. Universal Group membership information will be stored in global catalog servers and replicate to all GC’s in the forest.
What is Active Directory and what is the use of it
Active directory is a directory service, which maintains the relation ship between resources and enabling them to work together. Because of AD hierarchal structure windows 2000 is more scalable, reliable. Active directory is derived from X.500 standards where information is stored is hierarchal tree like structure. Active directory depends on two Internet standards one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol
What is the physical and logical structure of AD?
Active directory physical structure is a hierarchal structure which fallows Forests—Trees—Domains—Child Domains—Grand Child—etc
Active directory is logically divided into 3 partitions
1.Configuration partition 2. Schema Partition 3. Domain partition 4. Application Partition (only in windows 2003 not available in windows 2000)
Out of these Configuration, Schema partitions can be replicated between the domain controllers in the in the entire forest. Where as Domain partition can be replicated between the domain controllers in the same domain
What is the process of user authentication (Kerberos V5) in windows 2000?
After giving logon credentials an encryption key will be generated which is used to encrypt the time stamp of the client machine. User name and encrypted timestamp information will be provided to domain controller for authentication. Then Domain controller based on the password information stored in AD for that user it decrypts the encrypted time stamp information. If produces time stamp matches to its time stamp. It will provide logon session key and Ticket granting ticket to client in an encryption format. Again client decrypts and if produced time stamp information is matching then it will use logon session key to logon to the domain. Ticket granting ticket will be used to generate service granting ticket when accessing network resources
What are the port numbers for Kerberos, LDAP and Global Catalog?
Kerberos – 88, LDAP – 389, Global Catalog – 3268
What is the use of LDAP (X.500 standard?)
LDAP is a directory access protocol, which is used to exchange directory information from server to clients or from server to servers
What are the problems that are generally come across DHCP?
Scope is full with IP addresses no IP’s available for new machines
If scope options are not configured properly eg default gateway
Incorrect creation of scopes etc
What is the role responsible for time synchronization?
PDC Emulator is responsible for time synchronization. Time synchronization is important because Kerberos authentication depends on time stamp information
What is TTL & how to set TTL time in DNS?
TTL is Time to Live setting used for the amount of time that the record should remain in cache when name resolution happened.
We can set TTL in SOA (start of authority record) of DNS
How to take DNS and WINS, DHCP backup
%System root%/system32/dns
%System root%/system32/WINS
%System root%/system32/DHCP
What is recovery console
Recovery console is a utility used to recover the system when it is not booting properly or not at all booting. We can perform fallowing operations from recovery console
We can copy, rename, or replace operating system files and folders
Enable or disable service or device startup the next time that start computer
Repair the file system boot sector or the Master Boot Record
Create and format partitions on drives
What is DFS & its usage
DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically.
There are two types of DFS domain DFS and Stand alone DFS. We cannot provide redundancy for stand alone DFS in case of failure. Domain DFS is used in a domain environment which can be accessed by /domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name). Both the cases we need to create DFS root ( Which appears like a shared folder for end users) and DFS links ( A logical link which is pointing to the server where the folder is physically shared)
The maximum number of Dfs roots per server is 1.
The maximum numbers of Dfs root replicas are 31.
The maximum number of Dfs roots per domain is unlimited.
The maximum number of Dfs links or shared folders in a Dfs root is 1,000
What is RIS and what are its requirements
RIS is a remote installation service, which is used to install operation system remotely.
Client requirements
PXE DHCP-based boot ROM version 1.00 or later NIC, or a network adapter that is supported by the RIS boot disk.
Should meet minimum operating system requirements
Software Requirements
Below network services must be active on RIS server or any server in the network
Domain Name System (DNS Service)
Dynamic Host Configuration Protocol (DHCP)
Active directory “Directory” service
How many root replicas can be created in DFS?
31
What is the difference between Domain DFS and Standalone DFS?
Refer question 17.
High Level
Can we establish trust relationship between two forests?
In Windows 2000 it is not possible. In Windows 2003 it is possible
What is FSMO Roles
Flexible single master operation (FSMO) roles are
Domain Naming Master
Schema Master
PDC Emulator
Infrastructure Master
RID Master
Brief all the FSMO Roles
Windows 2000/2003 Multi-Master Model
A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows 2000/2003 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.
For certain types of changes, Windows 2000/2003 incorporates methods to prevent conflicting Active Directory updates from occurring.
Windows 2000/2003 Single-Master Model
To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion.
In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain.
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:
Schema Master:
The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master:
The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest.
Infrastructure Master:
When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role.
Relative ID (RID) Master:
The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC Emulator:
The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:
Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
Account lockout is processed on the PDC emulator.
Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.
The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.
At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
How to manually configure FSMO Roles to separate DC’s
How can I determine who are the current FSMO Roles holders in my domain/forest?
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.
The five FSMO roles are:
• Schema master - Forest-wide and one per forest.
• Domain naming master - Forest-wide and one per forest.
• RID master - Domain-specific and one for each domain.
• PDC - PDC Emulator is domain-specific and one for each domain.
• Infrastructure master - Domain-specific and one for each domain.
In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC. The transferring method is described in the Transferring FSMO Roles article, while seizing the roles from a non-operational DC to a different DC is described in the Seizing FSMO Roles article.
In order to better understand your AD infrastructure and to know the added value that each DC might possess, an AD administrator must have the exact knowledge of which one of the existing DCs is holding a FSMO role, and what role it holds. With that knowledge in hand, the administrator can make better arrangements in case of a scheduled shut-down of any given DC, and better prepare him or herself in case of a non-scheduled cease of operation from one of the DCs.
How to find out which DC is holding which FSMO role? Well, one can accomplish this task by many means. This article will list a few of the available methods.
Method #1: Know the default settings
The FSMO roles were assigned to one or more DCs during the DCPROMO process. The following table summarizes the FSMO default locations:
FSMO Role Number of DCs holding this role Original DC holding the FSMO role
Schema One per forest The first DC in the first domain in the forest (i.e. the Forest Root Domain)
Domain Naming One per forest
RID One per domain The first DC in a domain (any domain, including the Forest Root Domain, any Tree Root Domain, or any Child Domain)
PDC Emulator One per domain
Infrastructure One per domain
Method #2: Use the GUI
The FSMO role holders can be easily found by use of some of the AD snap-ins. Use this table to see which tool can be used for what FSMO role:
FSMO Role Which snap-in should I use?
Schema Schema snap-in
Domain Naming AD Domains and Trusts snap-in
RID AD Users and Computers snap-in
PDC Emulator
Infrastructure
Finding the RID Master, PDC Emulator, and Infrastructure Masters via GUI
To find out who currently holds the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
2. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
3. Select the appropriate tab for the role you wish to view.
4. When you're done click close.
Finding the Domain Naming Master via GUI
To find out who currently holds the Domain Naming Master Role:
1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
2. Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.
3. When you're done click close.
Finding the Schema Master via GUI
To find out who currently holds the Schema Master Role:
1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:
2. Press OK. You should receive a success confirmation.
3. From the Run command open an MMC Console by typing MMC.
4. On the Console menu, press Add/Remove Snap-in.
5. Press Add. Select Active Directory Schema.
6. Press Add and press Close. Press OK.
7. Click the Active Directory Schema icon. After it loads right-click it and press Operation Masters.
8. Press the Close button.
Method #3: Use the Ntdsutil command
The FSMO role holders can be easily found by use of the Ntdsutil command.
Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
2. Type roles, and then press ENTER.
Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server , where is the name of the server you want to use, and then press ENTER.
5. At the server connections: prompt, type q, and then press ENTER again.
6. At the FSMO maintenance: prompt, type Select operation target, and then press ENTER again.
At the select operation target: prompt, type List roles for connected server, and then press ENTER again.
select operation target: List roles for connected server
Server "server100" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
onfiguration,DC=dpetri,DC=net
Domain - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
onfiguration,DC=dpetri,DC=net
PDC - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=dpetri,DC=net
RID - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=dpetri,DC=net
Infrastructure - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=dpetri,DC=net
select operation target:
8. Type q 3 times to exit the Ntdsutil prompt.
Note: You can download THIS nice batch file that will do all this for you (1kb).
Another Note: Microsoft has a nice tool called Dumpfsmos.cmd, found in the Windows 2000 Resource Kit (and can be downloaded here: Download Free Windows 2000 Resource Kit Tools). This tool is basically a one-click Ntdsutil script that performs the same operation described above.
Method #4: Use the Netdom command
The FSMO role holders can be easily found by use of the Netdom command.
Netdom.exe is a part of the Windows 2000/XP/2003 Support Tools. You must either download it separately (from here Download Free Windows 2000 Resource Kit Tools) or by obtaining the correct Support Tools pack for your operating system. The Support Tools pack can be found in the \Support\Tools folder on your installation CD (or you can Download Windows 2000 SP4 Support Tools, Download Windows XP SP1 Deploy Tools).
1. On any domain controller, click Start, click Run, type CMD in the Open box, and then click OK.
2. In the Command Prompt window, type netdom query /domain: fsmo (where is the name of YOUR domain).
Close the CMD window.
Note: You can download THIS nice batch file that will do all this for you (1kb).
Method #5: Use the Replmon tool
The FSMO role holders can be easily found by use of the Netdom command.
Just like Netdom, Replmon.exe is a part of the Windows 2000/XP/2003 Support Tools. Replmon can be used for a wide verity of tasks, mostly with those that are related with AD replication. But Replmon can also provide valuable information about the AD, about any DC, and also about other objects and settings, such as GPOs and FSMO roles. Install the package before attempting to use the tool.
1. On any domain controller, click Start, click Run, type REPLMON in the Open box, and then click OK.
2. Right-click Monitored servers and select Add Monitored Server.
3. In the Add Server to Monitor window, select the Search the Directory for the server to add. Make sure your AD domain name is listed in the drop-down list.
4. In the site list select your site, expand it, and click to select the server you want to query. Click Finish.
5. Right-click the server that is now listed in the left-pane, and select Properties.
6. Click on the FSMO Roles tab and read the results.
7. Click Ok when you're done.
How can I forcibly transfer (seize) some or all of the FSMO Roles from one DC to another?
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.
The five FSMO roles are:
• Schema master - Forest-wide and one per forest.
• Domain naming master - Forest-wide and one per forest.
• RID master - Domain-specific and one for each domain.
• PDC - PDC Emulator is domain-specific and one for each domain.
• Infrastructure master - Domain-specific and one for each domain.
In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC.
Moving the FSMO roles while both the original FSMO role holder and the future FSMO role holder are online and operational is called Transferring, and is described in the Transferring FSMO Roles article.
However, when the original FSMO role holder went offline or became non operational for a long period of time, the administrator might consider moving the FSMO role from the original, non-operational holder, to a different DC. The process of moving the FSMO role from a non-operational role holder to a different DC is called Seizing, and is described in this article.
If a DC holding a FSMO role fails, the best thing to do is to try and get the server online again. Since none of the FSMO roles are immediately critical (well, almost none, the loss of the PDC Emulator FSMO role might become a problem unless you fix it in a reasonable amount of time), so it is not a problem to them to be unavailable for hours or even days.
If a DC becomes unreliable, try to get it back on line, and transfer the FSMO roles to a reliable computer. Administrators should use extreme caution in seizing FSMO roles. This operation, in most cases, should be performed only if the original FSMO role owner will not be brought back into the environment. Only seize a FSMO role if absolutely necessary when the original role holder is not connected to the network.
What will happen if you do not perform the seize in time? This table has the info:
FSMO Role Loss implications
Schema The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time.
Domain Naming Unless you are going to run DCPROMO, then you will not miss this FSMO role.
RID Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week.
PDC Emulator Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem.
Infrastructure Group memberships may be incomplete. If you only have one domain, then there will be no impact.
Important: If the RID, Schema, or Domain Naming FSMOs are seized, then the original domain controller must not be activated in the forest again. It is necessary to reinstall Windows if these servers are to be used again.
The following table summarizes the FSMO seizing restrictions:
FSMO Role Restrictions
Schema Original must be reinstalled
Domain Naming
RID
PDC Emulator Can transfer back to original
Infrastructure
Another consideration before performing the seize operation is the administrator's group membership, as this table lists:
FSMO Role Administrator must be a member of
Schema Schema Admins
Domain Naming Enterprise Admins
RID Domain Admins
PDC Emulator
Infrastructure
To seize the FSMO roles by using Ntdsutil, follow these steps:
Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
2. Type roles, and then press ENTER.
Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server , where is the name of the server you want to use, and then press ENTER.
5. At the server connections: prompt, type q, and then press ENTER again.
6. Type seize , where is the role you want to seize. For example, to seize the RID Master role, you would type seize rid master:
Options are:
7. You will receive a warning window asking if you want to perform the seize. Click on Yes.
fsmo maintenance: Seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210300, problem 5002 (UNAVAILABLE)
data 1722
Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holde
r could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure ...
Server "server100" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=netDomain - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
PDC - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
RID - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Infrastructure - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
fsmo maintenance:
Note: All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.
8. Repeat steps 6 and 7 until you've seized all the required FSMO roles.
9. After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool.
Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.
What is the difference between authoritative and non-authoritative restore
In authoritative restore, Objects that are restored will be replicated to all domain controllers in the domain. This can be used specifically when the entire OU is disturbed in all domain controllers or specifically restore a single object, which is disturbed in all DC’s
In non-authoritative restore, Restored directory information will be updated by other domain controllers based on the latest modification time.
What is Active Directory De-fragmentation?
De-fragmentation of AD means separating used space and empty space created by deleted objects and reduces directory size (only in offline De-fragmentation)
Difference between online and offline de-fragmentation
The size of NTDS.DIT will often be different sizes across the domain controllers in a domain. Remember that Active Directory is a multi-master independent model where updates are occurring in each of the domain controllers with the changes being replicated over time to the other domain controllers.
The changed data is replicated between domain controllers, not the database, so there is no guarantee that the files are going to be the same size across all domain controllers.
Windows 2000 and Windows Server 2003 servers running Directory Services (DS) perform a directory online defragmentation every 12 hours by default as part of the garbage-collection process. This defragmentation only moves data around the database file (NTDS.DIT) and doesn’t reduce the file’s size - the database file cannot be compacted while Active Directory is mounted.
Active Directory routinely performs online database defragmentation, but this is limited to the disposal of tombstoned objects. The database file cannot be compacted while Active Directory is mounted (or online).
An NTDS.DIT file that has been defragmented offline (compacted), can be much smaller than the NTDS.DIT file on its peers.
However, defragmenting the NTDS.DIT file isn’t something you should really need to do. Normally, the database self-tunes and automatically tombstoning the records then sweeping them away when the tombstone lifetime has passed to make that space available for additional records.
Defragging the NTDS.DIT file probably won’t help your AD queries go any faster in the long run.
So why defrag it in the first place?
One reason you might want to defrag your NTDS.DIT file is to save space, for example if you deleted a large number of records at one time.
To create a new, smaller NTDS.DIT file and to enable offline defragmentation, perform the following steps:
Back up Active Directory (AD).
Reboot the server, select the OS option, and press F8 for advanced options.
Select the Directory Services Restore Mode option, and press Enter. Press
Enter again to start the OS.
W2K will start in safe mode, with no DS running.
Use the local SAM’s administrator account and password to log on.
You’ll see a dialog box that says you’re in safe mode. Click OK.
From the Start menu, select Run and type cmd.exe
In the command window, you’ll see the following text. (Enter the commands in bold.)
C:\> ntdsutil
ntdsutil: files
file maintenance:info
....
file maintenance:compact to c:\temp
You’ll see the defragmentation process. If the process was successful, enter quit to return to the command prompt.
Then, replace the old NTDS.DIT file with the new, compressed version. (Enter the commands in bold.)
C:\> copy c:\temp\ntds.dit %systemroot%\ntds\ntds.dit
Restart the computer, and boot as normal.
What is tombstone period
Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DC’s. After 60 days object will be deleted permanently from all Dc’s.
What is white space and Garbage Collection?
refer question 7
What are the monitoring tools used for Server and Network Heath. How to define alert mechanism
Spot Light , SNMP Need to enable .
How to deploy the patches and what are the softwares used for this process
Using SUS (Software update services) server we can deploy patches to all clients in the network. We need to configure an option called “Synchronize with Microsoft software update server” option and schedule time to synchronize in server. We need to approve new update based on the requirement. Then approved update will be deployed to clients
We can configure clients by changing the registry manually or through Group policy by adding WUAU administrative template in group policy
What is Clustering. Briefly define & explain it
Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs, which can only available in Enterprise Edition and Data center edition.
In Windows we can configure two types of clusters
NLB (network load balancing) cluster for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or proxy.
Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In 2 node active-passive cluster one node will be active and one node will be stand by. When active server fails the application will FAILOVER to stand by server automatically. When the original server backs we need to FAILBACK the application
Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is very important if Quorum disk fails entire cluster will fails
Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster.
How to configure SNMP
SNMP can be configured by installing SNMP from Monitoring and Management tools from Add and Remove programs.
For SNMP programs to communicate we need to configure common community name for those machines where SNMP programs (eg DELL OPEN MANAGER) running. This can be configured from services.msc--- SNMP service -- Security
Is it possible to rename the Domain name & how?
In Windows 2000 it is not possible. In windows 2003 it is possible. On Domain controller by going to MYCOMPUTER properties we can change.
What is SOA Record
SOA is a Start Of Authority record, which is a first record in DNS, which controls the startup behavior of DNS. We can configure TTL, refresh, and retry intervals in this record.
What is a Stub zone and what is the use of it.
Stub zones are a new feature of DNS in Windows Server 2003 that can be used to streamline name resolution, especially in a split namespace scenario. They also help reduce the amount of DNS traffic on your network, making DNS more efficient especially over slow WAN links.
What are the different types of partitions present in AD?
Active directory is divided into three partitions
Configuration Partition—replicates entire forest
Schema Partition—replicates entire forest
Domain Partition—replicate only in domain
Application Partition (Only in Windows 2003)
What are the (two) services required for replication
File Replication Service (FRS)
Knowledge Consistency Checker (KCC)
Can we use a Linux DNS Sever in 2000 Domain?
We can use, But the BIND version should be 8 or greater
What is the difference between IIS Version 5 and IIS Version 6?
Refer Question 1
What is ASR (Automated System Recovery) and how to implement it
ASR is a two-part system; it includes ASR backup and ASR restore. The ASR Wizard, located in Backup, does the backup portion. The wizard backs up the system state, system services, and all the disks that are associated with the operating system components. ASR also creates a file that contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to perform a restore.
You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup. ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes, and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple installation of Windows and automatically starts a restoration using the backup created by the ASR Wizard.
What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level
What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.
What is the use of SYSVOL FOLDER?
Policies and scripts saved in SYSVOL folder will be replicated to all domain controllers in the domain. FRS (File replication service) is responsible for replicating all policies and scripts
What is folder redirection?
Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where To do this, the administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can designate the server file system path to which the folder should be redirected.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.
