

WINDOWS 2000
Q. Name 3 differences between Windows 2000 Standard and Windows 2000 Advanced Server.?

Ans. The Windows® 2000 Advanced Server operating system contains all the functionality and reliability of the
standard version of Windows 2000 Server, plus additional features for applications that require higher levels of
scalability and availability. This makes Advanced Server the right operating system for essential business and e-
commerce applications that handle heavier workloads and high-priority processes.

Advanced Server helps ensure your systems are available by addressing the causes of both planned and
unplanned network and server downtime. It also has features that let your applications grow to support large
numbers of users and data.

Increasing Server Performance

Advanced Server lets you increase server performance and capacity by adding processors and memory. This
approach to increasing your network capacity is referred to as scaling up.

You can increase the performance of a server computer by adding processors that can work together, and many
well-known server manufacturers offer multi-processor servers. Enhanced symmetric multiprocessing (SMP)
support in Advanced Server lets you use multiprocessor servers. Advanced Server includes enhanced memory
capabilities that let you increase the memory available for server processing to as much as eight gigabytes (GB).

As you well know, server downtime can result in lost revenue, wasted IT staff work, and unhappy customers. To
address these concerns, the clustering technologies in Advanced Server let more than one server work together
on a particular task. Clustering technologies increase server availability because they provide a safety net should
one of the clustered servers fail. There are two clustering technologies in Advanced Server. The first, called the
Cluster service, is used to link individual servers so they can perform common tasks. If one server stops
functioning, its workload is transferred to the other server. The second clustering technology, called Network
Load Balancing (NLB), is used to make sure a server is always available to handle requests. NLB works by
spreading incoming client requests among a number of servers that are linked together to support a particular
application

Q. In reference to Windows 2000 DNS, what is resources records -better known as SRV records?
Ans. Active uses DNS' as a locator service. These records allow clients and Server to locate various resources
within Active Directory (Ex, Global Catalog server, AD Sites, KERBEROS, LDAP etc.)

Q. What is the current service pack for Windows 2000?

Ans. Windows 2000 Service Pack 4.

Q. Where would I go in Windows 2000 to find out more information in reference to a service not
starting?
Ans. Event Viewer

Q. What is Global Catalogue (GC)?

Ans.

Q. If there are domain and a child domain on two different servers, will we have GC on both the
servers?
Ans. Yes, we can have more than in every domain but one is compulsory.

Q. Types of DNS Servers?

Ans.

Q.WHAT ARE 3 naming context of AD?

Q. There are 3 servers on LAN, how do you check for connectivity and name resolution?

Q. What is Mix mode environment?

Q. What is Native Mode environment?

Q. In NS Lookup I get an error: Unknown or non-existent domain. What does it mean?

Q. What is FSMO? What are 5 FSMO roles?

Ans. flexible single master operations (FSMO)

There are five different FSMO roles and they each play a different function in making Active Directory work:

PDC Emulator - This role is the most heavily used of all FSMO roles and has the widest range of functions. The
domain controller that holds the PDC Emulator role is crucial in a mixed environment where Windows NT 4.0
BDCs are still present. This is because the PDC Emulator role emulates the functions of a Windows NT 4.0 PDC.
But even if you've migrated all your Windows NT 4.0 domain controllers to Windows 2000 or Windows Server
2003, the domain controller that holds the PDC Emulator role still has a lot to do. For example, the PDC Emulator
is the root time server for synchronizing the clocks of all Windows computers in your forest. It's critically
important that computer clocks are synchronized across your forest because if they're out by too much then
Kerberos authentication can fail and users won't be able to log on to the network. Another function of the PDC
Emulator is that it is the domain controller to which all changes to Group Policy are initially made. For example, if
you create a new Group Policy Object (GPO) then this is first created in the directory database and within the
SYSVOL share on the PDC Emulator, and from there the GPO is replicated to all other domain controllers in the
domain. Finally, all password changes and account lockout issues are handled by the PDC Emulator to ensure
that password changes are replicated properly and account lockout policy is effective. So even though the PDC
Emulator emulates an NT PDC (which is why this role is called PDC Emulator), it also does a whole lot of other
stuff. In fact, the PDC Emulator role is the most heavily utilized FSMO role so you should make sure that the
domain controller that holds this role has sufficiently beefy hardware to handle the load. Similarly, if the PDC
Emulator role fails then it can potentially cause the most problems, so the hardware it runs on should be fault
tolerant and reliable. Finally, every domain has its own PDC Emulator role, so if you have N domains in your
forest then you will have N domain controllers with the PDC Emulator role as well.

RID Master - This is another domain-specific FSMO role, that is, every domain in your forest has exactly one
domain controller holding the RID Master role. The purpose of this role is to replenish the pool of unused relative
IDs (RIDs) for the domain and prevent this pool from becoming exhausted. RIDs are used up whenever you
create a new security principle (user or computer account) because the SID for the new security principle is
constructed by combining the domain SID with a unique RID taken from the pool. So if you run out of RIDS, you
won't be able to create any new user or computer accounts, and to prevent this from happening the RID Master
monitors the RID pool and generates new RIDs to replenish it when it falls beneath a certain level.

Infrastructure Master - This is another domain-specific role and its purpose is to ensure that cross-domain
object references are correctly handled. For example, if you add a user from one domain to a security group from
a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if
your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at
all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are
performed, so the machine holding this role doesn't need to have much horsepower at all.

Schema Master - While the first three FSMO roles described above are domain-specific, the Schema Master role
and the one following are forest-specific and are found only in the forest root domain (the first domain you
create when you create a new forest). This means there is one and only one Schema Master in a forest, and the
purpose of this role is to replicate schema changes to all other domain controllers in the forest. Since the schema
of Active Directory is rarely changed however, the Schema Master role will rarely do any work. Typical scenarios
where this role is used would be when you deploy Exchange Server onto your network, or when you upgrade
domain controllers from Windows 2000 to Windows Server 2003, as these situations both involve making
changes to the Active Directory schema.

Domain Naming Master - The other forest-specific FSMO role is the Domain Naming Master, and this role
resides too in the forest root domain. The Domain Naming Master role processes all changes to the namespace,
for example adding the child domain vancouver.mycompany.com to the forest root domain mycompany.com
requires that this role be available, so you can't add a new child domain or new domain tree, check to make sure
this role is running properly.

FSMO Roles Best Practices

Rule One: In your forest root domain, keep your Schema Master and Domain Naming Master on the same
domain controller to simplify administration of these roles, and make sure this domain controller contains a copy
of the Global Catalog. This is not a hard-and-fast rule as you can move these roles to different domain controllers
if you prefer, but there's no real gain in doing so and it only complicates FSMO role management to do so. If for
reasons of security policy however your company decides that the Schema Master role must be fully segregated
from all other roles, then go ahead and move the Domain Naming Master to a different domain controller that
hosts the Global Catalog. Note though that if you've raised your forest functional level to Windows Server 2003,
your Domain Naming Master role can be on a domain controller that doesn't have the Global Catalog, but in this
case be sure at least to make sure this domain controller is a direct replication partner with the Schema Master
machine.

Rule Two: In each domain, place the PDC Emulator and RID Master roles on the same domain controller and
make sure the hardware for this machine can handle the load of these roles and any other duties it has to
perform. This domain controller doesn't have to have the Global Catalog on it, and in general it's best to move
these two roles to a machine that doesn't host the Global Catalog because this will help balance the load (the
Global Catalog is usually heavily used).

Rule Three: In each domain, make sure that the Infrastructure Master role is not held by a domain controller
that also hosts the Global Catalog, but do make sure that the Infrastructure Master is a direct replication partner
of a domain controller hosting the Global Catalog that resides in the same site as the Infrastructure Master. Note
however that this rule does have some exceptions, namely that the Infrastructure Master role can be held by a
domain controller hosting the Global Catalog in two circumstances: when there is only one domain in your forest
or when every single domain controller in your forest also hosts the Global Catalog.

Q.In Windows 2000 server which 5 files are shared by default?

Ans.

Active Directory Services

Q.What is Active Directory?

A.The Active Directory catalogs information about all the objects on a network, including people,
computers, and printers, and distributes that information throughout your network. Security is
integrated with Active Directory through logon authentication and access control. With Active
Directory, you only need to log on once to easily find and use resources anywhere on the network.
For example, you can search Active Directory for a printer that prints in color and is located near
your computer, a group of users managed by a particular individual, or a shared folder to which a
unique keyword has been assigned.

Q.What is Active directory Database?

Ans. Windows 2000 Active Directory data store, the actual database file, is
%SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user
accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is
based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to
16 terabytes which would be large enough for 10 million objects. Back to the real world. Only the
Jet database can maniuplate information within the AD datastore.
The Active Directory ESE database, NTDS.DIT, consists of the following tables:

· Schema table
the types of objects that can be created in the Active Directory, relationships between
them, and the optional and mandatory attributes on each type of object. This table is fairly
static and much smaller than the data table.

· Link table
contains linked attributes, which contain values referring to other objects in the Active
Directory. Take the MemberOf attribute on a user object. That attribute contains values
that reference groups to which the user belongs. This is also far smaller than the data table.

· Data table
users, groups, application-specific data, and any other data stored in the Active Directory.
The data table can be thought of as having rows where each row represents an instance of
an object such as a user, and columns where each column represents an attribute in the
schema such as GivenName.

Q. Define Groups in Active Directory ?

Ans.
The following sections discuss the structure of groups and how you can use the various groups to help organize
your network:

Group Type: Security or Distribution

Group Scope: Local, Domain Local, Global, or Universal
How Domain Mode Affects Groups
Windows 2000 Built-in, Predefined, and Special Groups
Groups on Standalone Servers and Windows 2000 Professional

Group Type: Security or Distribution

Windows 2000 Server has two kinds of groups:

Distribution groups
Security groups

Although this section is primarily about the role groups play in security, distribution groups are also briefly
described to clarify the difference between the two group types. The next two subsections describe the
characteristics of security and distribution groups.

Distribution Groups
Distribution groups have only one function—to create e-mail distribution lists. You use distribution groups with e-
mail applications (such as Microsoft Exchange) to send e-mail to the members of the group. As with a security
group, you can add a contact to a distribution group so that the contact receives e-mail sent to the group.
Distribution groups play no role in security (you do not assign permissions to distribution groups), and you
cannot use them to filter Group Policy settings.

Security Groups
In the Windows 2000 operating system, security groups are an essential component of the relationship between
users and security. Security groups have two functions:

To manage user and computer access to shared resources

To filter Group Policy settings

Q. What are Group Scope: Local, Domain Local, Global, or Universal ?

Ans.
Both types of group—security and distribution—can have one of three scopes (four when you include local
groups, which exist in Windows 2000 to provide backward compatibility with Windows NT groups). A group's
scope determines the extent to which the group can be nested in other groups or referenced in DACLs on
resources in the Active Directory domain or forest

The four possible Windows 2000 group scopes are:

Groups with local scope (also called local groups)
Groups with domain local scope (also called domain local groups)
Groups with global scope (also called global groups)
Groups with universal scope (also called universal groups)

Groups with Local Scope

The local groups used in both Windows NT and Windows 2000 are precursors of and are in some ways similar to
the domain local groups (described next) introduced in Windows 2000. Local groups are sometimes referred to
as machine local groups to contrast them with domain local groups. Local groups have the following features:

Mode. Local groups are the only type of local group available in a Windows 2000 mixed-mode domain. In the
case of Windows 2000 native-mode domains, only Built-in groups have local scope.
Membership. Local groups can have members from anywhere in the forest, from trusted domains in other
forests, and from trusted down-level domains.
Permissions. A local group has only machine-wide scope; that is, it can be used to grant resource permissions
only on the machine on which it exists. (Note, however, that local groups created on a domain controller are
available on every domain controller in that domain and can be used to grant resource permissions on any
domain controller in that domain.)

Groups with Domain Local Scope

Domain local groups, a new feature of the Windows 2000 operating system, have the following features:

Mode. Domain local groups are available only in native-mode (but not mixed-mode) domains.
Membership. Like local groups, domain local groups can have members from anywhere in the forest, from
trusted domains in other forests, and from trusted down-level domains.
Permissions. A domain local group has domain-wide scope; that is, it can be used to grant resource
permissions on any Windows 2000 machine within the domain in which it exists (but not beyond its domain).

