Beruflich Dokumente
Kultur Dokumente
Difference between inter-site and intra-site replication. Protocols using for replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication can be done between two different sites over WAN links BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site replication can be done B/w BHS in one site and BHS in another site. We can use RPC over IP or SMTP as a replication protocols where as Domain partition is not possible to replicate using SMTP
Storage types are separate from the file system type. A basic or dynamic disk can contain any combination of FAT16, FAT32, or NTFS partitions or volumes. A disk system can contain any combination of storage types. However, all volumes on the same disk must use the same storage type. To convert a Basic Disk to a Dynamic Disk: Use the Disk Management snap-in in Windows XP/2000/2003 to convert a basic disk to a dynamic disk. To do this, follow these steps: 1. Log on as Administrator or as a member of the Administrators group. 2. Click Start, and then click Control Panel. 3. Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management. You can also right-click My Computer and choose Manage if you have My Computer displayed on your desktop. 4. In the left pane, click Disk Management. 5. In the lower-right pane, right-click the basic disk that you want to convert, and then click Convert to Dynamic Disk. You must right-click the gray area that contains the disk title on the left side of the Details pane. 6. Select the check box that is next to the disk that you want to convert (if it is not already selected), and then click OK. 7. Click Details if you want to view the list of volumes in the disk. Click Convert. 8. Click yes when you are prompted to convert the disk, and then click OK. Warning: After you convert a basic disk to a dynamic disk, local access to the dynamic disk is limited to Windows XP Professional, Windows 2000 and Windows Server 2003. Additionally, after you convert a basic disk to a dynamic disk, the dynamic volumes cannot be changed back to partitions. You must first delete all dynamic volumes on the disk and then convert the dynamic disk back to a basic disk. If you want to keep your data, you must first back up the data or move it to another volume. Dynamic Storage Terms Brief explanation of RAID Levels RAID 0 Striping RAID 1- Mirroring (minimum 2 HDD required) RAID 5 Striping With Parity (Minimum 3 HDD required) RAID levels 1 and 5 only gives redundancy A volume is a storage unit made from free space on one or more disks. It can be formatted with a file system and assigned a drive letter. Volumes on dynamic disks can have any of the following layouts: simple, spanned, mirrored, striped, or RAID-5.
3 A simple volume uses free space from a single disk. It can be a single region on a disk or consist of multiple, concatenated regions. A simple volume can be extended within the same disk or onto additional disks. If a simple volume is extended across multiple disks, it becomes a spanned volume. A spanned volume is created from free disk space that is linked together from multiple disks. You can extend a spanned volume onto a maximum of 32 disks. A spanned volume cannot be mirrored and is not fault-tolerant. A striped volume is a volume whose data is interleaved across two or more physical disks. The data on this type of volume is allocated alternately and evenly to each of the physical disks. A striped volume cannot be mirrored or extended and is not fault-tolerant. Striping is also known as RAID-0. A mirrored volume is a fault-tolerant volume whose data is duplicated on two physical disks. All of the data on one volume is copied to another disk to provide data redundancy. If one of the disks fails, the data can still be accessed from the remaining disk. A mirrored volume cannot be extended. Mirroring is also known as RAID-1. A RAID-5 volume is a fault-tolerant volume whose data is striped across an array of three or more disks. Parity (a calculated value that can be used to reconstruct data after a failure) is also striped across the disk array. If a physical disk fails, the portion of the RAID-5 volume that was on that failed disk can be re-created from the remaining data and the parity. A RAID-5 volume cannot be mirrored or extended. The system volume contains the hardware-specific files that are needed to load Windows (for example, Ntldr, Boot.ini, and Ntdetect.com). The system volume can be, but does not have to be, the same as the boot volume. The boot volume contains the Windows operating system files that are located in the %Systemroot% and %Systemroot%\System32 folders. The boot volume can be, but does not have to be, the same as the system volume.
Normal backup
4 A normal backup copies all selected files and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set.
Incremental backup An incremental backup backs up only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets in order to restore your data. Differential backup A differential backup copies file created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup. Daily backup A daily backup copies all selected files that have been modified the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared). Copy backup A copy backup copies all selected files but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.