What different modes in windows 2003 (Mixed, native & intrim….etc)
What are the domain and forest function levels in a Windows Server 2003-basedActive Directory?
Functional levels are an extension of the mixed/native mode concept introduced in Windows 2000 to activate new Active Directory features after all the domain controllers in the domain or forest are running the Windows Server 2003 operating system.
When a computer that is running Windows Server 2003 is installed and promoted to a domain controller, new Active Directory features are activated by the Windows Server 2003 operating system over its Windows 2000 counterparts. Additional Active Directory features are available when all domain controllers in a domain or forest are running Windows Server 2003 and the administrator activates the corresponding functional level in the domain or forest.
To activate the new domain features, all domain controllers in the domain must be running Windows Server 2003. After this requirement is met, the administrator can raise the domain functional level to Windows Server 2003 (read Raise Domain Function Level in Windows Server 2003 Domains for more info).
To activate new forest-wide features, all domain controllers in the forest must be running Windows Server 2003, and the current forest functional level must be at Windows 2000 native or Windows Server 2003 domain level. After this requirement is met, the administrator can raise the domain functional level (read Raise Forest Function Level in Windows Server 2003 Active Directory for more info).
Note: Network clients can authenticate or access resources in the domain or forest without being affected by the Windows Server 2003 domain or forest functional levels. These levels only affect the way that domain controllers interact with each other.
Important
Raising the domain and forest functional levels to Windows Server 2003 is a nonreversible task and prohibits the addition of Windows NT 4.0–based or Windows 2000–based domain controllers to the environment. Any existing Windows NT 4.0 or Windows 2000–based domain controllers in the environment will no longer function. Before raising functional levels to take advantage of advanced Windows Server 2003 features, ensure that you will never need to install domain controllers running Windows NT 4.0 or Windows 2000 in your environment.
When the first Windows Server 2003–based domain controller is deployed in a domain or forest, a set of default Active Directory features becomes available. The following table summarizes the Active Directory features that are available by default on any domain controller running Windows Server 2003:
Feature Functionality
Multiple selection of user objects Allows you to modify common attributes of multiple user objects at one time.
Drag and drop functionality Allows you to move Active Directory objects from container to container by dragging one or more objects to a location in the domain hierarchy. You can also add objects to group membership lists by dragging one or more objects (including other group objects) to the target group.
Efficient search capabilities Search functionality is object-oriented and provides an efficient search that minimizes network traffic associated with browsing objects.
Saved queries Allows you to save commonly used search parameters for reuse in Active Directory Users and Computers
Active Directory command-line tools Allows you to run new directory service commands for administration scenarios.
InetOrgPerson class The inetOrgPerson class has been added to the base schema as a security principal and can be used in the same manner as the user class.
Application directory partitions Allows you to configure the replication scope for application-specific data among domain controllers. For example, you can control the replication scope of Domain Name System (DNS) zone data stored in Active Directory so that only specific domain controllers in the forest participate in DNS zone replication.
Ability to add additional domain controllers by using backup media Reduces the time it takes to add an additional domain controller in an existing domain by using backup media.
Universal group membership caching Prevents the need to locate a global catalog across a wide area network (WAN) when logging on by storing universal group membership information on an authenticating domain controller.
Secure Lightweight Directory Access Protocol (LDAP) traffic Active Directory administrative tools sign and encrypt all LDAP traffic by default. Signing LDAP traffic guarantees that the packaged data comes from a known source and that it has not been tampered with.
Partial synchronization of the global catalog Provides improved replication of the global catalog when schema changes add attributes to the global catalog partial attribute set. Only the new attributes are replicated, not the entire global catalog.
Active Directory quotas Quotas can be specified in Active Directory to control the number of objects a user, group, or computer can own in a given directory partition. Members of the Domain Administrators and Enterprise Administrators groups are exempt from quotas.
When the first Windows Server 2003–based domain controller is deployed in a domain or forest, the domain or forest operates by default at the lowest functional level that is possible in that environment. This allows you to take advantage of the default Active Directory features while running versions of Windows earlier than Windows Server 2003.
When you raise the functional level of a domain or forest, a set of advanced features becomes available. For example, the Windows Server 2003 interim forest functional level supports more features than the Windows 2000 forest functional level, but fewer features than the Windows Server 2003 forest functional level supports. Windows Server 2003 is the highest functional level that is available for a domain or forest. The Windows Server 2003 functional level supports the most advanced Active Directory features; however, only Windows Server 2003 domain controllers can operate in that domain or forest.
If you raise the domain functional level to Windows Server 2003, you cannot introduce any domain controllers that are running versions of Windows earlier than Windows Server 2003 into that domain. This applies to the forest functional level as well.
Domain Functional Level
Domain functionality activates features that affect the whole domain and that domain only. The four domain functional levels, their corresponding features, and supported domain controllers are as follows:
Windows 2000 mixed (Default)
• Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003
• Activated features: local and global groups, global catalog support
Windows 2000 native
• Supported domain controllers: Windows 2000, Windows Server 2003
• Activated features: group nesting, universal groups, SidHistory, converting groups between security groups and distribution groups, you can raise domain levels by increasing the forest level settings
Windows Server 2003 interim
• Supported domain controllers: Windows NT 4.0, Windows Server 2003
• Supported features: There are no domain-wide features activated at this level. All domains in a forest are automatically raised to this level when the forest level increases to interim. This mode is only used when you upgrade domain controllers in Windows NT 4.0 domains to Windows Server 2003 domain controllers.
Windows Server 2003
• Supported domain controllers: Windows Server 2003
• Supported features: domain controller rename, logon timestamp attribute updated and replicated. User password support on the InetOrgPerson objectClass. Constrained delegation, you can redirect the Users and Computers containers.
Domains that are upgraded from Windows NT 4.0 or created by the promotion of a Windows Server 2003-based computer operate at the Windows 2000 mixed functional level. Windows 2000 domains maintain their current domain functional level when Windows 2000 domain controllers are upgraded to the Windows Server 2003 operating system. You can raise the domain functional level to either Windows 2000 native or Windows Server 2003.
After the domain functional level is raised, domain controllers that are running earlier operating systems cannot be introduced into the domain. For example, if you raise the domain functional level to Windows Server 2003, domain controllers that are running Windows 2000 Server cannot be added to that domain.
The following describes the domain functional level and the domain-wide features that are activated for that level. Note that with each successive level increase, the feature set of the previous level is included.
Forest Functional Level
Forest functionality activates features across all the domains in your forest. Three forest functional levels, the corresponding features, and their supported domain controllers are listed below.
Windows 2000 (default)
• Supported domain controllers: Windows NT 4.0, Windows 2000, Windows Server 2003
• New features: Partial list includes universal group caching, application partitions, install from media, quotas, rapid global catalog demotion, Single Instance Store (SIS) for System Access Control Lists (SACL) in the Jet Database Engine, Improved topology generation event logging. No global catalog full sync when attributes are added to the PAS Windows Server 2003 domain controller assumes the Intersite Topology Generator (ISTG) role.
Windows Server 2003 interim
• Supported domain controllers: Windows NT 4.0, Windows Server 2003. See the "Upgrade from a Windows NT 4.0 Domain" section of this article.
• Activated features: Windows 2000 features plus Efficient Group Member Replication using Linked Value Replication, Improved Replication Topology Generation. ISTG Aliveness no longer replicated. Attributes added to the global catalog. ms-DS-Trust-Forest-Trust-Info. Trust-Direction, Trust-Attributes, Trust-Type, Trust-Partner, Security-Identifier, ms-DS-Entry-Time-To-Die, Message Queuing-Secured-Source, Message Queuing-Multicast-Address, Print-Memory, Print-Rate, Print-Rate-Unit
Windows Server 2003
• Supported domain controllers: Windows Server 2003
• Activated features: all features in Interim Level, Defunct schema objects, Cross Forest Trust, Domain Rename, Dynamic auxiliary classes, InetOrgPerson objectClass change, Application Groups, 15-second intrasite replication frequency for Windows Server 2003 domain controllers upgraded from Windows 2000
After the forest functional level is raised, domain controllers that are running earlier operating systems cannot be introduced into the forest. For example, if you raise forest functional levels to Windows Server 2003, domain controllers that are running Windows NT 4.0 or Windows 2000 Server cannot be added to the forest.
Different Active Directory features are available at different functional levels. Raising domain and forest functional levels is required to enable certain new features as domain controllers are upgraded from Windows NT 4.0 and Windows 2000 to Windows Server 2003
Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows server 2003 and Windows server 2003 interim ( Only available when upgrades directly from Windows NT 4.0 to Windows 2003)
Forest Functional Levels: Windows 2000 and Windows 2003
Ipsec usage and difference window 2000 & 2003.
Microsoft doesn’t recommend Internet Protocol security (IPSec) network address translation (NAT) traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind network address translators. When a server is behind a network address translator, and the server uses IPSec NAT-T, unintended side effects may occur because of the way that network address translators translate network traffic
If you put a server behind a network address translator, you may experience connection problems because clients that connect to the server over the Internet require a public IP address. To reach servers that are located behind network address translators from the Internet, static mappings must be configured on the network address translator. For example, to reach a Windows Server 2003-based computer that is behind a network address translator from the Internet, configure the network address translator with the following static network address translator mappings:
• Public IP address/UDP port 500 to the server's private IP address/UDP port 500.
• Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500.
These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is sent to the public address of the network address translator is automatically translated and forwarded to the Windows Server 2003-based computer
How to create application partition windows 2003 and its usage?
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.
Applications and services can use application directory partitions to store application-specific data. Application directory partitions can contain any type of object, except security principals. TAPI is an example of a service that stores its application-specific data in an application directory partition.
Application directory partitions are usually created by the applications that will use them to store and replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool.
Is it possible to do implicit transitive forest to forest trust relationship in windows 2003?
Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit trust
Two-way trust
One-way: incoming
One-way: Outgoing
What is universal group membership cache in windows 2003?
Information is stored locally once this option is enabled and a user attempts to log on for the first time. The domain controller obtains the universal group membership for that user from a global catalog. Once the universal group membership information is obtained, it is cached on the domain controller for that site indefinitely and is periodically refreshed. The next time that user attempts to log on, the authenticating domain controller running Windows Server 2003 will obtain the universal group membership information from its local cache without the need to contact a global catalog.
By default, the universal group membership information contained in the cache of each domain controller will be refreshed every 8 hours.
GPMC & RSOP in windows 2003?
GPMC is tool which will be used for managing group policies and will display information like how many policies applied, on which OU’s the policies applied, What are the settings enabled in each policy, Who are the users effecting by these polices, who is managing these policies. GPMC will display all the above information.
RSoP provides details about all policy settings that are configured by an Administrator, including Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts, and Group Policy Software Installation.
When policies are applied on multiple levels (for example, site, domain, domain controller, and organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and their precedence (the order in which policies are applied).
Assign & Publish the applications in GP & how?
Through Group policy you can Assign and Publish the applications by creating .msi package for that application
With Assign option you can apply policy for both user and computer. If it is applied to computer then the policy will apply to user who logs on to that computer. If it is applied on user it will apply where ever he logs on to the domain. It will be appear in Start menu—Programs. Once user click the shortcut or open any document having that extension then the application install into the local machine. If any application program files missing it will automatically repair.
With Publish option you can apply only on users. It will not install automatically when any application program files are corrupted or deleted.
DFS in windows 2003?
Refer Question 17 on level 2
How to use recovery console?
The Windows 2000 Recovery Console is a command-line console that you can start from the Windows 2000 Setup program. Using the Recovery Console, you can start and stop services, format drives, read and write data on a local drive (including drives formatted to use NTFS), and perform many other administrative tasks. The Recovery Console is particularly useful if you need to repair your system by copying a file from a floppy disk or CD-ROM to your hard drive, or if you need to reconfigure a service that is preventing your computer from starting properly. Because the Recovery Console is quite powerful, it should only be used by advanced users who have a thorough knowledge of Windows 2000. In addition, you must be an administrator to use the Recovery Console.
There are two ways to start the Recovery Console:
If you are unable to start your computer, you can run the Recovery Console from your Windows 2000 Setup disks or from the Windows 2000 Professional CD (if you can start your computer from your CD-ROM drive).
As an alternative, you can install the Recovery Console on your computer to make it available in case you are unable to restart Windows 2000. You can then select the Recovery Console option from the list of available operating systems
PPTP protocol for VPN in windows 2003?
Point-to-Point-Tunneling Protocol (PPTP) is a networking technology that supports multiprotocol virtual private networks (VPN), enableing remote users to access corporate networks securely across the Microsoft Windows NT® Workstation, Windows® 95, and Windows 98 operating systems and other point-to-point protocol (PPP)-enabled systems to dial into a local Internet service provider to connect securely to their corporate network through the Internet
Netdom.exe is domain management tool to rename domain controller
Thursday, July 29, 2010
Skills required for Microsoft Server Administrator
Skills required for Microsoft Server Administrator
Microsoft has specified more than twenty-five objectives for the 70-297 test, which are grouped under four
topics. Following are the important areas in which an individual should possess good knowledge before taking
the 70-297 test:
1. Analyzing business and technical requirements of an organization.
2. Analyzing the impact of Active Directory on the existing technical environment.
3. Analyzing existing and planned business models and organizational structure.
4. Analyzing the structure of IT management.
5. Evaluating the company's existing and planned technical environments.
6. Analyzing existing network operating system implementation.
7. Analyzing the impact of Active Directory on a planned environment.
8. Analyzing the business requirement for client computer desktop management.
9. Analyzing security requirements for the Active Directory directory service.
10. Designing an Active Directory and domain structure.
11. Designing an Active Directory naming strategy including planning of DNS.
12. Designing an organizational unit structure and a site structure. Designing a replication strategy.
13. Designing a user and computer authentication strategy.
14. Designing the placement of operations masters, global catalog servers, domain controllers, and DNS
servers.
15. Identifying network topology and performance levels.
What is Active Directory Migration Tool (ADMT) ?
The Active Directory Migration Tool (ADMT) is used to migrate from an earlier implementation of Windows NT to
Windows Server 2003 or Windows 2000 Server. ADMT supports not only migration from Windows NT 4.0 to
Active Directory but also interforest and intraforest migrations. ADMT is designed to migrate an Active Directory
schema from one forest to another, regardless of whether a change in operating systems is involved.
ADMT 2.0 has many new features such as a command-line interface and a better interface to work with
Microsoft Exchange Server. ADMT also supports a user-account password migration.
How to restart Active Directory Domain Services?
Take the following steps to restart Active Directory Domain Services:
Start the Services console through Start > Administrative Tools > Services.
What is LDIFDE
LDIFDE is a command-line tool in the Windows Server 2003 operating system. It is used to create, modify, and
delete objects on computers running on Windows Server 2003 and Windows XP Professional. LDIFDE is also
used to extend the schema, export Active Directory user and group information to other applications or services,
and populate Active Directory with data from other directory services.
What is primary restore method?
The primary restore method is a type of backup restoration of the System State data. This method is used to
restore Active Directory data on a stand-alone domain controller. This method of restoration is also used in a
situation when a completely failed forest needs to be restored
What is replication?
Replication is a process through which the changes made to a replica on one domain controller are
synchronized to replicas on all other domain controllers in the network. Each domain controller stores three
types of replicas:
Schema partition: This partition stores definitions and attributes of objects that can be created in the forest.
Changes made in this partition are replicated to all the domain controllers in all the domains in the forest.
Configuration partition: This partition stores the logical structure of the forest deployment. It includes the
domain structure and replication topology. Changes made in this partition are replicated to all the domain
controllers in all the domains in the forest.
Domain partition: This partition stores all the objects in a domain. Changes made in this partition are replicated
to all the domain controllers within the domain.
Note: Windows supports a new type of directory partition named Application directory partition. This partition is
available only to the Windows 2003 (or above) domain controllers. The applications and services use this
partition to store application-specific data.
Creating, modifying, moving, or deleting an object triggers a replication between domain controllers.
Replications are of two types:
Intrasite: In the intrasite (within a site) replication, the data is not compressed, as the replication mostly uses
LAN connections. This saves the computer's CPU time of processing data. In the intrasite replication, the
replication partners poll each other periodically and notify each other when changes need to be replicated, and
then pull the information for processing. Active Directory uses the remote procedure call (RPC) transport
protocol for intrasite replication.
Intersite: As intersite (between sites) replication uses WAN connections, a large amount of data is compressed
to save bandwidth. For the same reason, the replication partners do not notify each other when changes need
to be replicated. Instead, administrators configure the replication schedule to update the information. Active
Directory uses the IP or SMTP protocol for intersite replication.
What is NLB Manager?
Network Load Balancing (NLB) Manager is a Windows Server 2008 GUI tool to manage NLB. NLB Manager is
used to add or remove hosts from an NLB cluster, to configure a cluster, and to manage a cluster. NLB Manager
can be installed by using Add Features within Server Manager
Group Policy and Group Policy Object (GPO)
What are group policies?
Group policies specify how programs, network resources, and the operating system work for users and
computers in an organization. They are collections of user and computer configuration settings that are applied
on the users and computers (not on groups). For better administration of group policies in the Windows
environment, the group policy objects (GPOs) are used.
What is GPO?
Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility
known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and
organizational units (OUs). The Windows 2000/2003 operating systems support two types of GPOs, local and
non-local (Active Directory-based) GPOs.
Local GPOs
Local GPOs are used to control policies on a local server running Windows 2000/2003 Server. On each
Windows 2000/2003 server, a local GPO is stored. The local GPO affects only the computer on which it is
stored. By default, only Security Settings nodes are configured. The rest of the settings are either disabled or
not enabled. The local GPO is stored in the %systemroot%SYSTEM32GROUPPOLICY folder.
Non-local GPOs
Non-local GPOs are used to control policies on an Active Directory-based network. A Windows 2000/2003
server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local
GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or
computer objects. The non-local GPOs are stored in %systemroot%SYSVOLPOLICIES is the GPO's globally unique identifier. Two non-local GPOs are created by
default when the Active Directory is installed:
Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.
Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain
controllers placed in this OU.
What is ADS Automated Deployment Services?
Microsoft Windows Server 2003 Automated Deployment Services (ADS) is used by administrators to build and
manage very large and scaled out deployment of Windows servers. It includes a new set of imaging tools for
rapidly deploying Windows 2000 Server and Windows Server 2003 remotely. ADS offers improved
communication security and a reliable script execution framework. It uses the image-based deployment method
Under what conditions should Administrators create multiple forests?
Microsoft recommends the creation of multiple forests under the following conditions:
If Administrators do not trust each other: An Administrator can create a "denial of service" condition.
One can create this condition by rapidly creating or deleting objects, hence causing a large amount of
replication to the global catalog. This replication can waste network bandwidth and slow down global
catalog servers, as they spend time in processing replication. This condition forces administrators to
create multiple forests.
Organizations cannot agree on a forest change policy: Changes in schema, configuration, and the
addition of new domains to a forest have forest-wide impact. If organizations in a forest cannot agree on a
common policy, they cannot share the same forest, forcing administrators to create multiple forests.