Groups with Global Scope

Global groups, effectively the same as Windows NT global groups, have the following features:

Mode. Global groups exist in both mixed-mode and native-mode domains.

Membership. Global groups can have members from within their own domain (only).
Permissions. Although a global group is limited to domain-wide scope as far as membership goes, it can be
made a member of machine or domain local groups or granted permissions in any domain (including trusting
domains in other forests and down-level domains with which a trust relationship exists). That is, groups with
global scope can be put into other groups in any trusting domain.

Groups with Universal Scope

Universal groups, a new feature of the Windows 2000 operating system, have the following features:

Mode. Universal groups are available only in native-mode domains.

Membership. Universal groups can have members from any Windows 2000 domain in the forest. (Universal
groups can contain members from mixed-mode domains in the same forest, but this is not recommended.
Members from such domains cannot have the universal group's SID added to their access token because
universal groups are not available in mixed-mode domains. Therefore, troubleshooting access problems would be
difficult.)
Permissions. Universal groups can be granted permissions in any domain, including in domains in other forests
with which a trust relationship exists.
Q. Explain some Active Directory Commands ?
Ans.
Ldifde
Creates, modifies, and deletes directory objects on computers running Windows Server 2003 operating systems
or Windows XP Professional. You can also use Ldifde to extend the schema, export Active Directory user and
group information to other applications or services, and populate Active Directory with data from other directory
services.

Syntax:
Ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r
LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
UserDistinguishedName Password] [-b UserName Domain Password] [-?]

Csvde
Imports and exports data from Active Directory using files that store data in the comma-separated value (CSV)
format. You can also support batch operations based on the CSV file format standard.

Csvde is a command-line tool that is installed in the %windir%/system32 folder on Windows Server 2003 by
default. To run csvde on a computer running Windows Server 2003, open a command prompt, type csvde with
the appropriate parameters, and then press ENTER.

You can also run csvde on a computer running Windows XP Professional if you install Active Directory Application
Mode (ADAM) on that computer. Csvde will be located in the %windir%/ADAM folder. To download ADAM, see
Active Directory Application Mode (ADAM) at the Download Center (http://go.microsoft.com/fwlink/?
LinkID=29359).

Syntax:
Csvde [-i ] [-f FileName] [-s ServerName] [-c String1 String2] [-v ] [-j Path] [-t PortNumber] [-d BaseDN] [-r
LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g ] [-m ] [-n ] [-k ] [-a
UserDistinguishedName Password] [-b UserName Domain Password]

Q. What are Operation Master Roles.?

Ans. W2K AD domain controllers split up the master operations roles. This is usually transparent to
most administrators. Active Directory will manage which domain controller has which master
operations role. The key is normally. There are five master controller roles. By default, they are on
the first domain controller in the domain. For performance issues, you probably want to split the
roles apart.

1. Place the RID and PDC FSMO emulator roles on the same DC.
2. Place the infrastructure FSMO master on a non-global catalog server.
3. Place the domain naming FSMO master on a Global Catalog Server.

Q.What is Domain Controller on Active Directory Services?

And. The domain controllers in a Microsoft Windows network as well as backup domain controllers are
central to the security of all devices on that network and must be secured to a high level. In a
Windows 2000 Server domain, the domain controller is the computer running Windows 2000
Server that manages all user access on the network which includes logging on, authentication and
access to the directory and shared resources.

Q. Name atleast 5 services on Active directory Sevices?

Q. What are hidden shares?

And. A network share on a Microsoft <http://www.computerhope.com/comp/msoft.htm> network that
is not visible when viewing another computers shares, however is still accessible if the name of
the hidden share is known.

Q. Creating a Microsoft Windows hidden share

Ans. Microsoft Windows hidden share is created by adding a "$" symbol to the end of the name of
the share. For example if you were sharing a folder named "hope" when creating the shared name
adding a "$" to the end of hope so the shared name is "hope$" will make a hidden share.

Q.Accessing a Microsoft Windows hidden share

Ans. Assuming we were attempting to access the "hope$" share that we created in the above example
from another computer we would type the below network path to access the hidden share.
//<computer_name>/hope$

Q. Viewing Microsoft Windows hidden shares

Ans. Hidden shares give the users a false impression that the share cannot be found unless it is known.
Although this may be true for most users, a user can still obtain numerous programs available on
the Internet that enable a user to view all shares regardless if they are hidden or not. If you are
creating a hidden share to protect sensitive data it is recommend you password protect the shareinstead of
making it hidden.

Q. What is SCHEMA in active directory database?

Ans. The Active Directory schema contains formal definitions of every object class that can be created
in an Active Directory forest. The schema also contains formal definitions of every attribute that
can exist in an Active Directory object.

Q. What types of classes exist in Windows Server 2003 Active Directory?

Ans.

Structural class The structural class is important to the system administrator in that it is the only type from
which new Active Directory objects are created. Structural classes are developed from either the modification of
an existing structural type or the use of one or more abstract classes.

Abstract class Abstract classes are so named because they take the form of templates that actually create
other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the
defining objects.

Auxiliary class The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a
structural class, it provides a streamlined alternative by applying a combination of attributes with a single include
action.

88 class The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was
adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the
development of objects in Windows Server 2003 environments.

Q. Name the file where database is store in Active directory Services?

Ans. NTDS.DIT

Q. What is “REGEDIT” ?
It is a tool for editing registry.

Q. Port Numbers for the following:-

And.
HTTP 80
HTTPS 443
DNS 53
POP3 110
SMTP 25
TCP/IP
FTP 21
TELNET 23
DHCP Client 546
DHCP Server 547
DHCP Server UPD 67 (While getting IP during Broadcast)
Client Active Directory service (LDAP): 389
Global Catalog Default: 3268
Kerberos UDP, TCP 88

Q. Define Forest, tree, domain

Q. How is server configured, migrated

Q. Types of Backup
Ans. The Backup utility supports five methods of backing up data on your computer or network.

Copy backup
A copy backup copies all selected files but does not mark each file as having been backed up (in other words, the
archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental
backups because copying does not affect these other backup operations.
Daily backup
A daily backup copies all selected files that have been modified the day the daily backup is performed. The
backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).

Differential backup
A differential backup copies files created or changed since the last normal or incremental backup. It does not
mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing
a combination of normal and differential backups, restoring files and folders requires that you have the last
normal as well as the last differential backup.

Incremental backup
An incremental backup backs up only those files created or changed since the last normal or incremental backup.
It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a
combination of normal and incremental backups, you will need to have the last normal backup set as well as all
incremental backup sets in order to restore your data.

Normal backup
A normal backup copies all selected files and marks each file as having been backed up (in other words, the
archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape
to restore all of the files. You usually perform a normal backup the first time you create a backup set.

Backing up your data using a combination of normal backups and incremental backups requires the least amount
of storage space and is the quickest backup method. However, recovering files can be time-consuming and
difficult because the backup set can be stored on several disks or tapes.

Backing up your data using a combination of normal backups and differential backups is more time-consuming,
especially if your data changes frequently, but it is easier to restore the data because the backup set is usually
stored on only a few disks or tapes.

Q.Disaster Recovery

Q.Database Corruption Problems

Q. IMC And MTA & All Type Of Connector’s Problems

Q. Public Folder Replication

Ans. One of the most common problems I see when people migrate from Exchange 5.5 to Exchange 2000 is the
public folders seem to “disappear.” Technically, the public folders are migrated to the new server, but no one
seems to be able to access them.

In most cases this is caused by a glitch in the migration process. The Exchange 2000 Setup program examines
the access control list for the public folder being migrated, and ensures that every user or group found on the
access control list also exists in the Active Directory. If even a single user or group exists in the folder’s access
control list but doesn’t exist in the Active Directory, then nobody except for the public folder’s owner is given
access to the public folder under Exchange 2000. What makes this problem even stranger is apparently it is a
design feature rather than a glitch. I say this because migrating from Exchange 5.5 to Exchange 2003 works in
the exact same way.

The solution to the problem is to bring an Exchange 2000 Server online prior to attempting the migration. To do
so, you can just load Windows 2000 Server and Exchange Server onto a spare PC. You can remove this
temporary server from your Exchange organization and the network after the migration has been completed.

In the meantime, you want to have this temporary Exchange 2000 Server online at the same time as your
existing Exchange 5.x servers. Once you have the temporary server in place, run a DS/IS consistency check on
your Exchange 5.x server. This will cause Exchange to identify any users or groups who have entries on access
control lists within Exchange 5.x, but do not have a corresponding Active Directory account. These accounts are
then removed from the access control list. This means you can safely replicate your public folders to the
Exchange 2000 Server or migrate your Exchange 5.5 Servers to Exchange 2000 or Exchange 2003 without
having to worry about public folder access problems.

Before I explain how to do a DS/IS consistency check, I need to give you a word of caution. Before running the
DS/IS consistency check, you must verify that all your existing Exchange Servers in all your sites are online and
accessible. If you fail to do this and a site is inaccessible, you will cause major problems for your Exchange
organization.

With that said, open the Exchange Administrator program on your Exchange 5.5 Server. Next, select your
Exchange Server from the server list and then select the Properties command from the console’s File menu.
When you do, you’ll see the server’s properties sheet. Select the Advanced tab and click on Consistency
Adjustment.
When you see the DI/IS Consistency Adjustment dialog box, select the Remove Unknown User Accounts From
Public Folder Permissions check box. Now, clear all other check boxes and click All Inconsistencies. When the
process completes, it should be safe to migrate the public folders for that server.

Exchange 5.5

Q. What Migration Wizard Does?

Ans. Migration Wizard is designed to do the following things:

- Create new Active Directory users based on Exchange 5.5 accounts in the source organization (if matching
users do not already exist in Active Directory).
- Convert Active Directory contacts to users.
- Migrate X.400, SMTP, cc:Mail, Microsoft Mail, and other e-mail addresses into the e-mail addresses attribute of
the new Active Directory user.
- Migrate the following mailbox and calendar data to the new Exchange 2000 mailboxes:
- Inbox
- Drafts
- Sent Items
- Calendar
- Tasks
- Custom folders created by the mailbox owner
- Update Exchange 2000 groups (but does not migrate Exchange 5.5 distribution lists). For example, a
distribution group in Active Directory may contain contacts. During migration, the Active Directory contacts
become disabled users, and the distribution group in Active Directory is updated to reflect this change.

Q. What Migration Wizard Does Not Do?

Ans. Migration Wizard is not designed to do the following things:
- Migrate mailboxes within an organization (in other words, migrate from Exchange 5.5 to Exchange 2000 in the
same Exchange 5.5 organization or forest). The source server running Exchange 5.5 must be in a different
organization (forest) from the target server running Exchange 2000.
- Clean up mailboxes on the server running Exchange 5.5 after migration. Old mailboxes continue to receive mail
after migration unless you delete the old mailboxes or set up alternate recipients that point to the Exchange
2000 mailboxes.
- Migrate personal mail archives or personal address books. For information about methods for migrating
personal mail archives or personal address books, see the Exchange 2000 online documentation.
- Migrate distribution lists. Two options exist for migrating distribution lists. Either convert distribution lists to
public folders and then migrate the public folders, or export the distribution lists and use the LDIFDE or CSVDE
command prompt utilities to convert them.
- Migrate custom recipients. Instead, Migration Wizard creates contacts from the custom recipients.
- Migrate Inbox rules. After migration, mailbox owners must re-create their Inbox rules in Microsoft Outlook.
- Migrate public folders. Use the Exchange Server InterOrg Replication utility to replicate standard and free and
busy public folders to Active Directory and Exchange 2000 public folder stores. Then, locate each public folder in
the new organization by adding a public folder replica to the server running Exchange 2000 and removing the
public folder from the source server. (For more information, see Q288150, "XADM: How to Rehome Public
Folders in Exchange 2000 Server," in the Microsoft Knowledge Base.) The Exchange InterOrg Replication utility is
available in the Support\Exchsync\ directory on the Exchange 2000 compact disc. (For more information, see
Q238573, "XADM: Installing, Configuring, and Using the InterOrg Replication Utility," in the Microsoft Knowledge
Base.)
- Migrate mailboxes from one server running Exchange 2000 to another server running Exchange 2000.
- Preserve access control lists (ACLs) to other mailboxes or public folders. For example, if a mailbox owner
updates his or her profile after migration to reference the new mailbox, he or she will not be able to access any
mail resources in the old Exchange 5.5 organization.

