Sei sulla pagina 1di 91

1

List of important Ports numbers:-

15 Netstat 21,20 FTP 23 Telnet 25 SMTP 42 WINS 53 DNS 67 Bootp 68 DHCP 80 HTTP 88 Kerberos

110 POP3 143IMAP 119 NNTP 123 NTP (Network time protocol) 139 NetBIOS 161 SNMP 180 RIS 389 LDAP (Lightweight Directory Access Protocol) 443 HTTPS (HTTP over SSL/TLS) 520 RIP

37 Time 3389 Terminal services 443 SSL (https) (http protocol over TLS/SSL) 220 IMAP3 3268 AD Global Catalog 3269 AD Global Catalog over SSL 500 Internet Key Exchange, IKE (IPSec) (UDP 500)

101 HOSTNAME

79 FINGER

Desktop Interview Questions:Hardware:Operating system:Os is a software program that enables the computer hardware to communicate and operate with the computer software. Without operating system computer would be useless. Bios chipThis is the most important chip in computer. It contains bios software that tells the processor how to interact with rest of hardware in computer. (Bios Manufacturer- AMI, PHONIX, AWARD) CMOS:Complementary metal oxide semiconductor. It is type of memory chip it is parameter memory for the bios. When pc turn off it saves some setting like, date, time, hard drive configuration for this setting the memory must have power constant. CMOS battery powered to CMOS chip. Microprocessor:Microprocessor is a program control device. Microprocessor speed depends on data bus width. Difference between primary storage and secondary storage device:Primary storage devise storage capacity is limited, it has volatile memory eg. ROM Secondary storage devise storage capacity is larger; it has non volatile memory eg. Floppy, harddisk. Difference between SDR and DDR Ram:SDR- stands for single data rate SDR has 168 pins and 2 notches. SDR comes in pc66, pc100, pc133 (Mhz) SDR maximum frequency is 133 MHz. SDR has low speed for data transfer. SDR has no refreshing. DDR-stands for Double Data Rate. DDR has 184 pins and 1 notch. DDR comes in pc166, pc200, pc266, pc333, pc400 (Mhz) DDR minimum frequency is 266 Mhz. DDR has high speed data transfer. DDR has refreshed periodically.

3 Difference between FAT and NTFS:FAT:Fat must kept when multi booting OS like NT, 95,98, DOS Fat has no security. Maximum size of partition is up to 2TB. Maximum file size up to 4GB. Security at NTFS permission not support. NTFS:High level security (Files and Folders) Support file compression, encryption, and disk quota. Support XP, Windows 2000, and windows 2003. Maximum size of partition 2 terabyte and more. Maximum file size up to 16 terabyte. Disk Quota:A disk quota is a limit set by a system administrator that restricts certain aspects of file system usage on modern operating systems. The function of using disk quotas is to allocate limited disk space in a reasonable way. Alternatively referred to as a quota, disk quota management are permissions given by administrators that set limits on the user, workgroups, or other groups of storage space. By setting a quota, this helps prevents a server or share from becoming full of data, but allows users to still be able to save files on a server or share. Power supply:Voltage of power supply- +3.3VDC, +5VDC, -5VDC (ground), +12VDC, -12VDC (ground) Stand by voltage - +3.3VDC, +5VDC Hard disk- +5VDC Floppy Drive- +3.3VDC Mother Board- +12VDC. Types of power supply:AT and ATX. AT- this power supply connects to mother board through pair of 6 wires. ATX- this power supply connect through a single 20 pin connector. What is virtual memory? Virtual memory is a hardware technique where system appears to have more memory that is actual does. System partition:It is a partition that needs to boot any operating system, system partition allows C: where MBR (maser boot record).

Network :What is network? Network is the chain of the computers in which u can share data centre server, mail server, print server, web server with appropriate assign rights. What is LAN? Local Area Network, if your network setup in one room, one floor, one building then u can say its a local area network. In such types of network all computer connect through a cable. MAN? Metropolin Area Network, MAN is bigger than LAN in size, within MAN all city cover through networking. Approximately 10 to 100 kms cover through MAN. Fiber optic cable is used in MAN. WAN? Wide Area Network, if your computer are very long distance like two cities, states, nations in such cases all computers connect to satellite this type of network called as WAN. Internet:Internet is also one of the types of network. Different different cities, states, nations all networks are connected under one network are called as internet. In simple words u can say internet is network of networks. Router:Router is a devise which routes or sends packets in two or more than two different networks. HUB:HUB is a devise which access data from one port and broadcast it to all over ports. Switch:Switch is a devise which accepts data from one port and send such packet on perfect specified port with the help of MAC address. Bridge:Use to divide the network segment bridge keep traffic on one side from crossing to the other Gateway:Gateway converts data and repackage it to meet the requirement of the destination address.

5 OSI Model:Open system interconnect- OSI is a reference model which is used for software developers to understand that how data pass from one computer to another. Layers of OSI model:Application layer-user creates his particular application. Presentation layer- when user saves such file that file compressed and encrypted at source side and vice versa. Session layer-once user send a data to a destination computer, session layer takes place it is responsible for end to end communication. Transport layer-necessary to send data to the help of protocol over network. TCP/IP and UDP- these protocols used in transport layer. Network layer-it is responsible for send packets for perfect destination network with the help of router. Router is no. 3 device. Data link layer-send packet, perfect, particular destination machine with the help of mac address. Switch Is no. 2 devise. Physical layer- responsible for sending data at appropriate destination Hub is no. 1 devise. Network topology:Topology is a way of laying out the network. Topology is either physical or logical. Physical topology describes how the cables are run. Logical topology describes how the network message travels. There are 4 types of topology- BUS, STAR, RING, MESH. Bus- bus is the simplest physical topology, it consists of a single cable that runs to every work station, each computer shares the same data and address path. Easy to install and low cost. Star- there is one central devise called as HUB. Making it very easy to add new workstation. If anyone workstation down not affect the entire network. Easy to install. Ring- each computer connects two other computers joining them in a circle creating a unidirectional path. When message move from workstation to workstation it is difficult to add new computer. Mesh-Simplest topology it terms data flow. In physical topology each device is connect to other device. It is very expensive to install and maintain. Protocol:Protocol is the standard set of rules used to communicate. IP AddressIt is primarily responsible for addressing and routing packets between hosts.

6 Class of IP Address:Class A Class B Class C Class D Class E 1 to 126 128 to 191 192 to 223 224 to 247 248 to 255 255.0.0.0 255.255.0.0 255.255.255.0 used for multicasting used for experimental purpose.

127.0.0.1 loop back address. 169.254.0.1 To 169.254.255.254- APPIPA address ( Automatic private IP address ) Difference between IPv4 & IPv6:-

IPv4

IPv6

Source and destination addresses are 32 bits (4 bytes) in length.

Source and destination addresses are 128 bits (16 bytes) in length. For more information, see IPv6 Addressing. IPsec support is required. For more information, see IPv6 Header. Packet flow identification for QoS handling by routers is included in the IPv6 header using the Flow Label field. For more information, see IPv6 Header. Fragmentation is not done by routers, only by the sending host. For more information, see IPv6 Header. Header does not include a checksum. For more information, see IPv6 Header. All optional data is moved to IPv6 extension headers. For more information, see IPv6 Header. ARP Request frames are replaced with multicast Neighbor Solicitation messages. For more information, see Neighbor Discovery. IGMP is replaced with Multicast Listener Discovery (MLD) messages. For more information, see Multicast Listener Discovery.

IPsec support is optional.

No identification of packet flow for QoS handling by routers is present within the IPv4 header. Fragmentation is done by both routers and the sending host.

Header includes a checksum.

Header includes options.

Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link layer address. Internet Group Management Protocol (IGMP) is used to manage local subnet group membership.

ICMP Router Discovery is used to determine the IPv4 address of the best default gateway and is optional.

ICMP Router Discovery is replaced with ICMPv6 Router Solicitation and Router Advertisement messages and is required. For more information, see Neighbor Discovery. There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used. For more information, see Multicast IPv6 Addresses. Does not require manual configuration or DHCP. For more information, see Address Autoconfiguration. Uses host address (AAAA) resource records in the Domain Name System (DNS) to map host names to IPv6 addresses. For more information, see IPv6 and DNS. Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names. For more information, see IPv6 and DNS. Must support a 1280-byte packet size (without fragmentation). For more information, see IPv6 MTU.

Broadcast addresses are used to send traffic to all nodes on a subnet.

Must be configured either manually or through DHCP. Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses.

Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names. Must support a 576-byte packet size (possibly fragmented).

Public IP Address:Every IP address on the public internet is unique. Your ISP (Internet service provider) assign one public IP address for each of your computer i.e. directly connect to the ISP. Private IP Address:Used for host that requires IP connectivity but that dont need to see on public network. Private IP address is free for every user. Using one public IP we can access thousands of private IP addresses in that LAN. Range for Private IP addresses:10.0.0.0 to 10.255.255.255 - 16,777,215 172.16.0.0 to 172.31.255.255 1,048,576 192.168.0.0 to 192.168.255.255 65,535 Subnet Mask:The use of subnet mask actually tells you the number of host/terminals that could be use on the same network.

8 Default Gateway:Default Gateway is the IP address given to a router which is used to communicate over the networks. MAC Address (Physical Address) MAC address is unique value associated with a network adapter it is 12 digits. TCP- (Transmission control protocol) Connection oriented protocol, reliable communication, guaranteed to delivery of packets, gives the acknowledgement data was received, secure data send. UDP-(User Datagram Protocol) Connectionless communication, unreliable, unsecured but faster than TCP. ARP-(Address Resolution Protocol) Address finds physical computer for which IP packets are destinated. ARP entries are dynamic. ICMP-(Internet control manage protocol) ICMP used for ping command, it is network layer protocol. SMTP-(Simple mail transfer protocol) SMTP used for sending mails and it is used for public folder. SNMP-(Simple network management protocol) Used for sending messages. FTP-(File transfer protocol) FTP is member of TCP/IP site protocol, used to copy files between two computers on the internet. Point to Point protocol It is commonly used to establish a direct connection between two nodes, it is occasionally used over broadband connection. Kerberos protocol It is used for an authentication. Kerberos keep one copy of authentication list to itself and one copy remained to a server. HTTP-(Hyper text transfer protocol) How will request send by HTTP browser from workstation to any website? First of all your browser request will cross to your network and goes to related URL DNS and then it resolved your web address name with related IP. In this whole process all protocols are working simultaneously like (HTTP, ARP etc.)

9 Routing ProtocolIGRP-Interior gateway routing protocol. RIP- Routing Information protocol. Difference between Workgroup and Domain? Workgroup:Workgroup is the Peer to Peer network; there is no any centralized management and security. Each and every user can access any resource and data with the help of assigned rights. No administrator task. Computers must be on the same network. Domain:In domain there you find centralized management with full security. All tasks perform under administrator. Relation between server and client. Computer can be on different local network. Minimum Hardware Requirements for OSWindows XPProcessor 230 Mhz. to 300 Mhz. Memory 64 MB to 128 MB Disc Space Minimum 2GB, maximum any. Standard ServerProcessor 233 Mhz. to 550 Mhz. Memory 128 MB to 256 MB Disc Space minimum 2 GB Maximum support up to 4 processor. Processor 233 Mhz. to 733 Mhz. Memory 128 MB to 512 MB Disc Space minimum 2 GB Maximum support up to 8 processor.

Enterprise server-

Data Centre server- Processor 400 Mhz. to 733 Mhz. Memory 512 MB to 1 GB (Max. 64 GB) Disc Space minimum 2 GB Minimum requirement 8 processor. Maximum support up to 32 processor. Difference between Basic disk and Dynamic disk:Basic Disk- basic disk provide backward compatibility with older windows OS. Basic disk contains for volume such as primary partition, extended and logical drives. Dynamic Disk- dynamic storage is support XP Pro, windows 2000, windows 2003. A dynamic disk contains dynamic volume such as simple volume, spanned, stripped, mirrored and RAID 5 volumes. Basic disk to dynamic disk convert easily and vice versa.

10 Disk management:Simple Volume- converts basic to dynamic. Spanned volume- extends drive only show first HDD. Striped- 50% data saves in second HDD raid 0. Mirrored Raid 1 data is mirrored in other disk. Raid 5- parity bit is set in all HDD. Features of XP:Automatic update, compression of folders, desktop cleanup wizard, fax support, remote desktop, welcome screen, help and support centre. Difference between NT and 2003 domain:NT domain- domain controller known as PDC (Primary domain controller). PDC database read and write, for the backup purpose multiple BDC (Backup domain controller). BDC database read only. 2003 Domain:No PDC and BDC concept. There is multi master domain controller who have read and write database. Advantages of 2003:Domain rename, domain controller rename, multiuser property select, admin account deletetion, default APIPA, shadow copy, IIS version 6, security purpose, password complexity. Difference between 98 and XP:In XP high resolution, support NTFS file system, secure OS, plug and play facility for USB, Fax support, inbuilt graphics drivers, faster than 98, XP can support 2 processors, new version of Internet explorer. Difference between PATA and SATA:PATA- Parallel advance technology attachment, this will used IDE interface of 40 pins, transfers data parallel, low speed transmission. SATA- Serial advanced technology attachment, this will have 7 pin interface, transfers data serially, high speed transmission. DNS- (Domain Name System):DNS used for the name resolution its mainly used to resolve from name to IP address and IP address to name, mainly used in internet. DNS divide in form of hierarchical. Two categories Zone1. Forward lookup zone- Resolved query name to IP address 2. Reverse lookup zone- Resolved query IP address to name.

11 DNS zone types:Standard primary zone- Load master copy of zone, zone information written in text file. Secondary zone- backup zone for the primary zone Active directory integrated zone-information stored in active directory Stub zone- copy of SOA (Sod of Authority) records, copy of NS record, copy of A records for that zone with stub zone DNS traffic will be low. DNS Record Types:Host (A) Record- A record used to map a DNS domain name to a host, host record information. Allias Record duplicate name, for eg. www.yahoo.com NS Record- name server records for domain. Mail Exchanger (MX)- this record used to email application to locate a mail server. Pointer (PTR)- this record used in reverse lookup zone. SOA (Start of Authority) SOA resource record is the first resource record create when adding a new zone.

How DNS Solve Query:-

DHCP (Dynamic Host Configuration Protocol):DHCP provide IP address dynamically to client machine, when client machine not found DHCP server then it get APIPA (automatic private IP address) .

12 Advantages of DHCP:1. DHCP capability it build with windows server 2003 so it dont cost extra 2. Once we entered IP address configuration in one place on DHCP server it automatically assigned to DHCP client. 3. Configuration problem automatically minimum. DHCP Lease process:A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. Describe Lease process of DHCP (DORA Process):Discover- DHCP client sends broadcast packet to identify DHCP server. Offer-once packet received by DHCP server, the server will send the packet containing source IP and source MAC. Request- client will now connect DHCP server directly and request for IP address. Acknowledgement- DHCP server will send and acknowledgement packet which contain the IP address. Default lease period is 8 days. Difference between Scope and Super Scope:Scope in DHCP where you can specify range of IP address which will lease to DHCP client Super Scope is the combination of multiple scope. What is DHCP relay agent? If you have two or more subnet you need to configure more DHCP server, in each subnet instead of place DHCP server, we can configure DHCP relay agent whenever you want. IIS (Internet Information Service):It is a software service that support website creation, configuration and management. IIS include FTP, SMTP and NNTP. WINS (Windows Internet Naming System):Wins maps net bios name to IP address. Every host entry in LM host file. RAS (Remote Access Service)RAS means Remote Access Server, we can access server remotely through VPN from anywhere but for this high speed internet is necessary. In RAS maximum two users

13 remotely accessed. If you want to access more users then we have to make license. In RAS Point to Point protocol is used

VPN (Virtual Private Network):The extension of a private network that encrypted, authenticated, linked across public network, VPN connection can provide remote access and routed connection to private network over the internet. PPTP- Point to Point Tunnel Protocol L2TP- Layer to Tunnel Protocol These protocol are used in VPN.