If one wants to limit the scope of a trust relationship: All domains in a forest trust each other. In order
to prevent certain users from being granted permissions to certain resources, those users must be placed
in a forest different from the forest containing those resources. Administrators can use explicit trust
relationships to allow those users to be granted access to resources in specific domains, if required
What is GPMC tool?
The Group Policy Management Console (GPMC) is a tool for managing group policies in Windows Server
2003. It provides administrators a single consolidated environment for working on group policy-related
tasks. GPMC provides a single interface with drag-and-drop functionality to allow an administrator to
manage group policy settings across multiple sites, domains, or even forests. GPMC is used to back up,
restore, import, and copy group policy objects. It also provides a reporting interface on how group policy
objects (GPOs) have been deployed.
What is Performance Monitor?
Performance Monitor is used to get statistical information about the hardware and software components of
a server. Performance Monitor is used for the following:
· Monitor objects on multiple computers.
· Log data pertaining to objects on multiple computers, over time.
· Analyze the effects of changes made to a computer.
· Launch programs and send notifications when thresholds are reached.
· Export data for analysis in spreadsheet or database applications.
· Save counter and object settings for repeated use.
· Create reports for use in analyzing performance, over time.
What is System Monitor?
System Monitor is a Windows graphical tool for measuring the performance of a host or remote computer.
It is used to view reports on CPU load, memory usage, and interrupt rate, and the overall throughput of the
traffic on a network. Using System Monitor, administrators can perform the following functions:
· Create charts and reports to measure a computer's efficiency.
· Identify and troubleshoot possible issues, such as unbalanced resource use, insufficient hardware, or
poor program design.
· Plan for additional hardware needs.
System Monitor can also be used to monitor the resource use of specific components and program processes.
What is the SQL Server: General Statistics: User Connections counter?
The SQL Server: General Statistics: User Connections counter displays the number of user connections in
SQL Server. Its maximum value is 255. An increase in the value of the counter causes performance
problems and affects throughput. A Database Administrator should monitor this counter to resolve
performance issues.
What is Simple Mail Transfer Protocol (SMTP)?
Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail messages between servers. It
is mostly used to send messages from a mail client such as Microsoft Outlook to a mail server. Most of the
e-mail systems that send mails over the Internet use SMTP to send messages from one server to another.
Due to its limitations in queuing messages at the receiving end, it is generally used with either the POP3 or
IMAP protocol, which enables a user to save and download messages from the server.
What is bluescreen error?
Bluescreen error, sometimes called Blue Screen of Death (BSOD), is the condition that occurs when a
Windows computer fails to boot properly or quits unexpectedly. Microsoft refers these blue screens as
"Stop errors". There are several causes of the blue screen popping up. It can be due to a poorly written
device driver, bad memory, damaged registry, or usage of incompatible versions of DLLs. In Windows NT,
Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, a blue screen of death occurs
when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This
is usually caused by an illegal operation being performed. The only safe action to overcome such
situations is to restart the computer.
What is the netstat command?
The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is
used to get information about the open connections on a computer, incoming and outgoing data, as well as
the ports of remote computers to which the computer is connected. The netstat command gets all this
networking information by reading the kernel routing tables in the memory.
What is IIS?
Internet Information Services (IIS) is a software service that supports Web site creation, configuration, and
management, along with other Internet functions. Microsoft Internet Information Services includes Network
News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Clustering
A cluster is a group of two or more computers (servers) connected to provide fault tolerance and load
balancing. It is dedicated to run a specific application. Each server in a cluster is known as a node. The
failover and failback capabilities of a cluster bring the application downtime to zero.
Note: Server clustering is intended to provide high availability for applications and not for data.
Failover
In the cluster, each node or computer runs the same critical application. In case one computer fails, the
other computers detect the failure and take charge immediately. This phenomenon is called failover.
Failback
When the failed node returns back to the network, other nodes take notice and the cluster begins to use
the restored node again. This phenomenon is called failback.
Types of Clusters
Windows Server 2003 supports two types of clusters:
· Server clusters
· Network Load Balancing (NLB)
Server Clusters
In server clusters, all nodes are connected to a common data set, such as a storage area network. All nodes
have access to the same application data. Any of these nodes can process a request from a client at any time.
Nodes can be configured as either active or passive. Only an active node can process requests from clients. In
the event of a failure of the active node, the passive node takes charge and becomes active. Otherwise, the
passive node remains idle.
Server clusters are created for running applications that have frequently changing data sets and have longrunning
in-memory states. The applications such as database servers, e-mail and messaging servers, and file
and print services can be included in server clusters.
A server cluster is treated as a single destination for a client. It has its own name and IP address. This address is
different from the individual IP addresses of the servers in the cluster. Hence, when any server fails in the cluster,
the passive server becomes active. Clients send their requests to the server cluster address. Therefore, this
change over does not affect the functionality of the cluster.
Windows Server 2003 supports eight nodes in a cluster. However, Windows 2000 Server supports only two
nodes in a cluster.
Network Load Balancing
Network Load Balancing (NLB) is a type of clustering. It is used to provide high availability and reliability of the
application servers. NLB is configured for the applications that rarely change and that have very small data sets.
Web servers, FTP servers, VPN servers are the areas where NLB can be used successfully.
In the NLB cluster, all nodes are active and have separate identical data sets. Multiple servers (or nodes) are
used to distribute the load of processing data. Clients send the requests to the cluster, and then the clustering
software distributes incoming client requests among the nodes. If a node fails, the clients' requests are served by
other nodes. Network Load Balancing is highly scaleable. Both Windows 2003 and Windows 2000 operating
systems support NLB clusters of up to thirty-two nodes.
What is the Task Manager utility?
Task Manager is a utility that is used for managing applications, processes, and the general system
performance and also for viewing the networking and user statistics. The Task Manager utility is used to
run or end programs or applications. Administrators use this tool to quickly identify and terminate a rogue
application.
What is Task Manager utility?
The Task Manager utility provides information about programs and processes running on a computer. By
using Task Manager, a user can end or run programs, end processes, and display a dynamic overview of
his computer's performance. Task Manager provides an immediate overview of system activity and
performance.
What is DNS namespace?
DNS namespace is the hierarchical structure of the domain name tree. It is defined such that the names of
all similar components must be similarly structured, but similarly identifiable. The full DNS name must point
to a particular address. Consider the following image of DNS namespace of the Internet:
The salessrv1 and salessrv2 are host names of the hosts configured in the sales.ucertify.com domain. The
fully qualified domain name (FQDN) of the host salessrv1 is salessrv1.sales.ucertify.com. No two hosts can
have the same FQDN.
What is ADSIEdit ?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active
Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common
administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes
for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application
programming interfaces (APIs) to access Active Directory. The following are the required files for using this
tool:
· ADSIEDIT.DLL
· ADSIEDIT.MSC
Regarding system requirements, a connection to an Active Directory environment and Microsoft Management
Console (MMC) is necessary.
What are group scopes?
The scope of a group defines two characteristics:
· It determines the level of security applying to a group.
· It determines which users can be added to a group.
Windows Server 2003 supports the following scopes:
Domain Local: Domain local groups are used to assign permissions to local resources such as files and printers.
Members can come from any domain.
Global: Members of this group can access resources in any domain. Members can only come from the local
domain.
Universal: Members can be added from any domain in the forest. Members can access resources from any
domain. Universal groups are used for managing the security across domains. Universal groups can also contain
global groups. Universal groups are only available in the domains having functional level Windows 2000 native or
Windows Server 2003.
What is IPv6?
IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the
problems that were faced by IPv4, such as address depletion, security, auto-configuration, and
extensibility. With the fast increasing number of networks and the expansion of the World Wide Web, the
allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6
solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These
addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is
45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE.
What is DSMOD?
DSMOD is a command-line utility that is used to modify existing objects, such as users, computers,
groups, servers, OUs etc., in Active Directory
What is NTDSUTIL utility?
NTDSUTIL.EXE is a command-line tool that is used to manage Active Directory. This utility is used to
perform the following tasks:
· Performing database maintenance of Active Directory.
· Managing and controlling operations master roles.
· Removing metadata left behind by domain controllers.
Note:The NTDSUTIL utility is supposed to be used by experienced administrators.
What is System File Checker utility?
The System File Checker utility is used to verify the integrity of the operating system files, to restore them if
they are corrupt, and to extract compressed files (such as drivers) from installation disks. It can also be
used to backup the existing files before restoring the original files.
What is SCHTASKS tool?
The SCHTASKS tool is used to schedule commands and programs to run periodically or at a specific time.
It adds and removes tasks from the schedule, starts and stops tasks on demand, and displays and
changes scheduled tasks.
What is CHKDSK?
CHKDSK is a command-line tool used to scan and repair volumes on the hard disk for physical problems
such as bad blocks. It also repairs volumes for logical structure errors such as lost clusters, cross-linked
files, or directory errors.
Network Configuration and Management Utilities
Administrators use various utilities to configure and manage networks. Following are some commonly used
utilities:
WINIPCFG: WINIPCFG is a Windows 9x Internet Protocol (IP) configuration utility used to display all
current TCP/IP network configuration values for a computer running Microsoft TCP/IP. Network
configuration values include the current IP address allocated to the computer and other useful data about
TCP/IP allocation. This utility is of particular use on networks using Dynamic Host Configuration Protocol
(DHCP), allowing users to determine which TCP/IP configuration values have been configured by DHCP.
IPCONFIG: IPCONFIG is a command-line utility used to display current TCP/IP network configuration
values, and to update or release the Dynamic Host Configuration Protocol (DHCP) allocated leases. It is
also used to display, register, or flush Domain Name System (DNS) names.
NSLOOKUP: NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name System (DNS)
problems. It performs its function by sending queries to the DNS server and obtaining detailed responses
at the command prompt. This information can be useful for diagnosing and resolving name resolution
issues, verifying whether or not the resource records are added or updated correctly in a zone, and
debugging other server-related problems. This utility is installed along with the TCP/IP protocol through the
Control Panel.
PING: PING is a command-line utility used to test connectivity with a host on a TCP/IP-based network.
This is achieved by sending out a series of packets to a specified destination host. On receiving the
packets, the destination host responds with a series of replies. These replies can be used to determine if
the network is working properly.
TRACERT: TRACERT is a route-tracing Windows utility that displays the path an IP packet takes to reach
its destination. It shows the Fully Qualified Domain Name (FQDN) and the IP address of each gateway
along the route to the remote host.
PATHPING: PATHPING is a command-line utility that pings each hop along the route for a set period of
time and shows the delay and packet loss along with the tracing functionality of TRACERT, which helps
determine a weak link in the path.
NBTSTAT: NBTSTAT is a Windows utility used to check the state of current NetBIOS over TCP/IP
connections, update the NetBIOS name cache, and determine the registered names and scope IDs.
NETSTAT: NETSTAT is a command-line utility that displays protocol related statistics and the state of
current TCP/IP connections. It is used to obtain information about the open connections on a computer,
incoming and outgoing data, and also the ports of remote computers to which the computer is connected.
The NETSTAT command gets all this networking information by reading the kernel routing tables in the
memory.
TELNET: TELNET is a command-line connectivity utility that starts terminal emulation with a remote host
running the Telnet Server service. TELNET allows users to communicate with a remote computer, offers
the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the
Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It
uses TCP port 23 by default.
What is a certificate?
A certificate is a digital representation of information that identifies authorized users on the Internet and intranets. It
can be used with applications and security services to provide authentication. Certificates are issued by certification
authorities (CAs).
What is a nonclustered index?
A nonclustered index has the same B-tree structure as the clustered index. The index consists of a root page,
intermediate levels, and a leaf level. The leaf level of a nonclustered index does not contain the actual data. It contains
pointers to the data that is stored in the data pages. A nonclustered index does not physically rearrange the data.
Monitoring Physical Server Performance
SQL Server 2005 can be installed on a Windows 2000 or Windows 2003 server computer. A database administrator is
always concerned about the performance of the SQL Server database engine and the server computer. Database
Administrators monitor the performance of the server using various tools to analyze performance and resolve
performance issues.
System Monitor: System Monitor is a tool used to monitor the performance of the server. It gives information about the
resources that are under pressure. The values of various counters in System Monitor indicate which resource is under
pressure. Performance deterioration can be diagnosed by setting performance alerts. These alerts show the increase or
decrease in a counter value with respect to the pre-defined value. Normally the counters are monitored for a period of
24-hours. If an error occurs, a message regarding the error can either be sent to the administrator or written to the
Application log. Log files can be saved in various formats such as text file, binary file, or SQL database file.
The counters that are to be measured in order to resolve performance issues are as follows:
· Memory: Pages/sec
· Memory: Available Bytes
· SQL Server: Buffer Manager: Buffer Cache Hit Ratio
· Physical Disk: Disk Reads/sec
· Physical Disk: Disk Writes/sec
· Physical Disk: %Disk Time
· Physical Disk: Avg: Disk Queue Length
· Physical Disk: % Free Space
· Logical Disk: %Free Space
· Processor: %Processor Time
· System: Processor Queue Length
· Network Interface: Bytes Received/sec
· Network Interface: Bytes Sent/sec
· Network Interface: Bytes/sec
· Network Interface: Output Queue Length
· SQL Server: General: User Connection
Tip for server roles.
There are eight server roles. These roles are as follows:
· sysadmin
· dbcreator
· bulkadmin
· diskadmin
· processadmin
· serveradmin
· setupadmin
· securityadmin
What is virus?
A virus is a malicious program. A computer virus passes from one computer to another in the same way as a biological
virus passes from one person to another. Most viruses are written with a malicious intent, so that they can cause
damage to programs and data in addition to spreading themselves. Viruses infect existing programs to alter the
behavior of programs, actively destroy data, and perform actions on storage devices that render their stored data
inaccessible.
Computer viruses attack the software of a computer such as operating systems, data files, application software, and emails.
However, viruses do not affect the computer hardware
Network Protocols
Protocol is a set of rules and conventions by which two computers pass messages across a network. Sets of standard protocols
facilitate communication between the computers in a network having different types of hardware and software. Both the sender
and the receiver computers must use exactly the same set of protocols in order to communicate with each other. A protocol can
lay down the rules for the message format, timing, sequencing, and error handling.
The description of the primary protocols in the suite is as follows:
Protocol
Name
Description
IP Internet Protocol (IP) is a connectionless network-layer protocol that is the primary carrier of data on a TCP/IP network.
TCP Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer. This protocol
can transmit large amounts of data. Application-layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer
files between clients and servers.
UDP User Datagram Protocol (UDP) is a connectionless, unreliable transport-layer protocol. UDP is used primarily for brief exchange
of requests and replies.
Telnet Telnet is a protocol that enables an Internet user to log onto and enter commands on a remote computer linked to the
Internet, as if the user were using a text-based terminal directly attached to that computer.
FTP File Transfer Protocol (FTP) is a primary protocol of the TCP/IP protocol suite, used to transfer text and binary files between
computers over a TCP/IP network.
SMTP Simple Mail Transfer Protocol (SMTP) is used for transferring or sending e-mail messages between servers.
PPP: Point-to-Point Protocol (PPP) is a set of industry-standard framing and authentication protocols included with Windows
remote access to ensure interoperability with third-party remote access software. It is a data link-layer protocol designed to
create a direct connection between two computers, typically using telephone lines.
POP3: Post Office Protocol version 3 (POP3) is a protocol used for retrieving e-mail messages. The POP3 servers allow access to
a single Inbox in contrast to IMAP servers that provide access to multiple server-side folders.
IMAP: Internet Message Access Protocol (IMAP) is a protocol for receiving e-mail messages. It allows an e-mail client to access
and manipulate a remote e-mail file without downloading it to the local computer. It is used mainly by the users who want to
read their e-mails from remote locations.
PPTP: Point-to-Point Tunneling Protocol (PPTP) is an encryption protocol used to provide secure, low-cost remote access to
corporate networks through public networks such as the Internet. Using PPTP, remote users can use PPP-enabled client
computers to dial a local ISP and connect securely to the corporate network through the Internet.
HTTP: Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display
Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web
servers and browsers should take in response to various commands. For example, when a client application or browser sends a
request to the server using HTTP commands, the server responds with a message containing the protocol version, success or
failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port.
HTTPS: Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Uniform Resource Locator (URL) address
line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL), HTTPS (instead of HTTP
protocol) should be used as a protocol type in the URL.
ARP: Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the
resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to
maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this
correlation and providing address conversion in both directions. ARP is limited to physical network systems that support
broadcast packets.
ICMP: Internet Control Message Protocol (ICMP) is a maintenance protocol and is normally considered a part of the IP layer.
ICMP messages are encapsulated within IP datagrams, so that they can be routed throughout an internetwork.
Internet Message Access Protocol 4 (IMAP4): It is an e-mail message retrieval protocol that allows e-mail clients to retrieve email
messages from e-mail servers. IMAP4 has the following advantages over the POP3 protocol:
· IMAP4 can be used to download only specific mails from the mail server, while POP3 downloads all the mails from
the mail server at a time.
· IMAP4 can download only a part of the message (e.g., the header) initially. Then depending upon the user, the
entire message can be downloaded afterwards. However, POP3 downloads the entire message at a time.
· IMAP4 only marks a message as deleted as soon as it is being read. The message will then be deleted as soon as
the user logs off, or sends the EXPUNGE command to the mail server.
· IMAP4 supports server side storage. Hence, the location of the user is insignificant. However, POP3 uses a local
client application to read the mails.
· Since IMAP4 stores messages on the server side, the user does not have to bother about fault tolerance and
system crashes. When the POP3 protocol is used, the messages once downloaded from the server are stored
locally and can be lost if the local system crashes.
· IMAP4 allows a user to create multiple mailboxes on multiple servers under the same user name. The user can
personalize these mailboxes for receiving specific kinds of mails in each mailbox. However, POP3 allows only a
single user account to be configured.
· Changes made to a mail are propagated to the IMAP4 server. This feature is not available under POP3 protocol.
However, there are some disadvantages of IMAP4 over the POP3 protocol, which are as follows:
· If the connection with the mail server drops while reading a mail, it has to be re-established. On the other hand,
POP3 downloads the entire mail at a time. Hence, if the connection with the mail server is dropped at the time of
reading a mail, it does not affect the reading.
· The POP3 protocol is mostly supported by the commercially available mail servers.
· Since the mails in IMAP4 are stored on the server, the space storage management is a primary concern on such
mail servers.
IP Addressing
IP Addresses are used to uniquely identify the computers in a network, so each computer must have its own unique IP address.
An IP address consists of two parts: a network identifier and a host identifier. The network identifier denotes the type of
network, and the host identifier is a unique number of a particular computer. So in a particular type of network, each node has
the same network id and a host id, which are unique.