Q. What do you understand by an Exchange Server?

Ans. Exchange Server, the Microsoft messaging and collaboration server, is software that runs on

servers that enables you to send and receive electronic mail and other forms of interactive communication
through computer networks. Designed to interoperate with a software client application such as Microsoft
Outlook, Exchange Server also interoperates with Outlook Express and other e-mail client applications.
Q. Describe Mail Flow in an exchange Server.

Q. Name at least 5 services on an Exchange 5.5 server.

Q. What is the latest Service Pack for Exchange 5.5 server?

Q. What files are usually located in the MDBDATA directory on an Exchange 5.5 server

Ans: pub.edb, edb.chk edb.log, res I res2.log. transaction logs

Q. What is the difference between Priv.edb and Pub.edb?

Ans : Priv.edb is the private information store primarily for mailboxes. Pub.edb is a public

information store for public folders, Information.

Exchange 2000

Q. Where is the directory information stored in Exchange 2000?

Ans. The most notable difference between Exchange 5.5 and Exchange 2000 is the location where directory
information is stored. In Exchange 5.5, directory information resides in the Exchange 5.5 directory. Exchange
2000, however, relies entirely on Microsoft Active Directory directory service. To migrate mailboxes from
Exchange 5.5 to Exchange 2000, you must update Active Directory with all of the accounts that exist in the
Exchange 5.5 directory. You can use Migration Wizard to do this process for you by allowing Migration Wizard to
match Exchange 5.5 mailboxes with existing Active Directory users and create users if they do not already exist.

You access Migration Wizard from the Start menu (click Start, point to Programs, point to Microsoft Exchange,
and then click Migration Wizard).

Note You can also use the command prompt utility, Mailmig.exe, with a combination of switches and a control file
to perform a batch-process migration

Q.How many times do you need to run forest prep in a single Active Directory forest that contains 4
domains?

Ans. Only one because Forestprep runs on the Root to update the schema but if you want to run Domainprep
you need to run for all the domain as there are 4 domains.

Setup /forestprep. The /forestprep option runs in the AD forest domain that hosts the schema master
(typically the root domain). The option updates the schema, instantiates the Exchange 2000 organization, adds
the Exchange 2000 container to the configuration naming context, and creates the Domain EX Admins and All
Exchange Servers universal groups. The /forestprep option is useful when you want to replicate schema updates
throughout the forest before any server installations begin.
You can't execute this command unless you can log on with Enterprise and Schema Admin privileges. In addition,
if you need to join an existing Exchange Server 5.5 organization, you must have Read access (at a minimum) to
the Exchange Server 5.5 Directory Store. (This option replaced the /schema only command-line switch that was
in the first Exchange 2000 public beta.) If you plan to run a mixed-mode Exchange server organization, you must
install the ADC within the organization before you run /forestprep.

((( “” The Forestprep Utility will perform three major functions. It creates an Exchange organization object in AD,
defines the first Exchange administrator account, and extends the AD Schema with the Exchange 2000 schema
extensions. There are user rights required to run Forestprep. If your plan is to create a new Exchange 2000
organization, you can use an account that has rights to modify the schema and to write information to the
Configuration Naming Context. A member of the Schema Admins and Enterprise Admins security groups has
these rights. If you are migrating from an existing Exchange 2000 Organization, you should clone the service
account from NT to Win2K and make this cloned account a member of the same two security groups. Then, use
the service account to log on to run Forestprep to get sufficient rights to execute the operation.”””)))

Setup /domainprep. The /domainprep option runs in every domain in which an Exchange 2000 server resides.
The option performs tasks such as creating the global groups that Exchange administration uses. You must be a
domain administrator to run this option.

The Domainprep Utility will perform several crucial tasks. It will create the global security group Exchange
Domain Servers, create the local security group Exchange Enterprise Servers, place the Exchange Domain Server
group into the Exchange Enterprise Servers group, grant permission for the Exchange Enterprise Servers on the
Domain object and the AdminSDHolder object, create the Microsoft Exchange System Objects container
underneath the domain node, and change the DC security policy to let all Exchange servers manage the auditing
and security log. The Domainprep Utility will run quickly. After it is complete, allow time for the domain changes
to replicate to all DCs. Then, to set the security policy, run the command:
secedit / refreshpolicy
machine_policy

Q. What is the Active Directory Connector (ADC)?

A. The task of the ADC is to replicate directory information (such as mailboxes, users and groups) between the
Exchange 5.5 directory and Active Directory.

The ADC uses LDAP to contact both the Exchange 5.5 and Active Directory. LDAP works efficiently over all types
of network links, regardless of whether the connection is fast, slow, or high latency.

With the help of the ADC, you can create the following CA (Connection Agreement):

Recipient Connection Agreement

Public Folder Connection Agreement

Recipient Connection Agreement

The Recipient Connection Agreement creates a connector to replicate mailbox information, distribution lists and
custom recipients from Exchange 5.5 to Active Directory.

Public Folder Connection Agreement

The Public Folder Connection Agreement creates a connector to replicate Public Folder information (not the
content of Public Folders) from Exchange 5.5 to Active Directory.

It is important to know that the Recipient Connection Agreement and Public Folder Connection Agreement don’t
replicate the content of Public Folders and Mailboxes.

Organizations deploy Active Directory Connector (ADC) for four main reasons:

To replicate Microsoft Exchange directory information (from DIR.EDB) to Microsoft Active Directory (NTDS)

To replicate existing Microsoft Exchange Server version 5.5 directory data to Active Directory so that third-party
applications can take advantage of it.

To replicate directory information between Active Directory and the Exchange directory for coexistence from one
management application.

To deploy Exchange 2003 Server in an existing Exchange 5.5 environment for consolidation and migration
purposes.

Q. What is the Recipient Update Service (RUS)?

A; The Recipient Update Service (RUS) is a very important component in your Exchange
installation, it is RUS that is responsible for updating address lists and email addresses in your
Active Directory.

Many people ask a simple question, "I just created a new mailbox, but when I look at the users
properties in Active Directory Users and Computers, nothing is listed on the Email Address Tab,
what did I do wrong?", well the simple answer is nothing, the RUS takes it's time to update all the
information in AD, so give it some time and everything will appear.

What we will discuss here is how to ensure that the RUS is running correctly and some issue with
using RUS in a multiple domain environment.

By default your organization will have two RUS objects (Figure 1)

a. The "Enterprise Configuration" Recipient Update Service is responsible for the updating
of the email addresses for the system objects such as the Message Transfer Agent (MTA)
and System Attendant.

b. The "Domain" Recipient Update Service is responsible for the updating of the address
information for recipient objects in the domain that it is responsible for, in Figure 1 our
domain is NWTRADERS

To adjust the properties for the Recipient Update Service, right click over the service and then
select Properties, the properties for the Recipient Update Service will now be displayed (Figure 2).

Field Description
This is the domain that is serviced by this Recipient
Domain
Update Service.
This is the Exchange server responsible for the creation
Exchange Server and updating of the address list for the domain specified
in the Domain field.
 The Windows 2000 Domain Controller that this Recipient
Windows 2000
Update Service will connect to when it creates and
Domain Controller
updates the address list.
How often the Recipient Update Service will run, if you
Update Interval leave it selected to "Always Run" it will update once
every minute.

Q. What Makes Exchange 2000 Better Than Exchange 5.5?

Ans. The key difference between the two servers is that Exchange 2000 relies entirely on Windows 2000
Active Directory for all directory and security information. Because there is no separate Exchange
directory, this integration between Exchange and Windows creates the following far-reaching effects:
* It allows for dramatic improvements in flexible administration brought about when network security and
messaging share the same directory.
* It creates a stronger link and dependence between Exchange and Windows administrators, who now have
to work together more than ever before.
* It provides a new user model, which has expanded to include attributes for mail delivery and storage, as
well as a new Windows 2000 group model, which supports the functionality of both Exchange 5.5
distribution lists and Microsoft Windows NT 4.0 groups.
* Because Exchange 2000 uses only Active Directory, several new components now exist, such as the
Active Directory Connector (ADC), Site Replication Service (SRS), and Recipient Update
Service(RUS).
*Another major difference between Exchange 5.5 and Exchange 2000 is the relationship between user
mailboxes and Windows accounts.

Q. What is Site Replication Service (SRS)?

Ans.

Q. What is LSDOU ?
Ans. It’s group policy inheritance model, where the policies are applied to
Local machines, Sites, Domains and Organizational Units.

Q. What is Forward lookup and Reverse lookup Zone?

Ans.
Forward lookup DNS zones allow a resolver (an application included in web browsers and most FTP
software) to obtain an IP address when the host name is known. We can set up forward lookup zones to
manage our resources by assigning resources to certain domain locations. In Figure 3.2, the top-level
domain is .com. The second-level domain is our company domain, what. Assume that we have corporate
offices in Charlotte, St. Louis, New Orleans, and Sacramento. We have decided to partition the what
domain into three domains: east.what.com, central.what.com, and west.what.com. Our corporate
headquarters is in Charlotte, and a majority of the employees are located there. Computer personnel work
out of the Sacramento office, sales and marketing staff work primarily from the New Orleans office, and
warehousing and storage is located in St. Louis. For effective and efficient management of our network
resources, we will divide our domain structure into two zones. One zone will include the west.what.com
domain, and the other zone will include the central.what.com and east.what.com domains. Zone names are
derived from the root domain of the zone. Based on this information, the zone names for our domain
structure will be what.com (this includes both central.what.com, and east.what.com), and west.what.com.
These are the Forward lookup zones for what.com, where hosts look to resolve a FQDN with an IP address.
Reverse Lookup Zones
A Reverse lookup DNS zone allows a resolver to obtain a host name when an IP address is known.
Forward lookup zone files are not configured to respond to this type of query. In order to answer a reverse
lookup query, you must first create a new zone, the reverse lookup zone.

Reverse lookup zones are contained in a special domain called in-addr.arpa. This special domain behaves
similarly to the forward lookup zone. Subdomains in the in-addr.arpa zone are configured using the octets
in the dotted quads of each network ID. Each octet is reversed in the naming of each zone. For example,
you have a network ID of 132.165.7.0. The reverse lookup zone for this domain is 7.165.132.in-addr.arpa.
If you have a Network ID of 151.255.0.0, the reverse lookup zone is 255.151.in-addr.arpa.

Reverse lookup zones are created independently of Forward lookup zones. Pointer records (PTR) are
created when you set up the reverse lookup zones for your domain. You can manually enter the reverse
lookup zones for each computer on your network, or you can automatically create the PTR record when
you enter a record into the Forward lookup zone.

Q. If there are two Windows 2003 computer connected in Network. One Computer is the Domain
having FSMO Rules. Somehow the Domain Controller is burnt so how we will get back all FSMO
roles through other Computer.
Ans. You can transfer FSMO roles either by using the Microsoft Management Console (MMC) Active
Directory (AD) snap-ins (e.g., Active Directory Users and Computers) or the Ntdsutil utility. However, if
the server trying to take ownership of the FSMO role can't contact that role, you might need to force the
FSMO role transfer by using Ntdsutil with the seize switch. To use this option, perform the same actions as
you usually do when transferring a role with Ntdsutil, except that instead of entering the command

fsmo maintenance: transfer <role>

enter the command

fsmo maintenance: seize <role>

When you use the seize option, Ntdsutil first tries to transfer the role gracefully. If that transfer fails,
Ntdsutil forces the role transfer. You should use the seize option only when the current role holder will be
offline indefinitely and its functionality must remain available.

Q. What is Loopback Policy. Is it possible that a User logs on to different machine but when he logs
on one particular machine the RUN command text box is deactivated.
And. Group Policy applies to the user or computer in a manner that depends on where both the user and the
computer objects are located in Active Directory. However, in some cases, users may need policy applied
to them based on the location of the computer object alone. You can use the Group Policy loopback feature
to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback
Policy option

This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a
computer affected by this policy. This policy is intended for special-use computers where you must modify
the user policy based on the computer that is being used. For example, computers in public areas, in
laboratories, and in classrooms.

Note Loopback is supported only in an Active Directory environment. Both the computer account and the
user account must be in Active Directory. If a Microsoft Windows NT 4.0 based domain controller
manages either account, the loopback does not function.

