Difference between IPv4 and IPv6 :

Companies use IPv6 when communication is required on vast-level i.e. WAN , for
LAN sites they use IPv4. Case when a user is unable to communicate with
exchange server just because he is on IPv6 or Outlook is giving error on IPv6
IPv4 is 32-bit and IPv6 is 128-bit
IP Addresses :
A : 0 126
127 is reserved as loop-back address 127.0.0.1 (used to check LAN
card, where a computer is communicating from itself to itself)
B : 128 191
C : 192 223
D : 224 239
E : 240 - 255
DEFAULT ROUTING ADDRESS : Every network device has a network routing table
which has the entry of whatever packet passes and travels to one or other HOP and
that is dynamically updated. When no routing has to be set for a packet to travel
through one or other HOP, then 0.0.0.0 is assigned as a default address on LAN Card
for packet tracing. It will be checked from the table whether the packet has the
destination address, if yes then the packet will travel through the best route
amongst all. Once the entry has been set for this route in the table, the packet will
follow that route even if this is the longest one in the network. So, through Default
routing, packet travels in the network, takes whatever route it wants to but has to
reach the destination address.
APIPA Automatically Assigned Private IP address is used when DHCP server is not
responding. We assign it when there is no connection between DHCP server and
static IP address and we choose obtain automatically. Through APIPA, computer can
only communicate only on its own local network. After a specific time interval, NIC
card sends an information packet to check whether DHCP is there in the network or
not. Suppose, LAN cable was not plugged in, and as we plug in the LAN cable, the
moment DHCP server will be found on the network, IP will be assigned and APIPA
will go away.
Subnetting Why is it done ?
To divide a larger network into sub-networks, so that we can increase no. of
IPs
To reserve IPs
To make efficient utilization of IPs
Suppose she is sending a packet of information to me, it is broadcasted over
the network, if she is on the same network, same subnet. For example, my
office has 4 departments : Marketing, HR, Finance and Accounting, now if HR
employee is communicating to employee in HR over the network, and if there
is no subnetting, the packet will have to travel the entire network thereby
using a lot of bandwith, so subnetting is done to reduce traffic.
LAYER 3 Switches are configurable switches, although switches belong to
Layer 2

DHCP : Dynamic Host Configuration Protocol is a role in Windows server which we

install and is configured in the network to provide IP addresses. E.g. there are
several machines in my office, I wont be giving IP addresses to every machine, Ill
install DHCP server to assign IP addresses to those machines. Although these are
smart admins, for every designated role we install a different server. Suppose if
DHCP has been installed on a machine/server, we wont install DNS or AD on it, itll
just be a DHCP server.
SCOPE of DHCP : One scope may have many pools like book containing many
chapters. Scope is something which we define while creating a DHCP server.
Suppose, I have a DHCP server in my network and I have different sites, e.g. HP has
different site, so for every site there is a different scope, in every scope there are
different pools of IP addresses; HR department wont be given the same IP address
as IT department would be, so scope is used to distinguish between departments or
as per business requirement.
Pool is a set of IP addresses, a range wherefrom IP address would be assigned.
Suppose, a range 192.168.1.1 254 is defined. Now, a range 192.168.1.5 7
has been reserved. So, a reserved range is a range of IP addresses which a DHCP
server will not assign from the range defined. This is used in case e.g. for Director of
a company who would be assigned a static IP and not dynamic IP or in case of a
printer machine configured for a friend/employee to control it and make it
identifiable and unique through a given static IP.
TYPES OF SCOPE WOULD NOT BE ASKED
DORA PROCESS
A machine has been configured on a domain which sends a Discover packet
generated by the NIC card of the machine. Having the MAC address of the client
machine, this packet gets broadcasted to the whole network. All other devices in
the network will drop the packet as just the DCHP recognizes it and will pick the
packet, check and come to know that this client machine is trying to get into the
network and looking for an IP address. Now DHCP will send an Offer packet (Unicast)
to the client machine containing an available IP address however this packet
doesnt contain the location details of the DHCP server (IP address here is one which
is free and available from the pool and is assignable. Note that if a machine having
an IP address is no more in the network, that IP address gets back to the pool and
gets free to be assigned). Now, the client machine will again send a Request packet
(broadcast) to the network as requesting for that IP address offered by DHCP server.
This packet contains MAC address of the client machine and available IP address
offered to it. Finally, the DHCP server will send Acknowledgement packet (unicast)
to the client machine confirming that the offered IP address will be assigned to the
client machine. The clients MAC address and the lease time would be recorded
here.
(If system is in the network, DHCP will renew the lease and if system is no more in
the network, IP will get free and will be back in the pool again).
(LEASE TIME for Wi-Fi = 8 hrs. LEASE TIME of LAN = 8 days)
Suppose, there are 4 DHCP servers in a network, now which DHCP server would get
the Discover packet from client machine?