The type of IP address also depends on the subnet mask, which is used to determine which part of the IP address denotes the
network id and which part is the host id. For example, if the IP address is 192.168.1.200 and the subnet mask is 255.255.255.0,
the network id will be 192.168.1 and the host id will be 200. In the same way, if the subnet mask is 255.255.0.0, the network id
will be 192.168 and the host id will be 1.200. If the subnet mask is 255.0.0.0, the network id will be 192 and the host id will be
168.1.200.
There are two versions of IP addressing, the commonly used IPv4 and the latest version known as IPv6. They have been
discussed in detail in the following paragraphs.
IPv4
IP Address
In this version of IP addressing, an IP address is of 32 bits in length, and is divided into four 8 bit decimal values known as
octets. In these types of IP addresses, the leftmost bit has the value of 128, which is followed by 64, 32, 16, 8, 4, 2, and 1. An IP
address can have values from 0 to 255 because each bit can be either a 0 or a 1. So if all the bits are 1, the value will be 255;
and if all the bits are 0, the value will be 0.
Subnet Mask
A subnet mask determines which part of the IP address denotes the network id and which part is the host id. It is also a 32-bit
number, which is expressed in decimal format. The subnet mask is assigned according to the class of IP address used.
IP Address Classes
The Internet Assigned Number Authority registers the IP addresses used in the networks to ensure their uniqueness. IP
addresses have been divided into five groups or classes known as IP Address classes. Each class of IP address has a particular
subnet mask associated with it. The five classes of IP addresses are class A, B, C, D and E, in which class D is reserved for
multicast addressing and class E is reserved for future use. So only classes A through C are used for assigning IP addresses to
client computers.
· In class A addresses, only the first octet is used to define the network id, and the rest are used for the host id. It
has the address range from 1 to 126 and so it can have only 126 numbers of networks. The number of hosts
possible in these types of networks is 16,777,214. It uses the subnet mask 255.0.0.0.
· In class B networks, the first two octets represent the network id and the rest are the host id. It has a range of
128-191 and can have 16384 networks with 65,534 hosts. The standard subnet mask assigned to these IP
addresses is 255.255.0.0.
· In class C addresses, the first three octets are used to represent the network id. It has a range of 192-223 and can
have 2,097,152 networks with 253 hosts. The subnet mask associated with it is 255.255.255.0.
· Class D addresses have an address range of 224-239, and class E addresses have an address range of 240-255.
Default Gateway
Default gateway is a TCP/IP configuration option, used to communicate with TCP/IP nodes on remote network segments. At least
one interface must be configured with the IP address of a default gateway.
IPv6
The current version of IP addressing (i.e., IPv4) has its limitations. With the fast increasing number of the networks and the
expansion of the World Wide Web, the IP addresses allotted are finishing fast and the need for more network addresses has
arisen. IPv6 can solve this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are
hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address can be 45CF: 6D53: 12CD: AFC7: E654:
BB32: 543C.
Subnetting
Subnets are subdivisions of an IP address network, used for creating smaller broadcast domains and for better utilization of the
bits in the host ID. Through subnetting, the host id portion of an IP address can be used to create more networks than by using
the default subnet mask.
Suppose that a company has been assigned a Class C IP address 200.1.1.0, and the standard subnet mask is 255.255.255.0.
This means that the network id will be 200.1.1 and the total number of hosts will be 254. The company has two departments:
production and sales. Members of the production department do not need to access the computers of the sales department. So
it is better to have separate networks for both the departments for better security and manageability. Through subnetting, the
bits from the host id portion can be used to create more networks, which will work as separate networks.
Public and Private Networks
Network can be differentiated as private and public. A public network is a network, which can be accessed by anyone from the
general public, an example being the Internet. In contrast, a private network is accessible only by those people who have
special permissions on that particular network. An example of a private network is a network within an organization such as a
company, a hospital, or a college.
Public and private networks have different types of IP addressing schemes. Addresses on the Internet are assigned by the IANA
(Internet Assigned Numbers Authority), which assigns them to the Internet Service Providers (ISPs), who then distribute them to
the users. Apart from the public address, some addresses have been reserved for the private networks. These are not available
for general public and are used in private networks.
Some addresses from each of the classes A, B, and C have been assigned for use by private networks. The address range for
class A addresses is from 10.0.0.0 to 255.255.255, for class B addresses it is from 172.6.0.0 to 172.31.255.255, and for class C
addresses, it is from 192.168.0.0 to 192.168.255.255.
IP Addressing Methods:
Static Addressing
In static addressing, every computer is assigned an IP address manually. It is not preferred in large networks, which have lots of
hosts, because the chance of assigning duplicate addresses will be more. This will result in a conflict of IP addresses and
deterioration of the speed. Also it is time consuming, as every system is configured manually and if some changes are to be
made afterwards, it will consume a lot of time doing it manually for every computer.
Dynamic Addressing
In this type of addressing scheme, the IP addresses are assigned automatically by the use of Dynamic Host Configuration
Protocol (DHCP) to all the computers in the network. This results in much less burden on the network administrator and faster
configuration of the network. This type of addressing needs a DHCP server, to which a range of IP addresses is allotted. The
DHCP server automatically assigns any address from the range of IP addresses defined to the workstations on the network.
APIPA
Automatic private IP addressing (APIPA) is a feature of Windows XP TCP/IP that configures a unique IP address for each
computer on a network when the TCP/IP protocol is configured for dynamic addressing and a DHCP server is not available or
offline. The key function of APIPA is to allow resources to be available even if the DHCP server is offline. APIPA addresses are
always in the range of 169.254.0.1 and 169.254.255.254 and use a subnet mask of 255.255.0.0.
When a user configures a TCP/IP connection to obtain an IP address automatically, by default the computer tries to find a DHCP
server for obtaining the address. The user obtains the address if the computer finds the DHCP server. If it does not find the
DHCP server, the computer uses APIPA to configure a unique IP address for the computers of a network. Since APIPA does not
offer a gateway address, it can never be used on the Internet, and the clients using APIPA cannot access resources outside the
local subnet.
TCP/UDP Ports
The default TCP/UDP ports associated with TCP/IP protocol or applications are as under:
Protocol Port
HTTP 80
HTTPS 443
POP3 110
FTP 20
FTP 21
IMAP4 143
SMTP 25
NNTP 119
NTP 123
DNS 53
TFTP 69
Telnet 23
SSH 22
What are cluster configurations?
Server clusters using the Cluster service can be set up as one of the following three different cluster configurations:
1. Single Node server clusters: They can be configured with or without external cluster storage devices. For
Single Node server clusters without an external cluster storage device, the local disk is configured as the cluster
storage device.
2. Single Quorum Device server clusters: They can have two or more nodes and are so configured as to attach
every node to one or more shared storage devices, such as an external array of Small Computer System Interface
(SCSI) disks. The cluster configuration data is stored on a single cluster storage device, also known as the quorum
disk.
3. Majority Node Set server clusters: They can have two or more nodes, but nodes might not be attached to one
or more cluster storage devices. The cluster configuration data is stored on multiple disks across the cluster, and
the Cluster service guarantees that this data is kept consistent across the disks.
However, server clusters using the Cluster service are set up depending on the specific needs for failovers, in which application
services are moved to another node in the cluster.
What is N+I Hot Standby Server?
N+I Hot Standby Server is one of the failover models. It is commonly referred to as an Active/Passive mode. In
an active/passive mode, the active nodes handle all client requests, whereas the passive nodes monitor the
active nodes. In N+I Hot Standby Server, N denotes the number of active nodes, and I refers to the number of
passive nodes. This model has a drawback that the server resources remain idle for a long time and are
utilized only when another server fails. However, it is the most scalable and reliable model.
What is failover?
Failover is a term associated with cluster services. It refers to the ability of a server to immediately start servicing the
requests if a primary server fails. If the application services in a cluster-node fail, the Cluster Service generally tries to
restart them on the same node. If the services do not start, then it moves the services to another node in the cluster
and restarts them on that node.
Windows Server 2003 Active Directory and Network Infrastructure
Windows Server 2003 Active Directory is a centralized database that stores the collection of information about all the
resources available on the Windows Server 2003 domain. It is a hierarchical representation of all the objects and their
attributes available on the network. It enables administrators to manage the network resources, i.e., computers, users,
printers, shared folders, etc., in an easy way. The logical structure represented by Active Directory consists of forests,
trees, domains, organizational units, and individual objects. This structure is completely independent from the physical
structure of the network, and allows administrators to manage domains according to the organizational needs without
bothering about the physical network structure.
Following is the description of all logical components of the Active Directory structure:
1. Forest: A forest is the outermost boundary of an Active Directory structure. It is a group of multiple domain trees
that share a common schema but do not form a contiguous namespace. It is created when the first Active
Directory-based computer is installed on a network. There is at least one forest on a network. The first domain in a
forest is called a root domain. It controls the schema and domain naming for the entire forest. It can be separately
removed from the forest. Administrators can create multiple forests and then create trust relationships between
specific domains in those forests, depending upon the organizational needs.
2. Trees: A hierarchical structure of multiple domains organized in the Active Directory forest is referred to as a tree.
It consists of a root domain and several child domains. The first domain created in a tree becomes the root
domain. Any domain added to the root domain becomes its child, and the root domain becomes its parent. The
parent-child hierarchy continues until the terminal node is reached. All domains in a tree share a common
schema, which is defined at the forest level. Depending upon the organizational needs, multiple domain trees can
be included in a forest.
3. Domains: A domain is the basic organizational structure of a Windows Server 2003 networking model. It logically
organizes the resources on a network and defines a security boundary in Active Directory. The directory may
contain more than one domain, and each domain follows its own security policy and trust relationships with other
domains. Almost all the organizations having a large network use domain type of networking model to enhance
network security and enable administrators to efficiently manage the entire network.
4. Objects: Active Directory stores all network resources in the form of objects in a hierarchical structure of
containers and subcontainers, thereby making them easily accessible and manageable. Each object class consists
of several attributes. Whenever a new object is created for a particular class, it automatically inherits all attributes
from its member class. Although the Windows Server 2003 Active Directory defines its default set of objects,
administrators can modify it according to the organizational needs.
5. Organizational Unit (OU): It is the least abstract component of the Windows Server 2003 Active Directory. It
works as a container into which resources of a domain can be placed. Its logical structure is similar to an
organization's functional structure. It allows creating administrative boundaries in a domain by delegating
separate administrative tasks to the administrators on the domain. Administrators can create multiple
Organizational Units in the network. They can also create nesting of OUs, which means that other OUs can be
created within an OU.
In a large complex network, the Active Directory service provides a single point of management for the administrators by
placing all the network resources at a single place. It allows administrators to effectively delegate administrative tasks as well
as facilitate fast searching of network resources. It is easily scalable, i.e., administrators can add a large number of resources to
it without having additional administrative burden. It is accomplished by partitioning the directory database, distributing it
across other domains, and establishing trust relationships, thereby providing users with benefits of decentralization, and at the
same time, maintaining the centralized administration.
The physical network infrastructure of Active Directory is far too simple as compared to its logical structure. The physical
components are domain controllers and sites.
1. Domain Controller: A Windows 2003 server on which Active Directory services are installed and run is called a
domain controller. A domain controller locally resolves queries for information about objects in its domain. A
domain can have multiple domain controllers. Each domain controller in a domain follows the multimaster model
by having a complete replica of the domain's directory partition. In this model, every domain controller holds a
master copy of its directory partition. Administrators can use any of the domain controllers to modify the Active
Directory database. The changes performed by the administrators are automatically replicated to other domain
controllers in the domain.
However, there are some operations that do not follow the multimaster model. Active Directory handles these
operations and assigns them to a single domain controller to be accomplished. Such a domain controller is
referred to as operations master. The operations master performs several roles, which can be forest-wide as well
as domain-wide.
o Forest-wide roles: There are two types of forest-wide roles:
Schema Master and Domain Naming Master. The Schema Master is responsible for maintaining the
schema and distributing it to the entire forest. The Domain Naming Master is responsible for
maintaining the integrity of the forest by recording additions of domains to and deletions of domains
from the forest. When new domains are to be added to a forest, the Domain Naming Master role is
queried. In the absence of this role, new domains cannot be added.
o Domain-wide roles: There are three types of domain-wide roles: RID Master, PDC Emulator, and
Infrastructure Master.
Domain controllers can also be assigned the role of a Global Catalog server. A Global Catalog is a
special Active Directory database that stores a full replica of the directory for its host domain and the
partial replica of the directories of other domains in a forest. It is created by default on the initial
domain controller in the forest. It performs the following primary functions regarding logon capabilities
and queries within Active Directory:
1. It enables network logon by providing universal group membership information to a domain
controller when a logon request is initiated.
2. It enables finding directory information about all the domains in an Active Directory forest.
A Global Catalog is required to log on to a network within a multidomain environment. By providing
universal group membership information, it greatly improves the response time for queries. In its
absence, a user will be allowed to log on only to his local domain if his user account is external to the
local domain.
2. Site: A site is a group of domain controllers that exist on different IP subnets and are connected via a fast and
reliable network connection. A network may contain multiple sites connected by a WAN link. Sites are used to
control replication traffic, which may occur within a site or between sites. Replication within a site is referred to as
intrasite replication, and that between sites is referred to as intersite replication. Since all domain controllers
within a site are generally connected by a fast LAN connection, the intrasite replication is always in uncompressed
form. Any changes made in the domain are quickly replicated to the other domain controllers. Since sites are
connected to each other via a WAN connection, the intersite replication always occurs in compressed form.
Therefore, it is slower than the intrasite replication.
What are domain functional levels?
The domain functional levels are the various states of a domain, which enable domain-wide Active Directory features
within a network environment. Domain levels are the same as domain modes in Windows 2000. Windows supports four
types of functional levels:
1. Windows 2000 Mixed: This is the default domain functional level. When a first domain controller is installed or
upgraded to Windows 2003, the domain controller is configured to run in the Windows 2000 mixed functional
level. In this mode, domain controllers running the following operating systems are supported:
o Windows NT Server 4.0
o Windows 2000 Server
o Windows Server 2003
2. Windows 2000 Native: In this level, domain controllers running Windows 2000 and Windows 2003 can interact
with each other. No domain controller running a pre-Windows 2000 version is supported in this functional level of
the domain.
3. Windows Server 2003 Interim: This functional level allows a Windows Server 2003 domain controller to
interact with domain controllers in the domain running Windows NT 4.0 or Windows Server 2003. This functional
level is used to upgrade the first Windows NT domain to a new forest.
Note: Windows Server 2003 interim functional level does not support domain controllers running Windows 2000.
4. Windows Server 2003:This functional level of domain allows a Windows Server 2003 domain controller to
interact only with the domain controllers running Windows 2003 in the domain. A domain level can be raised to
Windows Server 2003 only when all the domain controllers in the domain are running Windows Server 2003
What is site?
A site is a collection of one or more well-connected (usually a local area network) TCP/IP subnets. The network between
the subnets must be highly reliable and fast (512 Kbps and higher). Although the sites are defined on the basis of
location, they can be spanned over more than one location. A site structure corresponds to the physical environment,
whereas a domain is the logical environment of the network. A site can contain single or multiple domains, and a
domain can contain single or multiple sites.
Sites are created to physically group the computers and resources for optimizing the network traffic. Administrators can
configure Active Directory access and replication technology to take advantage of the physical network by configuring
sites. When a user logs on to a network, the authentication request searches for the domain controllers in the same site
where the user is located. A site prevents the network traffic from traveling on wide area network (WAN) links that are
slow.
What is DCDIAG tool? AD Trubleshooting tool.
Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze the domain controllers in a forest to
report problems or issues. The scope of this tool covers the functions of the domain controllers and interactions across
an entire enterprise. The DCDIAG tool is used to diagnose the domain controller status for the following issues:
· Connectivity
· Replication
· Integrity of topology
· Permissions on directory partition heads
· Permissions of users
· Functionality of the domain controller locator
· Consistency among domain controllers in the site
· Verification of trusts
· Diagnosis of replication latencies
· Replication of trust objects
· Verification of File Replication service
· Verification of critical services
Note: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes. Although this tool allows specific tests to be
run individually, it is not intended as a general toolbox of commands for performing specific tasks.
What is NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for
batch management of trusts, joining computers to domains, verifying trusts, and secure channels
Windows 2003 system services?
Windows Server 2003 comes with many system services that have different functionalities in the operating system.
When Windows Server 2003 is first installed, the default system services are created and are configured to run when
the system starts
Example :
Following are some important system services of Windows Server 2003:
Alerter
Automatic Updates
Cluster Service
DHCP
Distributed File System
DNS Client service
DNS Server service
Event Log service
Remote Installation
Remote Procedure Call (RPC)
Routing and Remote Access
What is a paging file?
A paging file is a hidden file on the hard disk used by Windows operating systems to hold parts of programs and data
that do not fit in the computer's memory. The paging file and the physical memory, or random access memory (RAM),
comprise the virtual memory. Windows operating systems move data from the paging file to the memory as required
and move data from the memory to the paging file to make room for new data. A paging file is also known as a swap
file.
What are authoritative and non-authoritative Active Directory restores?
There are two general methods of restoring Active Directory from the backup media: authoritative and nonauthoritative.
Authoritative restore makes the computer authoritative over other domain controllers. Data restored authoritatively in
a computer takes precedence over other domain controllers' data, despite the fact that the restored data is older than
the current replicas. Authoritative restore is typically used to restore a system to a previously known state. The
NTDSUTIL command-line tool allows authoritatively restoring the entire directory, a subtree, or individual objects,
provided they are leaf objects.
A non-authoritative restore results in the restored data (which may be outdated) becoming synchronized with the data
on other domain controllers through replication.
What is ADPREP tool?
The ADPREP tool is used to prepare Windows 2000 domains and forests for an upgrade to Windows Server 2003. It
extends the schema, updates default security descriptors of selected objects, and adds new directory objects as
required by some applications.
Syntax:
ADPREP {/forestprep | /domainprep}
Parameter Description
/forestprep Prepares a Windows 2000 forest for an upgrade to a Windows Server 2003 forest.
/domainprep Prepares a Windows 2000 domain for an upgrade to a Windows Server 2003 domain.
/? Displays help for the command.
To run ADPREP /forestprep, the administrator must be a member of the Enterprise Admins group and the Schema
Admins group in Active Directory. The ADPREP /forestprep command must be run on the schema master.
To run ADPREP /domainprep, the administrator must be a member of the Domain Admins group or the Enterprise
Admins group in Active Directory. The ADPREP /domainprep command must be run on each infrastructure master.
Which files are included in the System State data?
Following are the files included in the System State data:
· Boot files, including the system files and all files protected by Windows File Protection (WFP)
· Active Directory (on domain controller only)
· SYSVOL (on domain controller only)
· Certificate Services (on certification authority only)
· Cluster database (on cluster node only)
· Registry
· IIS metabase
· Performance counter configuration information
· Component Services Class registration database
What is RENDOM utility?
RENDOM is a Windows 2003 utility used to rename and restructure a domain in the forest. It can perform the following
tasks:
· Change the DNS and NetBIOS names of the forest-root domain.