IP Sec (Internet Protocol Security Systems):IP sec is nothing but one of the service which provide security to your packets, internet communication by using L2TP. IP sec provide packet like encryption, integrity, authentication level.

14

PKI Public Key Infrastructure:You can create certificate on your ADS. ICS (Internet Connection Sharing):It is designed for a small network, in ICS your all machines must be in fixed IP range. In ICS you required two network cards. For ICS DNS and DHCP is also required.

NAT (Network Address Translation):Nating designed for biggest network. An IP translation process that allow a network with private IP address to access information on the internet. Share internet connection.

15

Active Directory:Active directory is a central database which controls the network. It is windows based director service. Active directory stores information about objects on the network and make this information available to users and network administrator. Active directory gives network users access to permitted resources anywhere on the network using single logon process. Active directory is a single point of administration for all network objects. Objects of Active Directory:Resources (Printers), Services(Email), User(User account and groups), object is uniquely identified by its names Attributes- Describes the objects in Active Directory Example- All user object share attributes to share a user name, full name and description. System is also object but they have separate attributes. SchemaThe set of attributes available for any particular object type is called as schema. Schema information stored in active directory. ContentsContents are used to organize the Active Directory.

16 TreeTree is used to describe a set of object within active directory. ForestForest describe tree that are not part of same name space, but that share a common schema, configuration global catalogue. Tree in forest all trust each other. Organization that are divided into multiple domain should group the trees into a single forest. SiteSite is a geographical location site corresponds to logical IP subnet, they can locate closest server in the network. Site can reduce the traffic on wide area network. Global Catalogue ServerGlobal catalogue server maintains full information about its own domain and partial information about other domain. How will take backup of Active Directory? Takes system state Data Backup. Contains system state data backup are boot file, system file, active directory, sysvol folder, certificate and registry. FSMO RolesFlexible single master operations:1. Schema master- it maintain a structure of active directory in forest. 2. Domain naming master- controls the addition and removal domain of the forest. 3. PDC emulator- provides backward compatibility. 4. RID Master- it assign RID and SID to a newly created object. 5. Infrastructure master-synchronize cross domain group membership changes. Why we can use exchange server? Exchange server is a mail server; we can use this server to send mail in intranet as well as outside. New Features of Exchange 2003RPC over HTTPS Volume shadow copy for backup Super upgrade tool like ex deploy Improved security What are the requirements for installation of exchange serverIIS, SMTP, WWW service, NNTP, Dot net framework, ASP .NET.

17

Active Directory Interview Questions:-

1. What is Active Directory? Active Directory is a directory service used for Organizing, Managing and controlling the resources available on the network. It is used for saving information of all the resources available on the window 2000/2003 networks. AD objects includes Users, Groups, Computers, Printers etc. server, domains and sites are also consider as AD object. 2. Functions of Active Directory? Centralizes control of network resourcesBy centralizing control of resources such as servers, shared files and printers, only authorized users can access resources in Active Directory. Centralizes and Decentralizes resource managementAdministrators have centralized administration with ability to delegate administration of subsets of the n/w to a limited number of individuals giving them greater granularity in resource management. Stores object securely in logical structureActive directory stores all the resources as objects in a secure, hierarchical logical structure. Optimizes network traffic The physical structure of active directory enables you to use network bandwidth more efficiently e.g. it ensures that when user logon to the network, the authentication authority that is nearest to the user, authenticate them reducing the amount of network traffic. 3. What is the requirement of Installing Active Directory? A computer running windows server 2003. Minimum disk space of 250 MB and partition formatted with NTFS. Administrative privileges for creating domain. TCP/IP installed and configured to use DNS. An authorative DNS server that supports SRV resource records. How to install Active Directory? Start Run dcpromo How will you verify whether the AD installation is proper of not? Verify SRV records After AD is installed, the Domain controller will register SRV records in DNS, when it restarts we can check this using DNS MMC or nslookup command. If the SRV records are registered, the following folders will be there in the domain folder in forward lookup zone. msdes, site, tcp, adp

4.

5.

18 using nslookup nslookup is t srv domain if the SRV records are properly created , they will be listed. Verify SYSVOL folder If SYSVOL folder is not properly created, data stores in SYSVOL such as scripts, GPO etc. will not replicated between domain controllers. First verify the following folder structure is created in SYSVOL Domain, staging, staging areas, SYSVOL. The verify necessary shares are created Net share. It should show two shares as netlogon and SYSVOL Verifying database and log filesMake sure that the following files are there at %systemroot%\ntds. Ntds.dit, EDB.*, Res*.log. 6. Active directory post installation checkups? Dsa.msc Dnsmgmt.msc Domain.msc Dssite.msc 7. What is the location of Active directory database? The AD database is stored in NTDS.DIT file. C:\windows\NTDS\ntds.dit. 8. Explain about ADS database? Active Directory includes 4 files. NTDS.dit, EDB.log, EDB.chk, REG1.log and REG2.log NTDS.dit this the AD database and stores all AD Objects. Ntds.dit consists of following tables. Schema Table the types of objects that can be created in active directory relationships between them, and the attributes on each type of objects. This table is much smaller than data table. Link Table- consists linked attributes, which consist values referring to other objects in Active Directory, take the member of attribute on a user object. This is also smaller than data table. Data Table- users, groups, applications specific data and any other data stored in active directory. Active directory has 3 types of data. 1. Schema information- definitional details about objects and attributes that one can store in active directory. Replicates to all domain controller.

19 2. Configuration information- configuration data about forest and tree. Replicates to all domain controllers. 3. Domain information- objects information for the domain. Replicates to all domain controllers within a domain. The object partition becomes part of global catalogue. EDB.log this is the transaction log file (10MB). When edb.log is full it is renamed to edbnnnn.log, where nnnn is the increasing number starting from 1. EDB.chk this is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file incase of failure. REG1.log and REG2.log this is reserved transaction log file of (20MB, 10MB) each, which provides transaction log files sufficient room to be shutdown if the other space are being used. 9. Explain Active Directory Database garbage collection process? Garbage collection is a process that is designed to free space within the active directory database. This process runs independently on every domain controller with a default lifetime interval of 12 hours. The garbage collection process has 3 main steps1. Removing tombstones from the database. Tombstones are remains of objects that have been previously deleted. 2. Deletion of any unnecessary log files. 3. The process launches a defragmentation thread to claim additional free space. 10. Which authentication protocols are supported by ADS? NTLM and Kerberos. 11. What is the active directory defragmentation? Defragmentation of active directory means separating used space and empty space created by deleted objects and reduces directory size. (Only in offline defragmentation). 12. What difference is between online and offline defragmentation? Online Defragmentation will be performed by garbage collection process, which runs for every 12 hours. By default which separate used space and white space. (White space is the space created because of object deletion in AD. E.g. User.) And improve the efficiency of AD when the domain controller is up and running. Offline Defragmentation can be done manually by taking domain controller into restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation.

20 13. How can you forcibly remove active directory from a server? Demote the Domain Controller by running dcpromo with the / forceremoval ( dcpromo /forceremoval) switch. 14. Structure of Active Directory :Physical Structure Domain controller, sites. Logical Structure domain, tree, forest, organizational unit (OU). Domain Controller- domain controller are the physical storage location for the active directory service database. Windows 2000 server + active directory service= domain controller. Site- a site is defined as a group of subnets. A site is a physical component of AD that is used to define and represent physical topology of a network Domain domain is defined as a security boundary within which an administrator can organize, manage and control resources. A domain can also be defined as a unit of NT replication. A domain is logical grouping of network, computers in which more than one computer has shared resources (domain are the fundamental units that make up active directory). Tree- a tree is defined as hierarchical grouping of one or more domains which shares contagious name space or single DNS name space. E.g. techmahindra.com is the domain and att.techmahindra.com is the tree. Forest a forest is a group of one or more domain trees which share a common schema and global catalogue. First domain in a forest is called as forest root domain. Organizational Unit (OU) - OU is defined as a logical container which is used for representing the physical structure of an organization. OU is administrative level container object in ADS that organize users, computers, groups and other OUs together. So that any changes, security privileges or any other administrative tasks could be accomplished more efficiently. 15. What is Object? Active Directory objects are the entities that makeup a network. An object is distinct name set of attributes that represents something concrete such as user, printer, or any application. E.g. when we create a user object active directory assigns the globally unique identifier (GUID) and we provide values for such attributes as the users given name, surname, the logon identifier and so on. 16. Sites? Site is the combination of TCP/IP, subnets connected with high speed links. Site provides replication.

21 There are two types of replication 1. Intrasite replication it is replication within the same site. It offers full time replication between domain controller and additional domain controller when they are within the same site. 2. Intersite replication- it is the replication between two different sites. Intersite replication is implemented when the site are away from each other it required site link. Site link is the logical connection between sites, which can be created and scheduled. Site link offers communication only at scheduled interval. 17. What is the use of sites? Sites are primarily used to control replication traffic. More specifically sites are used to control the following Workstation logon traffic, replication traffic, distributed file system (DSF) Distributed file system (DFS) is a server component that provides unified naming convention for folder and files stored on different server on the network. File replication service (FRS) a windows sever 2003 service named file replication service is responsible for replicating files in the SYSVOL folders between domain controllers. 18. What are the objects a site contains? Site contains only two types of objects. The first type is the domain controllers contained in the site. The second type of the object is the site links configured to connect the site to other sites. 19. What is the site link? Within a site replication happens automatically. For replication to occur between sites, you must establish a link between the sites. There are two components to this link. The actual physical connection between the sites (usually WAN link) and site link object. The site link object is created within AD and determines the protocol used for transferring replication traffic (internet protocol (IP) or Simple Mail Transfer Protocol (SMTP). The site link object also governs when replication is scheduled to occur. 20. What is the Active Directory Schema? The active directory schema is the set of definitions that defines the kinds of objects and the type of information about those objects that can be stored in active directory. The definitions are the selves stored as objects so that active directory can manage the schema objects with the same object management operations used for managing the rest of the objects in the directory. There are two types of definitions in the schema attributes and classes. Attributes and classes are also referred to as schema objects or metadata. Attributes are defined separately from classes. Each attribute is defined only once and can be used in multiple classes. E.g. the description attribute is used many classes, but is defined once in the schema, assuring consistency. Classes also referred to as object classes, described the possible directory object that can be created. Each class is collection of attributes. When you create an object, the attribute store the information that describe the object. The user classes, for e.g. is composed of many attributes, including network address, home directory, and so on.

22 Every object in AD is an instance of an object class. Active directory does not support deletion of schema object, however objects can be marked as deactivated providing many of the benefits of the deletion. The structure and contents of the schema is controlled by the domain controller that holds the schema operation master role. A copy of the schema is replicated to all domain controllers in the forest. The use of the common schema ensures data integrity and consistency throughout the forest. 21. Explain AD Database? The information stored in AD is called as AD database. The information stored in AD on every domain controller in the forest is partitioned in to 3 categories, they are as follows. Domain partition the domain partition contains the entire object in the directory for a domain. Domain data in each domain is replicated to every domain controller in that domain, but on beyond its domain. Schema Partition- the schema partition contains all objects types and their attributes that can be created in AD. This data is common to all domain controllers in the domain tree or forest and is replicated by AD to all domain controllers in the forest. Configuration partition. 22. What is Global Catalogue? Global Catalogue server maintains full information about its own domain and partial information about other domains. The global catalogue holds a partial replica of domain data directory partitions for all domain in the forest. Use of Global CatalogueContains partial replica of all objects in the entire forest. Contains universal groups Validates user principle names (UPN) 23. Global Catalogue Contains? The attributes that are most frequently used in queries, such as a users first name, last name and login name. The information that is necessary to determine the location of any object in the directory. The access permissions for each object and attributes that is stored in global catalogue, if you search for an object that you do not have appropriate permission to view the object will not appear in the search result. Access permission ensures that users can find only object to which they have been assigned access. 24. How to check which server is having global catalogue server? First load support tools Run cmd ldp Then you will get a window there Click on file select connect to type the required server. They you will get some information at the bottom, you can find global catalogue. If you find TRUE global catalogue is available on that server. FALSE no global catalogue is available on that server.

23 Note- by default global catalogue service is enabled in main domain controller. By default global catalogue service is disabled in additional domain controller. If you want to transfer global catalogue service from main domain controller to additional domain controller then you can transfer it. 25. What is LDAP? LDAP stands for Lightweight Directory Access Protocol LDAP is an internet protocol that email and other programs use to lookup information from a server. An LDAP aware directory service (such as AD) indexes all the attributes of all the objects stored in directory and publish them. LDAP aware clients can query the server in a wide variety of ways LDAP is based on TCP/IP model It runs on port no. 389 DAP is based on OSI Model. 26. What is SYSVOL folder? The SYSVOL folder stores the server copy to domain public files. The contents such as group policy, users etc. of the SYSVOL folder are replicated to all domain controllers in the domain. File replication service (FRS) is responsible for replicating all policies and scripts. 27. What is member server? Member server which belongs to a domain, but does not contains a copy of active directory data. 28. What is stand alone server? A server that belongs to a workgroup, not a domain is called as standalone server. 29. What is Desktop? The desktop which is a screen you see after you logon to windows all OS. It is most important feature on your computer. 30. What is Client? A client is any device such as personal computer, printer or any other server which request services or resources from a server. 31. What is Server? A server is a computer that provides network resources and services to workstation and other clients. 32. What is domain controller? The first computer in the entire forest, on which you have installed active directory. 33. What is additional domain controller? It maintains a backup copy of Active Directory which will be read only format. This is used for load balancing and fault tolerance. 34. How to know whether a server is domain controller or not? By My Computer properties

24 On network identification tab, the properties button will be disabled. By typing dcpromo If it is already a Domain controller, you will get un installation wizard for Active directory. You see ntds folder in regedit. 35. Explain replication in Active Directory? Windows server 2003 uses replication model call multimaster replication, in which all replicas in Active directory database are considered equal masters. You can make changes to the database on any domain controller and changes will be replicated to other domain controllers in the domain. Domain controller in the same site replicate on the basis of notification. When changes are made in the domain controller it notifies its replication partners (the other domain controller in the site) the partner then request changes and replication occurs. Because of the high speed, low cost connection assumed within a site replication occurs as needed rather than according to a schedule. You can create additional sites when you need to control how replication traffic occurs over a slow WAN link. 36. Is it possible to rename domain name and how? In Windows 2000 it is not possible, in windows 2003 it is possible. On domain controller by going to my computer properties we can change. 37. When should you create a Forest? The organization that operates on radically different bases may require separate tree with distinct namespace. Unique brand names often give rise to separate DNS identities. Organization form partnership and joint ventures. While access the common resources is described separately defined tree can enforce more direct administrative and security restrictions. 38. How can you authenticate between forests? There are four types of authentication 1. Kerberos and NTLM network logon for remote access to server in another forest. 2. Kerberos and NTLM interactive logon for physical logon outside the users home forest. 3. Kerberos delegation to entire application in another forest. 4. User principal name (UPN) credential. 39. How to publish printer in active directory? 1. Logon to computer as an Administrator. 2. Click start, point to settings and then click printer. 3. In printer folder right click the printer that you want to publish in active directory and then click properties. 4. Click the sharing tab, click share as and the type a share name. 5. Click to select the list in directory check box and then click ok 6. And then close printer folder. 40. What is FSMO role and explain? Flexible Single Master Operation Role