5 Active directory is logically divided into 3 partitions 1.Configuration partition 2. Schema Partition 3. Domain partition 4. Application Partition (only in windows 2003 not available in windows 2000) Out of these Configuration, Schema partitions can be replicated between the domain controllers in the in the entire forest. Whereas Domain partition can be replicated between the domain controllers in the same domain
What are the port numbers for Kerberos, LDAP and Global Catalog?
Kerberos 88, LDAP 389, Global Catalog 3268
what are the problems that are generally come across DHCP?
Scope is full with IP addresses no IPs available for new machines If scope options are not configured properly e.g. default gateway Incorrect creation of scopes etc
What are the services installed when RIS is installed. Read about RIS.
Boot Information Negotiation Layer (BINL) This service listens for and answers DHCP (PXE) requests. It also services Client Installation Wizard requests. Trivial File Transfer Protocol Daemon (TFTPD) A RIS server uses TFTP to download the initial files needed to begin the remote installation process to the client. Single Instance Store (SIS) SIS services consist of an NTFS file system filter and a service that acts on the volume on which the RIS images are kept. SIS services reduce the storage requirements needed to store these images by combining duplicate files.
High Level
Brief all the FSMO Roles Windows 2000/2003 Multi-Master Model A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows 2000/2003 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact. For certain types of changes, Windows 2000/2003 incorporates methods to prevent conflicting Active Directory updates from occurring. Windows 2000/2003 Single-Master Model To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion. In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain. In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are: Schema Master: The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest. Infrastructure Master: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain. Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a
9 Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role (or there is no requirement of Infrastructure master role) Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security Principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain. PDC Emulator: The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner. In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. Account lockout is processed on the PDC emulator. Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-
10 based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
What will happen if you do not perform the seize in time? This table has the info:
FSMO Role Loss implications Schema The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time. Domain Naming Unless you are going to run DCPROMO, then you will not miss this FSMO role. RID Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week. PDC Emulator Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem. Infrastructure Group memberships may be incomplete. If you only have one domain, then there will be no impact. Important: If the RID, Schema, or Domain Naming FSMOs are seized, then the original domain controller must not be activated in the forest again. It is necessary to reinstall Windows if these servers are to be used again.
11
12 following steps: Back up Active Directory (AD). Reboot the server, select the OS option, and press F8 for advanced options. Select the Directory Services Restore Mode option, and press Enter. Press Enter again to start the OS. W2K will start in safe mode, with no DS running. Use the local SAMs administrator account and password to log on. Youll see a dialog box that says youre in safe mode. Click OK. From the Start menu, select Run and type cmd.exe In the command window, youll see the following text. (Enter the commands in bold.) C:\> ntdsutil ntdsutil: files file maintenance:info .... file maintenance:compact to c:\temp Youll see the defragmentation process. If the process was successful, enter quit to return to the command prompt. Then, replace the old NTDS.DIT file with the new, compressed version. (Enter the commands in bold.) C:\> copy c:\temp\ntds.dit %systemroot%\ntds\ntds.dit Restart the computer, and boot as normal.
13 If a DC is restored from a backup that contains an object deleted elsewhere, the object will reappear on the restored DC. Because the tombstone object on the other DCs has been removed, the restored DC will not receive the tombstone object (via replication), and so it will never be notified of the deletion. The deleted object will linger in the restored local copy of Active Directory.
What are the monitoring tools used for Server and Network Health.
How to define alert mechanism Spot Light , SNMP Need to enable .
How to deploy the patches and what are the softwares used for this process
Using SUS (Software update services) server we can deploy patches to all clients in the network. We need to configure an option called Synchronize with Microsoft software update server option and schedule time to synchronize in server. We need to approve new update based on the requirement. Then approved update will be deployed to clients We can configure clients by changing the registry manually or through Group policy by adding WUAU administrative template in group policy
14
Is it possible to rename the Domain name & how? In Windows 2000 it is not possible. In windows 2003 it is possible. On Domain controller by going to MYCOMPUTER properties we can change. What is SOA Record
SOA is a Start Of Authority record, which is a first record in DNS, which controls the startup behavior of DNS. We can configure TTL, refresh, and retry intervals in this record.
15
What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level
What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.
16
What different modes in windows 2003 (Mixed, native & interim.etc) What are the domain and forest function levels in a Windows Server 2003-basedActive Directory?
