Active Directory Active Directory is a centralized and standardized system, stores information about objects in a network and makes

this information available to users and network administrators. Domain Controller In an Active Directory forest, the domain controller is a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Global catalog server A global catalog server is a domain controller that stores information about all objects in the forest. Like all domain controllers, a global catalog server stores full, writable replicas of the schema and configuration directory partitions and a full, writable replica of the domain directory partition for the domain that it is hosting. In addition, a global catalog server stores a partial, read-only replica of every other domain in the forest. Partial replicas are stored on Global Catalog servers so that searches of the entire directory can be achieved without requiring referrals from one domain controller to another. Partial information of other domains. Partial information nothing but classes and attributes (first name and last name and phones and addresses) attribute level security improvement in 2003. OU: "Organizational Units", are administrative-level containers on a computer, it allows administrators to organize groups of users together so that any changes, security privileges or any other administrative tasks could be accomplished more efficiently. Domain: Windows Domain is a logical grouping of computers that share common security and user account information. Forest A Windows forest is a group of one or more trusted Windows trees. The trees do not need to have contiguous DNS names. A forest shares a schema and global catalog servers. A single tree can also be called a forest. Tree: A Windows tree is a group of one or more trusted Windows domains with contiguous DNS domains. Trusted means that an authenticated account from one domain isnt rejected by another domain. Contiguous DNS domains means that they all have the same root DNS name.

Site: Sites are manually defined groupings of subnets. Objects in a site share the same global catalog servers, and can have a common set of group policies applied to them. Schema: The schema defines what attributes, objects, classes, and rules are available in the Active Directory.

SID (Security Identifier): The SID is a unique name (alphanumeric character string) that is used to identify an object, such as a user or a group of users.

Group Policy
Group policy Architecture:

Group Policy objects (GPO):

A GPO is a collection of Group Policy settings, stored at the domain level as a virtual object consisting of a Group Policy container (GPC) and a Group Policy template (GPT). password history will store
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

Group Policy Container (GPC) The Group Policy container (GPC) is an Active Directory container that contains GPO properties, such as version information, GPO status, plus a list of other component settings. Group Policy Template (GPT) The Group Policy template (GPT) is a file system folder that includes policy data specified by .adm files, security settings, script files, and information about applications that are available for installation. The GPT is located in the system volume folder (SysVol) in the domain \Policies sub-folder. Filtering the Scope of a GPO By default, a GPO affects all users and computers that are contained in the linked site, domain, or organizational unit. The administrator can further specify the computers and users that are affected by a GPO by using membership in security groups. Starting with Windows 2000, the administrator can add both computers and users to security groups. Then the administrator can specify which security groups are affected by the GPO by using the Access Control List editor. Knowledge Consistency Checker (KCC) The Knowledge Consistency Checker (KCC) is a Windows component that automatically generates and maintains the intra-site and inter-site replication topology. Intrasite Replication Replication that happens between controllers inside one site. All of the subnets inside the site should be connected by high speed network wires. Intersite Replication Intersite replication is replication between sites and must be set up by an administrator. Simple Mail Transfer Protocol (SMTP) may be used for replication between sites. Active Directory Replication?

Replication must often occur both (intrasite) within sites and (Intersite) between sites to keep domain and forest data consistent among domain controllers that store the same directory partitions Adprep.exe Adprep.exe is a command-line tool used to prepare a Microsoft Windows 2000 forest or a Windows 2000 domain for the installation of Windows Server 2003 domain controllers. USE: When Microsoft Exchange Server is deployed in an organization, Exchange Server uses Active Directory as a data store and it extends the Windows 2000 Active Directory schema to enable it to store objects specific to Exchange Server. The ldapDisplayName of the attribute schema ms-Exch-Assistant-Name, ms-ExchLabeledURI, and ms-Exch-House-Identifier defined by Exchange Server conflicts with the iNetOrgPerson schema that Active Directory uses in Windows Server 2003. When Windows Server 2003 Service Pack 1 is installed, Adprep.exe will be able to detect the presence of the schema conflict and block the upgrade of the schema until the issue has been resolved. GUID: When a new domain user or group account is created, Active Directory stores the account's SID in the Object-SID (objectSID) property of a User or Group object. It also assigns the new object a globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world. GUIDs are assigned to every object created by Active Directory, not just User and Group objects. Each object's GUID is stored in its Object-GUID (objectGUID) property. Active Directory uses GUIDs internally to identify objects. SID: A security identifier (SID) is a data structure in binary format that contains a variable number of values. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security Principal SID created in a domain. Lingering objects

When a domain controller is disconnected for a period that is longer than the TSL, one or more objects that are deleted from Active Directory on all other domain controllers may remain on the disconnected domain controller. Such objects are called lingering objects. Because the domain controller is offline during the time that the tombstone is alive, the domain controller never receives replication of the tombstone

Sysvol Sysvol is a shared directory that stores the server copy of the domains public files, which are replicated among all domain controllers in the domain. The Sysvol contains the data in a GPO: the GPT, which includes Administrative Template-based Group Policy settings, security settings, script files, and information regarding applications that are available for software installation. It is replicated using the File Replication Service (FRS). File Replication Service (FRS) In Windows 2000, the SYSVOL share is used to authenticate users. The SYSVOL share includes group policy information which is replicated to all local domain controllers. File replication service (FRS) is used to replicate the SYSVOL share. The "Active Directory Users and Computers" tool is used to change the file replication service schedule. Win logon A component of the Windows operating system that provides interactive logon support, Winlogon is the service in which the Group Policy engine runs. Lightweight Directory Access Protocol (LDAP) It defines how clients and servers exchange information about a directory. LDAP version 2 and version 3 are used by Windows 2000 Server's Active Directory.
An LDAP URL names the server holding Active Directory services and the Attributed Name of the object. For example:

LDAP://SomeServer.Myco.Com/CN=jamessmith,CN=Sys,CN=Product,CN =Division,DC=myco,DC=domain-controller

USN Each object has an Update Sequence Number (USN), and if the object is modified, the USN is incremented. This number is different on each domain controller. USN provides the key to multimaster replication.

Universal group membership caching Due to available network bandwidth and server hardware limitations, it may not be practical to have a global catalog in smaller branch office locations. For these sites, you can deploy domain controllers running Windows Server 2003, which can store universal group membership information locally. By default, the universal group membership information contained in the cache of each domain controller will be refreshed every 8 hours. Up to 500 universal group memberships can be updated at once. Universal groups couldn't be created in Mixed mode.

What is an ACL or access-control list? A list of security protections that applies to an object. (An object can be a file, process, event, or anything else having a security descriptor.) What is an ACE or access-control entry? ACE contains a set of access rights and a security identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audited.

Flexible Single Master Operations (FSMO)

MultiMaster Operation: In Windows 2000 & 2003, every domain controller can receive changes, and the changes are replicated to all other domain controllers. The day-to-day operations that are associated with managing users, groups, and computers are typically multimaster operations.

There is a set of Flexible Single Master Operations (FSMO) which can only be done on a single controller. An administrator determines which operations must be done on the master controller. These operations are all set up on the master controller by default and can be transferred later. FSMO operations types include: Schema Master: The schema master domain controller controls all updates and modifications to the schema. There can be only one schema master in the whole forest.

Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest and responsibility of ensuring that domain names are unique in the forest. There can be only one domain naming master in the whole forest.

Infrastructure Master: Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server (unless all DCs are also GCs.) The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain. This works when we are renaming any group member ship object this role takes care.

Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. Relative ID (RID) Master: It assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects up to RID pools are available in DCs) else u cant create any object one itSDs down When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. PDC Emulator - When Active Directory is in mixed mode, the computer Active Directory is on acts as a Windows NT PDC. The first server that becomes a Windows 2000 domain controller takes the role of PDC emulator by default. Functions performed by the PDC emulator: User account changes and password changes. SAM directory replication requests. Domain master browser requests Authentication requests.

GPO Time synchronization

New Active Directory features in Windows Server 2003 Multiple selection of user objects. Drag-and-drop functionality. Efficient search capabilities. Search functionality is object-oriented and provides an efficient search that minimizes Saved queries. Save commonly used search parameters for reuse in Active Directory Users and Computers Active Directory command-line tools. InetOrgPerson class. The inetOrgPerson class has been added to the base schema as a security principal and can be used in the same manner as the user class. The userPassword attribute can also be used to set the account password. Ability to add additional domain controllers using backup media. Reduce the time it takes to add an additional domain controller in an existing domain by using backup media. Universal group membership caching. Prevent the need to locate a global catalog across a WAN when logging on by storing universal group membership information on an authenticating domain controller. Secure LDAP traffic. Active Directory administrative tools sign and encrypt all LDAP traffic by default. Signing LDAP traffic guarantees that the packaged data comes from a known source and that it has not been tampered with. Active Directory quotas. Quotas can be specified in Active Directory to control the number of objects a user, group, or computer can own in a given directory partition. Domain Administrators and Enterprise Windows Functional levels In Windows 2000 Active Directory domains is the concept of Mixed and Native Modes. The default mixed mode allows both NT and Windows 2000 domain controllers to coexist. Once you convert to Native Mode, you are only allowed to have Windows 2000 domain controllers in your domain. The conversion is a one-way conversion -- it cannot be reversed. In Windows Server 2003, Microsoft introduced forest and domain functional levels. The concept is rather similar to switching from Mixed to Native Mode in Windows 2000. The new functional levels give you additional capabilities that the previous functional levels didnt have.

There are four domain functional levels: 1. 2. 3. 4. Windows Windows Windows Windows 2000 Mixed (supports NT4/2000/2003 DCs) 2000 Native (supports 2000/2003 DCs) Server 2003 Interim (supports NT4/2003 DCs) Server 2003 (supports only 2003 DCs)

And three forest functional levels: 1. Windows 2000 (supports NT4/2000/2003 DCs) 2. Windows 2000 Interim (supports NT4/2003 DCs) 3. Windows Server 2003 (supports only 2003 DCs) To raise the domain functional level, you go to the properties of your domain in Active Directory Domains and Trusts. To raise the forest functional level you go to the properties of Active Directory Domains and Trusts at the root. Of course, if your domains are not at the correct level, you wont be able to raise the forest functional level. Directory partition A directory partition, or naming context, is a contiguous Active Directory subtree replicated on one, or more, Windows 2000 domain controllers in a forest. By default, each domain controller has a replica of three partitions: the schema partition the Configuration partition and a Domain partition. Schema partition It contains all class and attributes definitions for the forest. There is one schema directory partition per forest. Configuration partition It contains replication configuration information (and other information) for the forest. There is one configuration directory partition per forest. Domain partition It contains all objects that are stored by one domain. There is one domain directory partition for each domain in the forest. Application Directory Partition Application directory partitions are most often used to store dynamic data. An application partition can not contain security principles (users, groups, and computers).The KCC generates and maintains the replication topology for an application directory partition

Application: The application partition is a new feature introduced in Windows Server 2003. This partition contains application specific objects. The objects or data that applications and services store here can comprise of any object type excluding security principles. Security principles are Users, Groups, and Computers. The application partition typically contains DNS zone objects, and dynamic data from other network services such as Remote Access Service (RAS), and Dynamic Host Configuration Protocol (DHCP). Dynamic Data: A dynamic entry is an object in the directory which has an associated time-to-live (TTL) value. The TTL for an entry is set when the entry is created. Security Principles - Objects that can have permissions assigned to them and each contain security identifiers. The following objects are security principles: o o o RPC: Active Directory uses RPC over IP to transfer both intersite and intrasite replication between domain controllers. To keep data secure while in transit, RPC over IP replication uses both the Kerberos authentication protocol and data encryption. SMTP: If you have a site that has no physical connection to the rest of your network, but that can be reached using the Simple Mail Transfer Protocol (SMTP), that site has mail-based connectivity only. SMTP replication is used only for replication between sites. You also cannot use SMTP replication to replicate between domain controllers in the same domainonly inter-domain replication is supported over SMTP (that is, SMTP can be used only for inter-site, inter-domain replication). SMTP replication can be used only for schema, configuration, and global catalog partial replica replication. SMTP replication observes the automatically generated replication schedule. Changing of ntds.dit file from one Drive to another 1. Boot the domain controller in Directory Services Restore mode and log on with the Directory Services Restore mode administrator account and password (this is the password you assigned during the Dcpromo process). 2. At a command prompt, type ntdsutil.exe. You receive the following prompt: ntdsutil: 3. Type files to receive the following prompt: file maintenance: 4. Type info. Note the path of the database and log files. 5. To move the database, type move db to %s (where %s is the target folder). User Computer Group

6. To move the log files, type move logs to %s (where %s is the target folder). 7. Type quit twice to return to the command prompt. 8. Reboot the computer normally.

DNS DNS (Domain Name system) Domain Name System (DNS) is a database system that translates a computer's fully qualified domain name into an IP address.

The local DNS resolver The following graphic shows an overview of the complete DNS query process.

DNS Zones

Forward lookup zone - Name to IP address map. Reverse lookup zone - IP address to name map. Primary Zones - It Holds Read and Write copies of all resource records (A, NS, _SRV). Secondary Zones- which hold read only copies of the Primary Zones.

Stub Zones Conceptually, stub zones are like secondary zones in that they have a read only copy of a primary zone. Stub zones are more efficient and create less replication traffic. Stub Zones only have 3 records, the SOA for the primary zone, NS record and a Host (A) record. The idea is that if a client queries a record in the Stub Zone, your DNS server can refer that query to the correct Name Server because it knows its Host (A) record.

Queries Query types are: Inverse - Getting the name from the IP address. These are used by servers as a security check. Iterative - Server gives its best answer. This type of inquiry is sent from one server to another. Recursive - Cannot refer the query to another name server. Conditional Forwarding Another classic use of forwards is where companies have subsidiaries, partners or people they know and contact regularly query. Instead of going the long-way around using the root hints, the network administrators configure Conditional Forwarders Purpose of Resource Records Without resource records DNS could not resolve queries. The mission of a DNS Query is to locate a server that is Authoritative for a particular domain. The easy part is for the Authoritative server to check the name in the query against its resource records.

SOA (start of authority) record each zone has one SOA record that identifies which DNS server is authoritative for domains and sub domains in the zone. NS (name server) record An NS record contains the FQDN and IP address of a DNS server authoritative for the zone. Each primary and secondary name server authoritative in the domain should have an NS record. A (address) record By far the most common type of resource record, an A record is used to resolve the FQDN of a particular host into its associated IP address.

CNAME (canonical name) record (alternate name) for a host.

A CNAME record contains an alias

PTR (pointer) record the opposite of an A record, a PTR record is used to resolve the IP address of a host into its FQDN. SRV (service) record An SRV record is used by DNS clients to locate a server that is running a particular servicefor example, to find a domain controller so you can log on to the network. SRV records are key to the operation of Active Directory. MX (mail exchange) record An MX record points to one or more computers that process SMTP mail for an organization or site. Where DNS resource records will be stored: After running DCPROMO, A text file containing the appropriate DNS resource records for the domain controller is created. The file called Netlogon.dns is created in the %systemroot%\System32\config folder and contains all the records needed to register the resource records of the domain controller. Netlogon.dns is used by the Windows 2000 NetLogon service and to support Active Directory for non-Windows 2000 DNS servers.

Procedures for changing a Servers IP Address Once DNS and replication are setup, it is generally a bad idea to change a servers IP address (at least according to Microsoft). Just be sure that is what you really want to do before starting the process. It is a bit kin to changing the Internal IPX number of A Novell server, but it can be done.

1. 2. 3. 4.

Change the Servers IP address Stop the NETLOGON service. Rename or delete SYSTEM32\CONFIG\NETLOGON.DNS and NETLOGON.DNB Restart the NETLOGON service and run IPconfig /registerDNS

5. Go to one of the other DCs and verify that its DNS is now pointing to the new IP address of the server. If not, change the records manually and give it 15 minutes to replicate the DNS changes out. 6. Run REPLMON and make sure that replication is working now. You may have to wait a little while for things to straighten out. Give it an hour or two if necessary. If a server shows that it isnt replicating with one of its partners, there are several issues to address:

A.

Check to see that the servers can ping each other.

B. Make sure that both servers DNS entries for each other point to the proper IP addresses C. If server A says it replicated fine, but server B says it couldnt contact Server A, check the DNS setup on Server B. Chances are it has a record for Server A pointing to the wrong place. D. Run Netdiag and see if it reports any errors or problems.

Trust Relationship One way trust - When one domain allows access to users on another domain, but the other domain does not allow access to users on the first domain. Two way trust - When two domains allow access to users on the other domain. Trusting domain - The domain that allows access to users on another domain. Trusted domain - The domain that is trusted, whose users have access to the trusting domain. Transitive trust - A trust which can extend beyond two domains to other trusted domains in the tree. Intransitive trust - A one way trust that does not extend beyond two domains. Explicit trust - A trust that an administrator creates. It is not transitive and is one way only. Cross-link trust - An explicit trust between domains in different trees or in the same tree when a descendent/ancestor (child/parent) relationship does not exist between the two domains. Forest trust - When two forests have a functional level of Windows 2003, you can use a forest trust to join the forests at the root. Shortcut trust - When domains that authenticate users are logically distant from one another, the process of logging on to the network can take a long time. You can manually add a shortcut trust between two domains in the same forest to speed authentication. Shortcut trusts are transitive and can either be one way or two way.