· Change the DNS and NetBIOS names of any tree-root domain.
· Change the DNS and NetBIOS names of the parent and child domains.
· Restructure a domain's position in the forest.
The utility is supplied by Microsoft and is placed in the ValueaddMsftMgmtDomren directory on the Windows Server 2003 CDROM.
Note: Renaming a domain is a thorough multi-step process that requires a detailed understanding of the operation. It affects
every domain controller in the forest.
What is volume shadow copy?
The Windows Backup provides a feature of taking a backup of files that are opened by a user or system. This feature is
known as volume shadow copy. Volume shadow copy makes a duplicate copy of all files at the start of the backup process.
In this way, files that have changed during the backup process are copied correctly. Volume shadow copy ensures the
following:
· Applications continue to write data to the volume during a backup
· Backups are scheduled at any time without locking out users.
What is Performance Logs and Alerts?
Performance Logs and Alerts is an MMC snap-in that is used to establish performance baselines, diagnose system
problems, and anticipate increased system resource demands. It is used to obtain useful data for detecting system
bottlenecks and changes in system performance. The alerting functionality of this tool is extremely useful for
troubleshooting intermittent and difficult-to-reproduce problems. It uses the same performance counters as the System
Monitor for capturing information to log files over a period of time. The prime benefit of this tool is the ability to capture
performance counter information for further analysis. Performance Logs and Alerts runs as a service and loads during
computer startup. It does not require a user to log on to a computer.
Network Interface Card
A network interface card (NIC) is a computer circuit board or card installed in a computer. It provides a physical
connection between a computer and the network. Network interface cards provide a dedicated, full-time connection to
a network. Each network Interface card has a unique Media Access Control (MAC) address.
Media Access Control (MAC) address is a numerical identifier that is unique for each network interface card (NIC). MAC
addresses are 48-bit values expressed as twelve hexadecimal digits, usually divided into hyphen-separated pairs, for
example, FF-00-F8-32-13-19. MAC addresses are also referred to as hardware addresses, Ethernet addresses, and
universally administered addresses (UAAs).
Hub
A hub is a device used to link computers in a network. It connects computers that have a common architecture, such as
Ethernet, ARCnet, FDDI, or Token Ring. All hub-computer connections for a particular network use the same type of
cable, which can be twisted-pair, coaxial, or fiber-optic. Hubs are generally used in star topology networks. Token Ring
hubs are also known as Multistation Access Units (MSAUs). A hub works on the physical layer of the OSI model. Two
types of hubs are available as follows:
1. Active hub is a central device used to connect computers in a star network. It regenerates and retransmits
deteriorated signals on the network.
2. Passive hub is a central device used to connect computers in a star network. It receives information through one
of its ports and sends it to the computers connected to every other port. Therefore, although the information is
broadcasted to the network, only the destination computer reads it. A passive hub does not regenerate signals.
Repeater
A repeater is a basic LAN connection device. It allows a network cabling system to extend beyond its
maximum allowed length and reduces distortion by amplifying or regenerating network signals. Repeaters can also be used to
connect network segments composed of different media, such as connecting a twisted pair cable segment to a fiber-optic
cable segment. A repeater works at the physical layer of the OSI model.
Switch
A switch is a network connectivity device that brings media segments together in a central location. It reads the destination's
MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This
reduces the network traffic. Switches operate at the data-link layer of the OSI model.
Router
A router is a device that routes data packets between computers in different networks. It is used to connect multiple networks,
and it determines the path to be taken by each data packet to its destination computer. A router maintains a routing table of
the available routes and their conditions. By using this information, along with distance and cost algorithms, the router
determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar
networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer
(layer 3) of the Open Systems Interconnection (OSI) model.
Brouter
A brouter is a combination of a bridge and a router. It is used to connect dissimilar network segments, and it routes only a
specific transport protocol such as TCP/IP. A brouter also works as a bridge for all types of packets, passing them on as long as
they are not local to the LAN segment from which they have originated.
Bridge
A bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using
the same communication protocols and provides address filtering between them. Users can use this device to divide busy
networks into segments and reduce network traffic. A bridge broadcasts data packets to all the possible destinations within a
specific segment. Bridges operate at the data-link layer of the OSI model.
Gateway
A gateway is a network interconnectivity device that translates different communication protocols and is used to connect
dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as
a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device.
Modem
Modem stands for Modulator-Demodulator. It is a device that enables a computer to transmit information over standard
telephone lines. Since a computer stores information digitally and a telephone line is analog, a modem converts digital signals
to analog and vice versa. The conversion of a digital signal to analog is known as modulation and that of an analog signal to
digital is known as demodulation.
Normal Backups
When an administrator chooses to use a normal backup, all selected files and folders are backed up and the archive
attribute of all files are cleared. A normal backup does not use the archive attribute to determine which files to back up.
A normal backup is used as the first step of any backup plan. It is used with the combination of other backup types for
planning a backup strategy of an organization. Normal backups are the most time-consuming and are resource hungry.
Restoration from a normal backup is more efficient than other types of backups.
Incremental Backups
An incremental backup backs up files that are created or changed since the last normal or incremental backup. It takes
the backup of files of which the archive attribute is set. After taking a backup, it clears the archive attribute of files. An
incremental backup is the fastest backup process. Restoring data from an incremental backup requires the last normal
backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were
created.
Note: If any media in the incremental backup set is damaged or data becomes corrupt, the data backed up after
corruption cannot be restored.
Differential Backups
Differential backup backs up files that are created or changed since the last normal backup. It does not clear the
archive attribute of files after taking a backup. The restoration of files from a differential backup is more efficient than
an incremental backup.
Copy Backups
A copy backup copies all selected files and folders. It neither uses nor clears the archive attribute of the files. It is
generally not a part of a planned scheduled backup.
Daily Backups
A daily backup backs up all selected files and folders that have changed during the day. It backs up data by using the
modified date of the files. It neither uses nor clears the archive attribute of the files.
Combining backup types
The easiest backup plan is to take a normal backup every night. A normal backup every night ensures that the data is
restored from a single job the next day. Although the restoration of data from a normal backup is easy, taking a backup
is time consuming. Hence, an administrator is required to make an optimal backup plan. An administrator must
consider the following points before creating a backup plan:
· The time involved in taking the backup.
· The size of the backup job.
· The time required to restore a system in the event of a system failure.
The most common solutions for the needs of different organizations include the combination of normal, differential, and
incremental backups.
Combination of Normal and Differential Backups
An administrator can use a combination of a normal backup and a differential backup to save time in taking a backup as well as
for a restoration of data. In this plan, a normal backup can be taken on Sunday, and differential backups can be taken on
Monday through Friday every night. If data becomes corrupt at any time, only a normal and last differential backup are required
to be restored. Although this combination is easier and takes lesser time for restoration, it takes more time to take backup if
data changes frequently.
Combination of Normal and Incremental Backups
A combination of normal and incremental backups can be used to save more time for taking backups. In this plan, a normal
backup is taken on Sunday and incremental backups on Monday through Friday every night. If data becomes corrupt at any
time, a normal and all incremental backups till date are required to be restored.
Backing up a System State Data
System State Data
System State data contains critical elements of the Windows 2000 and Windows Server 2003 operating systems. Following are
the files included in the System State data:
· Boot files, including the system files and all files protected by Windows File Protection (WFP)
· Active Directory (on domain controller only)
· SYSVOL (on domain controller only)
· Certificate Services (on certification authority only)
· Cluster database (on cluster node only)
· Registry
· IIS metabase
· Performance counter configuration information
· Component Services Class registration database
What is Internet Security and Acceleration (ISA) Server 2000?
Internet Security and Acceleration Server 2000 is a Microsoft product that is used to provide powerful security
and network acceleration while accessing the Internet. It works as a firewall as well as a Web cache server. It
integrates with the Microsoft Windows 2000 operating system for policy-based security, acceleration, and
management of internetworking.
Features of ISA Server
· It provides an additional level of security.
· It offers industry-leading Web cache performance.
· It integrates with Microsoft Windows 2000.
· It enables administrators to use bandwidth efficiently.
· It provides increased manageability.
· It provides enhanced usability.
· It provides integrated services.
· It provides increased extensibility.
· It provides improved interoperability.
· It provides enhanced scalability.
Site and Replication
What is a Site?
A site is a collection of one or more well-connected (usually a local area network) TCP/IP subnets. The network
between the subnets must be highly reliable and fast (512 Kbps and higher). Although the sites are generally
defined on the basis of location, they can be spanned over more than one location. A site structure
corresponds to the physical environment, whereas a domain is the logical environment of the network. A site
can contain single or multiple domains, and a domain can contain single or multiple sites.
The sites are created to physically group the computers and resources to optimize network traffic.
Administrators can configure Active Directory access and replication technology to take advantage of the
physical network by configuring sites. When a user logs on to the network, the authentication request
searches for the domain controllers in the same site as the user. A site prevents the network traffic from
traveling on slow wide area network (WAN) links.
What are Directory Tree, Directory Partition, and Replica?
Directory tree is a hierarchy of objects and containers of Active Directory, which represents all the objects in
the forest. Each domain controller stores a copy of a specific part of the directory tree, called a directory
partition (sometimes called naming context). The copy of the directory partition is called a replica. A replica
contains all attributes for each directory partition object. Each domain controller in the forest stores a replica.
What is replication?
Replication is a process through which the changes made to a replica on one domain controller are
synchronized to replicas on all the other domain controllers in the network. Each domain controller stores
three types of replicas:
· Schema partition: This partition stores definitions and attributes of objects that can be created in the
forest. The changes made in this partition are replicated to all the domain controllers in all the domains in
the forest.
· Configuration partition: This partition stores the logical structure of the forest deployment. It includes
the domain structure and the replication topology. The changes made in this partition are replicated to all
the domain controllers in all the domains in the forest.
· Domain partition: This partition stores all the objects in a domain. Changes made in this partition are
replicated to all the domain controllers within the domain.
Note: Windows Server 2003 supports a new type of directory partition named Application directory partition. This
partition is available only to Windows 2003 domain controllers. The applications and services use this partition to store
application-specific data.
Creating, modifying, moving, and deleting an object trigger a replication between domain controllers. Replications are
of two types:
· Intrasite: An intrasite (within a site) replication mostly uses LAN connections. As intrasite replication
does not compress data, it saves a computer's CPU time. In an intrasite replication, the replication
partners poll each other periodically and notify each other when changes need to be replicated, and then
pull the information for processing. Active Directory uses a remote procedure call (RPC) transport protocol
for intrasite replication.
· Intersite: As an intersite (between sites) replication uses WAN connections, a large amount of data is
compressed to save WAN bandwidth. For the same reason, the replication partners do not notify each
other when changes need to be replicated. Instead, administrators configure the replication schedule to
update the information. Active Directory uses an IP or SMTP protocol for intersite replication.
For intrasite replication to take place, connection objects are required. The Active Directory automatically creates and
deletes connection objects as and when required. Connection objects can be created manually to force replication.
What are Site Links?
Site links are logical, transitive connections between two or more sites. For intersite replication to take place, site links
are required to be configured. Once a site link has been configured, the knowledge consistency checker (KCC) then
automatically generates the replication topology by creating the appropriate connection objects. Site links are used to
determine the paths between two sites. They must be created manually.
Site links are transitive in nature. For example, if Site 1 is linked with Site 2 and Site 2 is linked with Site 3, then Site 1
and Site 3 are linked transitively. The administrators can control transitivity of the site link. By default, transitivity is
enabled. Site link transitivity can be enabled or disabled through a bridge.
What is Site Link Bridge?
A site link bridge is created to build a transitive and logical link between two sites that do not have an explicit site link.
The site link bridge is created only when the transitivity of the site link is disabled.
What is Site Link Cost?
Site link cost is an attribute of a site link. Each site link has been assigned a default cost of 100. The knowledge
consistency checker (KCC) uses the site link cost to determine which site links should be preferred for replication. It
should be remembered that the lower the site link cost, the more preferred is the link.
For example, an administrator has to configure the site link cost of links between Site 1 and Site 2. There are two site
links available as shown in the image below:
S1S2 is a T1 site link that uses T1 lines for replication, whereas S1S2DU uses a dial-up connection for replication. If the
administrator requires that the KCC should prefer the S1S2 site link to the S1S2DU site link for replication, he will have
to configure the SIS2 link with a lower cost than that of the S1S2DU link. Any site link configured with the site link cost
of one (1) will always get preference over the other site links with a higher cost.
What is Bridgehead Server?
A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data
between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case
the server is down, KCC designates another one from the domain controller. When a bridgehead server receives
replication updates from another site, it replicates the data to the other domain controllers within its site.
What is Preferred Bridgehead Server?
A preferred bridgehead server is a domain controller in a site, specified by an administrator, to act as a bridgehead
server. Administrators can specify more than one preferred bridgehead server, but only one server is active at a time in
a site. A preferred bridgehead server is designated to take advantage of a certain domain controller having the
appropriate bandwidth to transmit and receive information
What is Performance Logs and Alerts?
Performance Logs and Alerts is an MMC snap-in that is used to establish performance baselines, diagnose
system problems, and anticipate increased system resource demands. It is used to obtain useful data for
detecting system bottlenecks and changes in system performance. The alerting functionality of this tool is
extremely useful for troubleshooting intermittent and difficult-to-reproduce problems. It uses the same
performance counters as the System Monitor for capturing information to log files over a period of time. The
prime benefit of this tool is the ability to capture performance counter information for further analysis.
Performance Logs and Alerts runs as a service and loads during computer startup. It does not require a user to
log on to a computer
What is WLBS.EXE?
WLBS.EXE is a command-line tool, which is used as a Network Load Balancing control program. WLBS.EXE is
used to start, stop, and administer Network Load Balancing, as well as to enable and disable ports and to
query cluster status.
Note: WLBS.EXE cannot be used to change the registry parameters of Network Load Balancing.
What is buffer overflow?
Buffer overflow is a condition in which an application receives more data than it is configured to accept. This
usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the
application
What is DMZ?
Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a
private network. It is the boundary between the Internet and an internal network, usually a combination of
firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a
large enterprise network or corporate network the ability to use the Internet while still maintaining its security
What is Kerberos v5?
Kerberos v5 is an authentication method used by Windows operating systems to authenticate users and
network services. Windows 2000/2003 and XP clients and servers use Kerberos v5 as the default
authentication method. Kerberos has replaced the NT LAN Manager (NTLM) authentication method, which was
less secure. Kerberos uses mutual authentication to verify both the identity of the user and network services.
The Kerberos authentication process is transparent to the users.
Note: Kerberos v5 is not supported on Windows XP Home clients or on any clients that are not members of an
Active Directory domain.
What is Software Update Services (SUS)?
Software Update Services (SUS) is a tool used to acquire and distribute critical Windows patches to computers
running Windows operating systems. Administrators use SUS to download and test the patches, and then
deploy the patches to the appropriate computers running the Automatic Updates clients. SUS consists of three
components:
1. Software Update Services (SUS) that runs on the server.
2. Automatic Updates (AU) that runs on client computers.
3. Group Policy settings that control AU clients from Active Directory.
SUS does not support Microsoft Office or Microsoft BackOffice products. It updates the operating systems (except
Windows NT or Windows 9x), Microsoft IIS, and Microsoft Internet Explorer (IE) only.
Which installation modes are available with ISA Server?
The following modes are available as a part of the ISA Server setup process:
· Firewall: In Firewall mode, network configuration can be secured by configuring rules that control
communication between a corporate network and the Internet. In this mode, internal servers can also be
published to share data with Internet users.
· Cache: In Cache mode, network performance can be improved and bandwidth can be saved by storing
commonly accessed Internet objects locally. Requests can be routed from the Internet users to an
appropriate internal Web server.
· Integrated: Integrated mode is a combination of Firewall and Cache modes. It supports all the features
available in Firewall and Cache modes of ISA Server
Microsoft has specified more than twenty-five objectives for the 70-297 test, which are grouped under four
topics. Following are the important areas in which an individual should possess good knowledge before taking
the 70-297 test:
1. Analyzing business and technical requirements of an organization.
2. Analyzing the impact of Active Directory on the existing technical environment.
3. Analyzing existing and planned business models and organizational structure.
4. Analyzing the structure of IT management.
5. Evaluating the company's existing and planned technical environments.
6. Analyzing existing network operating system implementation.
7. Analyzing the impact of Active Directory on a planned environment.
8. Analyzing the business requirement for client computer desktop management.
9. Analyzing security requirements for the Active Directory directory service.
10. Designing an Active Directory and domain structure.
11. Designing an Active Directory naming strategy including planning of DNS.
12. Designing an organizational unit structure and a site structure. Designing a replication strategy.
13. Designing a user and computer authentication strategy.
14. Designing the placement of operations masters, global catalog servers, domain controllers, and DNS
servers.
15. Identifying network topology and performance levels.
What is Active Directory Migration Tool (ADMT) ?
The Active Directory Migration Tool (ADMT) is used to migrate from an earlier implementation of Windows NT to
Windows Server 2003 or Windows 2000 Server. ADMT supports not only migration from Windows NT 4.0 to
Active Directory but also interforest and intraforest migrations. ADMT is designed to migrate an Active Directory
schema from one forest to another, regardless of whether a change in operating systems is involved.
ADMT 2.0 has many new features such as a command-line interface and a better interface to work with
Microsoft Exchange Server. ADMT also supports a user-account password migration.
How to restart Active Directory Domain Services?
Take the following steps to restart Active Directory Domain Services:
Start the Services console through Start > Administrative Tools > Services.
What is LDIFDE
LDIFDE is a command-line tool in the Windows Server 2003 operating system. It is used to create, modify, and
delete objects on computers running on Windows Server 2003 and Windows XP Professional. LDIFDE is also
used to extend the schema, export Active Directory user and group information to other applications or services,
and populate Active Directory with data from other directory services.
What is primary restore method?
The primary restore method is a type of backup restoration of the System State data. This method is used to
restore Active Directory data on a stand-alone domain controller. This method of restoration is also used in a
situation when a completely failed forest needs to be restored
What is replication?
Replication is a process through which the changes made to a replica on one domain controller are
synchronized to replicas on all other domain controllers in the network. Each domain controller stores three
types of replicas:
Schema partition: This partition stores definitions and attributes of objects that can be created in the forest.
Changes made in this partition are replicated to all the domain controllers in all the domains in the forest.
Configuration partition: This partition stores the logical structure of the forest deployment. It includes the
domain structure and replication topology. Changes made in this partition are replicated to all the domain
controllers in all the domains in the forest.
Domain partition: This partition stores all the objects in a domain. Changes made in this partition are replicated
to all the domain controllers within the domain.
Note: Windows supports a new type of directory partition named Application directory partition. This partition is
available only to the Windows 2003 (or above) domain controllers. The applications and services use this
partition to store application-specific data.
Creating, modifying, moving, or deleting an object triggers a replication between domain controllers.