Answer is Discover packet would go first to that DHCP server which is on the closest
distance to the client. And if two DHCP servers offer IP address to the client
machine, it would request the IP address to that DHCP server which was the first to
receive the Discover packet.

DNS (Domain Naming System)

DNS does name resolution. Every designated server has a public IP address which is
internet facing. Basic functionality of DNS is name to IP and IP to name conversion.
E.g. for Google.com we do have a public IP however it is not really easy to
remember as compared to Google.com which is so easy to remember.
DNS is mandatory in the organization because we cannot remember FQDN and
addresses of all the machines and objects and cannot recall public addresses
assigned to the servers and machines.
RECORDS of DNS
A Name to IP
AAAA Name to IPv6
PTR IP to Name
CName Name to Name (e.g. type fb.com whichll redirect you to Facebook.com)
SOA Start of Authority (Authoritative server is a DNS server which has the
authority to make changes to the read-write copy of DNS database)
SRV used for defining the location, i.e. the hostname and port number, of servers for specified
services.
MX Mail exchange (any mail server or exchange server will be located by MX in the
DNS, without MX mail flow cannot take place)
NS used to identify DNS server in any zone
TXT just used to verify the domain owner for any DNS which requires to be added
in the network. Suppose, if Im adding a domain in my network domain owner would
be provided a value (TXT record) for which she (domain owner) has to make an
entry in her domain, then Ill NSlocal from any machine anywhere, that value will be
shown, thereby proving she is the domain owner for that DNS of that domain.
ZONES of DNS
Primary - It contains Read-write copy of DNS database
Secondary Whatever changes are done, theyll be replicated here. This has the
read-only copy. Even if you want to make changes to the secondary you have to
make changes to the primary and theyll be replicated here in the secondary.
Stub It contains cross-domain information.
Forward Look-Up Zone All the records in a DNS server are in the Forward Look-Up
except the PTR record)
AD Integrated
(Godaddy is the biggest Domain Registrar throughout the globe. Its the
partner of Microsoft)
(The first query which is made to the first DNS server from machine end to
the DNS is Iterative query)
(When we type Google.com, it first goes to local DNS)
(Client machine to DNS is Recursive DNS query, DNS to DNS is Iterative
DNS query)

DOMAIN AND DC
Domain is a logical group of objects. Objects can be users, computers or network
devices on same domain environment associated with same domain name.
Domain Controller - Any server running Windows having AD services installed on it
is DC providing AD services to the domain.
CDC Child Domain Controller with limited functionality. Suppose, I have a remote
location where the users are limited, CDC will be installed and AD accounts are
replicated there. Rather than making a log on query to DC, log on query will be
made to CDC.
ADC Additional Domain Controller. Suppose DC is in Gurgaon and ADC is in Pune. If
DC fails in Gurgaon due to any reason like a calamity or accident, ADC can be made
the DC for disaster recovery by seizing FSMO roles.
RODC Read Only DC which has the ready only copy of all AD accounts which
improves the log on time of all users.
BUDC Back Up DC has the incremental backup of AD databases.
AD File is located In System32 folder inside Windows folder in C drive.
NTDS.dit database file of AD is located in C:\Windows.
GROUP POLICY
Group Policy is simply policy restrictions set by an administrator on system or user
profile (roaming or local). These restrictions are applied by admin for OU be it local,
site or domain (LSD). E.g.in offices in production environment, you cannot change
date and time, cannot change wallpaper.
GP template restriction settings are defined.
GP container in which many GP templates are stored. So, if she applies a GP
container to an OU, all settings of templates in that container will be applicable on
that OU.
(Deny permissions always supersede over Allow permissions)
(GPs are stored in SYSVOL folder in C:\Windows)
FSMO - Flexible Single Master Operations
Types :
1. Schema Master Stores all attributes of all the objects in forest.
2. Domain-Naming Contains info of domains, child domains, sub-domains and
info of changes there in that forest.
3. RID controller Related ID Controller. For every object in a domain like a
printer there is a unique RID. Combination of domain ID provided by that
domain + unique SID (Security Identifier). Suppose, she has a forest which
has 5 domains, every domain has a Domain ID. Now she introduces 10
objects in a domain, each having a unique SID. So, RID here would be
different for every object. If we move an object to other domain from its
original domain, Identification without domain ID just through SID would
result into a clash because SID for that very object would always remain
same, therefore RID would differentiate amongst objects in forest for
Identification purpose.
(An SID, short for security identifier, is a number used to identify user, group, and
computer accounts in Windows. SIDs are created when the account is first created
in Windows and no two SIDs on a computer are ever the same. Users (you and me)