Windows 2000 only supports the following types of trusts: Two way transitive trusts One way non-transitive trusts.

BACKUP Archive bit: The archive bit is used to determine what files have been backuped up previously on a Windows file system. The bit is set if a file is modified Types of Backups: Normal - Saves files and folders and shows they were backed up by clearing the archive bit. Copy - Saves files and folders without clearing the archive bit. Incremental - Incremental backup stores all files that have changed since the last Full,
Differential or Incremental backup. The archive bit is cleared.

Differential - A differential backup contains all files that have changed since the last
FULL backup. The archive bit is not cleared.

Daily - Saves files and folders that have been changed that day. The archive bit is not cleared. Multiplexing: Multiplexing sends data from multiple sources to a single tape or disk device. This is useful if you have a tape or disk device that writes faster than a single system can send data, which (at this point) is just about every tape device. Multistreaming: Multistreaming establishes multiple connections, or threads, from a single system to the backup server. This is useful if you have a large system with multiple I/O devices and large amounts of data that need backing up. To perform a backup, select "Start", "Programs", "Accessories", "System Tools", and "Backup". The Windows 2000 "Backup Utility" will start. It has these tabs:

System data: 1. The registry 2. System startup files 3. Component services data class registration database 4. Active Directory (Windows 2000 & 2003 Servers only) 5. Certificate server database (Windows 2000 & 2003Servers only) 6. SYSVOL folder (Windows 2000 & 2003 Servers only) Non authoritative Active Directory restores Changes are accepted from other domain controllers after the backup is done. When you are restoring a domain controller by using backup and restore programs, the default mode for the restore is non authoritative. This means that the restored server is brought up-to-date with its replicas through the normal replication mechanism.

Authoritative Active Directory restores: Changes are NOT accepted from other domain controllers after the backup is done. Authoritative restore allows the administrator to recover a domain controller, restore it to a specific point in time, and mark objects in Active Directory as being authoritative with respect to their replication partners. Authoritative restore has the ability to increment the version number of the attributes of all objects in an entire directory. You can authoritatively restore only objects from the configuration and domain-naming contexts. Authoritative restores of schema-naming contexts are not supported. To perform an authoritative restore, you must start the domain controller in Directory Services Restore Mode.

Authoritative Restore Example

E:\ntdsutil>ntdsutil ntdsutil: authoritative restore authoritative restore: restore sub tree OU=bosses,DC=ourdom,DC=com Opening DIT database... Done. The current time is 06-17-05 12:34.12. Most recent database update occurred at 06-16-05 00:41.25.

Increasing attribute version numbers by 100000. Counting records that need updating... Records found: 0000000012

Directory Store Files that are backed up Database file - Stored in SystemRoot\NTDS\ntds.dit, it holds all AD objects and attributes. Contains these tables: Ntds.dit is the Active Directory database which stores the entire active directory objects on the domain controller. The .dit extension refers to the directory information tree. The default location is the %systemroot%\Ntds folder. Active Directory records each and every transaction log files that are associated with the Ntds.dit file. Edb*.log is the transaction log file. Each transaction file is 10 megabytes (MB). When Edb.log file is full, active directory renames it to Edbnnnnn.log, where nnnnn is an increasing number starts from 1. Edb.chk is a checkpoint file which is use by database engine to track the data which is not yet written to the active directory database file. The checkpoint file act as a pointer that maintains the status between memory and database file on disk. It indicates the starting point in the log file from which the information must be recovered if a failure occurs. Res1.log and Res2.log: These are reserved transaction log files. The amount of disk space that is reserved on a drive or folder for this log is 20 MB. This reserved disk space provides a sufficient space to shut down if all the other disk space is being used.

Recovery without Restore - Transaction logs are used to recover uncommitted AD changes after a system crash. This is done by the system automatically without using a restore from a tape backup. How to restore a domain controller system: 1. Reboot the domain controller. 2. Press F8 while booting. 3. Open Advanced Options Menu, select "Directory Services Restore Mode". 4. Select the correct Windows 2000 Server operating system if more than one system is on the computer. 5. During safe mode, press CTRL-ALT-DEL. 6. Log on as Administrator. 7. Select "Start", "Programs", "Accessories", "System Tools", and "Backup".

8. Use the "Restore Wizard". 9. After the restore, if an authoritative restore was done use the "ntdsutil" command line utility. Type "authoritative restore". Syntax for restoration of partial database format: restore subtree OU=OUname, DC=domainname, DC=rootdomain Type "restore database" to make the entire database authoritative. 10. Reboot the Domain Controller.

How to Transfer the FSMO Roles:

To Transfer the Schema Master Role:
1.

Register the Schmmgmt.dll library by pressing Start > RUN and typing:
regsvr32 schmmgmt.dll

2.
3.

Press OK. You should receive a success confirmation. From the Run command open an MMC Console by typing MMC. 4. On the Console menu, press Add/Remove Snap-in. 5. Press Add. Select Active Directory Schema. 6. Press Add and press Close. Press OK. 7. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller. 8. Press Specify .... and type the name of the new role holder. Press OK. 9. Right-click right-click the Active Directory Schema icon again and press Operation Masters. 10. Press the Change button. 11. Press OK all the way out. Transferring the FSMO Roles via Ntdsutil To transfer the FSMO roles from the Ntdsutil command: Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
1.

Microsoft Window s [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\WINDOWS>ntdsutil ntdsutil:

2.

Type roles, and then press ENTER.

ntdsutil: roles fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type? And then press ENTER.
3.

Type connections, and then press ENTER.

fsmo maintenance: connections server connections:

Type connect to server ms-dc04 where ms-dc04 is the name of the server you want to use, and then press ENTER.
4.
server connections: connect to server ms-dc04 Binding to ms-dc04 ... Connected ms-dc04 using credentials of locally logg server connections:

5.

At the server connections: prompt, type q, and then press ENTER again.
server connections: q fsmo maintenance:

6.

Type transfer <role>. where <role> is the role you want to transfer.

For example, to transfer the RID Master role, you would type transfer rid master: Options are:

Transfer Transfer Transfer Transfer Transfer

domain naming master infrastructure master PDC RID master schema master

7. You will receive a warning window asking if you want to perform the transfer. Click on Yes. 8. After you transfer the roles, type q and press ENTER until you quit Ntdsutil.exe. 9. Restart the server and make sure you update your backup.

To seize the FSMO roles by using Ntdsutil, follow these steps: Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
1.
Microsoft Window s [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\WINDOWS>ntdsutil ntdsutil:

2.

Type roles, and then press ENTER.

ntdsutil: roles fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3.

Type connections, and then press ENTER.

fsmo maintenance: connections server connections:

Type connect to server ms-dc04, where ms-dc04 is the name of the server you want to use, and then press ENTER.
4.

server connections: connect to server ms-dc04 Binding to ms-dc04... Connected to ms-dc04 using credentials of locally lo server connections:

5.

At the server connections: prompt, type q, and then press ENTER again.
server connections: q fsmo maintenance:

Type seize <role>, where <role> is the role you want to seize. For example, to seize the RID Master role, you would type seize rid master:
6.

Options are:
Seize domain naming master Seize infrastructure master Seize PDC Seize RID master Seize schema master

7. You will receive a warning window asking if you want to perform the seize. Click on Yes. Note: All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server. 8. Repeat steps 6 and 7 until you've seized all the required FSMO roles. 9. After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool. Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

DHCP
Dynamic host configuration protocol is used to automatically assign TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS server. Two ways for a computer to get its IP address: DHCP Scopes Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet. Super scope - A range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets. Multicast scope - A range of class D addresses from 224.0.0.0 to 239.255.255.255 that can be assigned to computers when they ask for them. A multicast group is assigned to one IP address. Multicasting can be used to send messages to a group of computers at the same time with only one copy of the message. The Multicast Address Dynamic Client Allocation Protocol (MADCAP) is used to request a multicast address from a DHCP server.

DORA

DHCP Lease Process DHCP leases are used to reduce DHCP network traffic by giving clients specific addresses for set periods of time. DHCP Lease Process

1 The DHCP client requests an IP address by broadcasting a DHCPDiscover . message to the local subnet. 2 The client is offered an address when a DHCP server responds with a DHCPOffer . message containing IP address and configuration information for lease to the client. If no DHCP server responds to the client request, the client can proceed in two ways: If it is a Windows 2000based client, and IP auto-configuration has not been disabled, the client self-configures an IP address for its interface.

If the client is not a Windows 2000based client, or IP auto-configuration has been disabled, the client network initialization fails. The client continues to resend DHCPDiscover messages in the background (four times, every 5 minutes) until it receives a DHCPOffer message from a DHCP server.

3 The client indicates acceptance of the offer by selecting the offered address and . replying to the server with a DHCPRequest message. 4 The client is assigned the address and the DHCP server sends a DHCPAck . message, approving the lease. Other DHCP option information might be included in the message. 5 Once the client receives acknowledgment, it configures its TCP/IP properties . using any DHCP option information in the reply, and joins the network. In rare cases, a DHCP server might return a negative acknowledgment to the client. This can happen if a client requests an invalid or duplicate address. If a client receives a negative acknowledgment (DHCPNak), the client must begin the entire lease process again. When the client sends the lease request, it then waits one second for an offer. If a response is not received, the request is repeated at 9, 13, and 16 second intervals with additional 0 to 1000 milliseconds of randomness. The attempt is repeated every 5 minutes thereafter. The client uses port 67 and the server uses port 68.

Client Reservation Client Reservation is used to be sure a computer gets the same IP address all the time. Therefore since DHCP IP address assignments use MAC addresses to control assignments, the following are required for client reservation: 1) MAC (hardware) address 2) IP address

Exclusion Range Exclusion range is used to reserve a bank of IP addresses so computers with static IP addresses, such as servers may use the assigned addresses in this range. These addresses are not assigned by the DHCP server. Database files: DCHP.MDB - The main database DHCP.TMP - Temporary DHCP storage. JET*.LOG - Transaction logs used to recover data. SYSTEM.MDB - USed to track the structure of the DHCP database. APIPA If all else fails, then clients give themselves an Automatic IP address in the range 169.254.x.y where x and y are two random numbers between 1 and 254.

BOOTP BOOTP or the bootstrap protocol can be used to boot diskless clients

WINS WINS WINS stands for Windows Internet Name Service. WINS is a NetBIOS Name Server that registers your NetBIOS names and resolves into IP addresses.

DFS
The Distributed File System (DFS) allows files and directories in various places to be combined into one directory tree. Only Windows 2000 & 2003Servers can contain DFS root directories and they can have only one.

DFS Components DFS root - A shared directory that can contain other shared directories, files, DFS links, and other DFS roots. One root is allowed per server. Types of DFS roots: Stand alone DFS root - Not published in Active Directory, cannot be replicated, and can be on any Windows 2000 & 2003 Server. This provides no fault tolerance with the DFS topology stored on one computer. A DFS can be accessed using the Syntax: \\Server\DFSname

Domain DFS root - It is published in Active Directory, can be replicated, and can be on any Windows 2000 & 2003 Server. Files and directories must be manually replicated to other servers or Windows 2000 & 2003 must be configured to replicate files and directories. Configure the domain DFS root, then the replicas when configuring automatic replication. Links are automatically replicated. There may be up to 31 replicas. Domain DFS root directories can be accessed using the Syntax: \\domain\DFSname DFS link - A pointer to another shared directory. There can be up to 1000 DFS links for a DFS root.

IIS Virtual Directory: A virtual directory is a directory that is not contained in the home directory but appears to client browsers as though it were. What is ISAPI? Internet Server Application Programming Interface (ISAPI), is an API developed to provide the application developers with a powerful way to extend the functionality of

Internet Information Server (IIS). Although ISAPI extensions by no means are limited to IIS, they are extensively used in conjunction with MS-IIS. What is application pool? Application Pools that can house a single or multiple web sites. It provides a convenient way to administer a set of Web sites and applications and increase reliability, What is a COM component? Any VB6 DLL is a COM component, as is any Windows DLL or EXE that supports the COM interfaces. How many types of authentication securities are there in IIS? In IIS there are 4 types of authentication security - Basic, Anonymous, Digest & Integrated windows Authentication. What is the Tombstone? What is the default tombstone life time? How to increase the tombstone life time? The number of days before a deleted object is removed from the directory services. The default tombstone-lifetime of 60 days, Windows Server 2003 sp1 the new default tombstone-lifetime is 180 days. You can check your tombstone-lifetime using the following command which comes with Windows Server 2003: dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com" -scope base -attr tombstonelifetime

What is a session Object? A Session Object holds information relevant to a particular users session. How IIS can host multiple websites To distinguish between websites, IIS looks at three attributes: The host header name The IP number The port number

What is a host header?

A host header is a string part of the request sent to the web server (it is in the HTTP header). This means that configuring IIS to use host headers is only one step in the approach to host multiple websites using host headers to distinguish between the websites. A configuration of the DNS server (usually means that you need to add an (A) record for the domain) is also required, so the client can find the web server.

EXCHANGE SERVER DS PROXY DSProxy is the component in Microsoft Exchange Server 2003 that provides an address book service to Microsoft Outlook clients. Although the name implies that this component provides only proxy services, DSProxy provides both of the following services: 1. DSProxy emulates a MAPI address book service and sends proxy requests to an Active Directory server. 2. DSProxy refers Outlook client queries to an Active Directory server. DSAccess The Exchange components that need to interact with Active Directory use DSAccess to retrieve Active Directory information rather than communicating directly with domain controllers and global catalog servers Forestprep When you use the /ForestPrep option, the Exchange Setup program extends the Active Directory schema to add Exchange-specific classes and attributes. To verify that the setup /forestprep command completed successfully on a computer that is running Microsoft Windows 2000 Server in an Exchange 2000 environment, use either of the following methods: Look for event ID 1575 DomainPrep:

DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes in Active Directory. You must run DomainPrep before installing your first Exchange server in a domain MAPI (Messaging Application Programming Interface) It is an extensive set of functions that developers can use to create mail-enabled applications. Enables an application to send and receive mail over a Microsoft Mail message system Recovery Storage Group: Recovery Storage Group is a new feature in Exchange 2003. The biggest advantage of this method is that it reduces the impact of restoring a single mailbox from backup. Exmerge tool: ExMerge is to recover the mailbox data from the Recovery Storage Group. Since ExMerge creates a .pst file. List the services of Exchange Server 2003? Microsoft Exchange Event Monitors folders and triggers events for server applications compatible with Exchange Server 5.5. Microsoft Exchange IMAP4
It is a method of accessing electronic mail that are kept on a mail server.

Microsoft Exchange Information Store The information store, which is the key component for database management in Exchange Server, is actually two separate databases. The private information store database, Priv.edb, manages data in user mailboxes. The public information store, Pub.edb, manages data in public folders. Microsoft Exchange Management Provides Exchange management information using Windows Management Instrumentation (WMI). If this service is stopped, WMI providers implemented to work in Microsoft Exchange Management, like message tracking and Directory Access, will not work. Microsoft Exchange MTA Stacks You use Exchange X.400 services to connect to Exchange 5.5 servers and other connectors (custom gateways).

Microsoft Exchange POP3 POP3 is a Client/Service protocol in which e-mail is received and held for you by your Internet server. Microsoft Exchange Routing Engine The Exchange Routing Engine uses Link State information for e-mail routing. The Routing Engine will forward this information to the Advanced Queuing Engine. The default size of routing table log file is 50 MB and default age is seven days. Microsoft Exchange Site Replication Service Provides directory interoperability between Exchange 5.5 and Exchange 2000 Server or Exchange 2003. Site Replication Service (SRS) acts as a directory replication bridgehead server for an Exchange site. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory. SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory directory service and the Exchange 5.5 directory. To Exchange 5.5, SRS looks similar to another Exchange 5.5 configuration/recipients replication partner. Microsoft Exchange System Attendant Provides monitoring, maintenance, and Active Directory lookup services (for example, monitoring of services and connectors, proxy generation, Active Directory to metabase replication, publication of free/busy information, offline address book generation, mailbox maintenance, and forwarding Active Directory lookups to a global catalog server). If this service is stopped, monitoring, maintenance, and lookup services are unavailable. If this service is disabled, any services that explicitly depend on it cannot start.

What are the Exchange Server 2003 - Troubleshooting Eseutil commands? Eseutil /mh Here is a simple switch to verify the state of an Exchange database. All that eseutil /mh does is to determine whether the last shutdown was clean or dirty. Eseutil /mh is ideal to practice getting to the right path and executing eseutil without doing any harm to the mailstore databases. Eseutil /ml Similar to the /mh, except this switch performs an integrity check on log files, for example, E00.log. Eseutil /mm Dumps metadata from the database file (not the logs). Specialist use only, I find the output fascinating but not very useful.