Replications are of two types:
Intrasite: In the intrasite (within a site) replication, the data is not compressed, as the replication mostly uses
LAN connections. This saves the computer's CPU time of processing data. In the intrasite replication, the
replication partners poll each other periodically and notify each other when changes need to be replicated, and
then pull the information for processing. Active Directory uses the remote procedure call (RPC) transport
protocol for intrasite replication.
Intersite: As intersite (between sites) replication uses WAN connections, a large amount of data is compressed
to save bandwidth. For the same reason, the replication partners do not notify each other when changes need
to be replicated. Instead, administrators configure the replication schedule to update the information. Active
Directory uses the IP or SMTP protocol for intersite replication.
What is NLB Manager?
Network Load Balancing (NLB) Manager is a Windows Server 2008 GUI tool to manage NLB. NLB Manager is
used to add or remove hosts from an NLB cluster, to configure a cluster, and to manage a cluster. NLB Manager
can be installed by using Add Features within Server Manager
Group Policy and Group Policy Object (GPO)
What are group policies?
Group policies specify how programs, network resources, and the operating system work for users and
computers in an organization. They are collections of user and computer configuration settings that are applied
on the users and computers (not on groups). For better administration of group policies in the Windows
environment, the group policy objects (GPOs) are used.
What is GPO?
Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility
known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and
organizational units (OUs). The Windows 2000/2003 operating systems support two types of GPOs, local and
non-local (Active Directory-based) GPOs.
Local GPOs
Local GPOs are used to control policies on a local server running Windows 2000/2003 Server. On each
Windows 2000/2003 server, a local GPO is stored. The local GPO affects only the computer on which it is
stored. By default, only Security Settings nodes are configured. The rest of the settings are either disabled or
not enabled. The local GPO is stored in the %systemroot%SYSTEM32GROUPPOLICY folder.
Non-local GPOs
Non-local GPOs are used to control policies on an Active Directory-based network. A Windows 2000/2003
server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local
GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or
computer objects. The non-local GPOs are stored in %systemroot%SYSVOL
default when the Active Directory is installed:
Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.
Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain
controllers placed in this OU.
What is ADS Automated Deployment Services?
Microsoft Windows Server 2003 Automated Deployment Services (ADS) is used by administrators to build and
manage very large and scaled out deployment of Windows servers. It includes a new set of imaging tools for
rapidly deploying Windows 2000 Server and Windows Server 2003 remotely. ADS offers improved
communication security and a reliable script execution framework. It uses the image-based deployment method
Under what conditions should Administrators create multiple forests?
Microsoft recommends the creation of multiple forests under the following conditions:
If Administrators do not trust each other: An Administrator can create a "denial of service" condition.
One can create this condition by rapidly creating or deleting objects, hence causing a large amount of
replication to the global catalog. This replication can waste network bandwidth and slow down global
catalog servers, as they spend time in processing replication. This condition forces administrators to
create multiple forests.
Organizations cannot agree on a forest change policy: Changes in schema, configuration, and the
addition of new domains to a forest have forest-wide impact. If organizations in a forest cannot agree on a
common policy, they cannot share the same forest, forcing administrators to create multiple forests.
If one wants to limit the scope of a trust relationship: All domains in a forest trust each other. In order
to prevent certain users from being granted permissions to certain resources, those users must be placed
in a forest different from the forest containing those resources. Administrators can use explicit trust
relationships to allow those users to be granted access to resources in specific domains, if required
What is GPMC tool?
The Group Policy Management Console (GPMC) is a tool for managing group policies in Windows Server
2003. It provides administrators a single consolidated environment for working on group policy-related
tasks. GPMC provides a single interface with drag-and-drop functionality to allow an administrator to
manage group policy settings across multiple sites, domains, or even forests. GPMC is used to back up,
restore, import, and copy group policy objects. It also provides a reporting interface on how group policy
objects (GPOs) have been deployed.
What is Performance Monitor?
Performance Monitor is used to get statistical information about the hardware and software components of
a server. Performance Monitor is used for the following:
· Monitor objects on multiple computers.
· Log data pertaining to objects on multiple computers, over time.
· Analyze the effects of changes made to a computer.
· Launch programs and send notifications when thresholds are reached.
· Export data for analysis in spreadsheet or database applications.
· Save counter and object settings for repeated use.
· Create reports for use in analyzing performance, over time.
What is System Monitor?
System Monitor is a Windows graphical tool for measuring the performance of a host or remote computer.
It is used to view reports on CPU load, memory usage, and interrupt rate, and the overall throughput of the
traffic on a network. Using System Monitor, administrators can perform the following functions:
· Create charts and reports to measure a computer's efficiency.
· Identify and troubleshoot possible issues, such as unbalanced resource use, insufficient hardware, or
poor program design.
· Plan for additional hardware needs.
System Monitor can also be used to monitor the resource use of specific components and program processes.
What is the SQL Server: General Statistics: User Connections counter?
The SQL Server: General Statistics: User Connections counter displays the number of user connections in
SQL Server. Its maximum value is 255. An increase in the value of the counter causes performance
problems and affects throughput. A Database Administrator should monitor this counter to resolve
performance issues.
What is Simple Mail Transfer Protocol (SMTP)?
Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail messages between servers. It
is mostly used to send messages from a mail client such as Microsoft Outlook to a mail server. Most of the
e-mail systems that send mails over the Internet use SMTP to send messages from one server to another.
Due to its limitations in queuing messages at the receiving end, it is generally used with either the POP3 or
IMAP protocol, which enables a user to save and download messages from the server.
What is bluescreen error?
Bluescreen error, sometimes called Blue Screen of Death (BSOD), is the condition that occurs when a
Windows computer fails to boot properly or quits unexpectedly. Microsoft refers these blue screens as
"Stop errors". There are several causes of the blue screen popping up. It can be due to a poorly written
device driver, bad memory, damaged registry, or usage of incompatible versions of DLLs. In Windows NT,
Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, a blue screen of death occurs
when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This
is usually caused by an illegal operation being performed. The only safe action to overcome such
situations is to restart the computer.
What is the netstat command?
The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is
used to get information about the open connections on a computer, incoming and outgoing data, as well as
the ports of remote computers to which the computer is connected. The netstat command gets all this
networking information by reading the kernel routing tables in the memory.
What is IIS?
Internet Information Services (IIS) is a software service that supports Web site creation, configuration, and
management, along with other Internet functions. Microsoft Internet Information Services includes Network
News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).
Clustering
A cluster is a group of two or more computers (servers) connected to provide fault tolerance and load
balancing. It is dedicated to run a specific application. Each server in a cluster is known as a node. The
failover and failback capabilities of a cluster bring the application downtime to zero.
Note: Server clustering is intended to provide high availability for applications and not for data.
Failover
In the cluster, each node or computer runs the same critical application. In case one computer fails, the
other computers detect the failure and take charge immediately. This phenomenon is called failover.
Failback
When the failed node returns back to the network, other nodes take notice and the cluster begins to use
the restored node again. This phenomenon is called failback.
Types of Clusters
Windows Server 2003 supports two types of clusters:
· Server clusters
· Network Load Balancing (NLB)
Server Clusters
In server clusters, all nodes are connected to a common data set, such as a storage area network. All nodes
have access to the same application data. Any of these nodes can process a request from a client at any time.
Nodes can be configured as either active or passive. Only an active node can process requests from clients. In
the event of a failure of the active node, the passive node takes charge and becomes active. Otherwise, the
passive node remains idle.
Server clusters are created for running applications that have frequently changing data sets and have longrunning
in-memory states. The applications such as database servers, e-mail and messaging servers, and file
and print services can be included in server clusters.
A server cluster is treated as a single destination for a client. It has its own name and IP address. This address is
different from the individual IP addresses of the servers in the cluster. Hence, when any server fails in the cluster,
the passive server becomes active. Clients send their requests to the server cluster address. Therefore, this
change over does not affect the functionality of the cluster.
Windows Server 2003 supports eight nodes in a cluster. However, Windows 2000 Server supports only two
nodes in a cluster.
Network Load Balancing
Network Load Balancing (NLB) is a type of clustering. It is used to provide high availability and reliability of the
application servers. NLB is configured for the applications that rarely change and that have very small data sets.
Web servers, FTP servers, VPN servers are the areas where NLB can be used successfully.
In the NLB cluster, all nodes are active and have separate identical data sets. Multiple servers (or nodes) are
used to distribute the load of processing data. Clients send the requests to the cluster, and then the clustering
software distributes incoming client requests among the nodes. If a node fails, the clients' requests are served by
other nodes. Network Load Balancing is highly scaleable. Both Windows 2003 and Windows 2000 operating
systems support NLB clusters of up to thirty-two nodes.
What is the Task Manager utility?
Task Manager is a utility that is used for managing applications, processes, and the general system
performance and also for viewing the networking and user statistics. The Task Manager utility is used to
run or end programs or applications. Administrators use this tool to quickly identify and terminate a rogue
application.
What is Task Manager utility?
The Task Manager utility provides information about programs and processes running on a computer. By
using Task Manager, a user can end or run programs, end processes, and display a dynamic overview of
his computer's performance. Task Manager provides an immediate overview of system activity and
performance.
What is DNS namespace?
DNS namespace is the hierarchical structure of the domain name tree. It is defined such that the names of
all similar components must be similarly structured, but similarly identifiable. The full DNS name must point
to a particular address. Consider the following image of DNS namespace of the Internet:
The salessrv1 and salessrv2 are host names of the hosts configured in the sales.ucertify.com domain. The
fully qualified domain name (FQDN) of the host salessrv1 is salessrv1.sales.ucertify.com. No two hosts can
have the same FQDN.
What is ADSIEdit ?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active
Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common
administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes
for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application
programming interfaces (APIs) to access Active Directory. The following are the required files for using this
tool:
· ADSIEDIT.DLL
· ADSIEDIT.MSC
Regarding system requirements, a connection to an Active Directory environment and Microsoft Management
Console (MMC) is necessary.
What are group scopes?
The scope of a group defines two characteristics:
· It determines the level of security applying to a group.
· It determines which users can be added to a group.
Windows Server 2003 supports the following scopes:
Domain Local: Domain local groups are used to assign permissions to local resources such as files and printers.
Members can come from any domain.
Global: Members of this group can access resources in any domain. Members can only come from the local
domain.
Universal: Members can be added from any domain in the forest. Members can access resources from any
domain. Universal groups are used for managing the security across domains. Universal groups can also contain
global groups. Universal groups are only available in the domains having functional level Windows 2000 native or
Windows Server 2003.
What is IPv6?
IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the
problems that were faced by IPv4, such as address depletion, security, auto-configuration, and
extensibility. With the fast increasing number of networks and the expansion of the World Wide Web, the
allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6
solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These
addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is
45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE.
What is DSMOD?
DSMOD is a command-line utility that is used to modify existing objects, such as users, computers,
groups, servers, OUs etc., in Active Directory
What is NTDSUTIL utility?
NTDSUTIL.EXE is a command-line tool that is used to manage Active Directory. This utility is used to
perform the following tasks:
· Performing database maintenance of Active Directory.
· Managing and controlling operations master roles.
· Removing metadata left behind by domain controllers.
Note:The NTDSUTIL utility is supposed to be used by experienced administrators.
What is System File Checker utility?
The System File Checker utility is used to verify the integrity of the operating system files, to restore them if
they are corrupt, and to extract compressed files (such as drivers) from installation disks. It can also be
used to backup the existing files before restoring the original files.
What is SCHTASKS tool?
The SCHTASKS tool is used to schedule commands and programs to run periodically or at a specific time.
It adds and removes tasks from the schedule, starts and stops tasks on demand, and displays and
changes scheduled tasks.
What is CHKDSK?
CHKDSK is a command-line tool used to scan and repair volumes on the hard disk for physical problems
such as bad blocks. It also repairs volumes for logical structure errors such as lost clusters, cross-linked
files, or directory errors.
Network Configuration and Management Utilities
Administrators use various utilities to configure and manage networks. Following are some commonly used
utilities:
WINIPCFG: WINIPCFG is a Windows 9x Internet Protocol (IP) configuration utility used to display all
current TCP/IP network configuration values for a computer running Microsoft TCP/IP. Network
configuration values include the current IP address allocated to the computer and other useful data about
TCP/IP allocation. This utility is of particular use on networks using Dynamic Host Configuration Protocol
(DHCP), allowing users to determine which TCP/IP configuration values have been configured by DHCP.
IPCONFIG: IPCONFIG is a command-line utility used to display current TCP/IP network configuration
values, and to update or release the Dynamic Host Configuration Protocol (DHCP) allocated leases. It is
also used to display, register, or flush Domain Name System (DNS) names.
NSLOOKUP: NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name System (DNS)
problems. It performs its function by sending queries to the DNS server and obtaining detailed responses
at the command prompt. This information can be useful for diagnosing and resolving name resolution
issues, verifying whether or not the resource records are added or updated correctly in a zone, and
debugging other server-related problems. This utility is installed along with the TCP/IP protocol through the
Control Panel.
PING: PING is a command-line utility used to test connectivity with a host on a TCP/IP-based network.
This is achieved by sending out a series of packets to a specified destination host. On receiving the
packets, the destination host responds with a series of replies. These replies can be used to determine if
the network is working properly.
TRACERT: TRACERT is a route-tracing Windows utility that displays the path an IP packet takes to reach
its destination. It shows the Fully Qualified Domain Name (FQDN) and the IP address of each gateway
along the route to the remote host.
PATHPING: PATHPING is a command-line utility that pings each hop along the route for a set period of
time and shows the delay and packet loss along with the tracing functionality of TRACERT, which helps
determine a weak link in the path.
NBTSTAT: NBTSTAT is a Windows utility used to check the state of current NetBIOS over TCP/IP
connections, update the NetBIOS name cache, and determine the registered names and scope IDs.
NETSTAT: NETSTAT is a command-line utility that displays protocol related statistics and the state of
current TCP/IP connections. It is used to obtain information about the open connections on a computer,
incoming and outgoing data, and also the ports of remote computers to which the computer is connected.
The NETSTAT command gets all this networking information by reading the kernel routing tables in the
memory.
TELNET: TELNET is a command-line connectivity utility that starts terminal emulation with a remote host
running the Telnet Server service. TELNET allows users to communicate with a remote computer, offers
the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the
Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It
uses TCP port 23 by default.
What is a certificate?
A certificate is a digital representation of information that identifies authorized users on the Internet and intranets. It
can be used with applications and security services to provide authentication. Certificates are issued by certification
authorities (CAs).
What is a nonclustered index?
A nonclustered index has the same B-tree structure as the clustered index. The index consists of a root page,
intermediate levels, and a leaf level. The leaf level of a nonclustered index does not contain the actual data. It contains
pointers to the data that is stored in the data pages. A nonclustered index does not physically rearrange the data.
Monitoring Physical Server Performance
SQL Server 2005 can be installed on a Windows 2000 or Windows 2003 server computer. A database administrator is
always concerned about the performance of the SQL Server database engine and the server computer. Database
Administrators monitor the performance of the server using various tools to analyze performance and resolve
performance issues.
System Monitor: System Monitor is a tool used to monitor the performance of the server. It gives information about the
resources that are under pressure. The values of various counters in System Monitor indicate which resource is under
pressure. Performance deterioration can be diagnosed by setting performance alerts. These alerts show the increase or
decrease in a counter value with respect to the pre-defined value. Normally the counters are monitored for a period of
24-hours. If an error occurs, a message regarding the error can either be sent to the administrator or written to the
Application log. Log files can be saved in various formats such as text file, binary file, or SQL database file.
The counters that are to be measured in order to resolve performance issues are as follows:
· Memory: Pages/sec
· Memory: Available Bytes
· SQL Server: Buffer Manager: Buffer Cache Hit Ratio
· Physical Disk: Disk Reads/sec
· Physical Disk: Disk Writes/sec
· Physical Disk: %Disk Time
· Physical Disk: Avg: Disk Queue Length
· Physical Disk: % Free Space
· Logical Disk: %Free Space
· Processor: %Processor Time
· System: Processor Queue Length
· Network Interface: Bytes Received/sec
· Network Interface: Bytes Sent/sec
· Network Interface: Bytes/sec
· Network Interface: Output Queue Length
· SQL Server: General: User Connection
Tip for server roles.
There are eight server roles. These roles are as follows:
· sysadmin
· dbcreator
· bulkadmin
· diskadmin
· processadmin
· serveradmin
· setupadmin
· securityadmin
What is virus?
A virus is a malicious program. A computer virus passes from one computer to another in the same way as a biological
virus passes from one person to another. Most viruses are written with a malicious intent, so that they can cause
damage to programs and data in addition to spreading themselves. Viruses infect existing programs to alter the
behavior of programs, actively destroy data, and perform actions on storage devices that render their stored data
inaccessible.
Computer viruses attack the software of a computer such as operating systems, data files, application software, and emails.
However, viruses do not affect the computer hardware
Network Protocols
Protocol is a set of rules and conventions by which two computers pass messages across a network. Sets of standard protocols
facilitate communication between the computers in a network having different types of hardware and software. Both the sender
and the receiver computers must use exactly the same set of protocols in order to communicate with each other. A protocol can
lay down the rules for the message format, timing, sequencing, and error handling.
The description of the primary protocols in the suite is as follows:
Protocol
Name
Description
IP Internet Protocol (IP) is a connectionless network-layer protocol that is the primary carrier of data on a TCP/IP network.
TCP Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer. This protocol
can transmit large amounts of data. Application-layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer
files between clients and servers.
UDP User Datagram Protocol (UDP) is a connectionless, unreliable transport-layer protocol. UDP is used primarily for brief exchange
of requests and replies.
Telnet Telnet is a protocol that enables an Internet user to log onto and enter commands on a remote computer linked to the
Internet, as if the user were using a text-based terminal directly attached to that computer.
FTP File Transfer Protocol (FTP) is a primary protocol of the TCP/IP protocol suite, used to transfer text and binary files between
computers over a TCP/IP network.
SMTP Simple Mail Transfer Protocol (SMTP) is used for transferring or sending e-mail messages between servers.
PPP: Point-to-Point Protocol (PPP) is a set of industry-standard framing and authentication protocols included with Windows
remote access to ensure interoperability with third-party remote access software. It is a data link-layer protocol designed to
create a direct connection between two computers, typically using telephone lines.
POP3: Post Office Protocol version 3 (POP3) is a protocol used for retrieving e-mail messages. The POP3 servers allow access to
a single Inbox in contrast to IMAP servers that provide access to multiple server-side folders.
IMAP: Internet Message Access Protocol (IMAP) is a protocol for receiving e-mail messages. It allows an e-mail client to access
and manipulate a remote e-mail file without downloading it to the local computer. It is used mainly by the users who want to
read their e-mails from remote locations.
PPTP: Point-to-Point Tunneling Protocol (PPTP) is an encryption protocol used to provide secure, low-cost remote access to
corporate networks through public networks such as the Internet. Using PPTP, remote users can use PPP-enabled client
computers to dial a local ISP and connect securely to the corporate network through the Internet.