25 Forest Level Role Domain naming master Schema master. Domain Level Role- PDC Emulator RID Master Infrastructure Master. Domain Naming Master- domain naming master is responsible for maintaining relationship between the domains. Without this role it is not possible to add or remove any domain. Schema Master- schema contains, set of classes and attributes. E.g. users, computers and printers are the object in active directory which are having their own set of attributes. Schema master is responsible for maintaining schema; changes to the schema will affect entire forest. PDC Emulator- server which is performing this role acts as a PDC in mix mode to synchronize directory information between windows 2000 Domain controller to windows NT. Backup domain controllers (BDC). Server which is performing this role will contain latest password information. This role is also responsible for time synchronization in the forest. RID Master- server which is performing this role for processing RID pool request from all domain controllers within a given domain. It is also responsible for removing an object from its domain and putting it in another domain during an object move. Infrastructure Master-it is responsible for managing group membership information in the domain. This role is responsible for updating DN when name and location of object is modified. Operations Master Roles The five operations master roles are assigned automatically when the first domain controller in a given domain is created. Two forest-level roles are assigned to the first domain controller created in a forest and three domain-level roles are assigned to the first domain controller created in a domain. Forestwide Operations Master Roles The schema master and domain naming master are forestwide roles, meaning that there is only one schema master and one domain naming master in the entire forest. Schema Master The schema master is responsible for performing updates to the AD DS schema. The schema master is the only domain controller that can perform write operations to the directory schema. Those schema updates are replicated from the schema master to all other domain controllers in the forest. Having only one schema master for each forest prevents any conflicts that would result if two or more domain controllers attempt to concurrently update the schema. Domain Naming Master

26 The domain naming master manages the addition and removal of all domains and directory partitions, regardless of domain, in the forest hierarchy. The domain controller that has the domain naming master role must be available in order to perform the following actions:

Add new domains or application directory partitions to the forest. Remove existing domains or application directory partitions from the forest. Add replicas of existing application directory partitions to additional domain controllers. Add or remove cross-reference objects to or from external directories. Prepare the forest for a domain rename operation.

Domainwide Operations Master Roles The other operations master roles are domainwide roles, meaning that each domain in a forest has its own RID master, PDC emulator, and infrastructure master. RID Master The relative identifier (RID) operations master allocates blocks of RIDs to each domain controller in the domain. Whenever a domain controller creates a new security principal, such as a user, group, or computer object, it assigns the object a unique security identifier (SID). This SID consists of a domain SID, which is the same for all security principals created in the domain, and a RID, which uniquely identifies each security principal created in the domain. PDC Emulator The PDC emulator operations master acts as a Windows NT PDC in domains that contain client computers operating without AD DS client software or Windows NT backup domain controllers (BDC). In addition, the PDC emulator processes password changes from clients and replicates the updates to the Windows NT BDCs. Even after all Windows NT domain controllers are upgraded to AD DS, the PDC emulator receives preferential replication of password changes performed by other domain controllers in the domain. If a logon authentication fails at another domain controller due to a bad password, that domain controller forwards the authentication request to the PDC emulator before rejecting the logon attempt. Infrastructure Master The infrastructure operations master is responsible for updating object references in its domain that point to the object in another domain. The infrastructure master updates object references locally and uses replication to bring all other replicas of the domain up to date. The object reference contains the objects globally unique identifier (GUID), distinguished name and possibly a SID. The distinguished name and SID on the object reference are periodically updated to reflect changes made to the actual object. These changes include moves within and between domains as well as the

27 deletion of the object. If the infrastructure master is unavailable, updates to object references are delayed until it comes back online. 41. Explain Infrastructure of FSMO Role? When an object in one domain is referenced by another object in another domain, it represent the reference by the GUID, the SID (for reference to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the Domain Controller responsible for updating an objects SID and distinguished name in a cross domain object reference. Note: - The infrastructure master role should be held by domain controller that is not a Global Catalogue Server (GC). 42. How will you replace FSMO Role? Place the RID and PDC emulator role on the same domain controller. Good communication from the PDC to RID master is desirable a down level clients and application target the PDC, making it a long consumer of RIDs. As a general rule, the infrastructure master should be located on non global catalogue server that has direct connection object to some global catalogue in the forest, preferably in the same Active Directory site. At the forest level the schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled. Additionally, the domain naming master FSMO should also be a global catalogue server. 43. How to manually configure FSMO role to separate Domain Controller? We can configure it manually by two waysThrough MMCWe can configure domain naming master role through active directory domains and trusts. We can configure schema master role through Active Directory schema. Other three roles we can configure by Active Directory users and computers. Through command promptBy using command NTDSUTIL type ROLES type CONNECTIONS CONNECT TO SERVER SERVER NAME , where server name is the name of the domain controller that you want to assign role- then type Transfer role, where role is the role which you want to transfer. For list of roles you can transfer type ? at the FSMO Maintenance prompt, and then press enter or see the list of roles at the start of this article. 44. Where are the FSMO Roles found? The first domain controller that is installed in windows 2000 domain, by default holds all five of the FSMO server role. Then as more domain controllers are added to the domain, the FSMO roles can be moved to other domain controller. 45. Can you move FSMO Roles? Yes, moving a FSMO server role is a manual process, it does not happen automatically. But what if you only have one domain controller in your domain? That is fine, if you have only one domain controller in your organization then you have one forest, one domain and of course the one domain controller. All 5 FSMO server roles will exist on that domain controller. There is no rule that says you have to have one server for each FSMO server role. 46. FSMO Tools AD --> DNS --> FSMO. Copy ----Paste

28 47. What will happen if Domain Naming Master fails? Domain Naming Master must be available when adding or removing a domain from the forest (i.e. running DCPROMO). If it is not, then the domain cannot be added or removed. It is also needed when promoting or demoting a server to/from a Domain Controller. Like the Schema Master, this functionality is only used on occasion and is not critical unless you are modifying your domain or forest structure. 48. What will happen if RID Master fails? RID Master provides RIDs for security principles (users, groups, computer accounts). The failure of this FSMO server would have little impact unless you are adding a very large number of users or groups. Each DC in the domain has a pool of RIDs already, and a problem would occur only if the DC you adding the users/groups on ran out of RIDs. 49. What will happen if PDC Emulator fails? The server holding the PDC emulator role will cause the most problems if it is unavailable. This would be most noticeable in a mixed mode domain where you are still running NT 4 BDCs and if you are using down-level clients (NT and Win9x). Since the PDC emulator acts as a NT 4 PDC, then any actions that depend on the PDC would be affected (User Manager for Domains, Server Manager, changing passwords, browsing and BDC replication). In a native mode domain the failure of the PDC emulator isn't as critical because other domain controllers can assume most of the responsibilities of the PDC emulator. 50. What will happen if Infrastructure Master fails? This FSMO server is only relevant in a multi-domain environment. If you only have one domain, then the Infrastructure Master is irrelevant. Failure of this server in a multi-domain environment would be a problem if you are trying to add objects from one domain to another. 51. What are the different types of profile?

Local profile Roaming profile Mandatory profile Local profile: It is a profile loaded for the user and saved in the local hard drive where the user works.And profile will be saved when a user logs off. Local profiles are limited only to the machine where they are saved. A user with a local profile will not be loaded with a network profile when he logs on from another machine. Roaming Profile: It is a profile, which is saved in the shared folder on the server. Hence available in the entire network. Roaming profile is a n/w profile which is available in the entire network. As a result when a user logs in from any machine in the n/e he will be loaded with a roaming. Mandatory Profile: Mandatory Profile is a profile used for controlling desktop Environment setting especially used for restricting user from saving user data, Setting and configuration on the desktop. It is a type of roaming profile but settings are not saved when a user logs off. Changes will be available only for the session where user is active. (Active

29

Session) 52. What types of naming convention active directory uses? Active Directory supports several types of names for the different formats that can access Active Directory. These names include: Relative Distinguished Names The relative distinguished name (RDN) of an object identifies an object uniquely, but only within its parent container. Thus the name uniquely identifies the object relative to the other objects within the same container. In the example CN=wjglenn,CN=Users,DC=contoso,DC=com, the relative distinguished name of the object is CN=wjglenn. The relative distinguished name of the parent organizational unit is Users. For most objects, the relative distinguished name of an object is the same as that objects Common Name attribute. Active Directory creates the relative distinguished name automatically, based on information provided when the object is created. Active Directory does not allow two objects with the same relative distinguished name to exist in the same parent container. The notations used in the relative distinguished name (and in the distinguished name discussed in the next section) use special notations called LDAP attribute tags to identify each part of the name. The three attribute tags used include: DC The Domain Component (DC) tag identifies part of the DNS name of the domain, such as COM or ORG. OU The Organizational Unit (OU) tag identifies an organizational unit container. CN The Common Name (CN) tag identifies the common name configured for an Active Directory object. Distinguished Names Each object in the directory has a distinguished name (DN) that is globally unique and identifies not only the object itself, but also where the object resides in the overall object hierarchy. You can think of the distinguished name as the relative distinguished name of an object concatenated with the relative distinguished names of all parent containers that makeup the path to the object. An example of a typical distinguished name would be: CN=wjglenn,CN=Users,DC=contoso,DC=com. This distinguished name would indicate that the user object wjglenn is in the Users container, which in turn is located in the contoso.com domain. If the wjglenn object

30

is moved to another container, its DN will change to reflect its new position in the hierarchy. Distinguished names are guaranteed to be unique in the forest, similar to the way that a fully qualified domain name uniquely identifies an objects placement in a DNS hierarchy. You cannot have two objects with the same distinguished name. User Principal Names The user principal name that is generated for each object is in the form username@ domain name. Users can log on with their user principal name, and an administrator can define suffixes for user principal names if desired. User principal names should be unique, but Active Directory does not enforce this requirement. Its best, however, to formulate a naming Convention that avoids duplicate user principal names. Canonical Names An objects canonical name is used in much the same way as the distinguished name it just uses a different syntax. The same distinguished name presented in the preceding section would have the canonical name: contoso.com/Users/wjglenn. As you can see, there are two primary differences in the syntax of distinguished names and canonical names. The first difference is that the canonical name presents the root of the path first and works downward toward the object name. The second difference is that the canonical name does not use the LDAP attribute tags (e.g., CN and DC). 53. What are different types of groups? Security groups: Security groups are used to group domain users into a single administrative unit. Security groups can be assigned permissions and can also be used as email distribution lists. Users placed into a group inherit the permissions assigned to the group for as long as they remain members of that group. Windows itself uses only security groups. Distribution groups: These are used for no security purposes by applications other than Windows. One of the primary uses is within an email. As with user accounts, there are both local and domain-level groups. Local groups are stored in a local computers security database and are intended to control resource access on that computer. Domain groups are stored in Active Directory and let you gather users and control resource access in a domain and on domain controllers.

54. What is a group scope and what are the different types of group scopes? Group scopes determine where in the Active Directory forest a group is accessible and what objects can be placed into the group. Windows Server 2003 includes three group scopes: global, domain local, and universal.

31

Global groups are used to gather users that have similar permissions requirements. Global groups have the following characteristics: 1. Global groups can contain user and computer accounts only from the domain in which the global group is created. 2. When the domain functional level is set to Windows 2000 native or Windows Server 2003 (i.e., the domain contains only Windows 2000 or 2003 servers), global groups can also contain other global groups from the local domain. 3. Global groups can be assigned permissions or be added to local groups in any domain in a forest. Domain local groups exist on domain controllers and are used to control access to resources located on domain controllers in the local domain (for member servers and workstations, you use local groups on those systems instead). Domain local groups share the following characteristics: 1. Domain local groups can contain users and global groups from any domain in a forest no matter what functional level is enabled. 2. When the domain functional level is set to Windows 2000 native or Windows Server 2003, domain local groups can also contain other domain local groups and universal groups. Universal groups are normally used to assign permissions to related resources in multiple domains. Universal groups share the following characteristics: 1. Universal groups are available only when the forest functional level is set to Windows 2000 native or Windows Server 2003. 2. Universal groups exist outside the boundaries of any particular domain and are managed by Global Catalog servers. 3. Universal groups are used to assign permissions to related resources in multiple domains. 4. Universal groups can contain users, global groups, and other universal groups from any domain in a forest. 5. You can grant permissions for a universal group to any resource in any domain. 55. How many characters does a group name contain? 64

56. Whats the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.

32

57. What is trust relationship and how many types of trust relationship is there in exchange 2003? Since domains represent security boundaries, special mechanisms called trust relationships allow objects in one domain (called the trusted domain) to access resources in another domain (called the trusting domain). Windows Server 2003 supports six types of trust relationships: Parent and child trusts Tree-root trusts External trusts Shortcut trusts Realm trusts Forest trusts 58. What are the different types of trust relationships Implicit Trusts ----- Establish trust relationship automatically. Explicit Trusts ----- We have to build manually trust relationship .NT to Win2k or Forest to Forest Transitive ----- If A B C then A C Non-Transitive ----- If A B C then A is not trusting C One way ----- One side Two way ----- two sides 59. Can we establish trust relationship between two forests In Windows 2000 it is not possible. In Windows 2003 it is possible 60. What is group policy? The Collection of policies known as group policies and its use for control on our network. 61. What are Group Policies? Group Policies are settings that can be applied to Windows computers, users or both. In Windows 2000 there are hundreds of Group Policy settings. Group Policies are usually used to lock down some aspect of a PC. Whether you don't want users to run Windows Update or change their Display Settings, or you want to insure certain applications are installed on computers - all this can be done with Group Policies. Group Policies can be configured either locally or by Domain Polices. Local policies can be accessed by clicking Start, Run and typing gpedit.msc. They can also be accessed by opening the Microsoft Management Console (Start, Run type mmc), and adding the Group Policy snap-in. You must be an Administrator to configure/modify Group Policies. Windows 2000 Group Policies can only be used on Windows 2000 computers or Windows XP computers. They cannot be used on Win9x or WinNT computers.