Functional levels are an extension of the mixed/native mode concept introduced in Windows 2000 to activate new Active Directory features after all the domain controllers in the domain or forest are running the Windows Server 2003 operating system. When a computer that is running Windows Server 2003 is installed and promoted to a domain controller, new Active Directory features are activated by the Windows Server 2003 operating system over its Windows 2000 counterparts. Additional Active Directory features are available when all domain controllers in a domain or forest are running Windows Server 2003 and the administrator activates the corresponding functional level in the domain or forest. To activate the new domain features, all domain controllers in the domain must be running Windows Server 2003. After this requirement is met, the administrator can raise the domain functional level to Windows Server 2003 (read Raise Domain Function Level in Windows Server 2003 Domains for more info). To activate new forest-wide features, all domain controllers in the forest must be running Windows Server 2003, and the current forest functional level must be at Windows 2000 native or Windows Server 2003 domain level. After this requirement is met, the administrator can raise the domain functional level (read Raise Forest Function Level in Windows Server 2003 Active Directory for more info). Note: Network clients can authenticate or access resources in the domain or forest without being affected by the Windows Server 2003 domain or forest functional levels. These levels only affect the way that domain controllers interact with each other. Important:raising the domain and forest functional levels to Windows Server 2003 is a nonreversible task and prohibits the addition of Windows NT 4.0based or Windows 2000based domain controllers to the environment. Any existing Windows NT 4.0 or Windows 2000based domain controllers in the environment will no longer function. Before raising functional levels to take advantage of advanced Windows Server 2003 features, ensure that you will never need to install domain controllers running Windows NT 4.0 or Windows 2000 in your environment. When the first Windows Server 2003based domain controller is deployed in a domain or forest, a set of default Active Directory features becomes available. The following table summarizes the Active Directory features that are available by default on any domain controller running Windows Server 2003: Feature Functionality Multiple selection of user objects Allows you to modify common attributes of multiple user objects at one time.
17 Drag and drop functionality Allows you to move Active Directory objects from container to container by dragging one or more objects to a location in the domain hierarchy. You can also add objects to group membership lists by dragging one or more objects (including other group objects) to the target group. Efficient search capabilities/Search functionality is object-oriented and provides an efficient search that minimizes network traffic associated with browsing objects. Saved queries Allows you to save commonly used search parameters for reuse in Active Directory Users and Computers Active Directory command-line tools Allows you to run new directory service commands for administration scenarios. InetOrgPerson class:- The inetOrgPerson class has been added to the base schema as a security principal and can be used in the same manner as the user class. Application directory partitions Allows you to configure the replication scope for applicationspecific data among domain controllers. For example, you can control the replication scope of Domain Name System (DNS) zone data stored in Active Directory so that only specific domain controllers in the forest participate in DNS zone replication. Ability to add additional domain controllers by using backup media Reduces the time it takes to add an additional domain controller in an existing domain by using backup media. Universal group membership caching Prevents the need to locate a global catalog across a wide area network (WAN) when logging on by storing universal group membership information on an authenticating domain controller. Secure Lightweight Directory Access Protocol (LDAP) traffic Active Directory administrative tools sign and encrypt all LDAP traffic by default. Signing LDAP traffic guarantees that the packaged data comes from a known source and that it has not been tampered with. Partial synchronization of the global catalog Provides improved replication of the global catalog when schema changes/add attributes to the global catalog partial attribute set. Only the new attributes are replicated, not the entire global catalog. Active Directory quotas can be specified in Active Directory to control the number of objects, a user, group, or computer can own in a given directory partition. Members of the Domain Administrators and Enterprise Administrators groups are exempt from quotas. When the first Windows Server 2003based domain controller is deployed in a domain or forest, the domain or forest operates by default at the lowest functional level that is possible in that environment. This allows you to take advantage of the default Active Directory features while running versions of Windows earlier than Windows Server 2003. When you raise the functional level of a domain or forest, a set of advanced features becomes available. For example, the Windows Server 2003 interim forest functional level supports more features than the Windows 2000 forest functional level, but fewer features than the Windows Server 2003 forest functional level supports. Windows Server 2003 is the highest functional level that is available for a domain or forest. The Windows Server 2003 functional level supports the most advanced Active Directory features; however, only Windows Server 2003 domain controllers can operate in that domain or forest. If you raise the domain functional level to Windows Server 2003, you cannot introduce any domain controllers that are running versions of Windows earlier than Windows Server 2003 into that domain. This applies to the forest functional level as well. Domain Functional Level