Q. Can we set different Account policy for different users in a OU ?

Ans. No, account policy like password policy will be same across domain.
Q. How DHCP works. If one computer is connected to a network how it gets the IP address from
DHCP?
Ans. DHCP uses a client-server model. The network administrator establishes one or more DHCP servers
that maintain TCP/IP configuration information and provide it to clients. The server database includes the
following:
• Valid configuration parameters for all clients on the network.
• Valid IP addresses maintained in a pool for assignment to clients, plus reserved addresses for manual
assignment.
• Duration of a lease offered by the server. The lease defines the length of time for which the assigned IP
address can be used.

With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP
address and related configuration parameters dynamically each time they start and join your network.
DHCP servers provide this configuration in the form of an address-lease offer to requesting clients

The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration
information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The
DHCP server stores the configuration information in a database, which includes:

• Valid TCP/IP configuration parameters for all clients on the network.

• Valid IP addresses, maintained in a pool for assignment to clients, as well as reserved addresses for
manual assignment.
• Duration of the lease offered by the server—the length of time for which the IP address can be used
before a lease renewal is required.

A DHCP-enabled client, upon acceptance of a lease offer, receives:

• A valid IP address for the network it is joining.
• Additional TCP/IP configuration parameters, referred to as DHCP options

Discover – Broadcast when a client connects to network

Offer – Server offers IP’s from available pool
Request – Client take an IP and server sends all configuration to client.
Acknowledgement – Sends acknowledgement to Server with IP bindings with NIC

Q. Troubleshooting DHCP Client ?

Ans. Troubleshooting DHCP Clients
The most common DHCP client problem is a failure to obtain an IP address or other configuration
parameters from the DHCP server during startup. When a client fails to obtain configuration, answer the
following questions in order to quickly identify the source of the problem.

DHCP client does not have an IP address configured or has an IP address configured as 0.0.0.0.
The client was not able to contact a DHCP server and obtain an IP address lease, either because of a
network hardware failure or because the DHCP server is unavailable.
Verify that the client computer has a valid, functioning network connection. First, check that related client
hardware devices (cables and network adapters) are working properly at the client.

DHCP client has an auto-configured IP address that is incorrect for its current network.
The Windows 2000 or Windows 98 DHCP client could not find a DHCP server and has used the Automatic
Private IP Addressing (APIPA) feature to configure its IP address. In some larger networks, disabling this
feature might be desirable for network administration.
First, use the ping command to test connectivity from the client to the server. Next, verify or manually
attempt to renew the client lease. Depending on your network requirements, it might be necessary to
disable APIPA at the client.
Next, if the client hardware appears to be functioning properly, check that the DHCP server is available on
the network by pinging it from another computer on the same network as the affected DHCP client.
Also, try releasing or renewing the client's address lease, and check the TCP/IP configuration settings on
automatic addressing.

The DHCP client is missing configuration details.

The client might be missing DHCP options in its leased configuration, either because the DHCP server is
not configured to distribute them or the client does not support the options distributed by the server.
For Microsoft DHCP clients, verify that the most commonly used and supported options have been
configured at either the server, scope, client, or class level of option assignment. Check the DHCP option
settings.
The client has the full and correct set of DHCP options assigned, but its network configuration does not
appear to be working correctly. If the DHCP server is configured with an incorrect DHCP router option
(option code 3) for the client's default gateway address, clients running Windows NT or Windows 2000 do
not use the incorrect address. However, DHCP clients running Windows 95 use the incorrect address.
Change the IP address list for the router (default gateway) option at the applicable DHCP scope and server,
and set the correct value in the Scope Options tab of the Scope Properties dialog box. In rare instances, you
might have to configure the DHCP client to use a specialized list of routers different from other scope
clients. In such cases, you can add a reservation and configure the router option list specifically for the
reserved client.

DHCP clients are unable to get IP addresses from the server.

This problem can be caused the following:

• The IP address of the DHCP server was changed and now DHCP clients cannot get IP addresses.
A DHCP server can only service requests for a scope that has a network ID that is the same as the network
ID of its IP address. Make sure that the DHCP server IP address falls in the same network range as the
scope it is servicing. For example, a server with an IP address in the 192.168.0.0 network cannot assign
addresses from scope 10.0.0.0 unless superscopes are used.
• The DHCP clients are located across a router from the subnet where the DHCP server resides and are
unable to receive an address from the server.
A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router
that separates them can act as a DHCP relay agent. Completing the following steps might correct this
problem:

1. Configure a BOOTP/DHCP relay agent on the client subnet (that is, the same physical network
segment). The relay agent can be located on the router itself or on a Windows 2000 Server computer
running the DHCP Relay service component.
2. At the DHCP server, configure a scope to match the network address on the other side of the router
where the affected clients are located.
3. In the scope, make sure that the subnet mask is correct for the remote subnet.
4. Use a default gateway on the network connection of the DHCP server in such a way that it is not using
the same IP address as the router that supports the remote subnet where the clients are located.
5. Do not include this scope (that is, the one for the remote subnet) in superscopes configured for use on the
same local subnet or segment where the DHCP server resides.
6. Make sure there is only one logical route between the DHCP server and the remote subnet clients.
• Multiple DHCP servers exist on the same local area network (LAN).
Make sure that you do not configure multiple DHCP servers on the same LAN with overlapping scopes.
You might want to rule out the possibility that one of the DHCP servers in question is a Small Business
Server (SBS) computer. By design, the DHCP service, when running under SBS, automatically stops when
it detects another DHCP server on the LAN.

Q. How DHCP client contacts DHCP server?

Ans. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their
IP address and related configuration parameters dynamically each time they start and join your network.
DHCP servers provide this configuration in the form of an address-lease offer to requesting clients.

Address Conflicts : DHCP operates on a lease renewal basis. During the leasing process, address conflicts
can occur as leases are renewed and expired. Client lease requests might be denied by the server for invalid
(out of pool) or duplicate addresses. Multiple address conflict messages can indicate that your lease period,
your scope, or both, need adjustment in your DHCP server configuration.

Client Service Availability: A computer running Microsoft Windows Vista becomes a DHCP client if
Obtain an IP address automatically is selected in its TCP/IP properties. When a client computer is set to use
DHCP, it accepts a lease offer and can receive the following from the server:
- Temporary use of an IP address known to be valid for the network it is joining.
- Additional TCP/IP configuration parameters for the client to use in the form of options data.

Configuration: Each time a DHCP client starts, it requests IP addressing information from a DHCP server,
including:
- Ip Address.
- Subnet mask
- Additional configuration parameters, such as a default gateway address, Domain Name System
(DNS) server addresses, a DNS domain name, and Windows Internet Name Service (WINS) server
addresses.

When a DHCP server receives a request, it selects an available IP address from a pool of addresses defined
in its database (along with other configuration parameters) and offers it to the DHCP client. If the client
accepts the offer, the IP addressing information is leased to the client for a specified period of time.
The DHCP client will typically continue to attempt to contact a DHCP server if a response to its request for
an IP address configuration is not received, either because the DHCP server cannot be reached or because
no more IP addresses are available in the pool to lease to the client. For DHCP clients that are based on
Microsoft Windows Vista, Microsoft Windows XP or Windows Server 2003 operating systems, the DHCP
Client service uses the alternate configuration when it cannot contact a DHCP server. The alternate
configuration can be either an Automatic Private IP Addressing (APIPA) address or an alternate
configuration that has been configured manually.

Ipv6 Availability : DHCP can lease both Internet Protocol version 4 (IPv4) and Internet Protocol version 6
(IPv6) addresses. If IPv6 is not available, the DHCP service uses IPv4 only.

Lease Availability: Each time a DHCP client starts, it requests IP addressing information from a DHCP
server, including:

- Ip Address.
- Subnet mask
- Additional configuration parameters, such as a default gateway address, Domain Name System
(DNS) server addresses, a DNS domain name, and Windows Internet Name Service (WINS) server
addresses.

When a DHCP server receives a request, it selects an available IP address from a pool of addresses defined
in its database (along with other configuration parameters) and offers it to the DHCP client. If the client
accepts the offer, the IP addressing information is leased to the client for a specified period of time.
The DHCP client will typically continue to attempt to contact a DHCP server if a response to its request for
an IP address configuration is not received, either because the DHCP server cannot be reached or because
no more IP addresses are available in the pool to lease to the client. For DHCP clients that are based on
Microsoft Windows Vista, Microsoft Windows XP or Windows Server 2003 operating systems, the DHCP
Client service uses the alternate configuration when it cannot contact a DHCP server. The alternate
configuration can be either an Automatic Private IP Addressing (APIPA) address or an alternate
configuration that has been configured manually.

Network Errors: A network error might prevent the DHCP client from sending messages to the DHCP
server. DHCP clients and servers use the following messages to communicate during the DHCP
configuration process:

• DHCPDiscover - Sent from client to server to initially discover the presence of DHCP servers on the
network.
• DHCPOffer - Sent from server to client to respond to the DHCPDiscover message. The DHCPOffer
message contains an IP address configuration offered to the requesting DHCP client.
• DHCPRequest - Sent from client to server to request a specific IP address configuration from a specific
DHCP server.
• DHCPAck - Sent from server to client to acknowledge that the client has been allocated a specific IP
address configuration.
• DHCPNak - Sent from server to client to indicate that the client cannot use a specific IP address
configuration. For example, DHCP servers send DHCPNak messages when a wireless client has moved to
a different subnet and attempts to renew the lease on its previous address.
• DHCPDecline - Sent from client to server to indicate that the offered IP address configuration is invalid.
For example, DHCP clients send DHCPDecline messages when they discover that the offered IP address is
a duplicate.
• DHCPRelease - Sent from client to server to indicate that the DHCP client is no longer using the IP
address configuration.
• DHCPInform - Sent from client to server to request additional configuration settings.

Q. What is Unicasting and Multicasting?

Ans. Unicasting is where nodes of the network only have the ability to send to one other node at a time
whereas In a multicast transport service, a single node can send a single data stream to many destinations.

Q. Difference and advantages between NAS and SAN ?

Ans. At first glance NAS and SAN might seem almost identical, and in fact many times either will work in
a given situation. After all, both NAS and SAN generally use RAID connected to a network, which then are
backed up onto tape. However, there are differences -- important differences -- that can seriously affect the
way your data is utilized. For a quick introduction to the technology, take a look at the diagrams below.
Wires and Protocols
Most people focus on the wires, but the difference in protocols is actually the most important factor. For
instance, one common argument is that SCSI is faster than ethernet and is therefore better. Why? Mainly,
people will say the TCP/IP overhead cuts the efficiency of data transfer. So a Gigabit Ethernet gives you
throughputs of 60-80 Mbps rather than 100Mbps.
But consider this: the next version of SCSI (due date ??) will double the speed; the next version of ethernet
(available in beta now) will multiply the speed by a factor of 10. Which will be faster? Even with
overhead? It's something to consider.

The Wires
--NAS uses TCP/IP Networks: Ethernet, FDDI, ATM (perhaps TCP/IP over Fibre Channel someday)
--SAN uses Fibre Channel

The Protocols
--NAS uses TCP/IP and NFS/CIFS/HTTP
--SAN uses Encapsulated SCSI

Difference between NAS and SAN

NAS
Almost any machine that can connect to the LAN (or is interconnected to the LAN through a WAN) can
use NFS, CIFS or HTTP protocol to connect to a NAS and share files.

A NAS identifies data by file name and byte offsets, transfers file data or file meta-data (file's owner,
permissions, creation data, etc.), and handles security, user authentication, file locking

A NAS allows greater sharing of information especially between disparate operating systems such as Unix
and NT.

File System managed by NAS head unit

Backups and mirrors (utilizing features like NetApp's Snapshots) are done on files, not blocks, for a savings
in bandwidth and time. A Snapshot can be tiny compared to its source volume.

SAN
Only server class devices with SCSI Fibre Channel can connect to the SAN. The Fibre Channel of the SAN
has a limit of around 10km at best

A SAN addresses data by disk block number and transfers raw disk blocks.

File Sharing is operating system dependent and does not exist in many operating systems.
File System managed by servers

Backups and mirrors require a block by block copy, even if blocks are empty. A mirror machine must be
equal to or greater in capacity compared to the source volume.