33

62. Domain policy gets applied to whom? Domain Policies are applied to computers and users who are members of a Domain, and these policies are configured on Domain Controllers. You can access Domain Group Polices by opening Active Directory Sites and Services (these policies apply to the Site level only) or Active Directory Users and Computers (these policies apply to the Domain and/or Organizational Units). 63. From Where to create a Group Policy? To create a Domain Group Policy Object open Active Directory Sites and Services and right click Default-First-Site-Name or another Site name, choose properties, then the Group Policy tab, then click the New button. Give the the GPO a name, then click the Edit button to configure the policies. For Active Directory Users and Computers, it the same process except you right click the Domain or an OU and choose properties. 64. Who can Create/Modify Group Policies? You have to have Administrative privileges to create/modify group policies. The following table shows who can create/modify group policies: Policy Type Allowable Groups/Users Site Level Group Policies: - Enterprise Administrators and/or Domain Administrators in the root domain. The root domain is the first domain created in a tree or forest. The Enterprise Administrators group is found only in the root domain. Domain Level Group Policies:-Enterprise Administrators, Domain Administrators or members of the built-in group - Group Policy Creator Owners. By default only the Administrator user account is a member of this group. OU Level Group Policies: - Enterprise Administrators, Domain Administrators or members of the Group Policy Creator Owners. By default only the Administrator user account is a member of this group. Additionally, at the OU level, users can be delegated control for the OU Group Policies by starting the Delegate Control Wizard (right click the OU and choose Delegate Control).However, the wizard only allows the delegated user to Link already created group policies to the OU. If you want to give the OU administrators control over creating/modifying group policies, add them to the Group Policy Creator Owners group for the domain. Local Group Policies:-The local Administrator user account or members of the local Administrators group.

65. How are Group Policies Applied? Group Polices can be configured locally, at the Site level, the Domain level or at the Organizational Unit (OU) level. Group Policies are applied in a Specific Order, LSDO Local policies first, then Site based policies, then Domain level policies, then OU

34

polices, then nested OU polices (OUs within OUs). Group polices cannot be linked to a specific user or group, only container objects. In order to apply Group Polices to specific users or computers, you add users (or groups) and computers to container objects. Anything in the container object will then get the policies linked to that container. Sites, Domains and OUs are considered container objects. Computer and User Active Directory objects do not have to put in the same container object. For example, Sally the user is an object in Active Directory. Sally's Windows 2000 Pro PC is also an object in Active Directory. Sally the user object can be in one OU, while her computer object can be another OU. It all depends on how you organize your Active Directory structure and what Group Policies you want applied to what objects. User and Computer Policies

There are two nodes in each Group Policy Object that is created. A Computer node and a User Node. They are called Computer Configuration and User Configuration (see image above). The polices configured in the Computer node apply to the computer as a whole. Whoever logs onto that computer will see those policies. Note: Computer policies are also referred to as machine policies. User policies are user specific. They only apply to the user that is logged on. When creating Domain Group Polices you can disable either the Computer node or User

35

node of the Group Policy Object you are creating. By disabling a node that no policies are defined for, you are decreasing the time it takes to apply the polices. To disable the node polices: After creating a Group Policy Object, click that Group Policy Object on the Group Policy tab, then click the Properties button. You will see two check boxes at the bottom of the General tab. It's important to understand that when Group Policies are being applied, all the policies for a node are evaluated first, and then applied. They are not applied one after the other. For example, say Sally the user is a member of the Development OU, and the Security OU. When Sally logs onto her PC the policies set in the User node of the both the Development OU and the Security OU Group Policy Objects are evaluated, as a whole, and then applied to Sally the user. They are not applied Development OU first, and then Security OU (or visa- versa). The same goes for Computer policies. When a computer boots up, all the Computer node polices for that computer are evaluated, then applied. When computers boot up, the Computer policies are applied. When users login, the User policies are applied. When user and computer group policies overlap, the computer policy wins. Note: IPSec and EFS policies are not additive. The last policy applied is the policy the User/computer will have.

When applying multiple Group Policies Objects from any container, Group Policies are applied from bottom to top in the Group Policy Object list. The top Group Policy in the list is the last to be applied. In the above image you can see three Group Policy

36

Objects associated with the Human Resources OU. These polices would be applied No Windows Update first, then No Display Settings, then No Screensaver. If there were any conflicts in the policy settings, the one above it would take precedence. 66. How to disable Group Policy Objects When you are creating a Group Policy Object, the changes happen immediately. There is no "saving" of GPOs. To prevent a partial GPO from being applied, disable the GPO while you are configuring it. To do this, click the Group Policy Object on the Group Policy tab and under the Disable column, double click - a little check will appear. Click the Edit button, make your changes, then double click under the Disable column to re-enable the GPO. Also, if you want to temporarily disable a GPO for troubleshooting reasons, this is the place to do it. You can also click the Options button on the Group Policy tab and select the Disabled check box. 67. When does the group policy Scripts run? Startup scripts are processed at computer boot up and before the user logs in. Shutdown scripts are processed after a user logs off, but before the computer shuts down. Login scripts are processed when the user logs in. Logoff scripts are processed when the user logs off, but before the shutdown script runs. 68. When the group policy gets refreshed/applied? Group Policies can be applied when a computer boots up, and/or when a user logs in. However, policies are also refreshed automatically according to a predefined schedule. This is called Background Refresh. Background refresh for non DCs (PCs and Member Servers) is every 90 mins, with a +/- 30 min.Interval. So the refresh could be 60, 90 or 120 mins. For DCs (Domain Controllers), background refresh is every 5 mins. Also, every 16 hours every PC will request all group policies to be reapplied (user and machine) These settings can be changed under Computer and User Nodes, Administrative Templates, System, Group Policy. 69. Which are the policy which does not get affected by background refresh? Policies not affected by background refresh. These policies are only applied at logon time: Folder Redirection Software Installation Logon, Logoff, Startup, Shutdown Scripts 70. Which are the two types of default policies? There are two default group policy objects that are created when a domain is created. The Default Domain policy and the Default Domain Controllers policy.

37

Default Domain Policy - this GPO can be found under the group policy tab for that domain. It is the first policy listed. The default domain policy is unique in that certain policies can only be applied at the domain level. If you double click this GPO and drill down to Computer Configuration, Windows Settings, Security Settings, Account Policies, you will see three policies listed: Password Policy Account Lockout Policy Kerberos Policy These 3 policies can only be set at the domain level. If you set these policies anywhere else-Site or OU, they are ignored. However, setting these 3 policies at the OU level will have the effect of setting these policies for users who log on locally to their PCs. Login to the domain you get the domain policy, login locally you get the OU policy. If you drill down to Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options, there are 3 policies that are affected by Default Domain Policy: Automatically log off users when logon time expires. Rename Administrator Account - When set at the domain level, it affects the Domain Administrator account only. Rename Guest Account - When set at the domain level, it affects the Domain Guest account only. The Default Domain Policy should be used only for the policies listed above. If you want to create additional domain level policies, you should create additional domain level GPOs.Do not delete the Default Domain Policy. You can disable it, but it is not recommended. Defaults Domain Controllers Policy - This policy can be found by right clicking the Domain Controllers OU, choosing Properties, then the Group Policy tab. This policy affects all Domain Controllers in the domain regardless of where you put the domain controllers. That is, no matter where you put your domain controllers in Active Directory (whatever OU you put them in), they will still process this policy. Use the Default Domain Controllers Policy to set local policies for your domain controllers, e.g. Audit Policies, Event Log settings, who can logon locally and so on. 71. How to refresh Group Policies suing the command line? Secedit.exe is a command line tool that can be used to refresh group policies on a Windows 2000 computer. To use secedit, open a command prompt and type: secedit /refreshpolicy user_policy to refresh the user policies secedit /refreshpolicy machine_policy to refresh the machine (or computer) policies These parameters will only refresh any user or computer policies that have changed since the last refresh. To force a reload of all group policies regardless of the last change, use:

38

secedit /refreshpolicy user_policy /enforce secedit /refreshpolicy machine_policy /enforce Gpupdate.exe is a command line tool that can be used to refresh group policies on a Windows XP computer. It has replaced the secedit command. To use gpupdate, open a command prompt and type: gpupdate /target:user to refresh the user policies gpupdate /target:machine to refresh the machine (or computer) policies gpupdate /force Notice the /force switch applies to both user and computer policies. There is no separation of the two like there is with secedit. 72. What is Domain Policy, Domain controller policy, Local policy and Group policy? Domain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only. 73. Who can create site level Group Policy? Enterprise Admin 74. Who can create Domain lever Group Policy? Domain Admin 75. Who can create Organization Unit lever Group Policy? Domain Admin 76. Who can create Local Group Policy? Local Administrator or Domain Administrator 77. What is the hierarchy of Group Policy? Local policy | Site Policy | Domain Policy | OU Policy | Sub OU Policy (If any are there)

39

78. GPMC & RSOP in windows 2003? GPMC is tool which will be used for managing group policies and will display information like how many policies applied, on which OUs the policies applied, What are the settings enabled in each policy, Who are the users effecting by these polices, who is managing these policies. GPMC will display all the above information. RSoP provides details about all policy settings that are configured by an Administrator, including Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts, and Group Policy Software Installation. When policies are applied on multiple levels (for example, site, domain, domain controller, and organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and their precedence (the order in which policies are applied). 79. What is GPMC tool? The Group Policy Management Console (GPMC) is a tool for managing group policies in Windows Server 2003. It provides administrators a single consolidated environment for working on group policy-related tasks. GPMC provides a single interface with drag-and-drop functionality to allow an administrator to manage group policy settings across multiple sites, domains, or even forests. GPMC is used to back up, restore, import, and copy group policy objects. It also provides a reporting interface on how group policy Objects (GPOs) have been deployed. 80. What are the functional levels we have in Windows 2003? There are 2 types of functional levels in Windows 2003. Forest Functional Level Domain Functional Level 81. What is forest functional level in Windows 2003? The functional level of Active Directory forest that has one or more domain controllers running Windows server 2003. The functional level of a forest can be raised to enable new Active Directory features that will apply to every domain controller in the forest. There are 3 forest functional level. Windows 2000 (Supports NT, 2000, 2003 domain controllers) Windows server 2003 interim (supports only NT, 2003 domain controllers) Windows server 2003 (Supports only 2003 family domain controllers) Note: When you raise the functional level to windows server 2003 interim or windows server 2003 you will get advanced forest wide Active Directory features. 82. What is domain functional level in Windows 2003? The functional level of Active Directory domain that has one or more domain controllers running Windows server 2003. The functional level of a domain can be

40

raised to enable new Active Directory features that will apply to that domain only. There are 4 domain functional level. Windows 2000 mixed (supports NT, 2000, 2003 domain controllers) Windows 2000 native (supports 2000, 2003 domain controllers only) Windows server 2003 interim (supports NT, 2003 domain controllers only) Windows server 2003 (Supports only 2003 domain controllers)

Note: When you raise the domain functional level you will get additional features. Note: By default domain operates at the Windows 2000 mixed mode functional level. 83. How to raise forest functional level in Windows 2003? Start Programs Administrative toolsActive Directory Domains and Trusts Right click on the Active Directory Domains and Trusts Select Raise Forest functional level Select the required forest functional level click OK Note: To perform this you must be member of Domain Admin group (in the forest root domain) or the Enterprise admin group. 84. How to raise domain functional level in Windows 2003? Start Programs Administrative tools Active Directory Users and computes Right click on the domain name Select Raise domain functional level Select the appropriate domain level click OK Note: If the functional level is windows server 2003 then you will get all the features that are available with 2003. When Windows NT or Windows 2000 domain controllers are included in your domain or forest with domain controller running Windows server 2003, Active Directory features are limited. Note: Once if you raise the domain or forest functional level you cannot revert back. 85. Advantages of different functional levels? Whenever you are in Windows 2000 mixed mode the advantage is you can use Windows NT, 2000, 2003 domain controllers. The limitations are you cannot create universal groups You cannot nest groups You cannot convert groups (i.e., conversion between security groups and distribution groups) some additional dial in features will be disabled You cannot rename the domain controller. SID history disabled. 86. What is replication? Replication is a process through which the changes made to a replica on one domain controller are synchronized to replicas on all the other domain controllers in the network. Each domain controller stores three types of replicas:

41

Schema partition: This partition stores definitions and attributes of objects that can be created in the forest. The changes made in this partition are replicated to all the domain controllers in all the domains in the forest. Configuration partition: This partition stores the logical structure of the forest deployment. It includes the domain structure and the replication topology. The changes made in this partition are replicated to all the domain controllers in all the domains in the forest. Domain partition: This partition stores all the objects in a domain. Changes made in this partition are replicated to all the domain controllers within the domain. Note: Windows Server 2003 supports a new type of directory partition named Application directory partition. This partition is available only to Windows 2003 domain controllers. The applications and services use this partition to store application-specific data. 87. How to monitor replication We can user Replmon tool from support tools 88. What is multimaster replication? Active Directory follows the multimaster replication which every replica of the Active Directory partition held on every domain is considered an equal master. Updates can be made to objects on any domain controller, and those updates are then replicated to other domain controllers. 89. What is clustering? A cluster is a group of two or more computers (servers) connected to provide fault tolerance and load balancing. It is dedicated to run a specific application. Each server in a cluster is known as a node. The failover and failback capabilities of a cluster bring the application downtime to zero. Note: Server clustering is intended to provide high availability for applications and not for data. 90. What is Clustering? Briefly define & explain it? Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs, which can only available in Enterprise Edition and Data center edition. In Windows we can configure two types of clusters NLB (network load balancing) cluster for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or proxy. Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In 2 node active-passive cluster one node will be active and one node will be stand by. When active server fails the application will FAILOVER to

42

stand by server automatically. When the original server backs we need to FAILBACK the application Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is very important if Quorum disk fails entire cluster will fails Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster. 91. What is the difference between Authoritative and Non-Authoritative restoration? Although you might have several domain controllers (DCs) providing fault tolerance for your domain, you still need to perform regular backups. Windows backs up AD as part of the System State and restores the directory by booting a DC into the Directory Services restore mode. The default Directory Services restore mode is a non-authoritative restoration. In this mode, Windows restores a DC's directory from the backup. Then, the DC receives from its replication partners new information that's been processed since the backup. For example, let's say we restore a DC using a 2-day-old backup. After the DC starts, its replication partners send all updates that have occurred in the past 2 days. This type of restore is typically used if a DC fails for hardware or software reasons. An authoritative restoration restores the DC's directory to the state it was in when the backup was made, then overwrites all other DCs to match the restored DC, thereby removing any changes made since the backup. You don't have to perform an authoritative restoration of the entire directory--you can choose to make only certain objects authoritative. When you restore only parts of the directory, Windows updates the rest of the restored database by using information from the other DCs to bring the directory up-to-date, then replicates the objects that you mark as authoritative to the other DCs. This type of restore is most useful if you deleted, for example, an organizational unit (OU). In this case, you could restore an AD backup to a DC, mark the OU as authoritative, and then start the DCs normally. Because you marked the OU as authoritative, Windows will ignore the fact that the OU was previously deleted, replicate the OU to the other DCs, and apply all other changes made since the backup to the restored DC from its replication partners. 92. What is DFS & its usage DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically. There are two types of DFS domain DFS and Stand alone DFS. We cannot provide redundancy for standalone DFS in case of failure. Domain DFS is used in a domain environment which can be accessed by /domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name). Both the cases we need to create DFS root (Which appears like a shared folder for end users) and DFS

43

links ( A logical link which is pointing to the server where the folder is physically shared) The maximum number of Dfs roots per server is 1. The maximum numbers of Dfs root replicas are 31. The maximum number of Dfs roots per domain is unlimited. The maximum number of Dfs links or shared folders in a Dfs root is 1,000

93. What is REPLMON? Replmon displays information about Active Directory Replication. 94. What is ADSIEDIT? ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSCNETDOM. 95. What is NETDOM? NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels. 96. What is REPADMIN? This command-line tool assists administrators in diagnosing replication problems Between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors. 97. What is nesting? The creation of an OU inside another OU. IMP: - once you go beyond about 12 OUs deep in a nesting structure, you start running into significant performance issues. 98. What is volume shadow copy? The Windows Backup provides a feature of taking a backup of files that are opened by a user or system. This feature is known as volume shadow copy. Volume shadow copy makes a duplicate copy of all files at the start of the backup process. In this way, files that have changed during the backup process are copied correctly. Volume shadow copy ensures the following: Applications continue to write data to the volume during a backup

44

Backups are scheduled at any time without locking out users. 99. What is Performance Monitor? Performance Monitor is used to get statistical information about the hardware and software components of a server. Performance Monitor is used for the following: Monitor objects on multiple computers. Log data pertaining to objects on multiple computers, over time. Analyze the effects of changes made to a computer. Launch programs and send notifications when thresholds are reached. Export data for analysis in spreadsheet or database applications. Save counter and object settings for repeated use. Create reports for use in analyzing performance, over time.