18 Domain functionality activates features that affect the whole domain and that domain only. The four domain functional levels, their corresponding features, and supported domain controllers are as follows: Windows 2000 mixed (Default) Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003 Activated features: local and global groups, global catalog support Windows 2000 native Supported domain controllers: Windows 2000, Windows Server 2003 Activated features: group nesting, universal groups, SidHistory, converting groups between security groups and distribution groups, you can raise domain levels by increasing the forest level settings Windows Server 2003 interim Supported domain controllers: Windows NT 4.0, Windows Server 2003 Supported features: There are no domain-wide features activated at this level. All domains in a forest are automatically raised to this level when the forest level increases to interim. This mode is only used when you upgrade domain controllers in Windows NT 4.0 domains to Windows Server 2003 domain controllers. Windows Server 2003 Supported domain controllers: Windows Server 2003 Supported features: domain controller rename, logon timestamp attribute updated and replicated. User password support on the InetOrgPerson object Class. Constrained delegation, you can redirect the Users and Computers containers. Domains that are upgraded from Windows NT 4.0 or created by the promotion of a Windows Server 2003-based computer operate at the Windows 2000 mixed functional level. Windows 2000 domains maintain their current domain functional level when Windows 2000 domain controllers are upgraded to the Windows Server 2003 operating system. You can raise the domain functional level to either Windows 2000 native or Windows Server 2003. After the domain functional level is raised, domain controllers that are running earlier operating systems cannot be introduced into the domain. For example, if you raise the domain functional level to Windows Server 2003, domain controllers that are running Windows 2000 Server cannot be added to that domain. The following describes the domain functional level and the domain-wide features that are activated for that level. Note that with each successive level increase, the feature set of the previous level is included. Forest Functional Level Forest functionality activates features across all the domains in your forest. Three forest functional levels, the corresponding features, and their supported domain controllers are listed below.
19
Windows 2000 (default) Supported domain controllers: Windows NT 4.0, Windows 2000, Windows Server 2003 New features: Partial list includes universal group caching, application partitions, install from media, quotas, rapid global catalog demotion, Single Instance Store (SIS) for System Access Control Lists (SACL) in the Jet Database Engine, Improved topology generation event logging. No global catalog full sync when attributes are added to the PAS Windows Server 2003 domain controller assumes the Intersite Topology Generator (ISTG) role. Windows Server 2003 interim Supported domain controllers: Windows NT 4.0, Windows Server 2003. See the "Upgrade from a Windows NT 4.0 Domain" section of this article. Activated features: Windows 2000 features plus Efficient Group Member Replication using Linked Value Replication, Improved Replication Topology Generation. ISTG Aliveness no longer replicated. Attributes added to the global catalog. Ms-DS-Trust-Forest-Trust-Info. TrustDirection, Trust-Attributes, Trust-Type, Trust-Partner, Security-Identifier, ms-DS-Entry-Time-ToDie, Message Queuing-Secured-Source, Message Queuing-Multicast-Address, Print-Memory, Print-Rate, Print-Rate-Unit Windows Server 2003 Supported domain controllers: Windows Server 2003 Activated features: all features in Interim Level, Defunct schema objects, Cross Forest Trust, Domain Rename, Dynamic auxiliary classes, InetOrgPerson objectClass change, Application Groups, 15-second intrasite replication frequency for Windows Server 2003 domain controllers upgraded from Windows 2000 After the forest functional level is raised, domain controllers that are running earlier operating systems cannot be introduced into the forest. For example, if you raise forest functional levels to Windows Server 2003, domain controllers that are running Windows NT 4.0 or Windows 2000 Server cannot be added to the forest. Different Active Directory features are available at different functional levels. Raising domain and forest functional levels is required to enable certain new features as domain controllers are upgraded from Windows NT 4.0 and Windows 2000 to Windows Server 2003 Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows server 2003 and Windows server 2003 interim (Only available when upgrades directly from Windows NT 4.0 to Windows 2003) Forest Functional Levels: Windows 2000 and Windows 2003 Ipsec usage and difference window 2000 & 2003. Microsoft doesnt recommend Internet Protocol security (IPSec) network address translation
20 (NAT) traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind network address translators. When a server is behind a network address translator, and the server uses IPSec NAT-T, unintended side effects may occur because of the way that network address translators translate network traffic If you put a server behind a network address translator, you may experience connection problems because clients that connect to the server over the Internet require a public IP address. To reach servers that are located behind network address translators from the Internet, static mappings must be configured on the network address translator. For example, to reach a Windows Server 2003-based computer that is behind a network address translator from the Internet, configure the network address translator with the following static network address translator mappings: Public IP address/UDP port 500 to the server's private IP address/UDP port 500. Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500. These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is sent to the public address of the network address translator is automatically translated and forwarded to the Windows Server 2003-based computer
21
22 There are two ways to start the Recovery Console: If you are unable to start your computer, you can run the Recovery Console from your Windows 2000 Setup disks or from the Windows 2000 Professional CD (if you can start your computer from your CD-ROM drive). As an alternative, you can install the Recovery Console on your computer to make it available in case you are unable to restart Windows 2000. You can then select the Recovery Console option from the list of available operating systems
How do you promote a server to a domain controller(in windows 2003) over a slow wan links.