Eseutil /mk Provides information about the checkpoint file. Handy for troubleshooting backup / restore problems. Where /mh used priv1.edb, remember to substitute the name of the checkpoint file E00.chk with /mk. Eseutil /k to check for damaged headers Eseutil /cc for troubleshooting Eseutil /d to defrag the .edb database Example: eseutil /d e:\exchsrvr\mdbdata\priv1.edb (Or other path to your store) Eseutil /r to repair Exchange 2003 log files Eseutil /p will attempt to repair a corrupted store database Eseutil /y Copies a database, streaming file, or log file Eseutil /g Verifies the integrity of a database Eseutil /m Generates formatted output of various database file types. e.g. /mh Isinteg Utility (Information Store Integrity Checker) finds and eliminates errors from the public folder and mailbox databases at the application level. it can recover data that Eseutil cannot recover. Offline Storage Files (.OST) file Microsoft Exchange Server locally stores its data in OST file on your storage Device. An OST file is a component Of Microsoft Exchange Server and cant be used with Microsoft Outlook. At the time of when exchange server crashes or when mailbox is deleted from the exchange server, OST file gets inaccessible and remains on the users computer holding large part of emails, calendar, journals, notes, contacts, tasks etc. Advanced Queuing Engine (AQE) The Advanced Queuing Engine (AQE) is responsible for creating and managing message queues for e-mail delivery. When AQE receives a Simple Mail Transfer Protocol (SMTP) mailmsg object, this object will be forwarded to the Message Categorizer. The Advanced Queuing Engine then queues the Mailmsg object for message delivery based on the Routing information provided by the Routing Engine process of Exchange Server 2003. Outbound Mail Flow in Exchange Server 2003

Outbound mail flows through an Exchange Server deployment in the following manner: 1. Mail messages are sent from a client (Microsoft Outlook, Outlook

Express, or Outlook Web Access, for example) and are submitted to the local Exchange store. 2. The Exchange store submits the message to the Advanced Queuing

Engine. 3. The Advanced Queuing Engine submits the message to the message

categorizer.

4.

The message categorizer validates the recipients of the message,

checks for proper recipient attributes, applies limits and restrictions, flags the message for local or remote delivery, and then returns the message to the Advanced Queuing Engine. 5. If for local delivery, the Advanced Queuing Engine submits the

message to the Local Delivery queue, and the Exchange store receives the message from the Local Delivery queue. For more information about the Advanced Queuing Engine, 6. If for remote delivery, the Advanced Queuing Engine submits the

message to the Routing Engine. The Routing Engine determines the most efficient route for mail delivery, returns the message to the Advanced Queuing Engine, and, in turn, submits the messages for remote delivery. The messages are then sent via SMTP to a remote SMTP host or to the Internet. The following are the minimum requirements for outbound mail flow: Exchange Server must have access to the Internet on port 25. This

access should not be blocked by firewalls or other network settings. Anonymous connections should be allowed. The Exchange Server SMTP virtual server should be configured to

use the default settings. The public mail exchanger (MX) resource record configured on your

public Domain Name System (DNS) service should be accessible to all other Internet domains. The MX record should point to the Exchange server and must be identified before messages can be sent or received.

QUESTIONS

What protocol and port does DHCP use? DHCP, like BOOTP runs over UDP, utilizing ports 67 and 68. What is the DHCP automatic backup time? In fact, by default it's 60 minutes. You can change the frequency though How many scopes you can create As a general recommendation, limit each DHCP server to having no more than 1,000 scopes defined for use. When adding a large number of scopes to the server, be aware that each scope creates a corresponding need for additional incremental increases to the amount of disk space used for the DHCP server registry and for the server paging file For the best possible DHCP server design in most networks, it is recommended that you have, at most, 10,000 clients per server. Advantage of LDP tool: Reanimating Active Directory Tombstone Objects we use LDP tool. Repadmin to remove lingering objects repadmin /removelingeringobjects If there is set of 30 hard disk configured for raid 5 if two hard disk failed what about data

Because of parity, information all data are available in case one of the disks fails. If extra (spare) disks are available, then reconstruction will begin immediately after the device failure. However if two hard disks fail at same time, all data are LOST. In short RAID 5 can survive one disk failure, but not two or more.

In Raid 5, suppose I have 5 HDD of 10-10 GB, after configuring the Raid how much space does I have for utilized.

-1 out of the total (eg- if u r using 5 u will get only 4 because 1 goes for parity).

If administrator forget password in 2003 server; how to recover it? By deleting SAM files you can disable the passwords (C:\WINDOWS\system32\config\sam)But u have to connect the HDD to an system as a slave disk and perform the task. How to Connect to the Console Session When you connect to the console session of a Windows Server 2003-based server, no other user has to be already logged on to the console session. Even if no one is logged on to the console, you are logged on just as if you were sitting at the physical console. To connect from the remote Windows Server 2003-based computer, open a command prompt, and then type the following command: mstsc -v:servername /F -console where mstsc is the Remote Desktop connection executable file, -v indicates a server to connect to, /F indicates full screen mode, and -console is the instruction to connect to the console session.

Whats the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. What is LSDOU? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. Where are group policies stored? %SystemRoot%System32\GroupPolicy Where is GPT stored? SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID How frequently is the client policy refreshed? 90 minutes give or take How many records can I create for my domain name? As many as you want!

Whats the major difference between FAT and NTFS on a local machine? F AT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL. What hashing algorithms are used in Windows 2003 Server? RSA Data Securitys Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash. Whats the difference between standalone and fault-tolerant DFS (Distributed File System) installations? The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders. What does a domain controller register in DNS? The Netlogon service registers all the SRV records for that domain controller. These records are displayed as the _msdcs, _sites, _tcp, and _udp folders in the forward lookup zone that matches your domain name. Other computers look for these records to find Active Directory-related information. Character limitation of user id in windows 2003 is 20 characters. Character limitation of email id is 64 Character limitation of Distribution list is 256 Character limitation of user id is 20 Where DNS Zone file will be stored?
Backup of the zone file stored in %SystemRoot%\System32\DNS is created in the %SystemRoot%\System32\DNS\backup folder.

WINS automatic backup time WINS files are in SystemRoot\System32\Wins. A file names WINS. WINS backup will occur 24 to 27 hours after the last backup occurred. Minimum password length determines the minimum number of characters a password can have. Although Windows 2000, Windows Server 2003 support passwords up to 127 characters in length, the value of this setting can only be between 0 and 14. If it is set to 0, users are allowed to have blank passwords, so

you should not use a value of 0. It is recommended that you set this value to 8 characters. Maximum default password age is 42.

Password storage location: When you ran Dcpromo.exe to install Active Directory, it requested a password to be used for the Administrator password for Active Directory Restore Mode. This password is not stored in Active Directory. It is stored in an NT4-style SAM file and is the only account available when the AD is corrupted. How do you delete a lingering object? Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same? No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different. What is default time for replication between sites to site? The default replication interval between two sites is 180 minutes, or 3 hours. What is default time for replication between DC to DC? Domain controllers that exist in the same site will replicate to all other domain controllers within 15 minutes. If there are only two domain controllers, they replicate to one another within 5 minutes. Note: in win2k 15 mins, win2k3 5 mins What are the modes in Terminal services? Application server mode and Remote administration mode Ports What are the standard port numbers? SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP 389, SSL- 443, HTTP 80 RDP - 3389 DNS - 53 DHCP - 67 & 68, FTP 21, Global Catalog 3268, LDAP 389, Kerberos 88 , NNTP 119, TFTP- 69, SNMP 161. DCPROMO/ADV When running the wizard from the command line, you can append the /adv switch to the dcpromo command to populate the directory using a backup of system state data from another domain controller in the same domain. Installing from backup

media reduces the amount of data that must be replicated over the network, thus reducing the time required to install Active Directory.

What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? 20 databases. 4 SGs x 5 DBs. What is the default life time period not deleting an unconnected mailbox? The timeline for not deleting an unconnected mailbox from the storage is 30 days by default and can be increased using a private storage system policy. Some features that are new in Exchange 2003 are: M: Drive Mapping Removed Exchange Instant Messaging Removed Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Real-time Safe and Block lists Inbound recipient filtering Attachment blocking in Microsoft Office Outlook Web Access HTTP access from Outlook 2003 Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists

1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager) Deployment and migration tools Is circular logging enabled in Exchange 5.5 versions? Circular Logging is turned on by default for Exchange Server 5.5 and earlier, but circular logging is turned off by default for Exchange 2000 Server. What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting. What is the difference between Exchange 2003 Standard and Exchange 2003 Enterprise editions? Standard Edition 16 GB database limit One mailbox store One public folder store

Enterprise Edition Clustering Up to 20 databases per server X.400 Connectors 16 TB database limit.

Summary Exchange Server 2003 Routing Groups: Folder holding a bunch of servers. Connectors: Configurable 'pipes' that join the servers in different routing groups. Routing Group Connector: Native Exchange method to transfer email to other servers. SMTP Connector: Internet connector. X.400 Connector: Little used method of transmitting email messages. Routing Group Master: Co-ordinates routing information to all servers in the group Bridgehead server In Windows 2000 Server, bridgehead servers are the contact point for the exchange of directory information between sites. Bridgehead is a key concept where you have

more than one server in each routing group. All the mail in one group is physically routed through the bridgehead server. Your bridgehead options are extremely flexible. Either you nominate one server on each side of the connector as a bridgehead, or all servers can be bridgeheads. By default, the Active Directory replication topology generator, the Knowledge Consistency Checker (KCC), automatically chooses servers to act as bridgehead servers. OR A domain controller that is used to send replication information to one or more other sites

MS _ SQL Where do you think the users names and passwords will be stored in sql server? They get stored in master db in the sysxlogins table. Let us say the SQL Server crashed and you are rebuilding the databases including the master database what procedure to you follow? - For restoring the master db we have to stop the SQL Server first and then from command line we can type SQLSERVER m which will basically bring it into the maintenance mode after which we can restore the master db.

Windows Important commands

How many users are logged on/connected to a server?
Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation. At the server's console itself, with native commands only: NET SESSION | FIND /C "\\" Remotely, with the help of SysInternals' PSTools: PSEXEC \\servername NET SESSION | FIND /C "\\"

Who is logged on to a computer?

We often need to know who is currently logged on to a remote computer. With native Windows commands only: NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"

The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT). With the help of SysInternals' PSTools: or: or: PSEXEC \\remotecomputer NET NAME PSLOGGEDON is the most accurate solution, except it will display the last logged on user if no one is currently logged on. The others all show more or less the same results, but the NBTSTAT command is much faster. PSLOGGEDON -L \\remotecomputer PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "

What is this collegue's login name?

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart. With (native) Windows Server 2003 commands only: DSQUERY USER -name *lastname* | DSGET USER -samid -display Note: Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied. Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories.

What is the full name for this login name?

With the native NET command: NET USER loginname /DOMAIN | FIND /I " name " With (native) Windows Server 2003 commands: DSQUERY USER -samid *loginname* | DSGET USER -samid -display Note: The NET command may seem more universal, because it requires neither Active Directory nor Windows Server 2003 commands, but it is language dependent! For non-English Windows you may need to modify FIND's search string.

What groups is this user a member of?

In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups. To check if a user has access to a resource, we need to check group membership recursively. With (native) Windows Server 2003 commands: DSQUERY USER -samid loginname | DSGET USER -memberof -expand

What permissions does a user have on this directory?

One could use the previous command to check what permissions a user has on a certain directory. However, sometimes SHOWACLS from the Window Server 2003 Resource Kit Tools is a better alternative: CD /D d:\directory2check SHOWACLS /U:domain\userid

When did someone last change his password?

With the native NET command: NET USER loginname /DOMAIN | FIND /I "Password last set"

How do I reset someone's password?

With the native NET command: NET USER loginname newpassword /DOMAIN With (native) Windows Server 2003 commands: DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword Note: To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly".

Is someone's account locked?

With the native NET command: NET USER loginname /DOMAIN | FIND /I "Account active"

The account is either locked ("Locked") or active ("Yes").

How to unlock a locked account

With the native NET command: NET USER loginname /DOMAIN /ACTIVE:YES or, if the password needs to be reset as well: NET USER loginname newpassword /DOMAIN /ACTIVE:YES

List all domains and workgroups in the network

With the native NET command: NET VIEW /DOMAIN

List all domains controllers

With (native) Windows Server 2003 commands: DSQUERY Server or, if you prefer host names only: FOR /F "tokens=2 delims==," %%A IN ('DSQUERY Server') DO @ECHO.%%A

"I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"
Sounds familiar? With (native) Windows XP Professional or Windows Server 2003 commands: FOR /F %%A IN (servers.txt) DO ( WMIC /Node:%%A LogicalDisk Where DriveType="3" Get DeviceID,FileSystem,FreeSpace,Size /Format:csv | MORE /E +2 >> SRVSPACE.CSV ) The only prerequisites are: 1. SRVSPACE.CSV should not exist or be empty, 2. a list of server names in a file named SERVERS.TXT, one server name on each line, 3. and WMIC.EXE, which is native in Windows XP Professional, Windows Server 2003 and Vista. The CSV file format is ServerName,DeviceID,FileSystem,FreeSpace,Size (one line for each harddisk partition on each server).

If you have a strict server naming convention, SERVERS.TXT itself can be generated with the NET command: FOR /F "delims=\ " %%A IN ('NET VIEW ^| FIND "\\SRV-"') DO (>>SERVERS.TXT ECHO.%%A) Notes: (1) assuming server names start with "SRV-"; modify to match your own naming convention. (2) delims is a backslash, followed by a tab and a space.

Inventory drivers on any PC

With (native) Windows XP Professional or Windows Server 2003 commands: DRIVERQUERY /V /FO CSV > %ComputerName%.csv Or, for remote computers: DRIVERQUERY /S

remote_PC /V /FO CSV > remote_PC.csv

SMTP Categorizer The SMTP categorizer (also referred to as the categorizer) is a component of the Exchange Server 2003 transport engine. When a message is submitted to the transport process, the categorizer uses the header information on the message to query Active Directory for information about how and where the message must be delivered. For example, from an SMTP address such as Ted@contoso.com, the categorizer identifies the Exchange Server 2003 server that contains the user's mailbox and determines how to route the message to that server. The categorizer also expands distribution lists and applies per-user limits to messages The architecture of the Exchange categorizer

What queues should I monitor?

Messages will pass through the following queues during outbound mail flow. If problems exist with the queues, messages may not be delivered. Consider using Queue Viewer in Exchange System Manager to monitor the status and state of the following queues: Messages Pending Submission Also called the pre-submission queue. This

queue contains messages accepted by the SMTP service. Messages in this queue have not yet been processed by the message categorizer. If messages are accumulating in this queue, it may indicate a performance problem on the Exchange server, or it may indicate a problem with an event sink (such as custom SMTP processing code for anti-virus screening). Messages Awaiting Directory Lookup Also called the pre-categorization

queue. This queue contains messages that have passed through the presubmission queue and are waiting to be processed by the message categorizer. Messages will accumulate in this queue when the message categorizer is unable to process messages. Reasons the message categorizer may be unable to process messages include the following: o The message categorizer may not be able to access the

global catalog to attain recipient information. o o The global catalog lookup may be performing slowly. If this is a front-end server, the required mailbox store may

be disabled on a front-end server. Local Delivery Contains messages destined for recipient mailboxes that reside

on the local Exchange 2003 server. Messages can accumulate in this queue if the Microsoft Exchange Information Store service is not accepting messages or if it has a performance problem. Messages Waiting to be Routed Contains messages destined for remote

delivery. Messages can accumulate in this queue if problems exist with routing. Remote Delivery Contains messages that are destined for remote delivery. If

this queue is in a Retry state (that is, the connection has failed), use Telnet.exe to try to connect to the intended destination host. Restart the SMTP virtual server to immediately retry sending queued messages.

Messages with an Unreachable Destination reach their destinations include the following: o o o

Contains messages that cannot

reach their final destination server. Reasons that messages may not be able to

The route cannot be determined The routes are unavailable A connector is down Contains messages that are queued

Messages Queued for Deferred Delivery following: o

for later delivery. Reasons that messages will be placed in this queue include the

Messages are sent by previous versions of Microsoft Outlook

(such as Outlook 2000) o A message is sent to a user's mailbox while the mailbox is

being moved o The user does not yet have a mailbox and no master

account security ID (SID) exists for the user o SMTP message routing is configured in a way that causes a

message to loop (looping messages are moved to this queue) DSN Messages Pending Submission Contains delivery status notifications that

are waiting to be rendered by Exchange Server. For example, NDRs are delivery status notifications. Reasons that messages will accumulate in this queue include the following: o The Microsoft Exchange Information Store service is

unavailable or not running o o A mailbox store is not mounted, Issues exist with the IMAIL Exchange store component. Contains messages that failed queue submission.

Failed Message Retry

Messages can fail for several reasons, including if the message is corrupted or if system resources are low. If messages appear in this queue, review your server configuration to determine whether you have non-Microsoft programs or event sinks installed (such as virus scanners) that can interfere with message queuing. If the system is responding slowly, use Windows Task Manager to identify processes

with system resources. Restarting Internet Information Services (IIS) may solve the problem temporarily and allow you more time to identify the root cause of the problem.