100. What is System Monitor? System Monitor is a Windows graphical tool for measuring the performance of a host or remote computer. It is used to view reports on CPU load, memory usage, and interrupt rate, and the overall throughput of the traffic on a network. Using System Monitor, administrators can perform the following functions: Create charts and reports to measure a computer's efficiency. Identify and troubleshoot possible issues, such as unbalanced resource use, insufficient hardware, or poor program design. Plan for additional hardware needs. System Monitor can also be used to monitor the resource use of specific components and program processes. 101. What is Active Directory Migration Tool (ADMT) ? The Active Directory Migration Tool (ADMT) is used to migrate from an earlier implementation of Windows NT to Windows Server 2003 or Windows 2000 Server. ADMT supports not only migration from Windows NT 4.0 to Active Directory but also interforest and intraforest migrations. ADMT is designed to migrate an Active Directory Schema from one forest to another, regardless of whether a change in operating systems is involved. ADMT 2.0 has many new features such as a command-line interface and a better interface to work with Microsoft Exchange Server. ADMT also supports a useraccount password migration. 102. What is DSMOD? DSMOD is a command-line utility that is used to modify existing objects, such as users, computers, groups, servers, OUs etc., in Active Directory. 103. What is NTDSUTIL utility?

45

NTDSUTIL.EXE is a command-line tool that is used to manage Active Directory. This utility is used to perform the following tasks: Performing database maintenance of Active Directory. Managing and controlling operations master roles. Removing metadata left behind by domain controllers. Note: The NTDSUTIL utility is supposed to be used by experienced administrators. 104. What is DCDIAG tool? AD Troubleshooting tool. Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze the domain controllers in a forest to report problems or issues. The scope of this tool covers the functions of the domain controllers and interactions across an entire enterprise. The DCDIAG tool is used to diagnose the domain controller status for the following issues: Connectivity Replication Integrity of topology Permissions on directory partition heads Permissions of users Functionality of the domain controller locator Consistency among domain controllers in the site Verification of trusts Diagnosis of replication latencies Replication of trust objects Verification of File Replication service Verification of critical services

Note: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes. Although this tool allows specific tests to be run individually, it is not intended as a general toolbox of commands for performing specific tasks. 105. Integration of DNS and Active Directory The integration of DNS and Active Directory is essential because a client computer in a Windows 2000 network must be able to locate a domain controller so that users can log on to a domain or use the services that Active Directory provides. Clients locate domain controllers and services by using A resource records and SRV records. The A resource record contains the FQDN and IP address for the domain controller. The SRV record contains the FQDN of the domain controller and the name of the service that the domain controller provides.

106. How will take backup of Active Directory? Take the system state data backup. This will back up the active directory

46

Database. Microsoft recommend only Full backup of system state database What are the content of System State backup? The contents are Boot files, system files Active directory (if its done on DC) Sysvol folder (if it done on DC) Cerficate service (on a CA server) Cluster database (on a clsture server) Registry Performance couter configuration information Coponet services class registration database 107. What is WSUS? It is Microsoft Software Update Server, and it is designed to automate the process of distributing Windows operating system patches. It works by controlling the Automatic Updates applet already present on all Windows machines. Instead of many machines at UVA all going to Microsoft's website to download updates, the SUS server downloads all updates to an ITCowned server and workstations then look there for updates. 108. What is the Minimum Free Disk Space required? Minimum of 6 GB free disk space is recommended to store the WSUS content. 109. How WSUS Works? WSUS is an update component of Windows Server and offers an effective and quick way to help keep systems up-to-date. WSUS provides a management infrastructure consisting of the following: Microsoft Update: The Microsoft Web site to which WSUS components connect for updates of Microsoft products. Windows Server Update Services server: The server component that is installed on a computer running a Microsoft Windows 2000 Server with Service Pack 4 (SP4) or Windows Server 2003 operating system inside the corporate firewall. WSUS server provides the features that administrators need to manage and distribute updates through a Web-based tool, which can be accessed from Internet Explorer on any Windows computer in the corporate network. In addition, a WSUS server can be the update source for other WSUS servers. Automatic Updates: The client computer component built into Microsoft Windows Server 2003, Windows XP, and Windows 2000 with SP3 operating systems. Automatic Updates enables both server and client computers to receive updates from Microsoft Update or from a server running WSUS. 110. Difference between NT & 2000

47

Windows NT SAM database is a flat database. And windows 2000 active directory database is a hierarchical database. In Windows NT only PDC is having writable copy of SAM database but the BDC is only having read only database. In case of Windows 2000 both DC and ADC is having write copy of the database. Windows NT will not support FAT32 file system. Windows 2000 supports FAT32. Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default authentication protocol is Kerberos V5. Features introduced in windows 2000, those are not in Windows NT. NTFS v5 supports Disk quotas. Remote Installation Service Built in VPN & NAT support IPv6 supports. USB support. Distributed File System. Clustering support. ICS (Internet Connection Sharing) 111. Difference between PDC & BDC PDC contains a write copy of SAM database where as BDC contains read only copy of SAM database. It is not possible to reset a password without PDC in Windows NT. But both can participate in the user authentication. If PDC fails, we have to manually promote BDC to PDC from server manger. 112. Difference between DC & ADC. There is no difference between in DC and ADC both contains write copy of AD. Both can also handles FSMO roles (If transfers from DC to ADC). Functionality wise there is no difference. ADC just require for load balancing & redundancy. If two physical sites are segregated with WAN link come under same domain, better to keep one ADC in other site, and act as a main domain controller for that site. This will reduce the WAN traffic and also user authentication performance will increase. 113. What is the difference between Win2k Server and Win2k3? 1. We cant rename domain in Win2k,u can rename in Win2k3 2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3 3. No Volume Shadow Copying in Win2k, its available in Win2k3 4. Active Directory Federation Systems in Win2k3 Like that some other security features added in Win2k3, main features are above.
114. Difference between 98 and XP-

In XP high resolution, support NTFS file system, secure OS, plug and play facility for USB, Fax support, inbuilt graphics drivers, faster than 98, XP can support 2 processors, new version of Internet explorer.

48 115. Advantages of 2003

Domain rename, domain controller rename, multiuser property select, admin account deletetion, default APIPA, shadow copy, IIS version 6, security purpose, password complexity
116. How to load Admin Pack?

In windows 2000 CD (Only server family), Click on i386 folder Click on adminpak.msi Or Go to command prompt (in server operating system only) Go to winnt/system32 directory type adminpak.msi or type Msiexec /i adminpak.msi Note: Adminpak.msi is not included in the professional CD. If you want to load the administrative tools in the local computer you can load. But youmust have administrative permissions for the local computer to install and run Windows 2000 Administration Tools.

49

DNS Interview Questions:1. What are the basic requirements (Hardware/Software) to implement the

Windows DNS server? Server Hardware Requirements: Microsoft's suggested minimum hardware requirements (and some Microsoft recommendations) for Windows Server 2003 (Standard) is listed here: CPU speed: 133MHz (550MHz recommended) RAM: 128MB (256MB recommended; 4GB maximum on Standard Server) Disk space for setup: 1.5GB CD-ROM drive: 12X Monitor: Super VGA capable of providing 800 x 600 resolution
2. DNS requirements:

First and foremost has to support SRV records (SRV record identifies a particular service in a particular computer) (in windows 2000 we use SRV records to identify Domain controllers, identifying Global Catalogue, etc. Second and third are not requirements but recommended. Second is Dynamic Updates Third one is IXFR (Incremental Zone Transfer) Note: Most DNS servers support AXFR (i.e., Entire zone transfer) In incremental we transfer only changes, but in AXFR we transfer whole.
3. How to Install the DNS Service on an Existing Server

1.Click Start, point to Control Panel, and then click Add or Remove Programs. 2.Click Add or Remove Windows Components. 3. In the Components list, click Networking Services (but do not select or clear the check box), and then click Details. 4. Click to select the Domain Name System (DNS) check box, and then click OK. 5. Click Next. 6. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's CD-ROM drive or DVD-ROM drive. 7. On the Completing the Windows Components Wizard page, click Finish when Setup is complete. 8. Click Close to close the Add or Remove Programs window.
4. What is DNS?

DNS used for the name resolution its mainly used to resolve from name to IP address and IP address to name, mainly used in internet. DNS divide in form of hierarchical.

50

Two categories ZoneForward lookup zone- Resolved query name to IP address. Reverse lookup zone- Resolved query IP address to name. 5. What is DNS Zone? Types of DNS zones & Explain?

A zone is simply a contiguous section of the DNS namespace. Records for a zone are stored and managed together. Often, sub-domains are split into several zones to make manageability easier. For example, support.microsoft.com and msdn.microsoft.com are separate zones, where support and msdn are sub-domains within the Microsoft.com domain. Primary Zone: Primary zones are created on the primary DNS servers. It is a read /write copy. Secondary Zone: There are created on the second DNS server where it holds a read only copy of the zone. Secondary zones provide fall tolerance and load balancing to the primary zone. Secondary zone is a back up for primary zone AD integrated zones: These are useful when we want to maintain zone information in the AD . zone is saved in the AD as a result when we back up AD we are also backing up zone information. If it is a primary zone, zone is saved as a normal text file as a result we have to back p the zone separately, AD integrated zone is created when we install AD with a domain name. Stub zone: Stub zone is a newly added feature in WIN 2003 stub zone contains name server information or name server records and SOA records (Start of Authority) Stub zones provide fault tolerance & load balancing besides providing the name server & SOA record information. Stub zones are useful for resolving the query faster.
6. Why Use Stub Zones?

The idea behind stub zones is to speed up name resolution and reduce network traffic. This is a benefit for every network where you are able to use them.
7. DNS resource records, explain?

DNS zone database is made up of a collection of resource records. Each resource record specifies information about a particular object. For example, address mapping (A) records maps a host name to an IP address, and reverse-lookup pointer (PTR) records map an IP address to a host name. The server uses these records to

51

answer queries for hosts in its zone. For more information, use the table to view DNS resource records. NS (NS Record): Name server resource record specifies the authoritative DNS server for the particular zone. SOA (Start of Authority): This resource record specifies the DNS server providing authoritative information about the zone. A (Allias): Standard hostname resource record contains hostname to IP Address mapping. CNAME: This resource record allows you to use more than one name to point a single host. MX (Mail Exchanger): This resource record is used by e-mail applications to locate a mail server within a zone. PTR (Pointer): Used to map IP address to their associated hostnames. These records are only used in reverse lookup zones. SRV: This resource records is used to specify the location of specific services in a domain.

52 8. What is FQDN (Fully Qualified Domain Name)?

Hostname.Domain.com Give an Example for FQDN? For example, the fully qualified domain name (FQDN) barney.northwind.microsoft.com can be broken down as follows: Host name: barney Third-level domain: north wind (stands for North wind Traders Ltd., a fictitious Microsoft subsidiary) Second-level domain: Microsoft (Microsoft Corporation) Top-level domain: com (commercial domain) The root domain has a null label and is not expressed in the FQDN
9. What is a Host name?

An alias given to a computer on TCP/IP network to identify it on the network. Host names are friendlier way to TCP/IP hosts than IP address. A host name can contain A-Z, 0-9, ., -, characters.
10. What is name Resolution?

The process of translating the name into some object or information that the name represents is called name resolution. A telephone book forms a namespace in which the names of telephone subscribers can be resolved to the phone numbers.
11. Where to create the primary, secondary, Active Directory Integrated zones?

If you want to create an Active Directory integrated zone, the server must be Domain Controller. If you want to create the Primary DNS, you can create on Domain Controller or Member server. But if create on member you could not get 4 options under the domain which are meant for Active directory. You can create Secondary zone on a Member Server or on a Domain Controller. There is no difference between them.
12. What are the features of Widows 2000 DNS?

Supports SRV (service) records Supports Dynamic Updates Supports IXFR (Incremental Zone Transfer) Supports security Explain each one of the above? In windows 2000 Domain you need to have a DNS server to find different services. The SRV records identify these services. When you enable the Dynamic updates, all the records in the zone are automatically created. As we add a computer to the domain, as we add a Domain

53

controller to the domain the corresponding records are automatically created. I.e., you need to create a record in the DNS zone manually to identify those computers or services. When an update is made in the Master it has to be replicated to the Secondary. Previous we used to transfer the entire zone (which is called AXFR (entire zone transfer)). But with Windows 2000 domain we transfer on the records that have been modified. This is called IXFR (Incremental Zone Transfer). We get the security with Active Directory Integrated zone. We can set permission on Active Directory like who can use and who can't use the DNS. And also we have Secure Dynamic updates with Active Directory Integrated zone. By this only specified computers only can dynamically update the records in the zone.
13. What are the commands do we use for DNS?

Nslookup (and all interactive mode commands) Ipconfig /fulshdns Ipconfig /registerdns Note: A best strategy of using DNS in corporate network is use two DNS servers. One is on internal network and another one is between two firewalls. For more security keep the zone as secondary in the DNS server which is between firewalls.
14. What is the difference between Primary zone and Secondary zone?

Primary zone has read and write permissions, where as Secondary zone has read only permission. Note: Secondary zone is used for Backup and Load balancing.
15. How to check whether DNS is working or not?

Type the command nslookup at command prompt Then it gives the DNS server name and its IP address
16. What is Dynamic Updates in DNS?

Generally we need to create a host record for newly joined computer (either client or Member server or Domain controller). If you enable dynamic Update option, then DNS it self creates associated host record for newly joined computers.
17. How to get Dynamic Update option?

Right Click on any zone properties on General tab u will get Allow Dynamic Updates? [_Yes/No/Secure Updates] Note: Put always Dynamic Updates YES Note: If it is Active Directory Integrated zone you will get above three options. But if it is Primary or Secondary zone you will get only YES/NO (You wont get secure updates)
18. What is an iterative query?The query that has been sent to the DNS server from a

Client is called iterative query.

54

(i. e., iterative query is nothing but give the answer for my question, dont ask to contact that person or this person or dont say some thing else. Simply just answer to my question. Thats all)
19. What is Recursive query?

Now your DNS server requests the root level DNS server for specific IP address. Now DNS server says that I dont know but I can give the address other person who can help you in finding IP address.
20. How to configure the DNS?

Open the DNS Console Then you will find there DNS Server nameForward Lookup Zone Reverse Lookup Zone Note: If you have selected create automatically zones during the setup, then it creates the root zone and domain zone under forward lookup zone. If no zones are there under forward lookup zone first create root zone then create domain zone.
21. How to create a zone?