Take the backup of system state from the DC and restore it in the server where you are promoting using dcpromo/advand select restore from backup.
Workgroup: A collection of computers connected together without a server (only clients). Domain: Domain is a collection of computers connected together with a server and users.
23
Tree: Tree is a logical component of AD. It is a collection of domains which share contiguous name space. Forest: A Forest is a collection of trees which dont share contiguous name space. Site: Site is a physical component of AD. Group of TCP/IP subnets connected with a high-Speed WAN
link.
Domain Controller: Server with Active Directory installed. Member Server: 2000 of 2008 server which is part of the domain.
Additional Domain Controller (ADC): Its a backup server for DC.
Child DC: Is a sub domain controller under root domain controller which share name space. What are different functional levels of 2008?
Domain Functional Level and Forest Functional Level.
Standalone Server: Server, which is not part of the domain. Object: It is a representation of an entity. Objects in AD:
Users, Groups, Computers, Printers, OUs, Contacts and Shared folders.
Schema: Set of rules: Schema is design of AD, defines objects and classes. Attribute: Attribute is a piece of information about objects (properties of objects). Class:
Class is a collection of AD objects.
File System: File System provides the services like saving, deleting & copying of file and folders in a
systematic manner on the Hard Disk.
Trust:
Trust is the process of offering or accessing resources from one domain to another domain.
Transitive Trust:
In/Non Transitive Trust: It is one way Trust. Ex: If A trusts B, B doesnt trust A. Implicit Trust: Trust between the Parent Domain and Grand-child Domain. Explicit Trust: It is a manual trust established by administrator between two forest and domains. Profile: Profile is combination of User Environment, Desktop Environment. What are the different policies supported in 2k?
Account, Audit, Security and Group Policy.
Group Policy:
It is a combination of Permissions, Security and Rights which can be applied on Sites, Domains and OUs.
Sub netting: Dividing the same network into smaller subnets. Gateway: Address of a Router. Routing: Process of providing communication between two different networks. DNS:Domain Naming System or Service used for resolving host names to IPs and IPs to host names. NBNS: NetBIOS Naming System. Ex: WINS Forward Lookup:Resolving Host names to IP Addresses. Reverse Lookup: Resolving IP Addresses to Host names. Host Record:
Its a file contains host names to IP naming information.
25 TCP: UDP: Sites: contains GC, Kerberos and LDAP Information. contains Kerberos information. contains Sites information. contains domains DNS specific information. contains Forests specific information.
SOA: It stands for Start of Authority: Useful when a zone starts, provides the zone startup information. DHCP: Assigns IPs to the clients requested dynamically or automatically. Process of DHCP:
DORA is the process which plays in DHCP. Discover: Offer: Request: The client discovers DHCP. The DHCP Server offers a group of IPs to the clients to picking. The client selects an IP and request DHCP to confirm it. DHCP Server makes a confirmation by sending a DHCPACK to the client.
Acknowledgement:
Virtual Directory: Using virtual directory we can have child websites or links to parent websites. What is default time for replication to take place between DC and ADC?
5 seconds and 3 seconds for immediate change.