HTTP: Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display
Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web
servers and browsers should take in response to various commands. For example, when a client application or browser sends a
request to the server using HTTP commands, the server responds with a message containing the protocol version, success or
failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port.
HTTPS: Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Uniform Resource Locator (URL) address
line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL), HTTPS (instead of HTTP
protocol) should be used as a protocol type in the URL.
ARP: Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the
resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to
maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this
correlation and providing address conversion in both directions. ARP is limited to physical network systems that support
broadcast packets.
ICMP: Internet Control Message Protocol (ICMP) is a maintenance protocol and is normally considered a part of the IP layer.
ICMP messages are encapsulated within IP datagrams, so that they can be routed throughout an internetwork.
Internet Message Access Protocol 4 (IMAP4): It is an e-mail message retrieval protocol that allows e-mail clients to retrieve email
messages from e-mail servers. IMAP4 has the following advantages over the POP3 protocol:
· IMAP4 can be used to download only specific mails from the mail server, while POP3 downloads all the mails from
the mail server at a time.
· IMAP4 can download only a part of the message (e.g., the header) initially. Then depending upon the user, the
entire message can be downloaded afterwards. However, POP3 downloads the entire message at a time.
· IMAP4 only marks a message as deleted as soon as it is being read. The message will then be deleted as soon as
the user logs off, or sends the EXPUNGE command to the mail server.
· IMAP4 supports server side storage. Hence, the location of the user is insignificant. However, POP3 uses a local
client application to read the mails.
· Since IMAP4 stores messages on the server side, the user does not have to bother about fault tolerance and
system crashes. When the POP3 protocol is used, the messages once downloaded from the server are stored
locally and can be lost if the local system crashes.
· IMAP4 allows a user to create multiple mailboxes on multiple servers under the same user name. The user can
personalize these mailboxes for receiving specific kinds of mails in each mailbox. However, POP3 allows only a
single user account to be configured.
· Changes made to a mail are propagated to the IMAP4 server. This feature is not available under POP3 protocol.
However, there are some disadvantages of IMAP4 over the POP3 protocol, which are as follows:
· If the connection with the mail server drops while reading a mail, it has to be re-established. On the other hand,
POP3 downloads the entire mail at a time. Hence, if the connection with the mail server is dropped at the time of
reading a mail, it does not affect the reading.
· The POP3 protocol is mostly supported by the commercially available mail servers.
· Since the mails in IMAP4 are stored on the server, the space storage management is a primary concern on such
mail servers.
IP Addressing
IP Addresses are used to uniquely identify the computers in a network, so each computer must have its own unique IP address.
An IP address consists of two parts: a network identifier and a host identifier. The network identifier denotes the type of
network, and the host identifier is a unique number of a particular computer. So in a particular type of network, each node has
the same network id and a host id, which are unique.
The type of IP address also depends on the subnet mask, which is used to determine which part of the IP address denotes the
network id and which part is the host id. For example, if the IP address is 192.168.1.200 and the subnet mask is 255.255.255.0,
the network id will be 192.168.1 and the host id will be 200. In the same way, if the subnet mask is 255.255.0.0, the network id
will be 192.168 and the host id will be 1.200. If the subnet mask is 255.0.0.0, the network id will be 192 and the host id will be
168.1.200.
There are two versions of IP addressing, the commonly used IPv4 and the latest version known as IPv6. They have been
discussed in detail in the following paragraphs.
IPv4
IP Address
In this version of IP addressing, an IP address is of 32 bits in length, and is divided into four 8 bit decimal values known as
octets. In these types of IP addresses, the leftmost bit has the value of 128, which is followed by 64, 32, 16, 8, 4, 2, and 1. An IP
address can have values from 0 to 255 because each bit can be either a 0 or a 1. So if all the bits are 1, the value will be 255;
and if all the bits are 0, the value will be 0.
Subnet Mask
A subnet mask determines which part of the IP address denotes the network id and which part is the host id. It is also a 32-bit
number, which is expressed in decimal format. The subnet mask is assigned according to the class of IP address used.
IP Address Classes
The Internet Assigned Number Authority registers the IP addresses used in the networks to ensure their uniqueness. IP
addresses have been divided into five groups or classes known as IP Address classes. Each class of IP address has a particular
subnet mask associated with it. The five classes of IP addresses are class A, B, C, D and E, in which class D is reserved for
multicast addressing and class E is reserved for future use. So only classes A through C are used for assigning IP addresses to
client computers.
· In class A addresses, only the first octet is used to define the network id, and the rest are used for the host id. It
has the address range from 1 to 126 and so it can have only 126 numbers of networks. The number of hosts
possible in these types of networks is 16,777,214. It uses the subnet mask 255.0.0.0.
· In class B networks, the first two octets represent the network id and the rest are the host id. It has a range of
128-191 and can have 16384 networks with 65,534 hosts. The standard subnet mask assigned to these IP
addresses is 255.255.0.0.
· In class C addresses, the first three octets are used to represent the network id. It has a range of 192-223 and can
have 2,097,152 networks with 253 hosts. The subnet mask associated with it is 255.255.255.0.
· Class D addresses have an address range of 224-239, and class E addresses have an address range of 240-255.
Default Gateway
Default gateway is a TCP/IP configuration option, used to communicate with TCP/IP nodes on remote network segments. At least
one interface must be configured with the IP address of a default gateway.
IPv6
The current version of IP addressing (i.e., IPv4) has its limitations. With the fast increasing number of the networks and the
expansion of the World Wide Web, the IP addresses allotted are finishing fast and the need for more network addresses has
arisen. IPv6 can solve this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are
hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address can be 45CF: 6D53: 12CD: AFC7: E654:
BB32: 543C.
Subnetting
Subnets are subdivisions of an IP address network, used for creating smaller broadcast domains and for better utilization of the
bits in the host ID. Through subnetting, the host id portion of an IP address can be used to create more networks than by using
the default subnet mask.
Suppose that a company has been assigned a Class C IP address 200.1.1.0, and the standard subnet mask is 255.255.255.0.
This means that the network id will be 200.1.1 and the total number of hosts will be 254. The company has two departments:
production and sales. Members of the production department do not need to access the computers of the sales department. So
it is better to have separate networks for both the departments for better security and manageability. Through subnetting, the
bits from the host id portion can be used to create more networks, which will work as separate networks.
Public and Private Networks
Network can be differentiated as private and public. A public network is a network, which can be accessed by anyone from the
general public, an example being the Internet. In contrast, a private network is accessible only by those people who have
special permissions on that particular network. An example of a private network is a network within an organization such as a
company, a hospital, or a college.
Public and private networks have different types of IP addressing schemes. Addresses on the Internet are assigned by the IANA
(Internet Assigned Numbers Authority), which assigns them to the Internet Service Providers (ISPs), who then distribute them to
the users. Apart from the public address, some addresses have been reserved for the private networks. These are not available
for general public and are used in private networks.
Some addresses from each of the classes A, B, and C have been assigned for use by private networks. The address range for
class A addresses is from 10.0.0.0 to 255.255.255, for class B addresses it is from 172.6.0.0 to 172.31.255.255, and for class C
addresses, it is from 192.168.0.0 to 192.168.255.255.
IP Addressing Methods:
Static Addressing
In static addressing, every computer is assigned an IP address manually. It is not preferred in large networks, which have lots of
hosts, because the chance of assigning duplicate addresses will be more. This will result in a conflict of IP addresses and
deterioration of the speed. Also it is time consuming, as every system is configured manually and if some changes are to be
made afterwards, it will consume a lot of time doing it manually for every computer.
Dynamic Addressing
In this type of addressing scheme, the IP addresses are assigned automatically by the use of Dynamic Host Configuration
Protocol (DHCP) to all the computers in the network. This results in much less burden on the network administrator and faster
configuration of the network. This type of addressing needs a DHCP server, to which a range of IP addresses is allotted. The
DHCP server automatically assigns any address from the range of IP addresses defined to the workstations on the network.
APIPA
Automatic private IP addressing (APIPA) is a feature of Windows XP TCP/IP that configures a unique IP address for each
computer on a network when the TCP/IP protocol is configured for dynamic addressing and a DHCP server is not available or
offline. The key function of APIPA is to allow resources to be available even if the DHCP server is offline. APIPA addresses are
always in the range of 169.254.0.1 and 169.254.255.254 and use a subnet mask of 255.255.0.0.
When a user configures a TCP/IP connection to obtain an IP address automatically, by default the computer tries to find a DHCP
server for obtaining the address. The user obtains the address if the computer finds the DHCP server. If it does not find the
DHCP server, the computer uses APIPA to configure a unique IP address for the computers of a network. Since APIPA does not
offer a gateway address, it can never be used on the Internet, and the clients using APIPA cannot access resources outside the
local subnet.
TCP/UDP Ports
The default TCP/UDP ports associated with TCP/IP protocol or applications are as under:
Protocol Port
HTTP 80
HTTPS 443
POP3 110
FTP 20
FTP 21
IMAP4 143
SMTP 25
NNTP 119
NTP 123
DNS 53
TFTP 69
Telnet 23
SSH 22
What are cluster configurations?
Server clusters using the Cluster service can be set up as one of the following three different cluster configurations:
1. Single Node server clusters: They can be configured with or without external cluster storage devices. For
Single Node server clusters without an external cluster storage device, the local disk is configured as the cluster
storage device.
2. Single Quorum Device server clusters: They can have two or more nodes and are so configured as to attach
every node to one or more shared storage devices, such as an external array of Small Computer System Interface
(SCSI) disks. The cluster configuration data is stored on a single cluster storage device, also known as the quorum
disk.
3. Majority Node Set server clusters: They can have two or more nodes, but nodes might not be attached to one
or more cluster storage devices. The cluster configuration data is stored on multiple disks across the cluster, and
the Cluster service guarantees that this data is kept consistent across the disks.
However, server clusters using the Cluster service are set up depending on the specific needs for failovers, in which application
services are moved to another node in the cluster.
What is N+I Hot Standby Server?
N+I Hot Standby Server is one of the failover models. It is commonly referred to as an Active/Passive mode. In
an active/passive mode, the active nodes handle all client requests, whereas the passive nodes monitor the
active nodes. In N+I Hot Standby Server, N denotes the number of active nodes, and I refers to the number of
passive nodes. This model has a drawback that the server resources remain idle for a long time and are
utilized only when another server fails. However, it is the most scalable and reliable model.
What is failover?
Failover is a term associated with cluster services. It refers to the ability of a server to immediately start servicing the
requests if a primary server fails. If the application services in a cluster-node fail, the Cluster Service generally tries to
restart them on the same node. If the services do not start, then it moves the services to another node in the cluster
and restarts them on that node.
Windows Server 2003 Active Directory and Network Infrastructure
Windows Server 2003 Active Directory is a centralized database that stores the collection of information about all the
resources available on the Windows Server 2003 domain. It is a hierarchical representation of all the objects and their
attributes available on the network. It enables administrators to manage the network resources, i.e., computers, users,
printers, shared folders, etc., in an easy way. The logical structure represented by Active Directory consists of forests,
trees, domains, organizational units, and individual objects. This structure is completely independent from the physical
structure of the network, and allows administrators to manage domains according to the organizational needs without
bothering about the physical network structure.
Following is the description of all logical components of the Active Directory structure:
1. Forest: A forest is the outermost boundary of an Active Directory structure. It is a group of multiple domain trees
that share a common schema but do not form a contiguous namespace. It is created when the first Active
Directory-based computer is installed on a network. There is at least one forest on a network. The first domain in a
forest is called a root domain. It controls the schema and domain naming for the entire forest. It can be separately
removed from the forest. Administrators can create multiple forests and then create trust relationships between
specific domains in those forests, depending upon the organizational needs.
2. Trees: A hierarchical structure of multiple domains organized in the Active Directory forest is referred to as a tree.
It consists of a root domain and several child domains. The first domain created in a tree becomes the root
domain. Any domain added to the root domain becomes its child, and the root domain becomes its parent. The
parent-child hierarchy continues until the terminal node is reached. All domains in a tree share a common
schema, which is defined at the forest level. Depending upon the organizational needs, multiple domain trees can
be included in a forest.
3. Domains: A domain is the basic organizational structure of a Windows Server 2003 networking model. It logically
organizes the resources on a network and defines a security boundary in Active Directory. The directory may
contain more than one domain, and each domain follows its own security policy and trust relationships with other
domains. Almost all the organizations having a large network use domain type of networking model to enhance
network security and enable administrators to efficiently manage the entire network.
4. Objects: Active Directory stores all network resources in the form of objects in a hierarchical structure of
containers and subcontainers, thereby making them easily accessible and manageable. Each object class consists
of several attributes. Whenever a new object is created for a particular class, it automatically inherits all attributes
from its member class. Although the Windows Server 2003 Active Directory defines its default set of objects,
administrators can modify it according to the organizational needs.
5. Organizational Unit (OU): It is the least abstract component of the Windows Server 2003 Active Directory. It
works as a container into which resources of a domain can be placed. Its logical structure is similar to an
organization's functional structure. It allows creating administrative boundaries in a domain by delegating
separate administrative tasks to the administrators on the domain. Administrators can create multiple
Organizational Units in the network. They can also create nesting of OUs, which means that other OUs can be
created within an OU.
In a large complex network, the Active Directory service provides a single point of management for the administrators by
placing all the network resources at a single place. It allows administrators to effectively delegate administrative tasks as well
as facilitate fast searching of network resources. It is easily scalable, i.e., administrators can add a large number of resources to
it without having additional administrative burden. It is accomplished by partitioning the directory database, distributing it
across other domains, and establishing trust relationships, thereby providing users with benefits of decentralization, and at the
same time, maintaining the centralized administration.
The physical network infrastructure of Active Directory is far too simple as compared to its logical structure. The physical
components are domain controllers and sites.
1. Domain Controller: A Windows 2003 server on which Active Directory services are installed and run is called a
domain controller. A domain controller locally resolves queries for information about objects in its domain. A
domain can have multiple domain controllers. Each domain controller in a domain follows the multimaster model
by having a complete replica of the domain's directory partition. In this model, every domain controller holds a
master copy of its directory partition. Administrators can use any of the domain controllers to modify the Active
Directory database. The changes performed by the administrators are automatically replicated to other domain
controllers in the domain.
However, there are some operations that do not follow the multimaster model. Active Directory handles these
operations and assigns them to a single domain controller to be accomplished. Such a domain controller is
referred to as operations master. The operations master performs several roles, which can be forest-wide as well
as domain-wide.
o Forest-wide roles: There are two types of forest-wide roles:
Schema Master and Domain Naming Master. The Schema Master is responsible for maintaining the
schema and distributing it to the entire forest. The Domain Naming Master is responsible for
maintaining the integrity of the forest by recording additions of domains to and deletions of domains
from the forest. When new domains are to be added to a forest, the Domain Naming Master role is
queried. In the absence of this role, new domains cannot be added.
o Domain-wide roles: There are three types of domain-wide roles: RID Master, PDC Emulator, and
Infrastructure Master.
Domain controllers can also be assigned the role of a Global Catalog server. A Global Catalog is a
special Active Directory database that stores a full replica of the directory for its host domain and the
partial replica of the directories of other domains in a forest. It is created by default on the initial
domain controller in the forest. It performs the following primary functions regarding logon capabilities
and queries within Active Directory:
1. It enables network logon by providing universal group membership information to a domain
controller when a logon request is initiated.
2. It enables finding directory information about all the domains in an Active Directory forest.
A Global Catalog is required to log on to a network within a multidomain environment. By providing
universal group membership information, it greatly improves the response time for queries. In its
absence, a user will be allowed to log on only to his local domain if his user account is external to the
local domain.
2. Site: A site is a group of domain controllers that exist on different IP subnets and are connected via a fast and
reliable network connection. A network may contain multiple sites connected by a WAN link. Sites are used to
control replication traffic, which may occur within a site or between sites. Replication within a site is referred to as
intrasite replication, and that between sites is referred to as intersite replication. Since all domain controllers
within a site are generally connected by a fast LAN connection, the intrasite replication is always in uncompressed
form. Any changes made in the domain are quickly replicated to the other domain controllers. Since sites are
connected to each other via a WAN connection, the intersite replication always occurs in compressed form.
Therefore, it is slower than the intrasite replication.
What are domain functional levels?
The domain functional levels are the various states of a domain, which enable domain-wide Active Directory features
within a network environment. Domain levels are the same as domain modes in Windows 2000. Windows supports four
types of functional levels:
1. Windows 2000 Mixed: This is the default domain functional level. When a first domain controller is installed or
upgraded to Windows 2003, the domain controller is configured to run in the Windows 2000 mixed functional
level. In this mode, domain controllers running the following operating systems are supported:
o Windows NT Server 4.0
o Windows 2000 Server
o Windows Server 2003
2. Windows 2000 Native: In this level, domain controllers running Windows 2000 and Windows 2003 can interact
with each other. No domain controller running a pre-Windows 2000 version is supported in this functional level of
the domain.
3. Windows Server 2003 Interim: This functional level allows a Windows Server 2003 domain controller to
interact with domain controllers in the domain running Windows NT 4.0 or Windows Server 2003. This functional
level is used to upgrade the first Windows NT domain to a new forest.
Note: Windows Server 2003 interim functional level does not support domain controllers running Windows 2000.
4. Windows Server 2003:This functional level of domain allows a Windows Server 2003 domain controller to
interact only with the domain controllers running Windows 2003 in the domain. A domain level can be raised to
Windows Server 2003 only when all the domain controllers in the domain are running Windows Server 2003
What is site?
A site is a collection of one or more well-connected (usually a local area network) TCP/IP subnets. The network between
the subnets must be highly reliable and fast (512 Kbps and higher). Although the sites are defined on the basis of
location, they can be spanned over more than one location. A site structure corresponds to the physical environment,
whereas a domain is the logical environment of the network. A site can contain single or multiple domains, and a
domain can contain single or multiple sites.
Sites are created to physically group the computers and resources for optimizing the network traffic. Administrators can
configure Active Directory access and replication technology to take advantage of the physical network by configuring
sites. When a user logs on to a network, the authentication request searches for the domain controllers in the same site
where the user is located. A site prevents the network traffic from traveling on wide area network (WAN) links that are
slow.
What is DCDIAG tool? AD Trubleshooting tool.
Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze the domain controllers in a forest to
report problems or issues. The scope of this tool covers the functions of the domain controllers and interactions across
an entire enterprise. The DCDIAG tool is used to diagnose the domain controller status for the following issues:
· Connectivity
· Replication
· Integrity of topology
· Permissions on directory partition heads
· Permissions of users
· Functionality of the domain controller locator
· Consistency among domain controllers in the site
· Verification of trusts
· Diagnosis of replication latencies
· Replication of trust objects
· Verification of File Replication service
· Verification of critical services
Note: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes. Although this tool allows specific tests to be
run individually, it is not intended as a general toolbox of commands for performing specific tasks.
What is NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for
batch management of trusts, joining computers to domains, verifying trusts, and secure channels
Windows 2003 system services?