Right click on forward lookup zonenew zone Active Directory Integrated Primary Secondary Select any one of above. Note: The option Active Directory Integrated Zone is available on when you have installed the Active Directory; if you have not installed Active Directory the option is disabled. Note: If you want to select a Secondary zone u should have already a primary zone or Active Directory Integrated zone. DNS Name [____________________] Give the DNS name Note: If you r creating a root zone then just type in the name box . (only dot) Then click Next Finish. After creating the root zone then create another zone with Domain Name Right click on Forward Lookup zone New zoneActive Directory Integrated (you can choose any one)DNS Name [___]Next Finish. Creation of zone in Reverse lookup zone Right Click on Reverse lookup zonNew zoneType Network IdNext Name Finish.

55

After this Right Click on zone select Create associate Ptr (pointer) record Next finish.
22. What tabs are there on properties of Domain?

General Start of Authority (SOA) Named servers WINS Zone transfers


23. What tabs are there on properties of sever?

Interface Forwarders Advanced Root hints Logging Monitoring


24. Is there any possibility to have two Primary DNS zones?

No, you should not have two primary DNS zones. Why because if u have two primary DNS zones some clients contacts first one, some clients contacts second one according to their configuration in TCP/IP properties. Then you will get problems. Actually Primary DNS zone means Single master. i.e., master is only one that is only one primary DNS zone. But you can have as many as Secondary zones. To overcome from above problem (i.e., single master problem) in Windows 2000 we have Active Directory Integrated zones, which are multi masters.
25. How to create a Secondary DNS zone?

To create a secondary zone you should have Primary DNS zone or Active Directory Integrated DNS zone. You have to follow the same procedure as same as primary DNS configuration. But at the time selection, select Secondary zone instead of primary zone. After that it asks the primary DNS zone address provide that address. Create forward lookup zone and reverse lookup zone as usual. Then, Right click on forward lookup zone New zone Active Directory Integrated Primary Secondary Select Secondary zone (Note:-The option Active Directory Integrated Zone is available on when you have installed the Active Directory; if you have not installed Active Directory the option is

56

disabled.) Then it asks for Primary DNS zone details, provide those details then click on finish. Now go to Primary or Active Directory integrated zone then right click on zone name properties click on zone transfer Tab Select allow zone Transfers Here you can see three options. To any server Only to servers listed on the Name servers tab Only to the following servers Select anyone and give the details of secondary zone (only in case of second and third option). Click on apply, then OK. Note: In zone transfers tab you can find another option Notify, this is to automatically notify secondary severs when the zone changes. Here also you can select appropriate options. Note: In secondary zone you cannot modify any information. Every one has read only permission. Whenever Primary DNS is in down click on change tab on general tab of properties, to change as primary, then it acts as primary, there you can write permission also.
26. What is the default time setting in primary zone to refresh, Retry, Expire

intervals for secondary zone? The default settings are To Refresh interval 10 minutes To Retry interval, 15 minutes To Expire after 1 day
27. Suppose the Secondary zone is Expired then, how to solve the problem?

First go to primary zone check primary zone is working or not. IF primary zone is working then go to secondary zone, Right click on zone name select the Transfer from Master then it automatically contacts the primary DNS, if any updates are there then it takes the updates from the Primary.
28. How to know whether the recent changes in Primary are updated to

secondary zone or not? Compare the Serial Number on Start of Authority tab in both secondary on primary DNS zone properties. If both are same then recent updates are made to secondary zone. If not (i.e., secondary is less then primary) click on Transfer from Master

57

How to change form Primary to Secondary or Secondary to primary or Active directory integrated to secondary or primary like that (simply one type of zone to another type of zone)? Go to the properties of the zone click on general tab, there you can find the option called Change click on it then select appropriate option. Then click on OK.
29. How to pause the zone?

Go to properties of a zone click on General tab click on Pause button.


30. How does DNS server know the root domain server addresses?

Every DNS server that has installed on Internet has pre configured with root DNS server addresses. Every single server can get to the root. So that only every DNS server on the Internet first contacts root DNS servers for name resolution.
31. Where can you find the address of root servers in the DNS server?

Open the DNS console Right click on the domain name drag down to properties click on Root hints. Here you can find different root server addresses. Note: When you install DNS service in a 2000 server operating system (still you have not configured anything on DNS server), then it starts its functionality as caching only DNS server.
32. What is a forwarder?

(Open DNS console Right click on Domain name Click on forwarder tab) A forwarder is server, which has more access than the present DNS server. May be our present DNS server is located in internal network and it cannot resolve the Internet names. May be it is behind a firewall or may it is using a proxy server or NAT server to get to the Internet. Then this server forwards the query to another DNS server that can resolve the Internet names.
33. What is DNS & WINS ?

DNS is a Domain Naming System/Server, use for resolve the Host names to IP addresses and also do the IP address to host name. It uses fully qualified domain names. DNS is a Internet standard used to resolve host names. Support up to 256 characters. WINS is a Windows Internet Name Service, which resolves Netbios names to IP Address and also resolve the IP address to Netbios names. This is proprietary of Microsoft and meant for windows only. Support up to 15 characters.
34. What is TTL & how to set TTL time in DNS?

TTL is Time to live setting used for the amount of time that the record should remain in cache when name resolution happened. We can set TTL in SOA (start of authority record) of DNS.

58 35. What is DNS namespace?

DNS namespace is the hierarchical structure of the domain name tree. It is defined such that the names of all similar components must be similarly structured, but similarly identifiable. The full DNS name must point to a particular address. Consider the following image of DNS namespace of the Internet:

The salessrv1 and salessrv2 are host names of the hosts configured in the sales.ucertify.com domain. The fully qualified domain name (FQDN) of the host salessrv1 is salessrv1.sales.ucertify.com. No two hosts can have the same FQDN.
36. NSLOOKUP:

NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This utility is installed along with the TCP/IP protocol through the Control Panel.
37. How do I clear the DNS cache on the DNS server?

To clear DNS Cache do the following: 1. Start 2. Run 3. Type "cmd" and press enter 4. In the command window type "ipconfig /flushdns" 5. If done correctly it should say "Successfully flushed the DNS Resolver Cache."
38. How DNS Works?

DNS uses a client/server model in which the DNS server maintains a static database of domain names mapped to IP addresses. The DNS client, known as the resolver, performs queries against the DNS servers. The bottom line? DNS resolves domain names to IP address using these steps

59

Step 1: A client (or resolver) passes its request to its local name server. For example, the URL term www.idgbooks.com typed into Internet Explorer is passed to the DNS server identified in the client TCP/IP configuration. This DNS server is known as the local name server. Step 2: If, as often happens, the local name server is unable to resolve the request, other name servers are queried so that the resolver may be satisfied. Step 3: If all else fails, the request is passed to more and more, higher-level name servers until the query resolution process starts with far-right term (for instance, com) or at the top of the DNS tree with root name servers Below is the Steps explained with the help of a chart. How DNS works

60 39. DNS with Active Directory?

Active Directory uses the same hierarchal naming convention as DNS. Because of this, the client computer uses DNS servers to locate Active Directory domain controllers and other Active Directory resources on the network. Without DNS, Active Directory couldnt function, because client computers wouldnt be able to locate these domain controllers and resources. Bottom line is, Active Directory is dependent on DNS. Active Directory cant be implemented until the DNS server service is installed.
40. What is Host File?

The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site. We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation.
41. What is LM Host File?

A text file in a windows network that provides name resolution of NetBIOS host names to IP addresses. The LMHOSTS files were the Windows counterpart to the HOSTS files in UNIX, but have long since given way to the WINS naming system. LM stands for "LAN Manager," the name of Microsoft's earlier network operating system (NOS).
42. How many SOA record does each zone contain?

Each zone will have one SOA record. This records contains many miscellaneous settings for the zone, such as who is responsible for the zone, refresh interval settings, TTL (Time To Live) settings, and a serial number (incremented with every update).
43. Short summary of the records in DNS.

The NS records are used to point to additional DNS servers. The PTR record is used for reverse lookups (IP to name). CNAME records are used to give a host multiple names. MX records are used when configuring a domain for email.
44. Can I use an A record instead of an MX record?

> I have a single machine running DNS mail and web for a domain > and I'm not sure that I have DNS setup properly. If the machine > that is running the mail is the name of the domain does there need > to be an MX record for mail?

61

Technically, no. Nearly all mailers will look up A records for a domain name in a mail destination if no MX records exist. > If an MX record is not needed, how would you put in an MX > record for a backup mailserver. You can't. If you want to use a backup mailer, you need to use MX records. > www cname 192.168.0.1 > mail cname 192.168.0.1 > pop cname 192.168.0.1 > smtp cname 192.168.0.128 These CNAME records are all incorrect. CNAME records create an alias from one domain name to another, so the field after "CNAME" must contain a domain name, not an IP address. For example: www CNAME foo.example.
45. What are a zone's NS records used for?

> Could you elaborate a little bit on why do we need to put NS records for > the zone we are authoritative for ? > The parent name server handles these already. Is there any problem if our > own NS records have lower TTLs than the records from parent name server ? That's a good question. The NS records from your zone data file are used for several things: - Your name servers returns them in responses to queries, in the authority section of the DNS message. Moreover, the set of NS records that comes directly from your name server supersedes the set that a querier gets from your parent zone's name servers, so if the two sets are different, yours "wins." - Your name servers use the NS records to determine where to send NOTIFY messages. - Dynamic updaters determine where to send updates using the NS records, which they often get from the authoritative name servers.
46. What's the largest number I can use in an MX record?

> Could you tell us the highest possible number we can use for the MX > preference ? Preference is an unsigned, 16-bit number, so the largest number you can use is 65535.

62 47. Trouble Shooting Of DNS

(1) C:\> NS Lookup (2) IP Config / Flush DNS (3) IP Config / Registeredes (4) IP Config / Display DNS (5) IP Config / Clear Cache
48. DNS Suffix

For DNS, a character string that represents a domin name. The DNS Suffix shows where a host is located relative to the dns root, specifying a host location in the DNS hierarchy.Usually,the DNS Suffix describes the latter portion of a DNS name, following one or more of the first labels of a DNS name.

63

DHCP Interview Questions:-

1. What is DHCP? DHCP provide IP address dynamically to client machine, when client machine not found DHCP server then it get APIPA (automatic private IP address). 2. Advantages of DHCP ? DHCP capability it build with windows server 2003 so it dont cost extra Once we entered IP address configuration in one place on DHCP server it automatically assigned to DHCP client. Configuration problem automatically minimum.

3. IP leasing process:
1.DHCP discover: The client machine when turned ON broad casts the network id, broad castes id, MAC address on Network for discovering DHCP server. 2.Offer: The DHCP server listening to the request made by the client offers a pool of IP addresses to the client machine. 3.Selection: The client machine on receiving the pool of IP address selects an IP and requests the DHCP server to offer that IP. 4.Acknowledgement: The DHCP sends a conformation about the allotment of the IP assigned to the client as an acknowledgement. 5. IP lease: If the client machine is not restarted for 8 days, exactly after 4days the client machine requests the DHCP server to extend the IP lease duration, on listening to this the DHCP server adds 8 more days for existing 4 days =12 days If the client machine is restarted again the DHCP lease process takes place and again the client gets an IP for 8 days. 4. DHCP requirements: Domain Controller or member server Static IP Active Directory DNS (if it is win 2003)

64

5. DHCP Installation steps:


Installing DHCP server (insert 2003 server CD) On DC Start setting control panel add\remove programs add \remove windows Components Select n/w services click on details Select DHCP server ok next Authorization: When we have multiple DHCP servers we can designate one of the DHCP servers as an authorized DHCP server. Authorizing DHCP server: On DC Start Programsadmin tools DHCP right click on the server Click authorize Refresh

6. How to open DHCP?


StartProgramsAdministrative ToolsDHCP Or StartRundhcpmgmt.msc

7. Scope:
Scope is a range of IP addresses from which the DHCP server assigns IPs to the clients. 8. Difference between Scope and Super ScopeScope in DHCP where you can specify range of IP address which will lease to DHCP client Super Scope is the combination of multiple scope.

9. Creating a Scope: Open DHCP Server Right click on server New scope scope name Specify the range next Specify if we want any exclusion Lease duration Next DHCP options Router next specify the domain name Server name client on resolve add next WINS server next yes I want next finish Configuring a client machine to obtain IP from DHCP server By default all the clients configured as obtain IP automatically On client machine

65

Right click on my n/w places Properties LAN properties TCP/IP double click Ensure that obtain an IP address automatically is selected. Releasing an existing IP: (give up an IP) Start runcmdipconfig /release Obtaining a new IP Start runcmdipconfig /renew Super Scopes: Group of scopes is called as super scope. Note: when we have multiple scopes only one scope can be active in order to enable all the scopes we have to merge all the scopes with super scope. Creating super scope: Requires multiple scopes Create 2 scopes. Right click on server Say new super scope Specify the super scope name Select 2 scopes by holding ctrl key Next finish Address Pool: gives the range of IP addresses we have specified. Address leases: Specifies the client (names) and the IP addresses assigned Reservations: useful when we want to dedicate a particular IP to a particular system. Ex: managerial systems, important clients. 10. Backing up DHCP: Open DHCP - right click on DHCP select backup Select location where we want to save ok. 11. Restoring DHCP server: Uninstall DHCP server Install DHCP server Open DHCP Right click on it Click on restore specify the backed up path We should notice our previous scopes.

66 12. What is DHCP relay agent? If you have two or more subnet you need to configure more DHCP server, in each subnet instead of place DHCP server, we can configure DHCP relay agent whenever you want. 13. Who can authorize DHCP server in the entire domain?

An Enterprise administrator can only authorize DHCP server. No other person in the domain can authorize the DHCP server. Even if u r Administrator without enterprise administrator privileges you cant authorize the DHCP server. Note: If it is not authorized a red symbol (down red arrow) will appear, if u authorize it then a green up arrow will appear. 14. How to authorize the DHCP server? Login with Enterprise administrator privileges. Right Click on Servername.Domainname.com Click on Authorize Then it will be authorized (Indication is you will get green up arrow) Now you have to create scope. Note: A scope is range of IP addresses that you want to allocate to the clients.
15. What is the default lease duration, minimum lease duration and maximum lease duration?

By default any system will get 8 lease days to use IP address. Note: You can increase or decrease the Lease duration, You have assign at least minimum duration of 1 second and you can assign Maximum duration of 999 days 23 hours 59 minutes. Note: If you havent log on for 50% of the duration continuously the IP address will be released. Click Next Now you will get a Window asking whether you want to configure the options (DNS, WINS, and Router etc.) You can configure the options now itself or you can authorize after completion of this. Select any one then click Next. Click Finish. Note: If u have selected NO in the above window you can configure above things anytime like below.
16. What are the commands used for DHCP?

Ipconfig Ipconfig /all Ipconfig /release Ipconfig /renew

67 17. What is the process of assigning IP address by DHCP service?