Registry: Registry is a configuration database about system, hardware and software. Scope:
Range of IP Addresses.
IP Lease: DHCP Server offers an IP to the client for a period of 8 days. This offer is called IP Lease. If the client is unable to connect DHCP Server, what happens?
Obtains an IP from APAPI (Automating Private IP Addressing).( 169.254.0.0 to 169.254.255.255)
26
27 Dependability Improvements--- updated Inter-Site Topology Generator (ISTG) that scales better by supporting forests with a greater number of sites than Windows 2000. FILE AND PRINT SERVICES Volume shadow copy service NTFS journaling file system EFS Improved CHDSK Performance Enhanced DFS and FRS Shadow copy of shared folders Enhanced folder redirection Remote document sharing (WEBDAV) IIS Fault-tolerant process architecture----- The IIS 6.0 fault-tolerant process architecture isolates Web sites and applications into self-contained units called application pools Health Monitoring---- IIS 6.0 periodically checks the status of an application pool with automatic restart on failure of the Web sites and applications within that application pool, increasing application availability. IIS 6.0 protects the server, and other applications, by automatically disabling Web sites and applications that fail too often within a short amount of time Automatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and applications based on a flexible set of criteria, including CPU utilization and memory consumption, while queuing requests Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will automatically disable it and return a "503 Service Unavailable" error message to any new or queued requests to the application Edit-While-Running http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/def ault.mspx
28 In windows NT only PDC is having writable copy of SAM database but the BDC is only read only database. In case of Windows 2000 both DC and ADC is having write copy of the database Windows NT will not support FAT32 file system. Windows 2000 supports FAT32 Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default authentication protocol is Kerberos V5. Windows 2000 depends and Integrated with DNS. NT user Netbios names Active Directory can be backed up easily with System state data
29
what is the process of DHCP for getting the IP address to the client
There is a four way negotiation process b/w client and server DHCP Discover (Initiated by client) DHCP Offer (Initiated by server) DHCP Request (Initiated by client) DHCP Acknowledgement (Initiated by Server) DHCP Negative Acknowledgement (Initiated by server if any issues after DHCP offer)
What are the port numbers for FTP, Telnet, HTTP, DNS
FTP-21, Telnet 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389
30 The key AD database filesedb.log, ntds.dit, res1.log, res2.log, and edb.chkall of which reside in \%systemroot%\ntds on a domain controller (DC) by default. During AD installation, Dcpromo lets you specify alternative locations for these log files and database files NTDS.DIT
What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.
31
32
23 25 42 53 67 68 80 88 101 110 119 123 139 161 180 389 443 520 37 3389 443 220 3268 3269 500 Telnet SMTP WINS DNS BOOTP DHCP HTTP Kerberos HOSTNAME POP3 NNTP NTP NetBIOS SNMP RIS LDAP (Lightweight Directory Access Protocol) (Network time protocol)
HTTPS (HTTP over SSL/TLS) RIP Time Terminal services SSL (https) (http protocol over TLS/SSL) IMAP3 AD Global Catalog AD Global Catalog over SSL Internet Key Exchange, IKE (IPsec) (UDP 500)
33
Mail flow in Exchange Server. DMZ concept in Firewalls. Is NAT uses Port Number if so what is the Port number? Difference between Schema Master and Global Catlog? Difference Between Incremental and Differential Backup? Which is best backup Microsoft has recommended? (depends on the volume of data) How DNS and DHCP are integrated? If RID master fails what happens? tool used for FSMO? Difference between Assigning and Publishing through Group Policy? Netdom.exe is domain management tool to rename domain controller
How to trouble shoot if a DHCP client wont get IP from DHCP Server? What is online and offline fragmentations? Garbage collections and white spaces? Question on System State data Backup? Diff types of DNS roles and Zones? What are the steps you follow when you are promoting a server as ADC in windows 2003? What are the two parameters you run before upgrading the server to an ADC(/forestprep, /domainprep). What is the authentication process? What is the role of GC in authentication process? What happens if DNS server fails. Can a user is able to login if the DNS server fails(if you have only one DNS Server). Tell me one example when Infracture master and Global catalog will be on one DC, what is the issue if both resides on same system? When you require a Infrastructure Master. What are Windows 2003 modes?
34
What are FSMO roles and explain then? Stress on PDC emulator? 2003 advantages?