Windows Server 2003 comes with many system services that have different functionalities in the operating system.
When Windows Server 2003 is first installed, the default system services are created and are configured to run when
the system starts
Example :
Following are some important system services of Windows Server 2003:
Alerter
Automatic Updates
Cluster Service
DHCP
Distributed File System
DNS Client service
DNS Server service
Event Log service
Remote Installation
Remote Procedure Call (RPC)
Routing and Remote Access
What is a paging file?
A paging file is a hidden file on the hard disk used by Windows operating systems to hold parts of programs and data
that do not fit in the computer's memory. The paging file and the physical memory, or random access memory (RAM),
comprise the virtual memory. Windows operating systems move data from the paging file to the memory as required
and move data from the memory to the paging file to make room for new data. A paging file is also known as a swap
file.
What are authoritative and non-authoritative Active Directory restores?
There are two general methods of restoring Active Directory from the backup media: authoritative and nonauthoritative.
Authoritative restore makes the computer authoritative over other domain controllers. Data restored authoritatively in
a computer takes precedence over other domain controllers' data, despite the fact that the restored data is older than
the current replicas. Authoritative restore is typically used to restore a system to a previously known state. The
NTDSUTIL command-line tool allows authoritatively restoring the entire directory, a subtree, or individual objects,
provided they are leaf objects.
A non-authoritative restore results in the restored data (which may be outdated) becoming synchronized with the data
on other domain controllers through replication.
What is ADPREP tool?
The ADPREP tool is used to prepare Windows 2000 domains and forests for an upgrade to Windows Server 2003. It
extends the schema, updates default security descriptors of selected objects, and adds new directory objects as
required by some applications.
Syntax:
ADPREP {/forestprep | /domainprep}
Parameter Description
/forestprep Prepares a Windows 2000 forest for an upgrade to a Windows Server 2003 forest.
/domainprep Prepares a Windows 2000 domain for an upgrade to a Windows Server 2003 domain.
/? Displays help for the command.
To run ADPREP /forestprep, the administrator must be a member of the Enterprise Admins group and the Schema
Admins group in Active Directory. The ADPREP /forestprep command must be run on the schema master.
To run ADPREP /domainprep, the administrator must be a member of the Domain Admins group or the Enterprise
Admins group in Active Directory. The ADPREP /domainprep command must be run on each infrastructure master.
Which files are included in the System State data?
Following are the files included in the System State data:
· Boot files, including the system files and all files protected by Windows File Protection (WFP)
· Active Directory (on domain controller only)
· SYSVOL (on domain controller only)
· Certificate Services (on certification authority only)
· Cluster database (on cluster node only)
· Registry
· IIS metabase
· Performance counter configuration information
· Component Services Class registration database
What is RENDOM utility?
RENDOM is a Windows 2003 utility used to rename and restructure a domain in the forest. It can perform the following
tasks:
· Change the DNS and NetBIOS names of the forest-root domain.
· Change the DNS and NetBIOS names of any tree-root domain.
· Change the DNS and NetBIOS names of the parent and child domains.
· Restructure a domain's position in the forest.
The utility is supplied by Microsoft and is placed in the ValueaddMsftMgmtDomren directory on the Windows Server 2003 CDROM.
Note: Renaming a domain is a thorough multi-step process that requires a detailed understanding of the operation. It affects
every domain controller in the forest.
What is volume shadow copy?
The Windows Backup provides a feature of taking a backup of files that are opened by a user or system. This feature is
known as volume shadow copy. Volume shadow copy makes a duplicate copy of all files at the start of the backup process.
In this way, files that have changed during the backup process are copied correctly. Volume shadow copy ensures the
following:
· Applications continue to write data to the volume during a backup
· Backups are scheduled at any time without locking out users.
What is Performance Logs and Alerts?
Performance Logs and Alerts is an MMC snap-in that is used to establish performance baselines, diagnose system
problems, and anticipate increased system resource demands. It is used to obtain useful data for detecting system
bottlenecks and changes in system performance. The alerting functionality of this tool is extremely useful for
troubleshooting intermittent and difficult-to-reproduce problems. It uses the same performance counters as the System
Monitor for capturing information to log files over a period of time. The prime benefit of this tool is the ability to capture
performance counter information for further analysis. Performance Logs and Alerts runs as a service and loads during
computer startup. It does not require a user to log on to a computer.
Network Interface Card
A network interface card (NIC) is a computer circuit board or card installed in a computer. It provides a physical
connection between a computer and the network. Network interface cards provide a dedicated, full-time connection to
a network. Each network Interface card has a unique Media Access Control (MAC) address.
Media Access Control (MAC) address is a numerical identifier that is unique for each network interface card (NIC). MAC
addresses are 48-bit values expressed as twelve hexadecimal digits, usually divided into hyphen-separated pairs, for
example, FF-00-F8-32-13-19. MAC addresses are also referred to as hardware addresses, Ethernet addresses, and
universally administered addresses (UAAs).
Hub
A hub is a device used to link computers in a network. It connects computers that have a common architecture, such as
Ethernet, ARCnet, FDDI, or Token Ring. All hub-computer connections for a particular network use the same type of
cable, which can be twisted-pair, coaxial, or fiber-optic. Hubs are generally used in star topology networks. Token Ring
hubs are also known as Multistation Access Units (MSAUs). A hub works on the physical layer of the OSI model. Two
types of hubs are available as follows:
1. Active hub is a central device used to connect computers in a star network. It regenerates and retransmits
deteriorated signals on the network.
2. Passive hub is a central device used to connect computers in a star network. It receives information through one
of its ports and sends it to the computers connected to every other port. Therefore, although the information is
broadcasted to the network, only the destination computer reads it. A passive hub does not regenerate signals.
Repeater
A repeater is a basic LAN connection device. It allows a network cabling system to extend beyond its
maximum allowed length and reduces distortion by amplifying or regenerating network signals. Repeaters can also be used to
connect network segments composed of different media, such as connecting a twisted pair cable segment to a fiber-optic
cable segment. A repeater works at the physical layer of the OSI model.
Switch
A switch is a network connectivity device that brings media segments together in a central location. It reads the destination's
MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This
reduces the network traffic. Switches operate at the data-link layer of the OSI model.
Router
A router is a device that routes data packets between computers in different networks. It is used to connect multiple networks,
and it determines the path to be taken by each data packet to its destination computer. A router maintains a routing table of
the available routes and their conditions. By using this information, along with distance and cost algorithms, the router
determines the best path to be taken by the data packets to the destination computer. A router can connect dissimilar
networks, such as Ethernet, FDDI, and Token Ring, and route data packets among them. Routers operate at the network layer
(layer 3) of the Open Systems Interconnection (OSI) model.
Brouter
A brouter is a combination of a bridge and a router. It is used to connect dissimilar network segments, and it routes only a
specific transport protocol such as TCP/IP. A brouter also works as a bridge for all types of packets, passing them on as long as
they are not local to the LAN segment from which they have originated.
Bridge
A bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using
the same communication protocols and provides address filtering between them. Users can use this device to divide busy
networks into segments and reduce network traffic. A bridge broadcasts data packets to all the possible destinations within a
specific segment. Bridges operate at the data-link layer of the OSI model.
Gateway
A gateway is a network interconnectivity device that translates different communication protocols and is used to connect
dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as
a translator and a router. Gateways are slower than bridges and routers. A gateway is an application layer device.
Modem
Modem stands for Modulator-Demodulator. It is a device that enables a computer to transmit information over standard
telephone lines. Since a computer stores information digitally and a telephone line is analog, a modem converts digital signals
to analog and vice versa. The conversion of a digital signal to analog is known as modulation and that of an analog signal to
digital is known as demodulation.
Normal Backups
When an administrator chooses to use a normal backup, all selected files and folders are backed up and the archive
attribute of all files are cleared. A normal backup does not use the archive attribute to determine which files to back up.
A normal backup is used as the first step of any backup plan. It is used with the combination of other backup types for
planning a backup strategy of an organization. Normal backups are the most time-consuming and are resource hungry.
Restoration from a normal backup is more efficient than other types of backups.
Incremental Backups
An incremental backup backs up files that are created or changed since the last normal or incremental backup. It takes
the backup of files of which the archive attribute is set. After taking a backup, it clears the archive attribute of files. An
incremental backup is the fastest backup process. Restoring data from an incremental backup requires the last normal
backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were
created.
Note: If any media in the incremental backup set is damaged or data becomes corrupt, the data backed up after
corruption cannot be restored.
Differential Backups
Differential backup backs up files that are created or changed since the last normal backup. It does not clear the
archive attribute of files after taking a backup. The restoration of files from a differential backup is more efficient than
an incremental backup.
Copy Backups
A copy backup copies all selected files and folders. It neither uses nor clears the archive attribute of the files. It is
generally not a part of a planned scheduled backup.
Daily Backups
A daily backup backs up all selected files and folders that have changed during the day. It backs up data by using the
modified date of the files. It neither uses nor clears the archive attribute of the files.
Combining backup types
The easiest backup plan is to take a normal backup every night. A normal backup every night ensures that the data is
restored from a single job the next day. Although the restoration of data from a normal backup is easy, taking a backup
is time consuming. Hence, an administrator is required to make an optimal backup plan. An administrator must
consider the following points before creating a backup plan:
· The time involved in taking the backup.
· The size of the backup job.
· The time required to restore a system in the event of a system failure.
The most common solutions for the needs of different organizations include the combination of normal, differential, and
incremental backups.
Combination of Normal and Differential Backups
An administrator can use a combination of a normal backup and a differential backup to save time in taking a backup as well as
for a restoration of data. In this plan, a normal backup can be taken on Sunday, and differential backups can be taken on
Monday through Friday every night. If data becomes corrupt at any time, only a normal and last differential backup are required
to be restored. Although this combination is easier and takes lesser time for restoration, it takes more time to take backup if
data changes frequently.
Combination of Normal and Incremental Backups
A combination of normal and incremental backups can be used to save more time for taking backups. In this plan, a normal
backup is taken on Sunday and incremental backups on Monday through Friday every night. If data becomes corrupt at any
time, a normal and all incremental backups till date are required to be restored.
Backing up a System State Data
System State Data
System State data contains critical elements of the Windows 2000 and Windows Server 2003 operating systems. Following are
the files included in the System State data:
· Boot files, including the system files and all files protected by Windows File Protection (WFP)
· Active Directory (on domain controller only)
· SYSVOL (on domain controller only)
· Certificate Services (on certification authority only)
· Cluster database (on cluster node only)
· Registry
· IIS metabase
· Performance counter configuration information
· Component Services Class registration database
What is Internet Security and Acceleration (ISA) Server 2000?
Internet Security and Acceleration Server 2000 is a Microsoft product that is used to provide powerful security
and network acceleration while accessing the Internet. It works as a firewall as well as a Web cache server. It
integrates with the Microsoft Windows 2000 operating system for policy-based security, acceleration, and
management of internetworking.
Features of ISA Server
· It provides an additional level of security.
· It offers industry-leading Web cache performance.
· It integrates with Microsoft Windows 2000.
· It enables administrators to use bandwidth efficiently.
· It provides increased manageability.
· It provides enhanced usability.
· It provides integrated services.
· It provides increased extensibility.
· It provides improved interoperability.
· It provides enhanced scalability.
Site and Replication
What is a Site?
A site is a collection of one or more well-connected (usually a local area network) TCP/IP subnets. The network
between the subnets must be highly reliable and fast (512 Kbps and higher). Although the sites are generally
defined on the basis of location, they can be spanned over more than one location. A site structure
corresponds to the physical environment, whereas a domain is the logical environment of the network. A site
can contain single or multiple domains, and a domain can contain single or multiple sites.
The sites are created to physically group the computers and resources to optimize network traffic.
Administrators can configure Active Directory access and replication technology to take advantage of the
physical network by configuring sites. When a user logs on to the network, the authentication request
searches for the domain controllers in the same site as the user. A site prevents the network traffic from
traveling on slow wide area network (WAN) links.
What are Directory Tree, Directory Partition, and Replica?
Directory tree is a hierarchy of objects and containers of Active Directory, which represents all the objects in
the forest. Each domain controller stores a copy of a specific part of the directory tree, called a directory
partition (sometimes called naming context). The copy of the directory partition is called a replica. A replica
contains all attributes for each directory partition object. Each domain controller in the forest stores a replica.
What is replication?
Replication is a process through which the changes made to a replica on one domain controller are
synchronized to replicas on all the other domain controllers in the network. Each domain controller stores
three types of replicas:
· Schema partition: This partition stores definitions and attributes of objects that can be created in the
forest. The changes made in this partition are replicated to all the domain controllers in all the domains in
the forest.
· Configuration partition: This partition stores the logical structure of the forest deployment. It includes
the domain structure and the replication topology. The changes made in this partition are replicated to all
the domain controllers in all the domains in the forest.
· Domain partition: This partition stores all the objects in a domain. Changes made in this partition are
replicated to all the domain controllers within the domain.
Note: Windows Server 2003 supports a new type of directory partition named Application directory partition. This
partition is available only to Windows 2003 domain controllers. The applications and services use this partition to store
application-specific data.
Creating, modifying, moving, and deleting an object trigger a replication between domain controllers. Replications are
of two types:
· Intrasite: An intrasite (within a site) replication mostly uses LAN connections. As intrasite replication
does not compress data, it saves a computer's CPU time. In an intrasite replication, the replication
partners poll each other periodically and notify each other when changes need to be replicated, and then
pull the information for processing. Active Directory uses a remote procedure call (RPC) transport protocol
for intrasite replication.
· Intersite: As an intersite (between sites) replication uses WAN connections, a large amount of data is
compressed to save WAN bandwidth. For the same reason, the replication partners do not notify each
other when changes need to be replicated. Instead, administrators configure the replication schedule to
update the information. Active Directory uses an IP or SMTP protocol for intersite replication.
For intrasite replication to take place, connection objects are required. The Active Directory automatically creates and
deletes connection objects as and when required. Connection objects can be created manually to force replication.
What are Site Links?
Site links are logical, transitive connections between two or more sites. For intersite replication to take place, site links
are required to be configured. Once a site link has been configured, the knowledge consistency checker (KCC) then
automatically generates the replication topology by creating the appropriate connection objects. Site links are used to
determine the paths between two sites. They must be created manually.
Site links are transitive in nature. For example, if Site 1 is linked with Site 2 and Site 2 is linked with Site 3, then Site 1
and Site 3 are linked transitively. The administrators can control transitivity of the site link. By default, transitivity is
enabled. Site link transitivity can be enabled or disabled through a bridge.
What is Site Link Bridge?
A site link bridge is created to build a transitive and logical link between two sites that do not have an explicit site link.
The site link bridge is created only when the transitivity of the site link is disabled.
What is Site Link Cost?
Site link cost is an attribute of a site link. Each site link has been assigned a default cost of 100. The knowledge
consistency checker (KCC) uses the site link cost to determine which site links should be preferred for replication. It
should be remembered that the lower the site link cost, the more preferred is the link.
For example, an administrator has to configure the site link cost of links between Site 1 and Site 2. There are two site
links available as shown in the image below:
S1S2 is a T1 site link that uses T1 lines for replication, whereas S1S2DU uses a dial-up connection for replication. If the
administrator requires that the KCC should prefer the S1S2 site link to the S1S2DU site link for replication, he will have
to configure the SIS2 link with a lower cost than that of the S1S2DU link. Any site link configured with the site link cost
of one (1) will always get preference over the other site links with a higher cost.
What is Bridgehead Server?
A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data
between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case
the server is down, KCC designates another one from the domain controller. When a bridgehead server receives
replication updates from another site, it replicates the data to the other domain controllers within its site.
What is Preferred Bridgehead Server?
A preferred bridgehead server is a domain controller in a site, specified by an administrator, to act as a bridgehead
server. Administrators can specify more than one preferred bridgehead server, but only one server is active at a time in
a site. A preferred bridgehead server is designated to take advantage of a certain domain controller having the
appropriate bandwidth to transmit and receive information
What is Performance Logs and Alerts?
Performance Logs and Alerts is an MMC snap-in that is used to establish performance baselines, diagnose
system problems, and anticipate increased system resource demands. It is used to obtain useful data for
detecting system bottlenecks and changes in system performance. The alerting functionality of this tool is
extremely useful for troubleshooting intermittent and difficult-to-reproduce problems. It uses the same
performance counters as the System Monitor for capturing information to log files over a period of time. The
prime benefit of this tool is the ability to capture performance counter information for further analysis.
Performance Logs and Alerts runs as a service and loads during computer startup. It does not require a user to
log on to a computer
What is WLBS.EXE?
WLBS.EXE is a command-line tool, which is used as a Network Load Balancing control program. WLBS.EXE is
used to start, stop, and administer Network Load Balancing, as well as to enable and disable ports and to
query cluster status.
Note: WLBS.EXE cannot be used to change the registry parameters of Network Load Balancing.
What is buffer overflow?
Buffer overflow is a condition in which an application receives more data than it is configured to accept. This
usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the
application
What is DMZ?
Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a
private network. It is the boundary between the Internet and an internal network, usually a combination of
firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a
large enterprise network or corporate network the ability to use the Internet while still maintaining its security
What is Kerberos v5?
Kerberos v5 is an authentication method used by Windows operating systems to authenticate users and
network services. Windows 2000/2003 and XP clients and servers use Kerberos v5 as the default
authentication method. Kerberos has replaced the NT LAN Manager (NTLM) authentication method, which was
less secure. Kerberos uses mutual authentication to verify both the identity of the user and network services.
The Kerberos authentication process is transparent to the users.
Note: Kerberos v5 is not supported on Windows XP Home clients or on any clients that are not members of an
Active Directory domain.
What is Software Update Services (SUS)?
Software Update Services (SUS) is a tool used to acquire and distribute critical Windows patches to computers
running Windows operating systems. Administrators use SUS to download and test the patches, and then
deploy the patches to the appropriate computers running the Automatic Updates clients. SUS consists of three
components:
1. Software Update Services (SUS) that runs on the server.
2. Automatic Updates (AU) that runs on client computers.
3. Group Policy settings that control AU clients from Active Directory.
SUS does not support Microsoft Office or Microsoft BackOffice products. It updates the operating systems (except
Windows NT or Windows 9x), Microsoft IIS, and Microsoft Internet Explorer (IE) only.
Which installation modes are available with ISA Server?
The following modes are available as a part of the ISA Server setup process:
· Firewall: In Firewall mode, network configuration can be secured by configuring rules that control
communication between a corporate network and the Internet. In this mode, internal servers can also be
published to share data with Internet users.
· Cache: In Cache mode, network performance can be improved and bandwidth can be saved by storing
commonly accessed Internet objects locally. Requests can be routed from the Internet users to an
appropriate internal Web server.
· Integrated: Integrated mode is a combination of Firewall and Cache modes. It supports all the features
available in Firewall and Cache modes of ISA Server
Subscribe to:
Posts (Atom)