Q. What is RAID read and write speed in all RAID 0,1,2,3,4,5,6 ?

Ans. Standard RAID Levels

• RAID 0: Striped Set (2 disks minimum) without parity. Provides improved performance and
additional storage but no fault tolerance from disk errors or disk failure. Any disk failure destroys
the array, which becomes more likely with more disks in the array. The reason a single disk failure
destroys the entire array is because when data is written to a RAID 0 drive, the data is broken into
"fragments". The number of fragments is dictated by the number of disks in the drive. Each of
these fragments are written to their respective disks simultaneously on the same sector. This
allows smaller sections of the entire chunk of data to be read off the drive in parallel, giving this
type of arrangement huge bandwidth. When one sector on one of the disks fails, however, the
corresponding sector on every other disk is rendered useless because part of the data is now
corrupted. RAID 0 does not implement error checking so any error is unrecoverable. More disks in
the drive means higher bandwidth, but greater risk of data loss.
• RAID 1: Mirrored Set (2 disks minimum) without parity. Provides fault tolerance from disk errors
and single disk failure. Increased read performance occurs when using a multi-threaded operating
system that supports split seeks, very small performance reduction when writing. Array continues
to operate so long as at least one drive is functioning.
• RAID 3 and RAID 4: Striped Set (3 disk minimum) with Dedicated Parity, the parity bits
represent a memory location each, they have a value of 0 or 1, whether the given memory location
they represent, is empty or full, thus enhancing the speed of read and write. This mechanism
provides an improved performance and fault tolerance similar to RAID 5, but with a dedicated
parity disk rather than rotated parity stripes. The single disk is a bottle-neck for writing since every
write requires updating the parity data. One minor benefit is the dedicated parity disk allows the
parity drive to fail and operation will continue without parity or performance penalty.
• RAID 5: Striped Set (3 disk minimum) with Distributed Parity. Distributed parity requires all but
one drive to be present to operate; drive failure requires replacement, but the array is not destroyed
by a single drive failure. Upon drive failure, any subsequent reads can be calculated from the
distributed parity such that the drive failure is masked from the end user. The array will have data
loss in the event of a second drive failure and is vulnerable until the data that was on the failed
drive is rebuilt onto a replacement drive.
• RAID 6: Striped Set (4 disk minimum) with Dual Distributed Parity. Provides fault tolerance from
two drive failures; array continues to operate with up to two failed drives. This makes larger RAID
groups more practical, especially for high availability systems. As drives grow in size, they
become more prone to error and exposure to failure during fixing, a single drive may be 1
Terabyte in size. Single parity RAID levels are vulnerable to data loss until the failed drive is
rebuilt: the larger the drive, the longer the rebuild will take. With dual parity, it gives time to
rebuild the array by recreating a failed drive with the ability to sustain failure on another drive in
the same array.

Nested RAID Levels

Many storage controllers allow RAID levels to be nested. That is, one RAID can use another as its basic
element, instead of using physical drives. It is instructive to think of these arrays as layered on top of each
other, with physical drives at the bottom.
Nested RAIDs are usually signified by joining the numbers indicating the RAID levels into a single
number, sometimes with a '+' in between. For example, RAID 10 (or RAID 1+0) conceptually consists of
multiple level 1 arrays stored on physical drives with a level 0 array on top, striped over the level 1 arrays.
In the case of RAID 0+1, it is most often called RAID 0+1 as opposed to RAID 01 to avoid confusion with
RAID 1. However, when the top array is a RAID 0 (such as in RAID 10 and RAID 50), most vendors
choose to omit the '+', though RAID 5+0 is more informative.
[edit] Common nested RAID levels
RAID 0+1: Striped Set + Mirrored Set (4 disk minimum; Even number of disks) provides fault tolerance
and improved performance but increases complexity. The key difference from RAID 1+0 is that RAID 0+1
creates a second striped set to mirror a primary striped set. The array continues to operate with one or more
drives failed in the same mirror set, but if two or more drives fail on different sides of the mirroring, the
data on the RAID system is lost.
RAID 1+0: Mirrored Set + Striped Set (4 disk minimum; Even number of disks) provides fault tolerance
and improved performance but increases complexity. The key difference from RAID 0+1 is that RAID 1+0
creates a striped set from a series of mirrored drives. The array can sustain multiple drive losses as long as
no two drives lost comprise a single pair of one mirror.
RAID 5+0: A stripe across distributed parity RAID systems
RAID 5+1: A mirror striped set with distributed parity (some manufacturers label this as RAID 53)

Non-standard RAID levels

Given the large amount of custom configurations available with a RAID array, many companies,
organizations, and groups have created their own non-standard configurations, typically designed to meet at
least one but usually very small niche groups of arrays. Most of these non-standard RAID levels are
proprietary.
Some of the more prominent modifications are:
ATTO Technology's DVRAID™ adds parity RAID protection to systems which demand performance for
4K film, 2K film, high-definition audio and video.
The Storage Computer Corporation uses RAID 7, which adds caching to RAID 3 and RAID 4 to improve
performance.
EMC Corporation offers RAID S as an alternative to RAID 5 on their Symmetrix systems, though this is no
longer supported on the latest release of Enginuity, the Symmetrix's operating system.
RAID-Z in the zfs filesystem of OpenSolaris solves the "write hole" problem of RAID-5.
[Intel(R)] has introduced a concept of ['Matrix Storage'] whereby a part(identical) of each of the disk drive
will be configured as one type of RAID(Say Striped) while the other part may act like a mirrored array.

Q. How many types of Users exist?

Q. Can we host 2 or more websites on a single IIS server.

Ans. Yes
The information in this tutorial applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2003 Server Family
Microsoft Small Business Server 2000

Important Notice:

Microsoft Internet Information Server (IIS) 5.x under Windows 2000, Windows XP Home or Windows XP
Professional does not allow you to host more than one web server.
You will have to upgrade to one of the operating systems in the list above to be able to host multiple Web sites
with IIS or simply choose other Web Server platform (e.g. Apache).

Summary:
This tutorial provides step-by-step instructions for hosting multiple Web sites with IIS (Internet Information
Server) 5.x or 6.x by using a single IP address and No-IP service.
Setting up NO-IP+ Plus accounts
Create an No-Ip account, if you haven't already done that, login to your account, and click "Add Domain" in the
No-Ip Plus menu. Enter the domain name you want to use with No-IP Plus service and follow instructions to
complete your setup.
Download and install Dynamic DNS update client and configure it for your account allowing it to download your
hosts you recently setup with NO-IP+ Plus service.

Note:
If you have choosen to setup a new domain name, you have to allow DNS services for your domain name up to
24 hours to be propagated on the Internet.

Setting up IIS
Usually IIS is not installed automatically under MS Windows operating systems, so you will have to install it by
going to Windows Control Panel, choosing Add/Remove Programs, then Add/Remove Windows components, and
check Internet Information Services (IIS).

After installation is completed, go to Windows Control Panel, Administrative Tools and start Internet Services
Manager.

Setting-Up Web Site(s)

1. Right-click the Server name (root of the tree marked with an asterisk *) choose New, Web Site.
2. Type Description of your first Web site and click next. (e.g. mysite1)
3. In the Ip address field choose "(All Unassigned)".
4. In the port field enter 80 or something else if you are using alternate ports (or if your ISP has blocked port
80).
5. In the Host Header field enter domain name (e.g. mysite1.com) (One of the domain names you have setup
earlier
with No-Ip+ service) and click next.
6. Click Browse and point to the directory where your Web Site files for the domain name above are located.
(e.g. c:\sites\mysite1) Make sure that "Allow anonymous access.." box is checked if you want all users
to be able to see your website. Click next.
7. For standard browsing preferences leave settings on this page as they are, otherwise configure them
after your needs. Click next.
8. Click Finish.

Repeat this step for every Website you need to setup.

Now, you will be able to see your WebSite(s) name(s) in the server list now.
Try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com) If everything is
configured as it should be, you will be able to see your website.
Congratulations!
Now, you can repeat process above to setup as many Websites you want with IIS.

Configuring/Troubleshooting Web Site(s)

If you can't see your website or see login window (web browser returns message "You are not authorized to view
this page") you will have to configure properly access rights for your website or index file (the first file that your
users see when they type in your domain name) that you will use with your website.

1. Right-click the Website name in your server list you recently setup and choose Properties from the menu.

2. Click Directory Security tab then click Edit "Anonymous Access.." section.
3. Make sure that Anonymous Access property is checked and click "Edit..." button.
4. See if user account located has right access setup to access information on your computer/website folder.

To make sure that you have a problem with access rights, try using/setting Administrators account here.
Now, try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com) If you had a
problem with access rights, this has been resolved and you will be able to see your website.
If you have resolved access-right issue, but you are receiving "Directory Listing Denied" message, you have
probably pointed your website to the index file that has not been associated with allowed/registered index file
on/for your website.
1. Right-click the Website name in your server list you recently setup and choose Properties from the menu.
2. Click Documents tab.
Under Enable Default Document section you will se index files registered with your website. If you are using e.g.
myindexfile.htm or myindexfile.html or myindexfile.php as your index file you will have to declare/register it
here.
3. Click Add, then type your index file name (e.g. index.php), and press Ok.
4. Press Ok again.
Now, try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com).
Congratulations!
Now, you can repeat process above to properly configure all Website(s) with IIS.

Q. How does a DNS client query works?

Ans. How DNS query works
When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. Each
query message the client sends contains three pieces of information, specifying a question for the server to
answer:

• A specified DNS domain name, stated as a fully qualified domain name (FQDN)
• A specified query type, which can either specify a resource record by type or a specialized type of query
operation
• A specified class for the DNS domain name.

For Windows DNS servers, this should always be specified as the Internet (IN) class.

For example, the name specified could be the FQDN for a computer, such as "host-a.example.microsoft.com.",
and the query type specified to look for an address (A) resource record by that name. Think of a DNS query as a
client asking a server a two-part question, such as "Do you have any A resource records for a computer named
'hostname.example.microsoft.com.'?" When the client receives an answer from the server, it reads and interprets
the answered A resource record, learning the IP address for the computer it asked for by name.

DNS queries resolve in a number of different ways. A client can sometimes answer a query locally using cached
information obtained from a previous query. The DNS server can use its own cache of resource record
information to answer a query. A DNS server can also query or contact other DNS servers on behalf of the
requesting client to fully resolve the name, then send an answer back to the client. This process is known as
recursion.

In addition, the client itself can attempt to contact additional DNS servers to resolve a name. When a client does
so, it uses separate and additional nonrecursive queries based on referral answers from servers. This process is
known as iteration.

In general, the DNS query process occurs in two parts:

• A name query begins at a client computer and is passed to a resolver, the DNS Client service, for resolution.
• When the query cannot be resolved locally, DNS servers can be queried as needed to resolve the name.
Both of these processes are explained in more detail in the following sections.

Part 1: The local resolver

The following figure shows an overview of the complete DNS query process.
Art Image
As shown in the initial steps of the query process, a DNS domain name is used in a program on the local
computer. The request is then passed to the DNS Client service for resolution using locally cached information. If
the queried name can be resolved, the query is answered and the process is completed.

The local resolver cache can include name information obtained from two possible sources:

• If a Hosts file is configured locally, any host name-to-address mappings from that file are preloaded into the
cache when the DNS Client service is started.
• Resource records obtained in answered responses from previous DNS queries are added to the cache and kept
for a period of time.

If the query does not match an entry in the cache, the resolution process continues with the client querying a
DNS server to resolve the name

Part 2: Querying a DNS server

As indicated in the previous figure, the client queries a preferred DNS server. The actual server used during the
initial client/server query part of the process is selected from a global list. For more information about how this
global list is compiled and updated, see Client features.

When the DNS server receives a query, it first checks to see if it can answer the query authoritatively based on
resource record information contained in a locally configured zone on the server. If the queried name matches a
corresponding resource record in local zone information, the server answers authoritatively, using this
information to resolve the queried name.

If no zone information exists for the queried name, the server then checks to see if it can resolve the name using
locally cached information from previous queries. If a match is found here, the server answers with this
information. Again, if the preferred server can answer with a positive matched response from its cache to the
requesting client, the query is completed.