There are four stages in assigning IP address to a host by DHCP server. 1) DHCP discover 2) DHCP offer 3) DHCP request 4) DHCP Acknowledge DHCP Discover: Whenever client has to obtain an IP address from a DHCP server it will broadcast a message called DHCP discover , which contains destination address 255.255.255.255 and source IP address as 0.0.0.0 and its MAC address. DHCP offer: The DHCP server on the network will respond to DHCP discover by sending a DHCP offer message to the client requesting an IP address. DHCP request: The client after receiving offer message will send a DHCP request message asking the DHCP server to confirm the IP address it has offered to it through DHCP offer message. DHCP Acknowledge: DHCP server will respond to the DHCP request message by sending acknowledge message through which it confirms the IP address to other machine. Note: You can also enable DHCP in work group for dynamic allocation of IP addresses. Configure the server operating system in work group as a DHCP then go for client in TCP/IP properties select obtain IP address automatically. Then the client gets IP address from the DHCP server. Note: You need not to configure DNS or anything.
18. What is APIPA ?

On occasion, a network PC boots up and finds that the DHCP server is not available. When this happens, the PC continues to poll for a DHCP server using different wait periods. The Automatic Private IP Addressing (APIPA) service allows the DHCP client to automatically configure itself until the DHCP server is available and the client can be configured to the network. APIPA allows the DHCP client to assign itself an IP address in the range of 169.254.0.1 to 169.254.254.254 and a Class B subnet mask of 255.255.0.0. The address range that is used by APIPA is a Class B address that Microsoft has set aside for this purpose.
19. If DHCP is not available what happens to the client?

Client will not get IP and it cannot be participated in network. If client already got the IP and having lease duration it use the IP till the lease duration expires.

68 20. What is subnetting and supernetting

Subnetting is the process of borrowing bits from the host portion of an address to provide bits for identifying additional sub-networks. Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one larger block of addresses. Borrowing network bits to combine several smaller networks into one larger network does supernetting.
21. what is the difference between Authorized DHCP and Non Authorized DHCP

To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000 must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server in the network it stop serving the clients.
22. what are the problems that are generally come across DHCP

Scope is full with IP addresses no IPs available for new machines If scope options are not configured properly eg default gateway Incorrect creation of scopes etc.
23. DHCP User Class and Vendor Class Options?

DHCP provides support for a host of new features. The user-specified and vendorspecified DHCP optionsfeatures that let administrators assign separate options to clients with similar configuration requirements. For example, if DHCP-aware clients in your human resources (HR) department require a different default gateway or DNS server than the rest of your clients, you can configure DHCP Class IDs to distribute these options to HR clients. The options that Class IDs provide override any scope or global default options that the DHCP server typically assigns.
24. DHCP relay agent where to place it?

DHCP Relay agent u need to place in Software Router.


25. DHCP database path folder

C:\WINDOWS\system32\dhcp
26. Can DHCP support statically defined addresses? Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation. 27. Can a DHCP server back up another DHCP server? You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server is down, one of those clients can lease an address from the other server. However, without communication between the two servers to share their information on current leases, when one server is down, any client with a lease from it will not be able to renew their lease with the other server. Such communication is the purpose of the "server to server protocol" (see next question). It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication.

69

28. Where is DHCP defined? In Internet RFCs. 29. Can DHCP support remote access? PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT's remote access support does this. A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP. SLIP has no standard way in which a server can hand a client an IP address, but many communications servers support non-standard ways of doing this that can be utilized by scripts, etc. Thus, like communications servers supporting PPP, such communications servers could also support the use of DHCP to acquire the IP addresses to give out. The DHCP protocol is capable of allocating an IP address to a device without an IEEE-style MAC address, such as a computer attached through SLIP or PPP, but to do so, it makes use of a feature which may or may not be supported by the DHCP server: the ability of the server to use something other than the MAC address to identify the client. Communications servers that acquire IP numbers for their clients via DHCP run into the same roadblock in that they have just one MAC address, but need to acquire more than one IP address. One way such a communications server can get around this problem is through the use of a set of unique pseudo-MAC addresses for the purposes of its communications with the DHCP server. Another way (used by Shiva) is to use a different "client ID type" for your hardware address. Client ID type 1 means you're using MAC addresses. However, client ID type 0 means an ASCII string. 30. What is DHCP Spoofing? Ascend Pipeline ISDN routers (which attach Ethernets to ISDN lines) incorporate a feature that Ascend calls "DHCP spoofing" which is essentially a tiny server implementation that hands an IP address to a connecting Windows 95 computer, with the intention of giving it an IP number during its connection process. 31. How can I control which clients get leases from my server? There is no ideal answer: you have to give something up or do some extra work. You can put all your clients on a subnet of your own along with your own DHCP server. You can use manual allocation. Perhaps you can find DHCP server software that allows you to list which MAC addresses the server will accept. DHCP servers that support roaming machines may be adapted to such use. You can use the user class option assuming your clients and server support it: it will require you to configure each of your clients with a user class name. You still depend upon the other clients to respect your wishes.

70

Windows Important Questions:1. Proxy server:In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it would 'cache' the first request to the remote server, so it could save the information for later, and make everything as fast as possible. A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy. A proxy server can be placed in the user's local computer or at specific key points between the user and the destination servers or the Internet. 2. The different types of Proxy Servers:There are many different types of Proxy Servers out there. Depending on the purpose you can get Proxy Servers to route any of these common protocols, and many more: FTP, HTTP, Gopher, IRC, MSN, AIM, ICQ, VOIP, SSL So out of the common types of Proxy Servers, you end up with the following: FTP Proxy Server: Relays and caches FTP Traffic. HTTP Proxy Server: A one way request to retrieve Web Pages. Socks Proxy Server: A newer protocol to allow relaying of far more different types of data, whether TCP or UDP. NAT Proxy Server: This one works a little different, it allows the redirection of all packets without a Program having to support a Proxy Server. SSL Proxy Server: An extension was created to the HTTP Proxy Server which allows relaying of TCP data similar to a Socks Proxy Server. This one done mainly to allow encryption of Web Page requests. Furthermore, a Proxy Server can be split into another two Categories: Anonymous: An Anonymous Proxy Server blocks the remote Computer from knowing the identity of the Computer using the Proxy Server to make requests.

71 Transparent: A Transparent Proxy Server tells the remote Computer the IP Address of your Computer. This provides no privacy. 3. What proxy can:While using GET/POST method (regular surfing the web): * disable access to certain sites, like www.porno.com or www.icq.com; * disable access to sites, containing banned keywords, like "porno" or even "proxy"; * cut off certain parts on pages (banners); * disable receiving of files with predefined extensions (*.mp3, *.zip, *.exe, *.rar etc.) and/or predefined sizes (both in Kbs and/or in pixels, for example - 468x60); * log web surfing activity and send report to system administrator with all web pages visited; * disable use of any protocols (for example, disable access to "https://..." and/or "ftp://..." sites); * disable access from any computers to this proxy. In other words it is quite possible that of two near by computers one may work with proxy and another may not; While using CONNECT method (visiting "https://..." sites, building proxy chains, port mapping through proxy etc.) or using SOCKS proxy: * completely disable CONNECT method (or turn off SOCKS proxy). Then ICQ will not work and there will be no access to "https://..." sites; * disable connection through proxy to certain servers, for example, login.icq.com; * disable connection through proxy to certain ports, for example, port 25 (SMTP), port 6667 (IRC), port 5190 (ICQ); * disable connection through proxy to all ports except specified, for example, port 443. In this case proxy names "HTTPS proxy"; 4. What proxy cannot:* use heuristic analyzer, i.e. make semantic analysis of page contents and disable all sites with certain materials, despite the keywords; * filter information, for example, block some pages using keywords while using CONNECT method (or in SOCKS proxy); * let pass back connections from internet (SOCKS 5 can do it but this is also non-trivial task); Resume: proxy server is a computer program, so as any program it has its own merits and demerits. If administrator tuned a proxy and forgot about it then proxy server always can be bypassed. Otherwise, your attempts to bypass proxy server are always a battle with sys admin and all your solutions are temporary - until administrator find and close just another "hole". 5. What is Backup and types of backup? Backup: Backup allows to make a secure copy of any object on different location. Backup extension file name is .bkf.

72 Normal: A normal backup copies all the files which we select and marks each file as having been backed up (in other words, the archive attribute is cleared). If we take the backup again it will consider from normal backup. Incremental: An incremental backup backs up only those files that have been created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets to restore your data. Differential: A differential backup copies files that have been created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup. Copy: A copy backup copies all the files you select, but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations. Daily: A daily backup copies all the files that you select that have been modified on the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared). System State backup: In Backup, a collection of system specific data maintained by the OS that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration Database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (If the server is a certificate server). If the server is Domain Controller, the System State data also includes the AD database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if IIS is installed.

ASR Backup: ASR is a recovery option that has two parts: ASR backup and ASR restore. You can access the backup portion through the Automated System Recovery Preparation Wizard located in Backup. The Automated System Recovery Preparation Wizard backs up the System State data, system services, and all disks associated with the operating system components. It also creates a floppy disk, which contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to accomplish a restore. 6. Working of ping, telnet, and gopher? ping is a computer network tool used to test whether a particular host is reachable across an IP network. It works by sending ICMP echo request packets to the target host and listening for ICMP echo response replies. ping estimates the round-trip

73 time, generally in milliseconds, and records any packet loss, and prints a statistical summary when finished. TELNET (TELecommunication NETwork) is a network protocol used on the Internet or local area network (LAN) connections. It was developed in 1969 beginning with RFC 15 and standardized as IETF STD 8, one of the first Internet standards. The term telnet also refers to software which implements the client part of the protocol. TELNET clients have been available on most Unix systems for many years and are available for virtually all platforms. Most network equipment and OSs with a TCP/IP stack support some kind of TELNET service server for their remote configuration (including ones based on Windows NT). Because of security issues with TELNET, its use has waned as it is replaced by the use of SSH for remote access. "To telnet" is also used as a verb meaning to establish or use a TELNET or other interactive TCP connection, as in, "To change your password, telnet to the server and run the passwd command". Most often, a user will be telneting to a Unix-like server system or a simple network device such as a switch. For example, a user might "telnet in from home to check his mail at school". In doing so, he would be using a telnet client to connect from his computer to one of his servers. Once the connection is established, he would then log in with his account information and execute operating system commands remotely on that computer, such as ls or cd. On many systems, the client may also be used to make interactive raw-TCP sessions, even when that option is not available, telnet sessions are equivalent to raw TCP as long as byte 255 never appears in the data. packet internet gopher (PING) Definition Method used in determining the response time of an internet connection. PING software sends a request to an website, and times the receipt of reply (echo) called pong. A part of the Internet Protocol, PING is not directly accessible to the user. packet internet gopher (PING) is in the Data Management, Communications, & Networks and Internet & World Wide Web subjects. 7. What is RAID? Types of RAID? Lets start with the basics. RAID Redundant Array of Independent Discs. In the old days it also used to mean Redundant Array of Inexpensive Discs. A RAID system is a collection of hard drives joined together using a RAID level definition ( see level below). There are many uses for RAID. First it can be used to stripe drives together to give more overall access speed (level 0). Second it can be used mirror drives (level 1). Third it can be used to increase uptime of your overall storage by striping drives together and then keeping parity data, if a drive should fail the system keeps operating (level 5). Most people use RAID level 5 for the uptime purposes and its ability to join together 16 drives, giving a large storage block. Read about RAID levels below and see which one suits you best. RAID Levels Configure and price a RAID system

74 RAID 0 This is the simplest level of RAID, and it just involves striping. Data redundancy is not even present in this level, so it is not recommended for applications where data is critical. This level offers the highest level of performance out of any single RAID level. It also offers the lowest cost since no extra storage is involved. At least 2 hard drives are required, preferably identical, and the maximum depends on the RAID controller. None of the space is wasted as long as the hard drives used are identical. This level has become popular with the mainstream market for it's relatively low cost and high performance gain. This level is good for most people that don't need any data redundancy. There are many SCSI and IDE/ATA implementations available. Finally, it's important to note that if any of the hard drives in the array fails, you lose everything. Configure and price a RAID system RAID 1 This level is usually implemented as mirroring. Two identical copies of data are stored on two drives. When one drive fails, the other drive still has the data to keep the system going. Rebuilding a lost drive is very simple since you still have the second copy. This adds data redundancy to the system and provides some safety from failures. Some implementations add an extra RAID controller to increase the fault tolerance even more. It is ideal for applications that use critical data. Even though the performance benefits are not great, some might just be concerned with preserving their data. The relative simplicity and low cost of implementing this level has increased its popularity in mainstream RAID controllers. Most RAID controllers nowadays implement some form of RAID 1. Configure and price a RAID system RAID 2 This level uses bit level striping with Hamming code ECC. The technique used here is somewhat similar to striping with parity but not really. The data is split at the bit level and spread over a number of data and ECC disks. When data is written to the array, the Hamming codes are calculated and written to the ECC disks. When the data is read from the array, Hamming codes are used to check whether errors have occurred since the data was written to the array. Single bit errors can be detected and corrected immediately. This is the only level that really deviates from the RAID concepts talked about earlier. The complicated and expensive RAID controller hardware needed and the minimum number of hard drives required, is the reason this level is not used today. Configure and price a RAID system RAID 3 This level uses byte level striping with dedicated parity. In other words, data is striped across the array at the byte level with one dedicated parity drive holding the redundancy information. The idea behind this level is that striping the data increasing performance and using dedicated parity takes care of redundancy. 3 hard drives are required. 2 for striping, and 1 as the dedicated parity drive. Although the performance is good, the added parity does slow down writes. The parity information has to be written to the parity drive whenever a write occurs. This increased computation calls for a hardware controller, so software implementations are not practical. RAID 3 is good for applications that deal with large files since the stripe size is small. Configure and price a RAID system RAID 4 This level is very similar to RAID 3. The only difference is that it uses block level striping instead of byte level striping. The advantage in that is that you can change the stripe size to suit application needs. This level is often seen as a mix between RAID 3 and RAID 5, having the dedicated parity of RAID 3 and the block level striping of RAID 5.

75 Again, you'll probably need a hardware RAID controller for this level. Also, the dedicated parity drive continues to slow down performance in this level as well. Configure and price a RAID system RAID 5 RAID 5 uses block level striping and distributed parity. This level tries to remove the bottleneck of the dedicated parity drive. With the use of a distributed parity algorithm, this level writes the data and parity data across all the drives. Basically, the blocks of data are used to create the parity blocks which are then stored across the array. This removes the bottleneck of writing to just one parity drive. However, the parity information still has to be calculated and written whenever a write occurs, so the slowdown involved with that still applies. The fault tolerance is maintained by separating the parity information for a block from the actual data block. This way when one drive goes, all the data on that drive can be rebuilt from the data on the other drives. Recovery is more complicated than usual because of the distributed nature of the parity. Just as in RAID 4, the stripe size can be changed to suit the needs of the application. Also, using a hardware controller is probably the more practical solution. RAID 5 is one of the most popular RAID levels being used today. Many see it as the best combination of performance, redundancy, and storage efficiency. 8. What are the perquisite for installation of Exchange Server ? The pre requisite are IIS SMTP WWW service NNTP .NET Framework ASP.NET Then run Forest prep The run domain prep 9. Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command line to disable it. 10. Whats new in Terminal Services for Windows 2003 Server? Supports audio transmissions as well, although prepare for heavy network load. 11. How do you double-boot a Win 2003 server box? The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup. 12. what is the use of terminal services Terminal services can be used as Remote Administration mode to administer remotely as well as Application Server Mode to run the application in one server and users can login to that server to user that application. 13. How to take DNS and WINS,DHCP backup %System root%/system32/dns %System root%/system32/WINS %System root%/system32/DHCP

76 14. What is recovery console Recovery console is a utility used to recover the system when it is not booting properly or not at all booting. We can perform fallowing operations from recovery console. We can copy, rename, or replace operating system files and folders. Enable or disable service or device startup the next time that start computer Repair the file system boot sector or the Master Boot Record Create and format partitions on drives 15. what is RIS and what are its requirements RIS is a remote installation service, which is used to install operation system remotely. Client requirements PXE DHCP-based boot ROM version 1.00 or later NIC, or a network adapter that is supported by the RIS boot disk. Should meet minimum operating system requirements Software Requirements Below network services must be active on RIS server or any server in the network Domain Name System (DNS Service) Dynamic Host Configuration Protocol (DHCP) Active directory Directory service 16. How to deploy the patches and what are the softwares used for this process Using SUS (Software update services) server we can deploy patches to all clients in the network. We need to configure an option called Synchronize with Microsoft software update server option and schedule time to synchronize in server. We need to approve new update based on the requirement. Then approved update will be deployed to clients. We can configure clients by changing the registry manually or through Group policy by adding WSUS administrative template in group policy. 17. What is WINS? WINS (Windows Internet Naming Service) resolves Windows network computer names (also known as NetBIOS names) to Internet IP addresses, allowing Windows computers on a network to easily find and communicate with each other. 18. How WINS Works? By default, when a computer running Microsoft Windows 2000, Windows XP, or a Windows Server 2003 operating system is configured with WINS server addresses (either manually or through DHCP) for its name resolution, it uses hybrid node (h-node) as its node type for NetBIOS name registration unless another NetBIOS node type is configured. For NetBIOS name query and resolution, it also uses h-node behavior, but with a few differences.