HDD Model and Array Configuration and ILO concepts ILO makes it possible to perform activities on a HP server from a remote location. The iLO card has a separate network connection (and its own IP address) to which one can connect via HTTPS. Possible options are: reset the server (in case the server doesn't respond anymore via the normal network card) power-up the server (possible to do this from a remote location, even if the server is shut down) take over the screen mount remote physical CD/DVD drive or image. access the server's IML (Integrated Management Log) remote console (in some cases however an 'Advanced license' maybe required for some of the utilities to work) Hardware Models DL 380 Rack mountable servers Dell Power Edge 2850, 2950 While installation of os Putting that server cd given by hp or dell We can configure raid Or go to the bios we can do that Note: Array ante RAID 5 Configuration Array configuration: To create or implement to RAID Controller concepts we need to configure array. Version - 5i Hp or Dell Management:
If you talk about HP Management tool through this tool we can find out the problems like HDD, there like port0 by 1 .we can take down the error number log call to Vendor, then Vendor will come to our site resolve the problem. Firm ware up gradation

HP Management server tool:

The SMS Inventory Tool for HP ProLiant and Integrity Update enables the use of Microsoft Systems Management Server 2003 with Service Pack 1, Service Pack 2, or Service Pack 3 (SMS 2003 SP1 ,SP2, or SP3) ,for management and distribution of HP ProLiant and Integrity server system software, firmware, and complete support packs. The SMS Inventory Tool allows customers that have chosen SMS 2003 to manage HP server inventory and software with the tool they also use to manage operating system software updates. This product expands on existing integration tools for ProLiant with SMS 2000 and SMS 2003. Customers using SMS will appreciate the obvious integration of the HP server software catalog within the SMS management structure. The Inventory tool supports all SMS features, including server inventory with adjustable scope, such as filtering by server model or Windows version. It allows remote scanning of HP server software configurations and reporting of the results via standard template reports. The tool also enables management and distribution of complete Support Packs or individual components (drivers, ROM, and software agents) to defined collections of servers. All data is presented through the SMS interface What s New : The SMS Inventory Tool for HP ProLiant and Integrity Servers Updates has been updated. The version 1.3 release provides support for Collect Utility to the newer PSP's and ISP's

ProLiant Support Packs (PSP) represent operating system (OS) specific bundles of ProLiant optimized drivers, utilities, and management agents Integrity Support Packs (PSP) represent operating system (OS) specific bundles of Integrity optimized drivers, utilities, and management agents

The SMS Inventory Tool for HP ProLiant and Integrity Update enhances previous SMS integration tools provided by HP. The Inventory tool adds the following features: Management

Support of the Collect Utility to PSP 7.9 for ProLiant servers Support of the Collect Utility to ISP 5.2 for Integrity servers

Usability

Simplified distribution of ProLiant and Integrity support packs directly from HP.com through the SMS user interface Complete installation documentation and an interactive Troubleshooting Assistant to allow simple resolution of common installation and configuration questions Supports ProLiant Support Pack 7.6 and Integrity Support Pack 4.6 and later for Windows Server 2003. PSP 7.2 supported for Windows Server 2000 " Supports ProLiant Support Pack 7.9 and Integrity Support Pack 5.2 and later for Windows Server 2003

HP array configuration utility (RAID5) Overview

All Smart Array products share a common set of configuration, management and diagnostic tools, including Array Configuration Utility (ACU), Array Diagnostic Utility (ADU), and Systems Insight Manager. This software consistency of tools reduces the cost of training for each successive generation of product and takes much of the guesswork out of troubleshooting field problems. These tools lower the total cost of ownership by reducing training and technical expertise necessary to install and maintain HP server storage. Dell Management Tool (OMSA) - open manage server administrator 7.0

Dell OpenManage Server Administrator Storage Management provides enhanced features for configuring a system's locally-attached RAID and non-RAID disk storage. Storage Management enables you to perform controller and enclosure functions for all supported RAID and nonRAID controllers and enclosures from a single graphical or command-line interface without requiring use of the controller BIOS utilities. The graphical interface is wizard-driven with features for novice and advanced users and detailed online help. The command-line interface is fully-featured and scriptable. Using Storage Management, you can protect your data by configuring data-redundancy, assigning hot spares, or rebuilding failed physical disks. You can also perform data-destructive tasks. All users of Storage Management should be familiar with their storage environment and storage management. Storage Management supports SCSI, SATA, ATA, and SAS but not fibre channel. NOTE: Starting with Dell OpenManage 5.0, Array Manager is no longer an installable option. If you have an Array Manager installation and need information on how to migrate from Array Manager to Storage Management, refer to the product documentation prior to Storage Management 2.1 or Dell OpenManage 5.1.

Take Control with Dell Systems Management.

Dell's approach to systems management is to provide inherently manageable, standards-based platforms along with a comprehensive set of standards-based tools for proactive management throughout the computing life cycle. Dell server, storage, networking, and client solutions are designed to help simplify and automate the administration of your technology resources-and to help you control your IT investment. The advantages of our interoperable management solutions derive from Dell's commitment to:

Open manageability Dell's instrumented clients, servers, storage, printers and network platforms interface seamlessly with most standards-based management tools and consoles. Dell systems management solutions and platforms provide the pro-active management information and control functions you need to optimize deployment, health status monitoring, fault recovery, change management and more. Industry standards Dell champions open standards within the industry because they are the foundation for management systems that can deploy, monitor and upgrade heterogeneous computing environments. Standards also give you greater choice in the selection of your systems management solution, providing more flexibility to better meet your specific requirements. Strong partnerships Dell partners with industry-leading companies to deliver integrated, "bestin-class" technologies, services and standardized components to provide customers with costeffective broad-based systems management functionality.

RAID?
While installation of os Putting that server cd given by hp or dell We can configure raid Or go to the bios we can do that
RAID (Redundant Array of Independent Disks) is a technology for managing how data is stored on the physical disks that reside in your system or are attached to it. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended chunk of disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure. RAID uses different techniques, such as striping, mirroring, and parity, to store and reconstruct data. There are different RAID levels that use different methods for storing and reconstructing data. The RAID levels have different characteristics in terms of read/write performance, data protection, and storage capacity. Not all RAID levels maintain redundant data, which means for some RAID levels lost data cannot be restored. Which RAID level you choose depends on whether your priority is performance, protection, or storage capacity. NOTE: The RAID Advisory Board (RAB) defines the specifications used to implement RAID. Although the RAID Advisory Board (RAB) defines the RAID levels, commercial implementation of RAID levels by different vendors may vary from the actual RAID specifications. An implementation used by a particular vendor may affect the read and write performance and the degree of data redundancy.

Hardware and Software RAID

RAID can be implemented with either hardware or software. A system using hardware RAID has a RAID controller that implements the RAID levels and processes data reads and writes to the physical disks. When using software RAID, the operating system must implement the RAID levels. For this reason, using software RAID by itself can slow system performance. You can, however, use software RAID on top of hardware RAID volumes to provide greater performance and variety in the configuration of RAID volumes. For example, you can mirror a pair of hardware RAID 5 volumes across two RAID controllers to provide RAID controller redundancy. NOTE: This release of Storage Management only supports hardware RAID.

RAID Concepts
RAID uses particular techniques for writing data to disks. These techniques enable RAID to provide data redundancy or better performance. These techniques include:

Mirroring (RAID 1) Duplicating data from one physical disk to another physical disk. Mirroring provides data redundancy by maintaining two copies of the same data on different physical disks. If one of the disks in the mirror fails, the system can continue to operate using the unaffected disk. Both sides of the mirror contain the

same data at all times. Either side of the mirror can act as the operational side. A mirrored RAID disk group is comparable in performance to a RAID 5 disk group in read operations but faster in write operations.

Striping (RAID 10) Disk striping writes data across all physical disks in a virtual disk. Each stripe consists of consecutive virtual disk data addresses that are mapped in fixed-size units to each physical disk in the virtual disk using a sequential pattern. For example, if the virtual disk includes five physical disks, the stripe writes data to physical disks one through five without repeating any of the physical disks. The amount of space consumed by a stripe is the same on each physical disk. The portion of a stripe that resides on a physical disk is a stripe element. Striping by itself does not provide data redundancy. Striping in combination with parity does provide data redundancy. Stripe size The total disk space consumed by a stripe not including a parity disk. For example, consider a stripe that contains 64KB of disk space and has 16KB of data residing on each disk in the stripe. In this case, the stripe size is 64KB and the stripe element size is 16KB. Stripe element A stripe element is the portion of a stripe that resides on a single physical disk. Stripe element size The amount of disk space consumed by a stripe element. For example, consider a stripe that contains 64KB of disk space and has 16KB of data residing on each disk in the stripe. In this case, the stripe element size is 16KB and the stripe size is 64KB. Parity Parity refers to redundant data that is maintained using an algorithm in combination with striping. When one of the striped disks fails, the data can be reconstructed from the parity information using the algorithm. Span A span is a RAID technique used to combine storage space from groups of physical disks into a RAID 10 or 50 virtual disk.

RAID Levels
Each RAID level uses some combination of mirroring, striping, and parity to provide data redundancy or improved read and write performance. For specific information on each RAID level, see "Choosing RAID Levels and Concatenation."

Organizing Data Storage for Availability and Performance

RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels may also entail an increase or decrease in the system's I/O (read and write) performance. Maintaining redundant data requires the use of additional physical disks. As more disks become involved, the likelihood of a disk failure increases. Because of the differences in I/O performance and redundancy, one RAID level may be more appropriate than another based on the applications in the operating environment and the nature of the data being stored.

When choosing concatenation or a RAID level, the following performance and cost considerations apply:

Availability or fault-tolerance. Availability or fault-tolerance refers to a system's ability to maintain operations and provide access to data even when one of its components has failed. In RAID volumes, availability or fault-tolerance is achieved by maintaining redundant data. Redundant data includes mirrors (duplicate data) and parity information (reconstructing data using an algorithm). Performance. Read and write performance can be increased or decreased depending on the RAID level you choose. Some RAID levels may be more appropriate for particular applications. Cost efficiency. Maintaining the redundant data or parity information associated with RAID volumes requires additional disk space. In situations where the data is temporary, easily reproduced, or non-essential, the increased cost of data redundancy may not be justified. Mean Time Between Failure (MBTF). Using additional disks to maintain data redundancy also increases the chance of disk failure at any given moment. Although this cannot be avoided in situations where redundant data is a requirement, it does have implications for the workload of your organization's system support staff.

For more information, see "Choosing RAID Levels and Concatenation."

Choosing RAID Levels and Concatenation

You can use RAID or concatenation to control data storage on multiple disks. Each RAID level or concatenation has different performance and data protection characteristics. The following sections provide specific information on how each RAID level or concatenation store data as well as their performance and protection characteristics.

RAID

"Concatenation" "RAID Level 0 (Striping)" "RAID Level 1 (Mirroring)" "RAID Levels 5 (Striping with distributed parity)" "RAID Level 50 (Striping over RAID 5 sets)" "RAID Level 10 (Striping over mirror sets)" "RAID Level 1-Concatenated (Concatenated mirror)" "Comparing RAID Level and Concatenation Performance"

RAID - or Redundant Array of Independent Disks - comes in different flavours from RAID 0 and RAID 1 to combination of those two, and going up to RAID 5 and RAID 10. RAID 1, also called mirroring, is setting up the two disks such that the second one mirrors the first providing you an up to the minute backup if something ever goes wrong with the first disk. Should the first hard disk fail you simply remove it, put the second disk in it's place and carry on where you left off. RAID 0 + 1 You could have a combination of RAID 0 and RAID 1 to provide both the speed and the security. You will, of course, need several hard disks for this. RAID 1.5 A new concept but the jury is still out on this one. It may give you slightly higher read speeds but write speeds don't benefit. What you need to setup RAID 0 or RAID 1 you need to have a motherboard that has a RAID controller on it. If the motherboard does not have a RAID controller you will need to add a PCI RAID controller card. Check that the RAID facility it offers covers the type of hard disk you want to use (IDE/SATA/SCSI). While it is not mandatory to have identical hard disks it is very highly recommended not just that you have similar sized disks but also exactly the same make and model. Tips: RAID 0 + 1 will give you the best of both worlds. You do not need to have your operating system on the RAID drives. RAID-0. Has striping but no redundancy of data. Offers the best performance but no fault-tolerance. RAID-1. Also known as disk mirroring and consists of at least two drives that duplicate the storage of data.

RAID 5. Technique(s) Used: Block-level striping with distributed parity. Description: One of the most popular RAID levels, RAID 5 stripes both data and parity information across three or more drives. It is similar to RAID 4 except that it exchanges the dedicated parity drive for a distributed parity algorithm, writing data and parity blocks across all the drives in the array. This removes the "bottleneck" that the dedicated parity drive represents, improving write performance slightly and allowing somewhat better parallelism in a multiple-transaction environment, though the overhead necessary in dealing with the parity continues to bog down writes. Fault tolerance is maintained by ensuring that the parity information for any given block of data is placed on a drive separate from those used to store the data itself. The performance of a RAID 5 array can be "adjusted" by trying different stripe sizes until one is found that is well-matched to the application being used.
If there is set of 30 hard disk configured for raid 5 if two hard disk failed what about data

Because of parity, information all data are available in case one of the disks fails. If extra (spare) disks are available, then reconstruction will begin immediately after the device failure. However if two hard disks fail at same time, all data are LOST. In short RAID 5 can survive one disk failure, but not two or more.

In Raid 5, suppose I have 5 HDD of 10-10 GB, after configuring the Raid how much space does I have for utilized.

-1 out of the total (eg- if u r using 5 u will get only 4 because 1 goes for parity).

Clustering
A server cluster is a group of independent servers running Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition, and working together as a single system to provide high availability of services for clients. When a failure occurs on one computer in a cluster, resources are redirected and the workload is redistributed to another computer in the cluster. You can use server clusters to ensure that users have constant access to important server-based resources. Typical uses for server clusters include file servers, print servers, database servers, and messaging servers. Introduction to Server Clusters A cluster consists of two or more computers working together to provide a higher level of availability, reliability, and scalability than can be obtained by using a single computer. Application and service failures, which affect application software and essential services. System and hardware failures, which affect hardware components such as CPUs, drives, memory, network adapters, and power supplies. Site failures in multisite organizations, which can be caused by natural disasters, power outages, or connectivity outages. Dependencies on Other Technologies Server clusters require network technologies that use IP-based protocols and depend on the following basic elements of network infrastructure: The Active Directory directory service (although server clusters can run on Windows NT, which does not use Active Directory).

Server Cluster Tools The following tools are associated with server clusters.

Cluadmin.exe: Cluster Administrator Category Tool included in Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, operating systems. The tool is also included in the Windows Server 2003 Administration Tools Pack. . Cluster.exe Category Tool included in Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, operating systems. The tool is also included in the Windows Server 2003 Administration Tools Pack. Cluster.exe can target server cluster nodes that are running Windows Server 2003, Enterprise Edition, Windows Server 2003, Datacenter Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, and Windows NT Server 4.0, Enterprise Edition. Cluster.exe is the command-line interface for server clusters. Cluster.exe provides all the functionality of Cluster Administrator, the graphical user interface (GUI), plus several additional functions:

VM Ware VM ware is a application software, we will install the VM Ware software into one Server and we can create the servers.
VMware Virtual Infrastructure Client 2.0 This software layer creates virtual machines and contains a virtual machine monitor or hypervisor that allocates hardware resources dynamically and transparently so that multiple operating systems can run concurrently on a single physical computer without even knowing it.

Some Advantages of VMware

A normal installation of a Microsoft operating system requires a long manual process to configure the system to the specific hardware of the machine. This means that the same installation can not be used for another machine which usually has different hardware. Since VMware emulates the same set of virtual devices on any machine, a single operating system image can be used.

It is also possible to configure VMware virtual disks in a read-only mode, so that changes to the filesystem are written to a separate log file, rather than being written back to the disk image. When the virtual machine is shut down, the changes can either be discarded or committed back into the disk image. This allows a single disk image to be used without any fear of it being corrupted. It also allows software to be installed experimentally with the installation only being committed if it is successful.

Citrix
Citrix ( Citrix ICA Protocol, port no : 1494) Citrix Presentation Server Application Streaming The application streaming feature of Presentation Server 4.5 enables applications to be delivered to client devices and run in a protected, virtual environment. Applications are managed in a centralized Application Hub, but are streamed to the client device and run in an isolation environment. Applications become an on-demand service that is always available and up to date. The Challenge The reality today is that many companies are hitting a wall of complexity when it comes to managing their ever-growing number of desktop applications and diverse access scenarios. This complexity translates into a huge amount of time and money spent providing what amounts to a patchwork solution. The Application Streaming feature of Presentation Server offers a compelling virtualization solution for centrally delivering all Windows-based applications to both Presentation Server environments and to desktops. Application Streaming benefits Client-side application virtualization reduces the cost of testing, installing and supporting applications. Together with application isolation technology, With server-side application virtualization, the server acts as the client. Applications are streamed to a protected isolation environment on the server as opposed to the local device. This has many of the same benefits of client-side virtualization and also helps reduce application silos and greatly improves management of Presentation Server farms. Key Benefits As a key component of both client-side and server-side Application Virtualization, Application Streaming enables IT to: 1 Eliminate application conflicts and operating system instability resulting from desktop application installation 2. Reduce the costs associated with regression testing, deployment, maintenance, updates, and deprovisioning for applications being run locally on users' machines 3. Enable IT to offer applications as an on-demand service

4. Lower application support costs by automatically updating and repairing applications every time they are used 5. Speed regulatory compliance by eliminating the need for extensive testing to certify applications 6. Enhance security by giving IT administrators complete control over applications delivered to desktops, even those of unmanaged partners and users

Client side
Client-Side Application Virtualization enables applications to be delivered to client devices and run in a protected, virtual environment. Applications are managed in a centralized Application Hub, but are streamed to the user's machine and run in an isolation environment. Applications become an ondemand service that is always available and up to date. Caching technology makes the application available even when not connected to the network. Record Applications are packaged using the Profiler, which determines the components and the system resources the application requires and then defines a set of rules for running the application in isolation on the endpoint device. The resulting package is a standard cabinet (.CAB) file that is transparent and is easy to work with and debug. Download The application package is published to a regular network file share, just like with Presentation Server. No proprietary tools or storage systems are required. Authorized users can start streaming the application simply by clicking on their desktop icon. The application is cached locally, but it is not installed. It runs in isolation, without interfering with other applications on the same device.