If the queried name does not find a matched answer at its preferred server -- either from its cache or zone
information -- the query process can continue, using recursion to fully resolve the name. This involves assistance
from other DNS servers to help resolve the name. By default, the DNS Client service asks the server to use a
process of recursion to fully resolve names on behalf of the client before returning an answer. In most cases, the
DNS server is configured, by default, to support the recursion process as shown in the following figure.
Art Image

In order for the DNS server to do recursion properly, it first needs some helpful contact information about other
DNS servers in the DNS domain namespace. This information is provided in the form of root hints, a list of
preliminary resource records that can be used by the DNS service to locate other DNS servers that are
authoritative for the root of the DNS domain namespace tree. Root servers are authoritative for the domain root
and top-level domains in the DNS domain namespace tree. For more information, see Updating root hints.

By using root hints to find root servers, a DNS server is able to complete the use of recursion. In theory, this
process enables any DNS server to locate the servers that are authoritative for any other DNS domain name
used at any level in the namespace tree.

For example, consider the use of the recursion process to locate the name "host-b.example.microsoft.com."
when the client queries a single DNS server. The process occurs when a DNS server and client are first started
and have no locally cached information available to help resolve a name query. It assumes that the name
queried by the client is for a domain name of which the server has no local knowledge, based on its configured
zones.

First, the preferred server parses the full name and determines that it needs the location of the server that is
authoritative for the top-level domain, "com". It then uses an iterative (that is, a nonrecursive) query to the
"com" DNS server to obtain a referral to the "microsoft.com" server. Next, a referral answer comes from the
"microsoft.com" server to the DNS server for "example.microsoft.com".

Finally, the "example.microsoft.com." server is contacted. Because this server contains the queried name as part
of its configured zones, it responds authoritatively back to the original server that initiated recursion. When the
original server receives the response indicating that an authoritative answer was obtained to the requested
query, it forwards this answer back to the requesting client and the recursive query process is completed.

Although the recursive query process can be resource-intensive when performed as described above, it has some
performance advantages for the DNS server. For example, during the recursion process, the DNS server
performing the recursive lookup obtains information about the DNS domain namespace. This information is
cached by the server and can be used again to help speed the answering of subsequent queries that use or
match it. Over time, this cached information can grow to occupy a significant portion of server memory
resources, although it is cleared whenever the DNS service is cycled on and off.

Alternate query responses

The previous discussion of DNS queries assumes that the process ends with a positive response returned to the
client. However, queries can return other answers as well. These are the most common:

• An authoritative answer
• A positive answer
• A referral answer
• A negative answer

An authoritative answer is a positive answer returned to the client and delivered with the authority bit set in the
DNS message to indicate the answer was obtained from a server with direct authority for the queried name.
A positive response can consist of the queried RR or a list of RRs (also known as an RRset) that fits the queried
DNS domain name and record type specified in the query message.

A referral answer contains additional resource records not specified by name or type in the query. This type of
answer is returned to the client if the recursion process is not supported. The records are meant to act as helpful
reference answers that the client can use to continue the query using iteration.

A referral answer contains additional data such as resource records (RRs) that are other than the type queried.
For example, if the queried host name was "www" and no A RRs for this name were found in this zone but a
CNAME RR for "www" was found instead, the DNS server can include that information when responding to the
client.

If the client is able to use iteration, it can make additional queries using the referral information in an attempt to
fully resolve the name for itself.

A negative response from the server can indicate that one of two possible results was encountered while the
server attempted to process and recursively resolve the query fully and authoritatively:

• An authoritative server reported that the queried name does not exist in the DNS namespace.
• An authoritative server reported that the queried name exists but no records of the specified type exist for that
name.

The resolver passes the results of the query, in the form of either a positive or negative response, back to the
requesting program and caches the response.

Notes
• If the resultant answer to a query is too long to be sent and resolved in a single UDP message packet, the DNS
server can initiate a failover response over TCP port 53 to answer the client fully in a TCP connected session.
• Disabling the use of recursion on a DNS server is generally done when DNS clients are being limited to
resolving names to a specific DNS server, such as one located on your intranet. Recursion might also be disabled
when the DNS server is incapable of resolving external DNS names, and clients are expected to fail over to
another DNS server for resolution of these names.

You can disable the use of recursion by configuring in the Advanced properties in the DNS console on the
applicable server. For more information, see Disable recursion on the DNS server.

• If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.
• By default, DNS servers use several default timings when performing a recursive query and contacting other
DNS servers. These are:
• A recursion retry interval of 3 seconds. This is the length of time the DNS service waits before retrying a query
made during a recursive lookup.
• A recursion time-out interval of 15 seconds. This is the length of time the DNS service waits before failing a
recursive lookup that has been retried.

Under most circumstances, these parameters do not need adjustment. However, if you are using recursive
lookups over a slow-speed WAN link, you might be able to improve server performance and query completion by
making slight adjustments to the settings. For more information, see Tuning advanced server parameters.

How iteration works

Iteration is the type of name resolution used between DNS clients and servers when the following conditions are
in effect:
• The client requests the use of recursion, but recursion is disabled on the DNS server.
• The client does not request the use of recursion when querying the DNS server.

An iterative request from a client tells the DNS server that the client expects the best answer the DNS server can
provide immediately, without contacting other DNS servers.

When iteration is used, a DNS server answers a client based on its own specific knowledge about the namespace
with regard to the names data being queried. For example, if a DNS server on your intranet receives a query
from a local client for "www.microsoft.com", it might return an answer from its names cache. If the queried
name is not currently stored in the names cache of the server, the server might respond by providing a referral
-- that is, a list of NS and A resource records for other DNS servers that are closer to the name queried by the
client.

When a referral is made, the DNS client assumes responsibility to continue making iterative queries to other
configured DNS servers to resolve the name. For example, in the most involved case, the DNS client might
expand its search as far as the root domain servers on the Internet in an effort to locate the DNS servers that
are authoritative for the "com" domain. Once it contacts the Internet root servers, it can be given further
iterative responses from these DNS servers that point to actual Internet DNS servers for the "microsoft.com"
domain. When the client is provided records for these DNS servers, it can send another iterative query to the
external Microsoft DNS servers on the Internet, which can respond with a definitive and authoritative answer.

When iteration is used, a DNS server can further assist in a name query resolution beyond giving its own best
answer back to the client. For most iterative queries, a client uses its locally configured list of DNS servers to
contact other name servers throughout the DNS namespace if its primary DNS server cannot resolve the query.

How caching works

As DNS servers process client queries using recursion or iteration, they discover and acquire a significant store of
information about the DNS namespace. This information is then cached by the server.

Caching provides a way to speed the performance of DNS resolution for subsequent queries of popular names,
while substantially reducing DNS-related query traffic on the network.

As DNS servers make recursive queries on behalf of clients, they temporarily cache resource records (RRs).
Cached RRs contain information obtained from DNS servers that are authoritative for DNS domain names learned
while making iterative queries to search and fully answer a recursive query performed on behalf of a client.
Later, when other clients place new queries that request RR information matching cached RRs, the DNS server
can use the cached RR information to answer them.

When information is cached, a Time-To-Live (TTL) value applies to all cached RRs. As long as the TTL for a
cached RR does not expire, a DNS server can continue to cache and use the RR again when answering queries by
its clients that match these RRs. Caching TTL values used by RRs in most zone configurations are assigned the
Minimum (default) TTL which is set used in the zone's start of authority (SOA) resource record. By default, the
minimum TTL is 3,600 seconds (1 hour) but can be adjusted or, if needed, individual caching TTLs can be set at
each RR.

Notes
• You can install a DNS server as a caching-only server. For more information, see Using caching-only servers.
• By default, DNS servers use a root hints file, Cache.dns, that is stored in the systemroot\System32\Dns folder
on the server computer. The contents of this file are preloaded into server memory when the service is started
and contain pointer information to root servers for the DNS namespace where you are operating DNS servers.
For more information about this file or how it is used, see DNS-related files.

Q. What are Resource Records ?

Ans. Managing resource records

After you create a zone, additional resource records need to be added to it. The most common resource records
(RRs) to be added are:

• Host (A) For mapping a DNS domain name to an IP address used by a computer.
• Alias (CNAME) For mapping an alias DNS domain name to another primary or canonical name.
• Mail Exchanger (MX) For mapping a DNS domain name to the name of a computer that exchanges or forwards
mail.
• Pointer (PTR) For mapping a reverse DNS domain name based on the IP address of a computer that points to
the forward DNS domain name of that computer.
• Service location (SRV) For mapping a DNS domain name to a specified list of DNS host computers that offer a
specific type of service, such as Active Directory domain controllers.
• Other resource records as needed.

Host (A) resource records

Host (A) resource records are used in a zone to associate DNS domain names of computers (or hosts) to their IP
addresses, and can be added to a zone in several ways:
• You can manually create an A resource record for a static TCP/IP client computer using the DNS console.
• Windows clients and servers use the DHCP Client service to dynamically register and update their own A
resource records in DNS when an IP configuration change occurs.
• DHCP-enabled client computers running earlier versions of Microsoft operating systems can have their A
resource records registered and updated by proxy if they obtain their IP lease from a qualified DHCP server (only
the Windows 2000 and Windows Server 2003 DHCP Server service currently supports this feature).

The host (A) resource record is not required for all computers, but is needed by computers that share resources
on a network. Any computer that shares resources and needs to be identified by its DNS domain name, needs to
use A resource records to provide DNS name resolution to the IP address for the computer.

Most A RRs that are required in a zone can include other workstations or servers that share resources, other DNS
servers, mail servers, and Web servers. These resource records comprise the majority of resource records in a
zone database.
For more information, see Resource records reference.

Alias (CNAME) resource records

Alias (CNAME) resource records are also sometimes called canonical names. These records allow you to use more
than one name to point to a single host, making it easy to do such things as host both an FTP server and a Web
server on the same computer. For example, the well-known server names (ftp, www) are registered using
CNAME RRs that map to the DNS host name, such as "server-1", for the server computer that hosts these
services.

CNAME RRs are recommended for use in the following scenarios:

• When a host specified in an A RR in the same zone needs to be renamed.
• When a generic name for a well-known server such as www needs to resolve to a group of individual computers
(each with individual A RRs) that provide the same service. For example, a group of redundant Web servers.

When renaming a computer with an existing A RR in the zone, you can use a CNAME RR temporarily, to allow a
grace period for users and programs to switch from specifying the old computer name to using the new one. To
do this, you need the following:
• For the new DNS domain name of the computer, a new A RR is added to the zone.
• For the old DNS domain name, a CNAME RR is added that points to the new A RR.
• The original A RR for the old DNS domain name (and its associated PTR RR if applicable) is removed from the
zone.

When using a CNAME RR for aliasing or renaming a computer, set a temporary limit on how long the record is
used in the zone before removing it from DNS. If you forget to delete the CNAME RR and later its associated A
RR is deleted, the CNAME RR can waste server resources by trying to resolve queries for a name no longer used
on the network.

The most common or popular use of a CNAME RR is to provide a permanent DNS aliased domain name for
generic name resolution of a service-based name, such as www.example.microsoft.com to more than one
computer or one IP address used in a Web server. For example, the following shows the basic syntax of how a
CNAME RR is used.

alias_nameIN CNAMEprimary_canonical_name

In this example, a computer named host-a.example.microsoft.com needs to function as both a Web server
named "www.example.microsoft.com." and an FTP server named "ftp.example.microsoft.com." To achieve the
intended use for naming this computer, you can add and use the following CNAME entries in the
example.microsoft.com zone:

host-a IN A 10.0.0.20
ftp IN CNAME host-a
www IN CNAME host-a

If you later decide to move the FTP server to another computer, separate from the Web server on "host-a",
simply change the CNAME RR in the zone for ftp.example.microsoft.com and add an additional A RR to the zone
for the new computer hosting the FTP server.

Based on the earlier example, if the new computer were named "host-b.example.microsoft.com", the new and
revised A and CNAME RRs would be as follows:

host-a IN A 10.0.0.20
host-b IN A 10.0.0.21
ftp IN CNAME host-b
www IN CNAME host-a

For more information, see Resource records reference.

Mail exchanger (MX) resource records

The mail exchanger (MX) RR is used by e-mail applications to locate a mail server based on a DNS domain name
used in the destination address for the e-mail recipient of a message. For example, a DNS query for the name
"example.microsoft.com" could be used to find an MX RR, enabling an e-mail application to forward or exchange
mail to a user with the e-mail address user@microsoft.com.