refer to accounts by the account's name, like "Tim" or "Dad", but Windows uses the
SID when dealing with accounts internally)
4. PDC Emulator Account lockout is processed here, time synchronization
within a domain is done, and authentication failures that occur at a given DC
in a domain because of an incorrect password are forwarded to the PDC
emulator before a bad password failure message is reported to the user.
5. Infrastructure Master - Works in the same way as Schema Master but domain
wide. This keeps record of all the objects in the domain and the changes
made, however Global Catalogue does the same but for entire forest.
Suppose she has a DC which has these 5 roles, and if it faces a failure, FSMO
can be seized through these 5 roles. This can be done by logging on to ADC,
open cmd and run NTDS.util and run the commands to seize the FSMO. If we
mark a check against GC in properties, Infrastructure Master will become GC.
(Global Catalogue and Infrastructure Master cant be on the same
machine)

PARTITIONS OF AD
Configuration Partition
Schema Partition
Application Partition
Domain Partition

EXCHANGE

Exchange is a messaging server provided by Microsoft to exchange emails. Versions

are: 2003, 2007, 2008, and 2013. We install Exchange server in our organization so
that it has an identity.
Cloud Exchange is online Exchange features of which are installed by Microsoft, we
just configure it, we have a limited functionality to manage it as compared to
Enterprise in which user has full control. In Cloud Exchange, Microsoft wont disclose
where is her mailbox on which database coz everything is managed by Microsoft
including infrastructure and the software. She is just paying to Microsoft to get those
services.
(Exchange 2013 has only Mailbox-Cache Proxy as the Role)
(MX Record is needed for Mail Flow)

EXCHANGE MIGRATION TYPES

1. IMAP Here every migration is copy-paste from one mailbox to the cloud.
Imap migration can be done from gmail or yahoo whichever server that
supports Imap.
2. STAGED - This kind of migration only supports exchange 2003 and exchange
2007 wherein CSV file is created containing user accounts and those will be
synced to the cloud. Once they are synced you can delete the mailbox. It

gives the option of selecting whether or not for example mailbox of Director
of company has to synced to cloud which is not possible in the case of
Cutover.
3. CUTOVER User doesnt have the option of selecting the mailboxes unlike
Staged. 2000 is the limit for number of mailboxes above which Cutover
migration cannot be done. Here all mailboxes are synced to cloud be it of any
employee in organization unlike Staged.
4. HYBRID In this migration, what happens is suppose client wants his 10,000
on premise mailboxes to be integrated with cloud. So, what he wants is his on
premise environment and cloud environment should be merged into a single
environment i.e. Hybrid environment. Herein, AD will be On Premise and all
AD accounts will be syned to cloud. Mailboxes will be setup in AD however if a
mailbox is not on cloud, mails are still coming in, mail-enabled user will
redirect the mails to On Premise environment.
Suppose a user has no AD account on cloud but has it on premise AD, and she is
logging in from cloud through a token authentication on premise which goes back to
cloud. This is made possible by SSO (Single Sign-on) wherein user needs to sign-in
just once and can make use of various apps and features like in gmail maps, gtalk,
google+ etc. can be used just by signing-in once.
Therefore, Hybrid is a rich co-existence providing SSO and Exchange federation.
When Directory Sync runs, mail-enabled users are created on premise if mailbox if is
in cloud. Mail-enabled users dont have those rights which mailbox users have.
(Mail-enabled users dont have those rights which mailbox users have)