Play Applications behave just like they were installed locally, but without any of the

problems of installation. Files are saved locally and individual settings are preserved. Every time the application is run, it checks for errors or updates and delivers them automatically. The application is managed centrally, but can be used when it is disconnected from the network.

RSA (RAID Storage Adapter)

RSA SecurID two-factor authentication is based on something you know (a password or PIN) and something you have (an authenticator)providing a much more reliable level of user authentication than reusable passwords.

The only solution that automatically changes your password every 60 seconds

MS Resource Kit
Table 6 Active Directory-related command-line tools Tool Description

MoveTree Move objects from one domain to another. SIDWalker Set the access control lists on objects previously owned by accounts that were

moved, orphaned, or deleted. LDP Allows LDAP operations to be performed against Active Directory. This tool has a graphical user interface.

DNSCMD Check dynamic registration of DNS resource records, including Secure DNS update, as well as deregistration of resource records. DSACLS View or modify the access control lists of directory objects.

NETDOM Batch management of trusts, joining computers to domains, verifying trusts and secure channels. NETDIAG Check end-to-end network and distributed services functions. NLTest Check that the locator and secure channel are functioning.

REPAdmin Check replication consistency between replication partners, monitor replication status, display replication metadata, force replication events and knowledge consistency checker (KCC) recalculation. REPLMon Display replication topology, monitor replication status (including group policies), force replication events and knowledge consistency checker recalculation. This tool has a graphical user interface. DSAStat ADSIEdit Compare directory information on domain controllers and detect differences. A Microsoft Management Console (MMC) snap-in used to view all objects in the directory (including schema and configuration information), modify objects and set access control lists on objects. Check access control list propagation and replication for specified objects in the directory. This tool enables an administrator to determine if access control lists are being inherited correctly and if access control list changes are being replicated from one domain controller to another. Determine whether a user has been granted or denied access to a directory object. It can also be used to reset access control lists to their default state.

SDCheck

ACLDiag

DFSCheck Command-line utility for managing all aspects of Distributed File System (Dfs), checking the configuration concurrency of Dfs servers, and displaying the Dfs topology.

MOM
An efficient IT enterprise requires a proactive approach to monitoring and managing Windows servers and applications to avoid service outages and downtime. Intelligent monitoring tools can help you keep your organization's infrastructure running at acceptable service levels. A primary requirement of monitoring tools is that they be easy to deploy and manage so that using them consumes minimal IT resources. To address these requirements, Microsoft announced Microsoft Operations Manager (MOM) 2000, an enterprise monitoring solution that provides comprehensive event management, proactive monitoring and alerting, reporting, a built-in knowledge base, and trend-analysis capabilities. After working with many customers to deploy MOM, we have some suggestions that will help smooth your MOM implementation.

Installation Prerequisites Before starting a MOM implementation, verify that your environment meets all the prerequisites. You can't install the MOM server on a domain controller (DC); you must install it on a dedicated member server that's running Windows 2000 Advanced Server Service Pack 2 (SP2) and that has access to a DC. . . .

10. PS-EXEC Remote Control tool 11. PS-SKILL Kill the process through remotely
PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. PsKill: Windows NT/2000 does not come with a command-line 'kill' utility. You can get one in the Windows NT or Win2K Resource Kit, but the kit's utility can only terminate processes on the local computer. PsKill is a kill utility that not only does what the Resource Kit's version does, but can also kill processes on remote systems. You don't even have to install a client on the target computer to use PsKill to terminate a remote process.
SMS

Microsoft Systems Management Server (SMS) is a systems management software product by Microsoft for managing large groups of Windows-based computer systems. SMS provides remote control, patch management, software distribution, and hardware and software inventory. An optional feature is operating system deployment which requires the installation of the SMS 2003 OS Deployment Feature Pack. The current version is 2003 SP3 R2.

Systems Management Server 2003 SP1 Product Overview

Systems Management Server (SMS) 2003 with Service Pack 1 (SP1) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively. SMS 2003 SP1 provides the following key capabilities: Application Deployment Deliver critical business productivity applications reliably and easily to users in the right place at the right time.

Asset Management Reduce software costs and stay compliant by understanding the installed application base and its usage. Security Patch Management Improve security of the Microsoft Windows environment through increased vulnerability awareness and reliable targeted delivery of updates. Mobility Deliver enterprise management to the growing mobile workforce through industry standards independent of connection or location. Windows Management Services Integration Reduce operational costs by fully utilizing the management capabilities built into the Windows platform. Integrating Operations and Technology Microsoft Solutions for Management Solution Accelerators provide a blueprint for addressing key management issues by combining people, processes, and technology to help solve specific customer scenarios. Solution Accelerators are lab-tested, customer-approved Microsoft best practices that are intended to be used by Microsoft Consulting Services or Microsoft partners to help customers achieve optimal solutions. Improvements in these areas enable enterprises to effectively manage software, from devices to data centers, on the Windows Server System platform. For more information, read the product overview datasheet. SMS 2003 SP1 Updates SMS 2003 SP1 is primarily a rollup of a number of hotfixes for SMS 2003, but also introduces some changes to the supported configurations and broadens the configurations allowed.

Features at a Glance
Capability Application deployment Description

Detailed application deployment planning. Detailed reports available in

SMS 2003 ease the application deployment process. For a planned deployment, it is easy to obtain the target group's current hardware base, existing applications, and version information, as well as the current service pack and hotfix levels of the system.

Rich distribution targeting. Software distribution and other management

tasks can be specifically targeted to machines and users using a wide

Capability

Description variety of properties including network and hardware configuration, Active Directory organizational unit, and group membership and software installation status.

Delta distribution between site servers and distribution points.

and distribution points, rather than the entire application image.

When changes are made to previously deployed software package sources, only the source changes are propagated between SMS 2003 site servers

Elevated rights Windows Installer Service. Because SMS 2003

application installation on "locked-down" systems.

supports the Windows Installer service (.msi), it is able to switch user account contexts during a package installation allowing for self-healing

Add/Remove Programs support. Applications can be easily published to

of installing applications. Asset management

the Add/Remove Programs interface to provide users with a consistent way

Application usage monitoring. Summary and detail reports can be

tracked by user or computer, and reports can be created comparing

generated specifying which applications were used by users, how long they were used, and on which managed systems they were used. Usage can be concurrent usage data to current license ownership (compliance reports).

Granular software inventory file level searching. Now you can

what you need.

configure SMS 2003 to get you all the asset discovery you need, and only

Detailed hardware inventory. Windows Management Instrumentation

(WMI) enhancements allow improved client-side performance during and chassis enclosure data. inventory scans and provide a richer set of inventory data, including BIOS

Web-enabled reporting. More than 120 pre-built reports are included,

software deployment progress. Security patch management

covering hardware and software inventory as well as computer status and

Vulnerability identification. Standard Microsoft security tools like the

Microsoft Baseline Security Inventory Analyzer and the Microsoft Office Inventory Tool for Updates enable you to inventory your systems for applicable patches and vulnerabilities.

Patch deployment wizard. A simple console wizard is provided to assist

administrators in deploying required patches to managed devices.

Vulnerability assessment and mitigation reporting. After missing

are then posted to the central database for reporting and targeting

security patches have been identified, the results of these individual scans purposes. As missing patches are deployed, this data may be optionally

Capability

Description updated in real time.

Mobility

Bandwidth-aware clients. The new Advanced Client uses the Background

Intelligent Transfer Service (BITS) technology to automatically detect the capacity of the client network connection and adjust transfer rates efficiently.

Checkpoint/restart. Upon reconnection, any partial downloads to client

computers will continue where they left off; there is no need to restart transmissions because of a disconnected session. Checkpoint/restart works at the byte level, requiring only the download of those bytes in a package that haven't already been transferred.

Download and execute. After a new software package has been

system until the scheduled install time, when it is then executed.

successfully downloaded to a client, it remains in the cache of the client

Location awareness. As mobile users move through geographic locations,

flexible site boundaries ensure that they receive software packages and updates from the nearest appropriate installation source, and are not required to install software across the enterprise wide area network (WAN). Windows Management Services integration

Active Directory discovery. SMS 2003 can automatically discover the

Active Directory properties of both users and systems, including organizational unit container and group level membership. Software packages can then be targeted based on these Active Directory attributes.

Active Directory-based site boundaries. Site boundaries can now be

subnets.

based on Active Directory site names, rather than on Internet Protocol (IP)

Advanced Security Mode. Built-in computer and local system accounts

and making the enterprise more secure by not creating extra high-rights accounts.

can be used for all server functions (such as database access), dramatically simplifying the management of accounts and passwords within SMS 2003

Improved status tools. The status data provides real-time information

about the current state of SMS 2003 processes, both on servers and clients.

Windows XP Remote Assistance support. The high-performance

Windows XP Remote Assistance feature is now an option for a user is present at the remote machine. troubleshooting clients remotely from the SMS Administrator Console when

When do I need to set up SMS secondary site servers?

I have 20 remote branch locations connected back to the operations center by T1 lines. Each location has 5-7 workstations. I was planning on using each site's existing file server as a distribution point to save on bandwidth during software distribution. At what number of workstations per remote site should I consider setting up SMS secondary site servers?Even though you may have Distribution Points sitting at the remote locations, you still need to modify some settings on the clients to force ... Can I distribute any Windows Installer (.msi) application using SMS? have a customized Citrix 8 client installation in the form of a .msi. How can I use SMS 2.0 SP2 to distribute this? You can distribute any Windows Installer (.msi) application using SMS. SMS's software distribution feature basically does what you tell it to do. You'll first want to identify any distribution options (i.e., command line options) for the .msi you have created and create the SMS package using those options.

Scripting
Already default scripts are there. WSH (Windows Scrip Host)....WMI (windows media interface) Map network driver, user id creation in AD Set objNetwork = Wscript.CreateObject("WScript.Network") objNetwork.MapNetworkDrive "G:", "\\atl-fs-01\Sales" objNetwork.MapNetworkDrive "H:", "\\atl-fs-01\Users$\lewjudy"

Responsabilities1:

Installation, configuration and trouble shooting of Windows Operating Systems include Windows 2000 Professional, Windows XP and PreWindows 2000 Operating systems on Desktops/Servers.

PC Hardware, Windows XP/2000 and Microsoft Office Suite, Networking Connectivity Issues (TCP/IP) and other Software Problems.
Member of Team Engineers to provide Information Systems Support. Active Directory services management support.

Responsabilities2:

Experience on windows 2003 and windows 2000 Active Directory Support and Implementation. Disaster Recovery Plan for Active Directory servers. Expertise in Microsoft Services like WINS, DHCP and DNS. Creating, Configuring, Managing and troubleshooting Group Policy objects Considerable Knowledge on Exchange 2003 server. Installing, configuring, Managing, Exchange Server 2003 Managing users and applying group policies.

Configuration & Administration of Brightstor Arc serve 11.5 Backup server. Data Center Maintain ace Vendor coordination RIS server In Hyderabad we have 44 servers and in Hyderabad we have 22 servers including all platforms. I am managing Active Directory and Exchange servers and MOM servers and BrightStor ArcServe backup server. In active directory checking the replication between the two sites. Taking care of user creations and user deletions mailbox transfers. DL creations. Checking the group policies and applying the group policies in active directory. I have only considerable knowledge on Exchange mail box creation and mailbox deletions and taking care of mail box movements. In backup I am taking 5 day differential and 2 day full backup. From Sunday to Thursday differential and Friday and Saturday full backup. Which is the difficult situation u have faced in your organization? Recently we had faced an issue with our Hyderabad mail server, the mail box store has gone down. We made it up with in an hour. We are using McAfee anti virus group shield in the exchange server and it has deleted the recently created log file due to that the mailbox store has gone down. We have restored it from the backup. Dail tone recovery Maintains hyd, chenn replication of servers, and maintain the Data Centre Win 2003 Active Directory Support Disaster Recovery Active Directory Plans for Servers 2003 Exchange Administrator

Creating, Configuring and managing and troubleshooting group policies Configuring and troubleshooting Antivirus like MacAfee DHCP Scopes creations, IP Addresses Creations Terminal Services Monitoring File permissions and quotas implementation Taking the backup, restoration (Daily (Incremental) and Full Backup (weekly)) How many Servers (30) DCs and file, mail, internal and applications servers Server Configurations HP DL 380s 4 GB, 5+1 (Raid + Mirroring) total 5 HDDs Intel Genuine 3G (Dual Core Process) all are rack mountable servers DL 380 proline HP series Dell 2950 power edge Mirror and raid for both the servers Total 5 HDD's 2 for mirror 3 for raid only we have virtusa domain single domain architecture only one we have( cross domains, two sites) only one domain naming masters PDC Emulators 5 we have ( password resetting , win32 time synchronize)

DHCP: dhcp.mdb DNS dns.back what is the ntds. Folder- database, transaction logs, check My responsibilities in Chennai are Managing two locations i.e., Hyderabad and Chennai. In Chennai we have 2 domain controllers and in Hyderabad we have 6 domain controllers One exchange server in Chennai and one more in Hyderabad One backup server in Chennai and one more backup server in Hyderabad Checking the Replication traffic between the Chennai and Hyderabad, and the replication topology between sites.
ITIL Every week we have systems and networking meetings. In systems meeting we need to discuss what are the changes we are going to implement how much its use for organization. If you want to do any change you have to raise a change request through the change gear software, then you can send it to your manager for approval. I am going to do like patch management, please approve, once we get the approval from the manger. Then you can go ahead Suppose if you want to restart the server for that also we need to raise request in change gear. I have to give the explanation like I have installed the patches so its required restart to update the all the patches please approve it. Once we get the approval from the manager. We will restart the server.

Service Desk This function is the single point of contact between users and IT Service Management. Main article: Service Desk (ITSM) Tasks include handling incidents and requests, and providing an interface for other ITSM processes.

Single Point of Contact (SPOC) and not necessarily the First Point of Contact (FPOC) There is a single point of entry and exit Easier for Customers Data Integrity Communication channel is streamlined

The primary functions of the Service Desk are: Incident Control: life cycle management of all Service Requests Communication: keeping the customer informed of progress and advising on workarounds The Service Desk function is known under various names : Call Centre: main emphasis on professionally handling large call volumes of telephone-based transactions Help Desk: manage, co-ordinate and resolve incidents as quickly as possible Service Desk: not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, Service Level Management, Configuration Management, Availability Management, Financial Management and IT Services Continuity Management The three types of structure that can be considered are: Local Service Desk: to meet local business needs - is practical only until multiple locations requiring support services are involved Central Service Desk: for organizations having multiple locations - reduces operational costs and improves usage of available resources Virtual Service Desk: for organizations having multi-country locations - can be situated and accessed from anywhere in the world due to advances in network performance and telecommunications, reducing operational costs and improving usage of available resources

Service Desk 1. Incident management 2. Problem management 3. Change management

4. Configuration management 5. Release management

I am working on incident management.

Incident management
The goal of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. 'Normal service operation' is defined here as service operation within Service Level Agreement (SLA) limits. SLA: while running a ticket we have an agreement with the client. The client to owner the ticket and resolving with time stamp. OLA (Operation Leave Agreements): whatever the agreements we are having with in the organization support teams. OC (Under pendent contract): Which the levels of service boundary we are having with the Vendors.

Problem Management
The goal of 'Problem Management' is to resolve the root cause of incidents and thus to minimize the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors. A `problem' is an unknown underlying cause of one or more incidents, and a `known error' is a problem that is successfully diagnosed and for which a work-around has been identified. The CCTA defines problems and known errors as follows: A problem is a condition often identified as a result of multiple Incidents that exhibit common symptoms. Problems can also be identified from a single significant Incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant. A known error is a condition identified by successful diagnosis of the root cause of a problem, and the subsequent development of a Work-around. Problem management is different from incident management. The principal purpose of problem management is finding and resolves the root cause of a problem and prevention of incidents; the purpose of incident management is to return the service to normal level as soon as possible, with smallest possible business impact.

Configuration Management Configuration Management is a process that tracks all of the individual Configuration Items (CI) in a system. Change management The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes, in order to minimize the impact of change-related incidents and to improve day-to-day operations. Release Management Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. Proper software and hardware control ensures the availability of licensed, tested, and version-certified software and hardware, which will function as intended when introduced into the existing infrastructure. Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. This guarantees that all software meets the demands of the business processes. The goals of release management are: Plan the rollout of software Design and implement procedures for the distribution and installation of changes to IT systems Effectively communicate and manage expectations of the customer during the planning and rollout of new releases Control the distribution and installation of changes to IT systems

The focus of release management is the protection of the live environment and its services through the use of formal procedures and checks.

By words:

ITIL: Incident: automatically triggered by the server itself. Like MOM I mean alerts Service Call: People who are generated raise a call.