The MX RR shows the DNS domain name for the computer or computers that process mail for a domain. If
multiple MX RRs exist, the DNS Client service attempts to contact mail servers in the order of preference from
lowest value (highest priority) to highest value (lowest priority). The following shows the basic syntax for use of
an MX RR.

mail_domain_nameIN MXpreference mailserver_host

By using the MX RRs shown below in the example.microsoft.com zone, mail addressed to
user@example.microsoft.com is delivered to user@mailserver0.example.microsoft.com first if possible. If this
server is unavailable, the resolver client can then use user@mailserver1.example.microsoft.com instead.
@ IN MX 1 mailserver0
@ IN MX 2 mailserver1

Note that the use of the at sign (@) in the records indicates that the mailer DNS domain name is the same as the
name of origin (example.microsoft.com) for the zone.
For more information, see Resource records reference.

Pointer (PTR) resource records

Pointer (PTR) RRs are used to support the reverse lookup process, based on zones created and rooted in the in-
addr.arpa domain. These records are used to locate a computer by its IP address and resolve this information to
the DNS domain name for that computer.

PTR RRs can be added to a zone in several ways:

• You can manually create a PTR RR for a static TCP/IP client computer using the DNS , either as a separate
procedure or as part of the procedure for creating an A RR.
• Computers use the DHCP Client service to dynamically register and update their PTR RR in DNS when an IP
configuration change occurs.
• All other DHCP-enabled client computers can have their PTR RRs registered and updated by the DHCP server if
they obtain their IP lease from a qualified server. The Windows 2000 and Windows Server 2003 DHCP Server
service provides this capability.

The pointer (PTR) resource record is used only in reverse lookup zones to support reverse lookup. For more
information, see Resource records reference.

Service location (SRV) resource records

To locate Active Directory domain controllers, service location (SRV) RRs are required. Typically, you can avoid
manual administration of the SRV RR when installing Active Directory.

By default, the Active Directory installation wizard attempts to locate a DNS server based on the list of preferred
or alternate DNS servers, configured in any of its TCP/IP client properties, for any of its active network
connections. If a DNS server that can accept dynamic update of the SRV RR (and other RRs related to registering
Active Directory as a service in DNS) is contacted, the configuration process is complete.

If, during the installation, a DNS server that can accept updates for the DNS domain name used to name your
Active Directory is not found, the wizard can install a DNS server locally and automatically configure it with a
zone to support the Active Directory domain.

For example, if the Active Directory domain that you chose for your first domain in the forest was
example.microsoft.com, a zone rooted at the DNS domain name of example.microsoft.com would be added and
configured to use with the DNS server running on the new domain controller.

Whether or not you install the DNS Server service locally, a file (Netlogon.dns) is written and created during the
Active Directory installation process that contains the SRV RRs and other RRs needed to support the use of Active
Directory. This file is created in the systemroot\System32\Config folder.

If you are using a DNS server that fits one of the following descriptions, you should use the records in
Netlogon.dns to manually configure the primary zone on that server to support Active Directory.

1. The computer operating your DNS server is running on another platform, such as UNIX, and cannot accept or
recognize dynamic updates.
2. A DNS server at this computer that is not the DNS Server service provided with the Windows Server 2003
family is authoritative for the primary zone corresponding to the DNS domain name for your Active Directory
domain.
3. The DNS server supports the SRV RR, as defined in the Internet draft, "A DNS RR specifying the location of
services (DNS SRV)", but does not support dynamic updates.

For example, the DNS Server service provided with Windows NT Server 4.0, when updated to Service Pack 4 or
later, fits this description.

In the future, the SRV RR might also be used to register and lookup other well-known TCP/IP services on your
network if applications implement and support DNS name queries that specify this record type. For more
information, see Resource records reference.

Q. What is hardware raid and software raid ?

Ans.
The distribution of data across multiple drives can be managed either by dedicated hardware or by software.
Additionally, there are hybrid RAIDs that are partially software and hardware-based solutions.

Software RAID
Software implementations are now provided by many operating systems. A software layer sits above the
(generally block based) disk device drivers and provides an abstraction layer between the logical drives (RAID
arrays) and physical drives. Software RAID is typically limited to RAID 0 (striping across multiple drives for
increased space and performance), RAID 1 (mirroring two drives) and RAID 5 (data striping with parity).

In a multi-threaded operating system (such as Linux, FreeBSD, Mac OS X, Windows NT/2000/XP/Vista and Novell
NetWare) the operating system can perform overlapped I/O, allowing multiple read or write requests to be
initiated without waiting for completion on each request. This is the capability that makes RAID 0/1 possible in an
operating system. However, most operating systems do not support RAID 0/1 striping or mirroring with parity,
due to the substantial processing demands of calculating parity[citation needed].

Since the software must run on a host server attached to storage, the processor (as mentioned above) on that
host must dedicate processing time to run the RAID software. Like hardware-based RAID, if the server
experiences a hardware failure, the attached storage could be inaccessible for a period of time.

Software implementations can allow RAID arrays to be created from partitions rather than entire physical drives.

Hardware RAID
A hardware implementation of RAID requires at a minimum a special-purpose RAID controller. On a desktop
system, this may be a PCI expansion card, or might be a capability built in to the motherboard. In industrial
applications the controller and drives are provided as a stand alone enclosure. The drives may be IDE/ATA,
SATA, SCSI, SSA, Fibre Channel, or any combination thereof. The using system can be directly attached to the
controller or, more commonly, connected via a SAN. The controller hardware handles the management of the
drives, and performs any parity calculations required by the chosen RAID level.

Most hardware implementations provide a read/write cache which, depending on the I/O workload, will improve
performance. Cached RAID controllers are most commonly used in industrial applications. Sometimes write cache
is non-volatile, so pending writes are not lost on power failure.

Hardware implementations provide guaranteed performance, add no overhead to the local CPU complex and can
support many operating systems, as the controller simply presents a logical disk to the operating system.

Hardware implementations also typically support hot swapping, allowing failed drives to be replaced while the
system is running.

Hybrid RAID
Hybrid RAID implementations have become very popular with the introduction of inexpensive RAID controllers,
implemented using a standard disk controller and then implementing the RAID in the controllers BIOS extension
(for early boot-up/real mode operation) and the operating system driver (for after the system switches to
protected mode). Since these controllers actually do all calculations typically proprietary to a given RAID
controller manufacturer and typically cannot span multiple controllers. The only advantages over software RAID
are that the BIOS can boot from them, and the tighter integration with the device driver may offer better error
handling.

Both hardware and software implementations may support the use of hot spare drives, a pre-installed drive
which is used to immediately (and almost always automatically) replace a drive that has failed. This reduces the
mean time to repair period during which a second drive failure in the same RAID redundancy group can result in
loss of data. It also prevents data loss when multiple drives fail in a short period of time, as is common when all
drives in an array have undergone very similar use patterns, and experience wear-out failures.
Q. Explain VirtualCenter can manage an inventory of ESX Server, GSX Server and Workstation hosts.
Ans.
Vmware GSX Server – Old server and now it is not used. In this first OS needs to be installed and then we need
to install GSX as application.
Vmware ESX Server – Currently used and it installs as OS directly on hardware. No OS required in installing.

Q. What Is DFS?
Ans. DFS provides the ability to create a single logical directory tree from different areas of data. The data
included in a DFS tree can be in any location accessible from the computer acting as the DFS root. In other
words, the data can be on the same partition, disk, or server, or on a completely different server. As far as DFS
is concerned, it makes no difference. A DFS tree appears as one contiguous directory structure, regardless of the
logical or physical location of the data.

After the DFS root is created, links to directories can be added or removed to construct the single logical
directory structure. The DFS tree can be navigated using standard file utilities such as Windows Explorer. Unless
users are made aware of the fact that the data is being accessed from different locations, they will not realize
that they are using a DFS system at all.

DFS trees can be used with both FAT and NTFS partitions. If you do use NTFS, the inclusion of a file or directory
in a DFS structure has no effect on security permissions.

There are two types of DFS:

Stand-alone DFS--Refers to a DFS tree that is hosted on a single physical server, and is accessed by connecting
to a DFS share point on that server. DFS configuration information is stored in the server's Registry. Stand-alone
DFS provides no fault tolerance. If the server hosting the DFS root should go down, users will no longer be able
to access their data unless they explicitly know where the data is stored.

Domain DFS--Provides more functionality, including features such as replication and load-balancing capabilities.
Domain DFS information is stored in Active Directory. A domain member server must act as the host for the DFS
tree. By storing the domain DFS configuration in Active Directory, the server-centric nature of stand-alone DFS is
removed, enabling the administrator to create DFS root replicas. If a server were to go down, users would be
redirected to a DFS root replica and could continue to access the DFS tree

Q. What is Global Namespace ?

Ans. Implementing a Global Namespace is the key to effective, efficient management of distributed file storage:
it essentially does for file storage what DNS does for networking. A Global Namespace allows clients to access
files without knowing their location (just as they access Web sites without knowing the IP addresses). It also
enables administrators to aggregate file storage across heterogeneous, geographically distributed storage devices
and to view and manage it as a single file system.

Brocade StorageX makes it easy to create and manage Global Namespaces of any size. A Brocade StorageX
Global Namespace provides an ideal platform on which to build business-critical storage management solutions,
including file sharing, disaster recovery, data migration, server consolidation, load-balancing, storage
optimization, and data lifecycle management.

Q. What is the Difference between Windows 2000 and 2003 Server ?

Ans.
Same structure; new capabilities

Unlike the transformation in the directory service architecture that took place between Windows NT and Windows
2000, the changes you see between Windows 2000 and Windows Server 2003 are much more incremental in
nature. Windows Server 2003 is grounded in the same Active Directory structure in Windows 2000 where each
domain controller holds a read-write copy of the AD database, relying on multi-master replication to keep
everything up-to-date.

In the Windows Server 2003 Active Directory Users & Computers MMC snap-in, you can now move an object
from one location in the directory tree to another by using the familiar drag-and-drop method, rather than being
forced to right-click the object and select "Move", as was the case in Windows 2000. You can also now select
multiple objects simultaneously for editing or deletion, and save commonly-used queries within the ADUC
console window. Although really, if you're going to be working with more than one object at a time, I would
recommend that you get out of the MMC console anyway and use command-line tools or scripts to take away
some of your administrative burdens.

New command-line tools

Windows Server 2003 includes a number of built-in command-line tools that were not available in Windows 2000,
including:

 dsadd -- allows you to create objects from the command line

 dsmove -- moves an object from one OU or container to another within the same domain
 dsrm -- will delete an object from Active Directory
 dsquery -- will return an object or list of objects that matches criteria that you specify
 dsget -- will return one or more attributes of a particular Active Directory object

Added feature promotes new domain controllers into a domain

Another new feature is the "Install from Media" option for promoting new domain controllers into a domain. In
Windows 2000, if you needed to install a domain controller at a remote location, you had one of two options:

1. Travel to the remote site to running dcpromo and allow the entire AD database to replicate across a slow (and
often expensive) WAN link, or
2. Configure the database at your corporate headquarters, and then ship the DC to the remote site; this is often
an expensive process and one that runs the risk of damaging expensive computer hardware in transit.

Enter the "Install From Media" feature. In Windows Server 2003 you can initially populate the Active Directory
database using a System State backup from an existing DC, saving you both WAN traffic and shipping costs. For
those of us who run extremely decentralized environments, this is one of those "Where has this been all my life?"
kinds of features.

Enhanced replication capabilities

Another significant change, particularly for larger environments, is a replication enhancement called linked-value
replication for objects such as Active Directory group objects. In Windows 2000, a group's membership list was
replicated as one single block of information. This led to a number of potential problems, such as the following:

Inconsistent replication. Consider this: you have a group called DOMAIN\Finance. From Domain Controller A,
you add the jsmith user to the Finance group. What happens if, at precisely the same nanosecond, your junior
admin removed the bthomas user from the Finance group while connected to Domain Controller B? Without
linked-value replication, this would create a replication conflict, which would either lead to jsmith being added to
the group and bthomas not being removed, or vice versa.

Replication delays. In Windows 2000, Microsoft published a size limitation where you could not place more
than 5,000 members in a single group object; more than this created significant replication delays since the
membership list was replicated as a single block.