Backup:

Policy: 5 day differential (sun thu) 2 day full backup (Friday Sat) 5 tapes we are keeping into fire proof. Another two tapes. One goes to HDFC bank and other send it to other site. Total 7 takes will come out in a week In tape library 32 tapes are there..every day 1st tape, 31st is storage drive, one is IO (IO Box), Through bar code only it recognizes the tapes. After finishing the backup we have to remove from the tape library. We have to keep it into fire proof. HW long Ur going to keep in fire proof. Differential tapes in 3 months. Full backup is 6 months.and year end and month end backups are going to keep preeminently. And year end last backup also Dell LT O 3 tape library 400 native mode/ 800 compressive Tape library model no is power old 132 T Dell. Configuration Card 5i RAID- SCSI Card Through that card only we are connecting the backup tape library to the server. We have only single head tape library, so we can only write single tape at once.

Array Configuration: to create or implement a RAID control concept. We need to configure array configuration. Through this only array will recognize and we will configure RAID Array version Citrix: with the help of the RSA FOB virtually, they are connecting to the client network. They are authenticating to the web page to the citrix server. Login to the remote sessions the major advantage is we can take the multiple session at the single time. Port no : 1495, version 9.0----------- ICA Protocol SMS: They are extracting the batch files. It applies during user logins. 5i

Few server details 1. HP, Dell and IBM latest models

Latest servers in HP: in DL series HP ProLiant DL585 G2 HP Proliant DL580 G4

Scalability, availability and adaptability in a highly serviceable 4U chassis

Latest servers in HP: in ML series HP ProLiant ML570 G4 Latest servers in HP: in BL series PowerEdgeTM R900 4-Socket, Quad-Core 4U Rack Server PowerEdgeTM 6950 4-Socket, Dual-Core 4U Rack Server HP BLc3000 Enclosure 2 AC Power Supplies 4 Fan Full ICE License

IBM IBM System Storage DS4800 processed 4,016,222 transactions per minute (tpmC) with a price/performance of $2.98/tpmC [1], versus the HP Integrity Superdome's performance of 1,231,433 tpmC at $4.82/tpmC [1] IBM System x3850 M2 takes performance, efficiency and reliability to the next level. Featuring an unmatched combination of x86 performance and scalability with a balanced design, the x3850 M2 delivers unrivaled reliability, providing confidence in your IT solution deployments. An easy upgrade path provides the necessary flexibility to deliver an optimized solution for scaleup database, enterprise applications and server consolidation through virtualization services.

2. Remote management cards in Dell(Rack and D-Rack), Hp(ILO) and IBM(RSA)

HP: ILO makes it possible to perform activities on a HP server from a remote location. The iLO card has a separate network connection (and its own IP address) to which one can connect via HTTPS. Possible options are: reset the server (in case the server doesn't respond anymore via the normal network card) power-up the server (possible to do this from a remote location, even if the server is shut down) take over the screen mount remote physical CD/DVD drive or image. access the server's IML (Integrated Management Log) remote console (in some cases however an 'Advanced license' maybe required for some of the utilities to work) Dell: Dell DRAC: The DellTM Remote Assistant Card II (DRAC II) and Dell Remote Access Card III (DRAC III) provide IT administrators with continuous access to servers. Administrators also achieve full control of the server hardware and operating system from any client system running a Web browser, even if the server is down or hung. The Dell remote-access architecture consists of hardware and software components that allow administrators to do the following:

Access a server after a server failure, power outage, or loss of a network connection (using a network interface card (NIC) or modem) Remotely view a server's internal event logs and power-on self test (POST) codes for diagnostic purposes

Manage servers in multiple locations from a remote console Manage servers by redirecting the console output to a remote console (graphic and text) Perform an orderly shutdown of a server for maintenance tasks Diagnose a server failure and restart the server Alert the administrator using alphanumeric page, numeric page, e-mail, or Simple Network Management Protocol (SNMP) trap when a server detects an error

IBM RSA
However it is IBM's Remote Supervisor Adapter (and the popular RSA II) that represents the next generation of comprehensive server management. The IBM RSA II is a PCI card service processor and it is standard in some servers and an option in others. It manages the BMC located on the server motherboard, and augments the BMC capability so you can perform systems management functions whether your server is operational or not. As shown in the table below, the RSA II provides an extensive range of remote server management features. The Virtual KVM feature for example provides full graphic console redirection. You can use a local desktop to access and control a remote server, run applications and receive system alerts in whatever form you choose. So no longer is there a need for any external KVMoIP appliances at the remote site. Another model is the RSA SlimLine which is an internal card that includes the BMC and uses a dedicated Ethernet connector on the server for communication. The BladeCenters management module also uses a modified version of the RSA with an integrated KVM switch to provide access to individual server blades. Vendor IBM Service Processor RSA (Remote Supervisor Adapter) IBM Director RSA II, SlimLine RSA PCI Card Command line & Web interface; Virtual KVM (with logging of last screen before failure); Virtual media access; UDP/TCP Ethernet connection; Remote power control; Local logs & alerts; Secure SSH, SSL & LDAP access Software Model Type Features

3. management Tools
IBM Director IBM's service processors can accessed with the IM/IMG then managed using IBM Director, an integrated suite of system management tools that enables administrators to locally or remotely track the usage and performance of their server's processors, disks, and memory. IBM Director extends the basic RSA II software by providing a central platform for monitoring and managing all the IBM hardware resources. And the IBM + Opengear service management can be extended even further as Director also will seamlessly integrate with higher-level systems management

offerings such as Tivoli, HP OpenView, Microsoft SMS and MOM, CA Unicenter, BMC and Altiris.

Dell OSMA:
Dell Management Tool (OMSA) - open manage server administrator 7.0

Dell OpenManage Server Administrator Storage Management provides enhanced features for configuring a system's locally-attached RAID and non-RAID disk storage. Storage Management enables you to perform controller and enclosure functions for all supported RAID and nonRAID controllers and enclosures from a single graphical or command-line interface without requiring use of the controller BIOS utilities. The graphical interface is wizard-driven with features for novice and advanced users and detailed online help. The command-line interface is fully-featured and scriptable. Using Storage Management, you can protect your data by configuring data-redundancy, assigning hot spares, or rebuilding failed physical disks. You can also perform data-destructive tasks. All users of Storage Management should be familiar with their storage environment and storage management. Storage Management supports SCSI, SATA, ATA, and SAS but not fibre channel. NOTE: Starting with Dell OpenManage 5.0, Array Manager is no longer an installable option. If you have an Array Manager installation and need information on how to migrate from Array Manager to Storage Management, refer to the product documentation prior to Storage Management 2.1 or Dell OpenManage 5.1.

Take Control with Dell Systems Management.

Dell's approach to systems management is to provide inherently manageable, standards-based platforms along with a comprehensive set of standards-based tools for proactive management throughout the computing life cycle. Dell server, storage, networking, and client solutions are designed to help simplify and automate the administration of your technology resources-and to help you control your IT investment. The advantages of our interoperable management solutions derive from Dell's commitment to:

Open manageability Dell's instrumented clients, servers, storage, printers and network platforms interface seamlessly with most standards-based management tools and consoles. Dell systems management solutions and platforms provide the pro-active management information and control functions you need to optimize deployment, health status monitoring, fault recovery, change management and more. Industry standards Dell champions open standards within the industry because they are the foundation for management systems that can deploy, monitor and upgrade heterogeneous computing environments. Standards also give you greater choice in the selection of your systems management solution, providing more flexibility to better meet your specific requirements. Strong partnerships Dell partners with industry-leading companies to deliver integrated, "bestin-class" technologies, services and standardized components to provide customers with costeffective broad-based systems management functionality.

HP- HP Integrated. 4. Array controller Models

Array 6i HP:

HP Smart Array 6i Controller

The new Smart Array 6i controller is an Ultra320 intelligent array controller for entry-level, hardware-based fault toleran for protection of OS, applications, and logs. Most models have one internal-only channel. The DL380 G4 has a second channel for optional duplex backplane support or external tape support. The Smart Array 6i controller provides one of th most cost effective alternatives to software-based RAID in the market today.

Designed as an integrated component on the system board on select ProLiant DL and BL servers, the Smart Array 6i controller and 128MB BBWC Enabler bundle provide increased performance and worry-free transportable battery back write cache data protection for all server internal storage needs, without consuming a PCI slot.

Models
Smart Array 6i Controller Battery Backed Write Cache Enabler Smart Array 6i Controller 128MB Battery Backed Write Cache Enabler Option Kit

346914-B

Target Environments
The Smart Array 6i Controller offers superior investment protection to the following environments: Non-RAID Current storage operations where, until now, there has not been a perceived need for data protection, security, or performance gains. Software RAID Current storage operations using software RAID where growing data storage requirements demand the robustness, efficiency, and performance increases available with entry-level hardware RAID.

Dell 4DC Array controls on HP( Array 6i), Dell (4DC) and IBM (ACU) ACU: Array Configuration Utility (ACU) is a DOS-based application for Configuring and
managing arrays. ACU provides a means to reate /delete Arrays, manage spares, and initialize the drives attached to the controller. It can also manage multiple controllers, if present in the System, but only one controller at a time.

5. SAN

Latest Models and how does it work

HP Proliant DL585 Storage server 5.4.0 SAN A SAN is a dedicated network that is separate from LANs and WANs. It is generally used to connect all the storage resources connected to various servers. It consists of a collection of SAN Hardware and SAN software; the hardware typically has high inter-connection rates between the various storage devices and the software manages monitors and configures the SAN. SANs originated to overcome the problems with network attached storage (NAS) devices, which - like ordinary servers - are difficult to manage and difficult to expand the capacity on. NAS

devices also add to the traffic on the network and suffer from the delays introduced by the operating systems' network stacks. A SAN is made up of a number of fabric switches connected in a network. The most common form of SAN uses the Fibre Channel fabric protocol (with Fibre Channel switches). Alternatively ISCSI could be used with IP switches.

IBM Express Model SAN switches Cisco MDS 9124 Express for System Storage The Cisco MDS 9124 Express for System Storage is designed to address the needs of small- and medium-sized businesses with a wide range of SAN capabilities. It can be used as part of SAN solutions from simple single-switch configurations to larger multi-switch configurations in support of fabric connectivity and advanced business continuity capabilities.

6. HP Blade ServersHow it designed

HP Blade C7000 servers, upgrades and parts. The HP Blade System C7000 provides power, cooling and I/O infrastructure needed for today and future tech center environments. Designed for easy set-up, this system now includes a 3-inch LCD Insight Display for readability. Vibrant carries a wide array of Used HP BladeSystems. Used HP Blade C7000 Features Specifications Description Up 16 Half-Height Blades Up to 8 Full Height Blades Device Bays Mixed configurations supported Power Supply Height Single-Phase Model Power Up to 6 x 2250W 10U 6 x IEC-320 C20 2 PCI and 4 shared PCI/EISA slots HP 1Gb Ethernet Pass-Thru Module CISCO Catalyst Blade Switch 3020 GbE2c Ethernet Blade Switch HP 16 port 4Gb FC Pass-Thru Module Brocade 4Gb SAN Switch

Ethernet

Fibre Channel

Warranty

3-year limited; onsite

7. Scripts VB Scripts and GPO

Scripts WMS, WSH scripts Using a LDAP query retrieve the information. Based on your requirement you will edit it.

Example 1 - Script to Create a User in Active Directory

On this page we concentrate on the essential VBscript commands necessary to build a User account in Active Directory Users and Computers. For example, GetObject("LDAP://rootDSE") and .Create("User"). Even though I am experienced at creating VBScripts, I still run manually through creating the object in Active Directory Users and Computers, the menus actions help me to rehearse the stages in my scripts.

Prerequisites
I recommend that you logon at a Windows Server 2003 domain controller. If you are a long way from the server, Remote Desktop would be a suitable alternative. If that is not possible, you could get these scripts to work from an XP machine as a non-administrator. However, why introduce extra complications? Especially at the beginning, you want easy success, with fewest obstacles. Instructions for Creating a User Account in Active Directory 1. You should run this VBScript on a Windows Active Directory domain. 2. Copy and paste the example script below into notepad or a VBScript editor. 3. Decide whether to change the value for strUser. DomGuy2 is not a particularly attractive name. 4. Save the file with a .vbs extension, for example: Users .vbs. 5. Double click Users .vbs and check the Users container for strUser.

Script to Create a User in a Named OU (Organizational Unit)

' Users .vbs ' Sample VBScript to create a User in Users . ' Author Guy Thomas http://Computerperformance.co.uk/ ' Version 1.3 - September 2005 ' ------------------------------------------------------' Option Explicit Dim strUser Dim objRootLDAP, objContainer, objNewUser strUser = "DomGuy2" ' Bind to Active Directory, Users container.

Set objRootLDAP = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Users," & _ objRootLDAP.Get("defaultNamingContext")) ' Build the actual User. Set objNewUser = objContainer.Create("User", "cn=" & strUser) objNewUser.Put "sAMAccountName", strUser objNewUser.SetInfo WScript.Quit ' End of free sample Create Users VBScript.

VBScript Tutorial - Learning Points

Note 1: The first 10 lines explain the purpose of the script and declare the variables. Note 2: The simple, but clever command, which allows the script to work with any domain is: GetObject("LDAP://rootDSE"). Crucial, this statement binds WSH / VBScript to Active directory. The next line puts the focus on the Users container, as that is where the user will be born. Incidentally, the correct syntax is cn=users, whereas OUs that you create need the OU= prefix, for example OU=Accounts,. Note 3: sAMAccountName controls the logon name, this is the name that users should enter in the dialog box after they press the Ctrl Alt Delete, logon sequence. Note 4: .Create is a method to build an object. See how we use "User" not "Computer" or "OU". Note 5: When creating or modifying users, invariably you need .put and .SetInfo. The .put method is the equivalent of selecting a box in Active Directory Uses and Computers, in this example sAMAccountName sets the correct property and .put unloads the value set by strUser. .SetInfo is the VBScript equivalent of pressing the OK button in the GUI. In both cases it represents the final act of creating or modifying the User object. Note 6: This script represents 'work in progress'. For a real production script you would need to enable the account, and most likely, add several other properties, for example givenName. My desire is to get you started. Build the script in stages, understand each component, then add another section.

Example 2: Script to Create a User in a Named OU (Organizational Unit)

Prerequisites Create a new OU. I called my OU Accounts, what name will your choose? Instructions for Creating a User Account in a Named OU

1. Copy and paste the example script below into notepad or a VBScript editor. 2. Find the strContainer, and then change to the name of your OU. 3. Decide whether to change the value for strUser. 4. Save the file with a .vbs extension, for example: ComputerOU.vbs. 5. Double click ComputerOU.vbs and check the Computers container for strComputer.

' UserOU.vbs ' Sample VBScript to create a User in a named OU. ' Author Guy Thomas http://Userperformance.co.uk/ ' Version 2.4 - September 2005 ' ------------------------------------------------------' Option Explicit Dim objRootLDAP, objContainer, objUser, objShell Dim strUser, strName, strContainer strUser = "BookKeeper21" strName = "Bookie" strContainer = "OU=Accounts ," ' Note the comma ' Bind to Active Directory, Users container. Set objRootLDAP = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://" & strContainer & _ objRootLDAP.Get("defaultNamingContext")) ' Build the actual User. Set objUser = objContainer.Create("User", "cn=" & strUser) objUser.Put "sAMAccountName", strUser objUser.Put "givenName", strName objUser.SetInfo ' Optional section to launch Active Directory Uses and Users Set objShell=CreateObject("WScript.Shell") objShell.Run "%systemroot%\system32\dsa.msc" WScript.Quit ' End of Sample UserOU VBScript.

VBScript Tutorial - Learning Points

Note 1: The key difference between the two scripts is: strContainer = "OU=Accounts ,". Trace how VBScript applies this variable to set the Organizational Unit. Note 2: This command looks easy to script: GetObject("LDAP://" & strContainer & _. However it took me ages to get the speech marks and ampersands (&) just right. Note 3: objShell.run. This optional section is just me having a little fun. What this section does is open the Active Directory Users and Users MMC ready for you to inspect the new User account. My other reason for adding this code is show that the script has executed successfully, otherwise I just sit and wonder if it has finished yet.

Note 4: I suggested in Example 1 that you could add other attributes, trace how I added givenName through strName. To see what I mean, I suggest that you alter the value from "Bookie" to a more realistic name.

8. Clusters how to connect two nodes

Cluster is a group of computers, called nodes that function as a single computer/system to provide high availability and high fault tolerance for applications or services. Windows 2003 Servers can participate in a cluster configuration through the use of Cluster Services. If one member of the cluster (the node) is unavailable, the other computers carry the load so that applications or services are always (with a small interruption) available. All nodes of the cluster use a Shared Disk an external disk or disk subsystem which is accessible for all nodes through SCSI (2 Nodes) or Fiber Channel (more than 2 nodes). All data will be stored on the shared disk or an external disk subsystem (for example Exchange databases). Every node has a local Exchange 2003 installation with a unique configuration for every cluster node. Each Cluster with Exchange 2003 has at a minimum one Exchange Virtual Server (EVS). An EVS is the logical node that will be used for all cluster operations. An EVS contains an IP address, network name, physical disk and an application. A cluster can be

Active/Active or Active/Passive

Microsoft recommends only Active/Passive clusters I will give you the reason later. The number of cluster nodes supported by Windows 2003 Enterprise and Datacenter is 8 nodes. Windows Server 2003 Standard and Web Editon doesnt support a Cluster. In an Active/Passive cluster - If one node in the cluster fails, the active cluster failover to another node which becomes Active. This is called Failover. If the failed node is back online, a Failback can be manually initiated or automatically configured in the Cluster Group properties. Every cluster node must have two network interfaces. One network interface for the cluster communication called the private LAN and one network interface called the public LAN. You can link a cluster with two nodes with a simple cross link cable. If more than two nodes exist in the cluster you have to use a dedicated switch / hub. The private NIC is used for the Heartbeat communication (Cluster communication). A Heartbeat is much like a ping which can be used to test if the other cluster node is still available. If the heartbeat fails, the Failover process occurs Quorum Drive Configuration Information This article provides information about configuring the quorum drive.