Linked-value replication solves these problems by replicating these multi-valued attributes separately. In our first
example above, the addition of jsmith and the removal of bthomas would be replicated as two separate
transactions, allowing both updates to be applied without causing a replication conflict. In our second example,
only the individual changes to the group membership will be replicated, greatly streamlining the replication
process and removing the 5000-member limitation on Active Directory groups.

Tombstone:
60 days with Windows 2000
180 with Windows 2003 SP1

Group Policy
Windows 2000 you can configure upto 620 GPO
Windows 2003 you can configure upto 720 GPO
GPO once removed cannot be restored in 2000 but in 2003 it can be restored.

Q. If one object is deleted from Active directory can it be restored immediately? If yes how and if no
can we create another object with the same attributes?
Ans. When an object is deleted from Active Directory, it is not immediately erased, but is marked for future
deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a
"tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented online
or offline, which generally happens twice a day (once around noon, and once around midnight).

Normally, doing a manual undelete of tombstoned object is a bit of a hassle; it often involves performing an
authoritative backup restore, which is not a trivial operation. Thankfully, Mark Russinovich at Sysinternals has
created a little command-line freeware application called AdRestore 1.1. AdRestore enumerates all of the
currently-tombstoned objects in a domain and allows you to restore them selectively.

To add a little selectivity to the restore operation, you can run AdRestore with a parameter to narrow down the
search. For instance:

adrestore -r Serdar

would search for all objects with "Serdar" as part of its name. The -r switch forces the program to prompt the
user for each restoration; otherwise, all the objects found matching said criteria will be automatically restored.
The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored.

Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these
objects from deleted status will not automatically restore them to their respective OUs; this will need to be done
manually.

Q. Extra with Windows server 2003 SP1 with Tombstone, Backup etc. ?
Ans.
Changes to the default tombstone lifetime
Several changes in Service Pack 1 have to do with the way Active Directory handles "tombstoned" objects. Just
like in Windows 2000, when you delete an AD object, it is not immediately deleted; instead, it's marked as a
tombstoned object. This allows the deletion to be replicated properly to other domain controllers. Once an object
has been in this tombstoned state for a certain amount of time, it is finally deleted outright.

In Windows 2000, the default tombstone lifetime was 60 days. However, in Windows Server 2003, Microsoft
changed it to 180 days, effectively tripling the amount of time that a deletion had to be communicated to all of
the domain controllers in your environment.

There are two crucial caveats to keep in mind concerning this tombstone lifetime value:

If you have already installed Active Directory using either Windows 2000 or the original Windows Server 2003
media, the default tombstone lifetime will not automatically change when you upgrade to Windows Server 2003
SP1. You will only receive the 180-day tombstone lifetime value automatically by building a pristine 2003 SP1
Active Directory forest.

Several months ago, Microsoft Active Directory MVP Joe Richards discovered that the version of Dcpromo that
comes with Windows Server 2003 R2 will revert this value back to its original setting of 60 days. Therefore, if you
build a brand-new Active Directory forest using Windows Server 2003 R2 media, you will still receive the original
60-day default tombstone lifetime.

SID History added to tombstoned object attributes

In addition to modifying the tombstone lifetime for new Active Directory installations, 2003 Service Pack 1 added
the SID History attribute to the list of attributes that are retained when an object is tombstoned. When an Active
Directory object is tombstoned, it is stripped of most of its attributes, so the tombstoned object only takes up a
fraction of the size of the original object within the Active Directory database. Each user, group and computer
object within Active Directory is assigned a numeric security identifier, or SID. SIDs are unique within the domain
and do not change, even if the security principal is renamed or moved to another container within the same
domain.

Note: The SID is not retained if an object is deleted and re-created with the same display name; the re-created
object would be a brand new object with a completely different SID.

All access control lists (ACLs) on files, folders or AD objects use the SID to determine whether a particular user or
computer should be granted or denied access.

The notion of SIDs can become problematic, though, when you begin migrating from Windows NT domains into
new Active Directory environments. If you migrate a user object from a legacy NT domain into a new Active
Directory domain, a new SID will be created for the migrated user that corresponds to the new domain. If this
migrated user still requires access to resources in the old NT domain, however, an issue will crop up in which the
new Active Directory SID would not match the old NT4 SID.

To prevent this from happening, Windows 2000 introduced a feature called SID History, which allows migrated
user objects to retain records of any old SIDs they once possessed. This allows a migrated user to continue to
access a resource that used his old SID in its Access Control List. If the user attempted to access the resource
with his current SID and was denied, Windows would check the SID History attribute to see if any previous SIDs
would fit the bill and allow access.

Prior to Windows Server 2003 SP1, one of the attributes that was stripped when an object was tombstoned was
this SID History attribute, which meant that if you restored an object, any previous SIDs that were recorded in its
SID History were lost. Fortunately, Windows Server 2003 SP1 includes SID History among the attributes retained
when an object is deleted.

SP1 offers simpler AD troubleshooting

Service Pack 1 also made changes in the types of Active Directory information that are logged in the Event
Viewer on a domain controller, thus allowing for more proactive monitoring and easier troubleshooting.

One such update is Event ID 2089, which is recorded in the Directory Service event log if any directory partition
has not been backed up for a significant length of time (half of the tombstone lifetime or more). The event is
logged whether the partition is the Schema, Configuration, or domain partitions -- or any application partitions or
ADAM partitions that are hosted on the DC in question.

Service Pack 1 also created an event in the Directory Services log if it attempts to perform an action that requires
a particular Flexible Single Master Operation (FSMO), and that FSMO can't be contacted. For example, if an
administrator attempts to add a new domain to Active Directory, but the DC cannot locate or contact the Domain
Naming Master, an event would be logged in the Directory Services log if any of the FSMO role holders:

A) don't exist
B) can't be contacted, or
C) have not replicated recently with the DC in question.

Using virtualization technology with AD

Ever since SP1, administrators can run domain controllers using virtualization technology such as Microsoft
Virtual Server 2005. That allows you to run multiple domains or forests on a single machine or to use
virtualization to reduce the attack footprint of a physical server by separating its roles onto multiple virtual
machines.

Running DCs in a virtual environment is not without its own considerations, however, and you should consult the
Microsoft white paper Running Domain Controllers in Virtual Server 2005 before deploying this configuration in a
production environment, as well as this article by Gary Olsen: Is domain controller virtualization really a good
idea?

SP1 improves AD backups and restores

Backups, restores and disaster recovery measures for AD domain controllers also improved with Service Pack 1
by the inclusion of the following features:

 The Install From Media feature allows you to populate application directory partitions when installing a DC
from backup media. This saves you from needing to replicate the whole of the DomainDNSZones and
ForestDNSZones partitions across a slow or expensive WAN link.

 The authoritative restore process provides a much cleaner option for restoring group memberships of
authoritatively restored users, groups and computer objects by generating an LDIF file that contains any back-
link references for restored objects.

 The Ntdsutil utility has a greatly simplified syntax to remove extinct server metadata from the AD database.
Extinct server metadata is created when a domain controller suffers an irretrievable hardware failure or is
otherwise removed from the directory without using the Dcpromo tool. The metadata must be removed manually
from the directory. Microsoft provides the simplified syntax in KB 216498.
Q. What is Distributed File System (DFS)?
Ans.
Distributed File System (DFS) allows administrators to group shared folders located on different servers and
present them to users as a virtual tree of folders known as a namespace. A namespace provides numerous
benefits, including increased availability of data, load sharing, and simplified data migration.

Q. What are the DFS size limits and recommendations for Windows Server 2003?
Ans.
The following table describes the DFS size limits and recommendations for Windows Server 2003

Microsoft Supported DFS, Offline Files, and FRS Deployments

Description Limit or Recommendation* Explanation
Number of characters Fewer than 260 characters Win32 application programming interfaces
in path limit (APIs) have a maximum path limit of 260
characters. Applications fail when trying to
access a namespace that goes beyond that
limit. If the path length of a DFS namespace
exceeds the Win32 API limit of 260
characters, users must map part of the
namespace to a drive letter and access the
longer namespace through the mapped drive
letter.
Number of DFS roots One, unless a hotfix is installed Windows Server 2003 Standard Edition, is
per server running limited to one root per server. To create
Windows Server 2003 multiple domain-based namespaces on a
Standard Edition server running Windows Server 2003
Standard Edition, install the hotfix described
in article 903651 in the Microsoft
Knowledge Base on the Microsoft Web site.
Number of DFS roots Varies There is no limit to the number of DFS roots
per server running you can create on a server running Windows
Windows Server 2003 Server 2003 Enterprise Edition, or Windows
Enterprise Edition, or Server 2003 Datacenter Edition. However, as
Windows Server 2003 you increase the number of roots per server,
Datacenter Edition the DFS service takes longer to start and uses
more memory.
Number of root targets No fixed limit If you do not enable root scalability mode,
per domain-based we recommend using 16 or fewer root targets
DFS root to limit traffic to the server acting as the
primary domain controller (PDC) emulator
master.
Number of links per 5,000 for domain-based DFS When the number of links exceeds the
DFS namespace 50,000 links for stand-alone DFS recommended limit, you might experience
performance degradation when making
changes to the DFS configuration. For stand-
alone DFS, namespace initialization after
server startup might also be delayed.
Size of each DFS 5 megabytes (MB) The size of the DFS Active Directory object
Microsoft Supported DFS, Offline Files, and FRS Deployments
Description Limit or Recommendation* Explanation
Active Directory is determined by the number and path length
object (applies to of roots, links, comments, and targets in the
domain-based DFS namespace. We recommend using no more
namespaces only) than 5,000 links in a domain-based
namespace to prevent the DFS Active
Directory object from exceeding 5 MB.
Limiting the size of the Active Directory
object is important because large domain-
based DFS configurations can cause
significantly increased network traffic
originating from updates made to those roots,
links, and targets.
Maximum amount of See recommended limits at It is important that you review the FRS
data that the File http://support.microsoft.com/default.aspx?scid=kb;en- design guidelines before enabling
Replication service us;840675. replication. See the chapter "Designing and
(FRS) can replicate in Deploying File Servers," in the Microsoft
a domain-based DFS Windows Server 2003 Deployment Kit.
namespace Doing so will help you optimally deploy and
configure FRS for your environment

Q. How do I back up and restore a DFS namespace or move a DFS namespace from one server to
another?
Ans.
Two Command line tools

Dfscmd.exe
The Dfscmd.exe command-line tool is available in Windows Server 2003. Use Dfscmd.exe for basic DFS tasks,
such as creating links, adding and removing link targets, and viewing the namespace. For more information
about Dfscmd.exe, in Help and Support Center for Windows Server 2003 click Tools, and then click Command-
line reference A-Z.

Dfsutil.exe
The Dfsutil.exe command-line tool is a Windows Support Tool. You can install Dfsutil.exe from the \Support\Tools
folder on the Windows Server 2003 operating system CD. Dfsutil.exe provides extensive features for configuring
and managing DFS, including those that are not available in the Distributed File System snap-in, such as root
scalability mode and least expensive target selection (site-costing).
You can use Dfsutil.exe to export the namespace from the source server, and then optionally restore the
namespace to a destination server.
In the following example, an administrator wants to migrate the following namespaces on different servers to a
single server running Windows Server 2003 Enterprise Edition:

• \\NT4SVR\Marketing (a stand-alone DFS root on a server running Windows NT Server 4.0)

• \\W2KSVR\Public (a stand-alone DFS root on a server running Windows 2000 Server)

First, the administrator creates the following stand-alone DFS roots on the server running Windows Server 2003
Enterprise Edition:
• \\2003SVR\Marketing
• \\2003SVR\Public

Next, the administrator installs Windows Support Tools from the Windows Server 2003 operating system CD, and
then uses the Dfsutil.exe tool to run the following commands:
• Dfsutil /Root:\\NT4SVR\Marketing /export:Nt4.txt
• Dfsutil /Root:\\W2KSVR\Public /export:w2k.txt

Finally, the administrator runs the following commands to import the namespaces onto the server running
Windows Server 2003 Enterprise Edition:
• Dfsutil /Root:\\2003SVR\Marketing /import:Nt4.txt /set
• Dfsutil /Root:\\2003SVR\Public /import:w2k.txt /set

Q.