MORE INFORMATION When you install Microsoft Cluster service, you must configure storage at the hardware level so that the operating system and Cluster service have two separate physical devices for cluster usage. For example, in Disk Administrator or Disk Management, the following disks should be displayed: Disk 0 (usually drive C) Disk 1 (quorum) Disk 2 (data drive) At a minimum, you must create at least one physical drive for the quorum disk and a separate physical drive for data. Each drive must be formatted as NTFS. NTFS architecture is structured to enable file attribute indexing on a disk volume. This functionality enables the file system to efficiently locate files that match certain criteria so that sorting and searching processes function faster. However, you should not place any input/output (I/O) intensive programs on your quorum drive. Heavy input/output traffic from another source could interfere with the cluster's ability to write to the disk, which may cause the quorum resource to fail. If the quorum resource fails, the entire cluster may fail as well. It is recommended that you configure the quorum disk size to be 500 MB; this size is the minimum required for an efficient NTFS partition. Larger disk sizes are allowable but are not currently needed. It is also recommended that you configure some form of fault tolerance at the hardware level to be used for the quorum drive, such as hardware mirroring or hardware RAID. If the quorum drive is lost, the cluster may not be available. The quorum resource plays a crucial role in the operation of the cluster. In every cluster, a single resource is designated as the quorum resource. A quorum resource can be any resource with the following functionality: It offers a means of persistent arbitration. Persistent arbitration means that the quorum resource must allow a single node to gain physical control of the node and defend its control. For example, Small Computer System Interface (SCSI) disks can use Reserve and Release commands for persistent arbitration. It provides physical storage that can be accessed by any node in the cluster. The quorum resource stores data that is critical to recovery after there is a communication failure between cluster nodes. Windows 2003 introduces a new quorum resource type called Majority Node Set (MNS). MNS is tailored for geographically dispersed clusters. How to restore the cluster quorum to a Windows 2000 or Windows 2003 node running Active Directory Details: To restore the quorum to a node that is a domain controller and is running Active Directory, the node must be in Directory Services Restore Mode. Cluster services cannot be running in this mode, so the cluster quorum must be restored separately, after System State is restored and the node has been rebooted. The following steps will allow for restoration of System State, and include steps to recover the cluster quorum as well. Note: The steps outlined below will work for clusters whether using VERITAS Backup Exec (tm) 8.6 or 9.0 4454, however, only Backup Exec 9.0 4454 (and later) is capable of fully protecting Windows 2003 servers.

To restore the cluster quorum to a node running Active Directory: Note: If possible, take the other nodes in the cluster offline before restoring the cluster quorum. If the nodes cannot be taken offline, you should use the -f option with the clrest.exe command, explained in step 8. 1. To restore System State, start the computer in safe (repair) mode (restart the computer and then press <F8> when prompted to select an operating system), and then select Directory Services Restore Mode. If this is a local restore, you must also start the Backup Exec services before you restore System State data. 2. On the Backup Exec navigation bar, click Restore 3. In the Restore Selections pane, click System State 4. In the Properties pane, under Settings, click Advanced 5. Clear the Restore cluster quorum option. This option must not be selected. 6. Start the restore operation. During the restore, the cluster quorum files are copied to the default location %SystemRoot%\cluster\BackupExec. 7. When the restore has completed, reboot the target node 8. After the reboot is complete, run clrest.exe from the command line to restore the cluster quorum from the default location to the quorum disk: clrest <path> where path is the complete path to the cluster quorum. Typically, the pathname is %SystemRoot%\cluster\BackupExec (for Windows 2000) and \windows\repair\bootablesystemstate\clusterdatabase (for Windows 2003). A path is required for the clrest command. Note: Make sure to select in Folder Options to Show Hidden Files if attempting to view the quorum files. Clrest is located in the {drive letter}:\Program Files\Veritas\Backup Exec\NT directory in 9.0 by default. You can include other options on the command line to force the restore to proceed even if other cluster nodes are online, and/or if the disk signatures do not match and to specify another disk as the quorum disk: clrest path [-f] {drive letter]where [-f] forces the restore to proceed even if other cluster nodes are online and/or the disk signatures do not match. When this option is selected, the cluster service for any nodes that are online is stopped. This option also allows the drive letter of the disk that the cluster quorum was on, to remain the same, even if the configuration has changed and the disk signatures contained in the restore media do not match the disk signatures contained in the cluster quorum. [drive letter] specifies another drive letter for the quorum disk. If you use this option, the drive letter on which the cluster quorum resides will be changed to the same drive letter as previously specified. Otherwise, the drive letter on which the cluster quorum resides will stay the same as it was previously.

9. Once the restore of the cluster quorum is completed, use the cluster administrator to bring the other cluster nodes online

9. Citrix and Meta ware versions

CITRIX: Latest version is 4.0 The corporate and government IT managers in attendance shared their experiences in running desktop applications on a server, which is the Citrix specialty. It's done by installing the Citrix "ICA client" on the user's PC, thin client computer or mobile device to gain access to desktop applications running on the Citrix MetaFrame Presentation Server. Citrix claims to have 120,000 corporations and government customers -- for a total of 50 million ICA clients -- using this approach in some fashion, if not for their entire user base. Citrix spares the IT department from having to distribute desktop software on the actual desktop. And some corporations use Citrix for disaster-recovery back-up. At the Citrix conference, IT managers said it's not only easier to upgrade desktop applications when they're located on the centralized Citirx server than on the actual desktop, but they see some security advantages in it as well.

10.

Vmware (vmotion)

VMware VMotion enables the live migration of running virtual machines from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity. VMotion allows IT organizations

Advantages:
Continuously and automatically allocate virtual machines within resource pools. Improve availability by conducting maintenance without disrupting business operations VMotion is a key enabling technology for creating the dynamic, automated, and self-optimizing data center.

How does it work? Live migration of a virtual machine from one physical server to another with VMotion is enabled by three underlying technologies. First, the entire state of a virtual machine is encapsulated by a set of files stored on shared storage such as Fibre Channel or iSCSI Storage Area Network (SAN) or Network Attached Storage (NAS). VMwares clustered Virtual Machine File System (VMFS)

allows multiple installations of ESX Server to access the same virtual machine files concurrently. Second, the active memory and precise execution state of the virtual machine is rapidly transferred over a high speed network, allowing the virtual machine to instantaneously switch from running on the source ESX Server to the destination ESX Server. VMotion keeps the transfer period imperceptible to users by keeping track of on-going memory transactions in a bitmap. Once the entire memory and system state ESX Server Hardware ESX Server Hardware VMotion Technology OS OSOSOS App App App VMware VMotion moves live, running virtual machines from one host to another while maintaining continuous service availability. has been copied over to the target ESX Server, VMotion suspends the source virtual machine, copies the bitmap to the target ESX Server, and resumes the virtual machine on the target ESX Server. This entire process takes less than two seconds on a Gigabit Ethernet network.

Exchange
If you one day are faced with a relatively large corrupt Mailbox Store, restoring it can, depending on things such as backup hardware, backup application and network speed, be quite time consuming. Now the last thing you want to deal with in such a situation is frustrated users (or even worse a yelling CEO!).

So how can you get your users to calm down (and your CEO to s up) and get back to work while you concentrate on getting the Mailbox Store back to life? Theres one simple answer and that is, you can create a dial-tone database and thereby get message flow and mailbox access recovered almost instantly. By using a dial-tone database your users can start to receive and send mail again, they can even go check out old messages that existed in their mailbox on the Exchange server (if their Outlook client has been configured to use cached mode that is), bear in mind though they have to switch between Online and Offline mode when prompted with the Outlook 2003 Exchange Recovery Mode dialog box. Ill talk more about Outlook 2003 Recovery mode in Demystifying The Exchange Dial-tone Restore Method (Part 2). Using the dial-tone database restore method means that you, while restoring one or more corrupted Mailbox Stores from the most recent backup, have users connect to a new empty or blank Mailbox Store. The dial-tone restore method is by no means new; its been used with previous versions of Exchange as well, but now that we have the Exchange Server 2003 Recovery Storage Group (RSG) feature, the method becomes even more attractive when restoring Mailbox Stores within your Exchange messaging environment. Note: With previous versions of Exchange a dedicated Exchange recovery server was required. Using a separate Exchange recovery Server meant you first had to restore the required Mailbox Store(s) or database to the recovery server, then either export the data from the restored database(s) to PST files using Exchange Server Mailbox Merge Wizard (ExMerge) or copy the whole Exchange database from the recovery server to the production server. As an Exchange database often is several gigabytes in size, this meant you typically had to copy large amounts of data over the wire which, depending on the network, could add several hours to the total recovery time. Using the Recovery Storage Group feature makes it possible to restore Mailbox Stores without the need to build and use a separate Exchange Recovery Server; instead you can simply restore the Mailbox Store(s) directly to the Recovery Storage Group (RSG) on the respective Exchange Server or any other Exchange 2003 Server in the same Administrative Group. This makes it an easy and painless process to merge data from the restored Mailbox Store(s) to the dial-tone database, or swap the restored database from the Recovery Storage Group (RSG) to the dial-tone database in the original Storage Group, then merge data from the dial-tone database to the restored Mailbox Store. Ill also talk more about swapping databases in Demystifying The Exchange Dial-tone Restore Method (Part 2). Note: If youre not familiar with the Recovery Storage Group (RSG) feature, I recommend you checkout MS KB article: 824126 - How to use Recovery Storage Groups in Exchange Server 2003 which does a great job explaining how you can recover Mailbox Stores or individual mailboxes using by restoring a Mailbox Store to the RSG. Creating the Dial-tone Database Alright were ready to have the dial-tone database created, so if its not already the case you first need Roles:

Here I am playing a key role Active Directory and Backup Administration. I need to check the backup logs, backing is completed successfully. We have a MOM Team, it will generate the alerts in respective to MOM. I am taking care of AD Alerts and backups. Like Disk space low issues, automated services, CPU Utilization, Server Availability, Server Health check, Hardware Failures and DNS issues and moreover I can say user creations, DL Creations, Mail Box moments and I am in a part of taking care about the Anti virus bad clients. We are using HP OVSD tool to monitor the Queue. All these issues. RAID 5 and 10?
Common Name(s): RAID 5. Technique(s) Used: Block-level striping with distributed parity. Description: One of the most popular RAID levels, RAID 5 stripes both data and parity

information across three or more drives. It is similar to RAID 4 except that it exchanges the dedicated parity drive for a distributed parity algorithm, writing data and parity blocks across all the drives in the array. This removes the "bottleneck" that the dedicated parity drive represents, improving write performance slightly and allowing somewhat better parallelism in a multiple-transaction environment, though the overhead necessary in dealing with the parity continues to bog down writes. Fault tolerance is maintained by ensuring that the parity information for any given block of data is placed on a drive separate from those used to store the data itself. The performance of a RAID 5 array can be "adjusted" by trying different stripe sizes until one is found that is well-matched to the application being used. RAID5 versus RAID10 (or even RAID3 or RAID4) First let's get on the same page so we're all talking about apples. What is RAID5? OK here is the deal, RAID5 uses ONLY ONE parity drive per stripe and many RAID5 arrays are 5 (if your counts are different adjust the calculations appropriately) drives (4 data and 1 parity though it is not a single drive that is holding all of the parity as in RAID 3 & 4 but read on). If you have 10 drives or say 20GB each for 200GB RAID5 will use 20% for parity (assuming you set it up as two 5 drive arrays) so you will have 160GB of storage. Now since RAID10, like mirroring (RAID1), uses 1 (or more) mirror drive for each primary drive you are using 50% for redundancy so to get the same 160GB of storage you will need 8 pairs or 16 - 20GB drives, which is why RAID5 is so popular. This intro is just to put things into perspective.

RAID5 is physically a stripe set like RAID0 but with data recovery included. RAID5 reserves one disk block out of each stripe block for parity data. The parity block contains an error correction code which can correct any error in the RAID5 block, in effect it is used in combination with the remaining data blocks to recreate any single missing block, gone missing because a drive has failed. The innovation of RAID5 over RAID3 & RAID4 is that the parity is distributed on a round robin basis so that There can be independent reading of different blocks from the several drives. This is why RAID5 became more popular than RAID3 & RAID4 which must synchronously read the same block from all drives together. So, if Drive2 fails blocks 1,2,4,5,6 & 7 are data blocks on this drive and blocks 3 and 8 are parity blocks on this drive. So that means that the parity on Drive5 will be used to recreate the data block from Disk2 if block 1 is requested before a new drive replaces Drive2 or during the rebuilding of the new Drive2 replacement. Likewise the parity on Drive1 will be used to repair block 2 and the parity on Drive3 will repair block4, etc. For block 2 all the data is safely on the remaining drives but during the rebuilding of Drive2's replacement a new parity block will be calculated from the block 2 data and will be written to Drive 2. Now when a disk block is read from the array the RAID software/firmware calculates which RAID block contains the disk block, which drive the disk block is on and which drive contains the parity block for that RAID block and reads ONLY the one data drive. It returns the data block. If you later modify the data block it recalculates the parity by subtracting the old block and adding in the new version then in two separate operations it writes the data block followed by the new parity block. To do this it must first read the parity block from whichever drive contains the parity for that stripe block and reread the unmodified data for the updated block from the original drive. This read-read-write-write is known as the RAID5 write penalty since these two writes are sequential and synchronous the write system call cannot return until the reread and both writes complete, for safety, so writing to RAID5 is up to 50% slower than RAID0 for an array of the same capacity. (Some software RAID5's avoid the re-read by keeping an unmodified copy of the original block in memory.) Now what is RAID10? RAID10 is one of the combinations of RAID1 (mirroring) and RAID0 (striping) which are possible. There used to be confusion about what RAID01 or RAID10 meant and different RAID vendors defined them differently. About five years or so ago I proposed the following standard language which seems to have taken hold. When N mirrored pairs are striped together this is called RAID10 because the mirroring (RAID1) is applied before striping (RAID0). The other option is to create two stripe Sets and mirror them one to the other, this is known as RAID01 (because the RAID0 is applied first). In either a RAID01 or RAID10 system each and every disk block is completely duplicated on its drive's mirror. Performance-wise both RAID01 and RAID10 are functionally equivalent. The difference comes in during recovery where RAID01 suffers from some of the same problems I will describe affecting RAID5 while RAID10 does not. Now if a drive in the RAID5 array dies, is removed, or is shut off data is returned by reading the blocks from the remaining drives and calculating the missing data using the parity, assuming the defunct drive is not the parity block drive for that RAID block. Note that it takes 4 physical reads to replace the missing disk block (for a 5 drive array) for four out of every five disk blocks leading to a 64% performance degradation until the problem is discovered and a new drive can be mapped in to begin recovery. Performance is degraded further during recovery because all

Drives are being actively accessed in order to rebuild the replacement drive (see below). If a drive in the RAID10 array dies data is returned from its mirror drive in a single read with only minor (6.25% on average for a 4 pair array as a whole) performance reduction when two non-contiguous blocks are needed from the damaged pair (since the two blocks cannot be read in parallel from both drives) and none otherwise. Mirroring? Mirroring is one of the two data redundancy techniques used in RAID (the other being parity). In a RAID system using mirroring, all data in the system is written simultaneously to two hard disks instead of one; thus the "mirror" concept. The principle behind mirroring is that this 100% data redundancy provides full protection against the failure of either of the disks containing the duplicated data. Mirroring setups always require an even number of drives for obvious reasons. The chief advantage of mirroring is that it provides not only complete redundancy of data, but also reasonably fast recovery from a disk failure. Since all the data is on the second drive, it is ready to use if the first one fails. Mirroring also improves some forms of read performance (though it actually hurts write performance.) The chief disadvantage of RAID 1 is expense: that data duplication means half the space in the RAID is "wasted" so you must buy twice the capacity that you want to end up with in the array. Performance is also not as good as some RAID levels. Parity Mirroring is a data redundancy technique used by some RAID levels, in particular RAID level 1, to provide data protection on a RAID array. While mirroring has some advantages and is well-suited for certain RAID implementations, it also has some limitations. It has a high overhead cost, because fully 50% of the drives in the array are reserved for duplicate data; and it doesn't improve performance as much as data striping does for many applications. For this reason, a different way of protecting data is provided as an alternate to mirroring. It involves the use of parity information, which is redundancy information calculated from the actual data values. Cross realm uses for ticket granting service for cross domain authentication. Kerberos Authentication: After giving the password at client end checks the time stamp with domain controller of Global catalogue with the use of NTP protocol ( port number 123 ) If the time difference between the DC and client should not be exceed more than 5 mins.

After finishing the time stamp matching session ticket with encrypted password and it releases the two tickets with help of KDC ( Key distribution Centre ). One is for sends the request to logon and another one sends the permission whether accepting or not. After providing the authentication from Kerberos LDAP finishes the logon process with port number 389 Kerberos uses to protocols UDP and TCP with same port number 88. After that it checks for password which is maintaining in DC if it matches it will start authenticating with domain. Replmon Replmon.exe: Active Directory Replication Monitor This GUI tool enables administrators to view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication. You can use ReplMon to do the following: 1. See when a replication partner fails. 2. View the history of successful and failed replication changes for troubleshooting purposes. 3. Create your own applications or scripts written in Microsoft Visual Basic Scripting Edition (VBScript) to extract specific data from Active Directory. 4. View a snapshot of the performance counters on the computer, and the registry configuration of the server. 5. Generate status reports that include direct and transitive replication partners, and detail a record of changes. 6. Find all direct and transitive replication partners on the network. 7. Display replication topology. 8. Poll replication partners and generate individual histories of successful and failed replication events. 9. Force replication. 10. Trigger the Knowledge Consistency Checker (KCC) to recalculate the replication topology. 11. Display changes that have not yet replicated from a given replication partner. 12. Display a list of the trust relationships maintained by the domain controller being monitored.

13. Display the metadata of an Active Directory object's attributes. 14. Monitor replication status of domain controllers from multiple forests. Repadmin.exe: Replication Diagnostics Tool This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors. Repadmin.exe can also be used for monitoring the relative health of an Active Directory forest. The operations replsummary, showrepl, showrepl /csv, and showvector /latency can be used to check for replication problems.
Usually, the Knowledge Consistency Checker (KCC) manages the replication topology for each naming context held on domain controllers.

Important: During the normal course of operations, there is no need to create the replication topology manually. Incorrect use of this tool can adversely impact the replication topology. The primary use of this tool is to monitor replication so that problems such as offline servers or unavailable LAN/WAN connections can be identified.

1. How to conform if the software package deployed using group policy. Has got 2.
3. installed in the user PC. in one DC one user has been deleted the OU by admin1 delete by one administrator, in other DC the same OU is getting updated in admin 2 (Lost and found object) what are the two attributes, which reflect while replication happening how do u see the by using GPO which software has been installed in the machines hw to install the software package for 500 machines.can u just give the steps hw do deploy patch in enterprise environment hw to un-install a package if Kerberos fail, what will happen, is there any other authentication when you need to install DNS server in member servers, what is the use of it Active directory integrated DNS in member server install?

4. 5.
6. 7.

8.
9. 10.

11. what the log files and what is the use of log files

Answers: 1. Software deployment tools are there SMS ..Packagehow to

MBSA 2.0.1 is compatible with Microsoft Update and Windows Server Update Services and the SMS Inventory Tool for Microsoft Update (ITMU). MBSA 2.0.1 offers customers improved Windows component support, expanded platform support for XP Embedded and 64-bit Windows, as well as more consistent and less complex security update management experience. Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.0.1. Legacy Product Support: For customers using legacy products not supported by MBSA 2.0.1, Microsoft Update, and WSUS, Shavlik Technologies provides a free MBSA 2.0.1 companion tool called Shavlik NetChk Limited.

diploye..SMs or some other tool

2. only one OU you can create and delete hw the same OU name will come in
other machines 3. GPMC..gpo is one object in in group policy 4. whats is the GPMC..password policy.hw u will applywhere u will apply 5. hirarchichysite and domain and OU. 6. 500Distribution point(SMS). 7. hw to deployed ..the enterprise environement..
SUS: Microsoft SUS is a free patch management tool provided by Microsoft to help network administrators deploy security patches more easily. In simple terms, Microsoft SUS is a version of Windows Update that you can run on your network. Software Update Services leverages the successful Windows Automatic Updates service first available in Windows XP, and allows information technology professionals to configure a server that contains content from the live Windows Update site in their own Windows-based intranets to service corporate servers and clients.

Software Update Services

The server features include: Built-in security. The administrative pages are restricted to local administrators on the computer that hosts the updates. The synchronization validates the digital certificates on any downloads to the update server. If the certificates are not from Microsoft, the packages are deleted.

 Selective content approval. Updates synchronized to your server running Software Update Services are not made automatically available to the computers that have been configured to get updates from that server. The administrator approves the updates before they are made available for download. This allows the administrator to test the packages being deploying them. Content synchronization. The server is synchronized with the public Windows Update service either manually or automatically. The administrator can set a schedule or have the synchronization component of the server do it automatically at preset times. Alternatively, the administrator can use the Synchronize Now button to manually synchronize. Server-to-server synchronization. Because you may need multiple servers running Microsoft SUS inside your corporation in order to bring the updates closer to your desktops and servers for downloading, Microsoft SUS will allow you to point to another server running Microsoft SUS instead of Windows Update, allowing these critical software updates to be distributed around your enterprise. Update package hosting flexibility. Administrators have the flexibility of downloading the actual updates to their intranet, or pointing computers to a worldwide network of download servers maintained by Microsoft. Downloading updates might appeal to an administrator with a network closed to the Internet. Large networks spread over geographically disparate sites might find it more beneficial to use the Microsoft maintained download servers. These are the actual Windows Update download servers. In a scenario like this, an administrator would download and test updates at a central site, then point computers requiring updates to one of the Windows Update download servers. Microsoft maintains a worldwide network of these type servers. Multi-language support. Although the Software Update Services administrative interface is available only in English or Japanese, the server supports the publishing of updates to multiple operating-system language versions. Administrators can configure the list of languages for which they want updates downloaded. Remote administration via HTTP or HTTPS. The administrative interface is Web-based and therefore allows for remote (internal) administration using Internet Explorer 5.5 or higher. Update status logging. You can specify the address of a Web server where the Automatic Updates client should send statistics about updates that have been downloaded, and whether the updates have been installed. These statistics are sent using the HTTP protocol and appear in the log file of the Web server. Download Software Update Services Server 1.0 with Service Pack 1 HERE (33mb)

Microsoft SUS Server limitations

Though very good as what it does, Microsofts patch management tool does have a few limitations: It does not push out service packs; you need a separate solution for that.

 It only handles patches at operating system level (including Internet Explorer and IIS), but not application patches such as Microsoft Office, Microsoft Exchange Server, Microsoft SQL Server, etc. It requires Windows 2000 and up, so it cannot patch Windows NT 4 systems. It cannot deploy custom patches for third party software. It does not allow you to scan your network for missing patches, so you cannot check if everything has been installed correctly. There is no easy reporting system for this. This means that you still require a patch management solution to perform the above tasks. Microsoft does not plan to add the above features, since it promotes Microsoft SMS server as a tool for that. So, Microsoft SUS server is ideal for operating system patches if used in conjunction with a patch management tool. Read more on how to overcome SUS's limitations by using a 3rd party tool called GFI LANguard Network Security Scanner.

Windows Automatic Update Client

To use SUS on your network you will need to use the Windows Automatic Update Client. The client is based on the Windows Automatic Updates technology that was significantly updated for Windows XP. Automatic Updates is a proactive pull service that enables users with administrative privileges to automatically download and install Windows updates such as critical operating-system fixes and Windows security patches. The features include: Built-in security: Only users with local administrative privileges can interact with Automatic Updates. This prevents unauthorized users from tampering with the installation of critical updates. Before installing a downloaded update, Automatic Updates verifies that Microsoft has digitally signed the files. Just-in-time validation: Automatic Updates uses the Windows Update service technologies to scan the system and determine which updates are applicable to a particular computer. Background downloads: Automatic Updates uses the Background Intelligent Transfer Service (BITS), an innovative bandwidth-throttling technology built into Windows XP and newer operating systems, to download updates to the computer. This bandwidth-throttling technology uses only idle bandwidth so that downloads do not interfere with or slow down other network activity, such as Internet browsing. Chained installation: Automatic Updates uses the Windows Update technologies to install downloaded updates. If multiple updates are being installed and one of them requires a restart, Automatic Updates installs them all together and then requests a single restart.

Multi-user awareness: Automatic Updates is multi-user aware, which means that it displays different UI depending on which administrative user is logged on. Manageability: In an Active Directory environment, an administrator can configure the behavior of Automatic Updates using Group Policy. Otherwise, an administrator can remotely configure Automatic Updates using registry keys through the use of a logon script or similar mechanism. Multi-language support: The client is supported on localized versions of Windows.

This update applies to the following operating systems: Windows Windows Windows Windows Windows 2000 Professional with Service Pack 2 2000 Server with Service Pack 2 2000 Advanced Server with Service Pack 2 XP Professional XP Home Edition

Note: Windows 2000 Service Pack 3 (SP3) and Windows XP Service Pack 1 (SP1) include the Automatic Updates component, eliminating the need to download the client component separately.

Download Windows automatic updating (SUS Client) HERE (1mb)

Administrator Control via Policies

The Automatic Updates behavior can be driven by configuring Group Policy settings in an Active Directory environment. Administrators can use Group Policy in an Active Directory environment or can configure registry keys to specify a server running Software Update Services. Computers running Automatic Updates then use this specified server to get updates. The Software Update Services installation package includes a policy template file, WUAU.ADM, which contains the Group Policy settings described earlier in this paper. These settings can be loaded into Group Policy Editor for deployment. These policies are also included in the System.adm file in Windows 2000 Service Pack 3, and will be included in the Windows Server 2003 family, and in Windows XP Service Pack 1.

8. NTLM System Login Process:

Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of users.

The KDC maintains a database of secret keys; each entity on the network whether a client or a server shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key which they can use to secure their interactions The security of the protocol relies heavily on participants maintaining loosely synchronized time and on short lived assertions of authenticity called Kerberos tickets. What follows is a simplified description of the protocol. The following abbreviations will be used: AS = Authentication Server TGS = Ticket Granting Server SS = Service Server. TGT = Ticket Granting Ticket

Briefly, the client authenticates to AS using a long-term shared secret and receives a ticket from the AS. Later the client can use this ticket to get additional tickets for SS without resorting to using the shared secret. These tickets can be used to prove authentication to SS. In more detail: User Client-based Logon Steps:

1.

A user enters a username and password on the client. 2. The client performs a one-way function on the entered password, and this becomes the secret key of the client. Client Authentication Steps:

1.

The client sends a cleartext message to the AS requesting services on behalf of the user. Sample message: "User XYZ would like to request services". Note: Neither the secret key nor the password is sent to the AS. 2. The AS checks to see if the client is in its database. If it is, the AS sends back the following two messages to the client: o Message A: Client/TGS session key encrypted using the secret key of the user. o Message B: Ticket-Granting Ticket (which includes the client ID, client network address, ticket validity period, and the client/TGS session key)

encrypted using the secret key of the TGS. 3. Once the client receives messages A and B, it decrypts message A to obtain the client/TGS session key. This session key is used for further communications with TGS. (Note: The client cannot decrypt Message B, as it is encrypted using TGS's secret key.) At this point, the client has enough information to authenticate itself to the TGS. Client Service Authorization Steps: 1. When requesting services, the client sends the following two messages to the TGS: o Message C: Composed of the Ticket-Granting Ticket from message B and the ID of the requested service. o Message D: Authenticator (which is composed of the client ID and the timestamp), encrypted using the client/TGS session key. 2. Upon receiving messages C and D, the TGS retrieves message B out of message C. It decrypts message B using the TGS secret key. This gives it the "client/TGS session key". Using this key, the TGS decrypts message D (Authenticator) and sends the following two messages to the client: o Message E: Client-to-server ticket (which includes the client ID, client network address, validity period and Client/server session key) encrypted using the service's secret key. o Message F: Client/server session key encrypted with the client/TGS session key. Client Service Request Steps: 1. Upon receiving messages E and F from TGS, the client has enough information to authenticate itself to the SS. The client connects to the SS and sends the following two messages: o Message E from the previous step (the client-to-server ticket, encrypted using service's secret key). o Message G: a new Authenticator, which includes the client ID, timestamp and is encrypted using client/server session key.

2. The SS decrypts the ticket using its own secret key and sends the following message to the client to confirm its true identity and willingness to serve the client: o Message H: the timestamp found in client's recent Authenticator plus 1, encrypted using the client/server session key. 3. The client decrypts the confirmation using the client/server session key and checks whether the timestamp is correctly updated. If so, then the client can trust the server and can start issuing service requests to the server. 4. The server provides the requested services to the client. Drawbacks Single point of failure: It requires continuous availability of a central server. When the Kerberos server is down, no one can log in. This can be mitigated by using multiple Kerberos servers. Kerberos requires the clocks of the involved hosts to be synchronized. The tickets have time availability period and, if the host clock is not synchronized with the clock of Kerberos server, the authentication will fail. The default configuration requires that clock times are no more than 10 minutes apart. In practice, Network Time Protocol daemons are usually used to keep the host clocks synchronized. The administration protocol is not standardized, and differs between server implementations. Password changes are described in RFC 3244. Since the secret keys for all users are stored on the central server, a compromise of that server will compromise all users' secret keys.

Group policies successive event id 1704

For GPUpdate events: 1500,1501,1502 and 1503

For SMB erros event id:1058 and in 2000 id 1000

solution: 1. On the domain controller, click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\param eters 3. In the right pane, double-click enablesecuritysignature, type 1 in the Value data box, and then click OK. 4. Double-click requiresecuritysignature, type 1 in the Value data box, and then click OK. 5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\ parameters 6. In the right pane, double-click enablesecuritysignature, type 1 in the Value data box, and then click OK. 7. Double-click requiresecuritysignature, type 0 in the Value data box, and then click OK. 8. After you change these registry values, restart the Server and Workstation services. Do not restart the domain controller, because this action may cause Group Policy to change the registry values back to the earlier values. 9. Open the domain controllers Sysvol share. To do this, click Start, click Run, type \\Server_Name\Sysvol, and then press ENTER. If the Sysvol share does not open, repeat steps 1 through 8. 10. Repeat steps 1 through 9 on each affected domain controller to make sure that each domain controller can access its own Sysvol share. 11. After you connect to the Sysvol share on each domain controller, open the Domain Controller Security Policy snap-in, and then configure the SMB signing policy settings. To do this, follow these steps:a. Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy. b. In the left pane, expand Local Policies, and then click Security Options. c. In the right pane, double-click Microsoft network server: Digitally sign communications (always).

Note In Windows 2000 Server, the equivalent policy setting is Digitally sign server communication (always).

Important If you have client computers on the network that do not support SMB signing, you must not enable the Microsoft network server: Digitally sign communications (always) policy setting. If you enable this setting, you require SMB signing for all client communication, and client computers that do not support SMB signing will not be able to connect to other computers. For example, clients that are running Apple Macintosh OS X or Microsoft Windows 95 do not support SMB signing. If your network includes clients that do not support SMB signing, set this policy to disabled.

d. Click to select the Define this policy setting check box, click Enabled, and then click OK. e. Double-click Microsoft network server: Digitally sign communications (if client agrees).

Note For Windows 2000 Server, the equivalent policy setting is Digitally sign server communication (when possible). f. Click to select the Define this policy setting check box, and then click Enabled. g. Click OK. h. Double-click Microsoft network client: Digitally sign communications (always). i. Click to clear the Define this policy setting check box, and then click OK. j. Double-click Microsoft network client: Digitally sign communications (if server agrees). k. Click to clear the Define this policy setting check box, and then click OK.

12. Run the Group Policy Update utility (Gpupdate.exe) with the force switch. To do this, follow these steps:a. Click Start, click Run, type cmd, and then click OK. b. At the command prompt, type gpupdate /force, and then press ENTER. For more information about the Group Policy Update utility, click the following article number to view the article in the Microsoft Knowledge Base: 298444 (http://support.microsoft.com/kb/298444/) A description of the Group Policy Update utility

Note The Group Policy Update utility does not exist in Windows 2000 Server. In Windows 2000, the equivalent command is secedit /refreshpolicy machine_policy /enforce.

For more information about using the Secedit command in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: 227302 (http://support.microsoft.com/kb/227302/) Using SECEDIT to force a Group Policy refresh immediately 13. After you run the Group Policy Update utility, check the application event log to make sure that the Group Policy settings were updated successfully. After a successful Group Policy update, the domain controller logs Event ID 1704. This event appears in the Application Log in Event Viewer. The source of the event is SceCli. 14. Check the registry values that you changed in steps 1 through 7 to make sure that the registry values have not changed.

Note This step makes sure that a conflicting policy setting is not applied at another group or organizational unit (OU) level. For example, if the Microsoft network client: Digitally sign communications (if server agrees) policy is configured as "Not Defined" in Domain Controller Security Policy, but this same policy is configured as disabled in Domain Security Policy, SMB signing will be disabled for the Workstation service. 15. If the registry values have changed after you run the Group Policy Update utility, open the Resultant Set of Policy (RSoP) snap-in in Windows Server 2003. To start the RSoP snap-in, click Start, click Run, type rsop.msc in the Open box, and then click OK.

In the RSoP snap-in, the SMB signing settings are located in the following path: Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options Note If you are running Windows 2000 Server, install the Group Policy Update utility from the Windows 2000 Resource Kit, and then type the following at the commmand prompt: gpresult /scope computer /v

After you run this command, the Applied Group Policy Objects list appears. This list shows all Group Policy objects that are applied to the computer account. Check the SMB signing policy settings for all these Group Policy objects.