77 For NetBIOS name resolution, a WINS client typically performs the following general sequence of steps to resolve a name: 1. Client checks to see if the name queried is its local NetBIOS computer name, which it owns. 2. Client checks its local NetBIOS name cache of remote names. Any name resolved for a remote client is placed in this cache where it remains for 10 minutes. 3. Client forwards the NetBIOS query to its configured primary WINS server. If the primary WINS server fails to answer the query--either because it is not available or because it does not have an entry for the name--the client will try to contact other configured WINS servers in the order they are listed and configured for its use. 4. Client broadcasts the NetBIOS query to the local subnet. 5. Client checks the Lmhosts file for a match to the query, if it is configured to use the Lmhosts file. 6. Client tries the Hosts file and then a DNS server, if it is configured for one 19. Network Configuration and Management Utilities Administrators use various utilities to configure and manage networks. Following are some commonly used utilities: IPCONFIG: IPCONFIG is a command-line utility used to display current TCP/IP network configuration values, and to update or release the Dynamic Host Configuration Protocol (DHCP) allocated leases. It is also used to display, register, or flush Domain Name System (DNS) names. NSLOOKUP: NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This utility is installed along with the TCP/IP protocol through the Control Panel. PING: PING is a command-line utility used to test connectivity with a host on a TCP/IPbased network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine if the network is working properly. TRACERT: TRACERT is a route-tracing Windows utility that displays the path an IP packet takes to reach its destination. It shows the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host. PATHPING: PATHPING is a command-line utility that pings each hop along the route for a set period of time and shows the delay and packet loss along with the tracing functionality of TRACERT, which helps determine a weak link in the path. NBTSTAT: NBTSTAT is a Windows utility used to check the state of current NetBIOS over TCP/IP connections, update the NetBIOS name cache, and determine the registered names and scope IDs.

78 NETSTAT: NETSTAT is a command-line utility that displays protocol related statistics and the state of current TCP/IP connections. It is used to obtain information about the open connections on a computer, incoming and outgoing data, and also the ports of remote computers to which the computer is connected. The NETSTAT command gets all this networking information by reading the kernel routing tables in the memory. TELNET: TELNET is a command-line connectivity utility that starts terminal emulation with a remote host running the Telnet Server service. TELNET allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The TELNET utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software, to access files. It uses TCP port 23 by default.

Windows 7 System Requirements If you want to run Windows 7 on your PC, here's what it takes: 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor. 1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit). 16 GB available hard disk space (32-bit) or 20 GB (64-bit). DirectX 9 graphics device with WDDM 1.0 or higher driver. Additional requirements to use certain features: Internet access (fees may apply). Depending on resolution, video playback may require additional memory and advanced graphics hardware. Some games and programs might require a graphics card compatible with DirectX 10 or higher for optimal performance. For some Windows Media Center functionality a TV tuner and additional hardware may be required. Windows Touch and Tablet PCs require specific hardware. HomeGroup requires a network and PCs running Windows 7. DVD/CD authoring requires a compatible optical drive. BitLocker requires Trusted Platform Module (TPM) 1.2. BitLocker To Go requires a USB flash drive. Windows XP Mode requires an additional 1 GB of RAM and an additional 15 GB of available hard disk space. Music and sound require audio output. Product functionality and graphics may vary based on your system configuration. Some features may require advanced or additional hardware.

79

PCs with multi-core processors: Windows 7 was designed to work with today's multi-core processors. All 32bit versions of Windows 7 can support up to 32 processor cores, while 64-bit versions can support up to 256 processor cores. PCs with multiple processors (CPUs): Commercial servers, workstations, and other high-end PCs may have more than one physical processor. Windows 7 Professional, Enterprise, and Ultimate allow for two physical processors, providing the best performance on these computers. Windows 7 Starter, Home Basic, and Home Premium will recognize only one physical processor.
See why Windows 7 is better
Makes everyday tasks simpler and easier Windows Windows Windows XP Vista 7

Multi-task more easily

Windows Taskbar oo

Communicate and share with free photo, email, and IM programs

Windows Live Essentials oo

Browse the web easily and more safely

Internet Explorer 8 oo

Find files and programs instantly

Windows Search oo

Open the programs and files you use most in just a click or two

Pin

oo oo

Jump Lists

80

Navigate lots of open windows more quickly

Snap Peek Shake

oo oo oo

Easily share files, photos, and music among multiple PCs at home

HomeGroup

oo

Print to a single printer from any PC in the house

HomeGroup

oo

Simplify managing printers, cameras, music players, and other devices

Device Management oo

Organize lots of files, documents, and photos effortlessly

Libraries

oo

Connect to any available wireless network in just three clicks

View Available Networks oo

Works the way you want it to

Windows Windows Windows XP Vista 7

Personalize your desktop with themes, photos, and gadgets

Performance Improvements oo

Connect to company networks securely

Domain Join

oo

Run lots of programs at once with better

64-bit Support

81

performance on 64-bit PCs

oo

Built-in protection against spyware and other malicious software

Windows Defender oo

Help keep your data private and secure

BitLocker

oo

Manage and monitor your childrens PC use

Parental Controls oo

Run many Windows XP productivity programs

Windows XP Mode oo

Designed for faster sleep and resume

Sleep and Resume oo

Improved power management for longer battery life

Power Management oo

Makes new and exciting things possible

Windows Windows Windows XP Vista 7

Watch and record TV on your PC

Windows Media Center oo

Create and share movies and slideshows in minutes

Windows Live Movie Maker oo

Get the most realistic game graphics and vivid multi-media

DirectX 11

oo

82

Stream music, photos, and videos around your house

Play To

oo

Connect to music and photos on your home PC while away from home

Remote Media Streaming oo

Touch and tap instead of point and click

Windows Touch oo

= Included in this version of Windows = Improved in Windows 7

Top 10 Differences between Windows XP and Windows 7 If you skipped over Windows Vista like so many others have, you may be in for a shock when you upgrade from Windows XP to Windows 7. Microsofts newest operating system is a major shift in usability, convenience, and overall computing from previous versions of Windows. Although not all are earth-shattering changes, listed below are the Top 10 differences between Windows XP and Windows 7. Many of these changes may seem like a big deal because youve gotten so used to how things work in XP. If you are considering upgrading from XP to Windows 7, be prepared for these changes. 1. No e-mail Client Outlook Express (OE) has been a trusted friend since Windows 95, so much so that many people have never used another e-mail client. OE was removed from Windows Vista but was replaced with Windows Mail. Strangely, Windows does not ship with any e-mail client at all. Users must either purchase an e-mail client such as Outlook, use a free service such as Windows Live Mail, or download an open source e-mail client such as Thunderbird. 2. 32-bit vs. 64-bit

83

Although Windows XP did have a 64-bit version (Windows XP x64), many people are unaware that it even existed. When upgrading from XP to Windows 7, you will have to decide whether you want the 32-bit version (x86) or the 64-bit version (x64). Which you choose largely depends on your computers hardware and the availability of drivers and other software to make everything work in your PC. 3. Aero Desktop The Aero Desktop is really nothing more than a collection of window and desktop behaviors that make Windows 7 the prettiest version of the operating system to date. Features such as Aero Snap let you quickly organize open windows and transparency makes it easy to see whats underneath other windows. With Windows XP think opaque, with Windows 7, think translucent.

4. Documents and Settings The Documents and Settings folder, the location for all protected personal files and folders, has been replaced with a simple Users folders. Not a big deal, but many tech support personnel have spent hundreds of hours answering the simple question of where the Documents and Settings folder went in Windows 5. Start Menu

84

The Start menu in Windows 7 has been completely reworked and has been met with several criticisms. No longer does the Start menu use fly-outs and scroll-outs to show you what shortcuts to programs and folders you have on your computer. Now you must use a more conservative folder system that forces you to use a scroll bar to access shortcuts that cant be displayed because youve reached the maximum number that can be shown at one time. Luckily, if you really like the Windows XP Start menu, there is a way to make the Windows 7 Start menu behave like XP.

6. Ribbon

85

Introduced in Office 2007, it is clear that Microsoft will continue to push the Ribbon interface over the more familiar drop-down menu and toolbar approach to using programs. If you want to get a taste of the Ribbon, start up Microsoft Paint or WordPad on a computer running Windows 7 and you can see for yourself whether the Ribbon is going to be useful or just another technology forced upon you.

7. Libraries Windows 7 Libraries are nothing more than collections of files that are similar. Similar content that is located in multiple areas of your computer are brought together into the Library system to make finding files easier. Of course, you can choose to use or not use Libraries depending on whether you find them useful. However, if you store a lot of media on your computer such as music or video and you want access to them without having to physically move them the same location or folder, Libraries may be for you. 8. DirectX 11 If you are a gamer, you know that you must keep up with advances in both hardware and software technology to get the most from your games. Windows XP will not support DirectX versions beyond 9.0c so if your games require a higher version such as 10 or 11, you have no choice but to move a more recent version of Windows. As more and more people make the switch to Windows 7, the game developers and publishers are likely to take full advantage of more recent DirectX versions. Stick with XP too long, and you may be shut out of the newest games. 9. HomeGroup

86

Whether you have a simple or complicated home network, you know that any help you can get to make administration easier is always welcomed. HomeGroup is a major shift in home networking simplicity that makes older paradigms seem archaic. Not much has changed in setting up a home network since Windows NT 4, an operating system from before Windows 95 that you may never have heard of. Marrying simplicity, easy setup, and stable connections, HomeGroup takes the guesswork and troubleshooting out of home networking on any scale. 10. Touch Support Although touch interfaces have been around for a better part of a decade, touch has not yet replaced the familiar keyboard/mouse combination of navigating personal computers. Still, Windows 7 is the first operating system from the software giant to natively support touch as a computer interface. If you think that you would like to be on the frontier of this emerging interface paradigm, Windows 7 is your only real choice if you want to run a Microsoft operating system. Conclusion Some people have become so comfortable working with Windows XP that they have avoided upgrading to Microsofts newest operating system. The Windows Vista fiasco didnt help matters, forcing some diehard fans of XP to downgrade to make their PCs functional again. If you are considering upgrading from Windows XP to Windows 7, be prepared for some new things, some missing things, and a few things in between. Still, the stability and usability of Windows 7 has been more or less established so you can rest assured that you are taking a step in the right direction by leaving XP behind.

Difference between win2k3 and win2k8 server


1: 2008 is a combination of vista and windows 2003 R2 Some new services are introduce in it

87

2: RODC new domain controller in it (Read Only Domain Controller), we cannot rename domain controller name in 2008. In 2003 we can rename domain controller name but you must be member of domain admin groups for rename domain controller. 3: Shadow copy for each and every folder to help prevent inadvertent loss of data in win 2008. In windows 2003 shadow copy is available only for shared folders. 4: Boot sequence is changed in 2008. 5: installation is 32 bit where as 2003 it is 16 as well as 32 bit, thats why installation of 2008 is faster. 6. Services are known as role in it in 2008. 7: Group policy editor is separate option in ADS (2008). 8: WDS (windows deployment services) instead of RIS in 2003 server. 9: The main difference between 2003 and 2008 is Virtualization, management. 2008 has more inbuilt components and updated third party drivers Microsoft introduces new feature with 2k8 that is Hyper-V Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. 10: In Windows Server 2008, Microsoft is introducing new features and technologies, some of which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to reduce the power consumption of server and client operating systems, minimize environmental byproducts, and increase server efficiency. 11: windows server 2003 Supports 32&64 bit version and 2008 supports only 64 bit. The offline domain join capability in Windows Server 2008.

Windows Server 2008 Hardware Requirements


Before investing time and resources into downloading and installing Windows Server 2008, the first step is to gain an appreciation of the hardware requirements necessary to effectively run the operating system. The following table provides an overview of Microsoft's recommended minimum hardware:
Category Minimum / Recommended Requirements

88

Processor

Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor) Recommended: 2GHz or faster Note: For Itanium based systems an Intel Itanium 2 processor is required. Minimum: 512MB RAM Recommended: 2GB RAM or greater Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter) Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-Based Systems) Minimum: 10GB Recommended: 40GB or greater Note: Systems with RAM in excess of 16GB will require greater amounts of disk space to accommodate paging, hibernation, and dump files DVD-ROM drive Super VGA or greater-resolution monitor (800x600) Keyboard Microsoft Mouse or compatible pointing device

Memory

Available Disk Space

Drive Display and Peripherals

Windows Server 2008 Editions and System Requirements

Standard Edition
Windows Server 2008 Standard is one of Microsoft's entry level server offerings (alongside Windows Web Server 2008) and is one of the least expensive of the various editions available. Both 32-bit and 64-bit versions are available, and in terms of hardware Standard Edition supports up to 4GB of RAM and 4 processors. Windows Server 2008 is primarily targeted and small and mid-sized businesses (SMBs) and is ideal for providing domain, web, DNS, remote access, print, file and application services. Support for clustering, however, is notably absent from this edition. An upgrade path to Windows Server 2008 Standard is available from Windows 2000 Server and Windows Server 2003 Standard Edition.

Windows Server 2008 Enterprise Edition


Windows Server 2008 Enterprise Edition provides greater functionality and scalability than the Standard Edition. As with Standard Edition both 32-bit and 64-bit versions are available. Enhancements include support for as many as 8 processors and up to 64GB of RAM on 32-bit systems and 2TB of RAM on 64-bit systems.

89

Additional features of the Enterprise edition include support for clusters of up to 8 nodes and Active Directory Federated Services (AD FS). Windows Server 2000, Windows 2000 Advanced Server, Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition may all be upgraded to Windows Server 2008 Enterprise Edition.

Windows Server 2008 Datacenter Edition


The Datacenter edition represents the top end of the Windows Server 2008 product range and is targeted at mission critical enterprises requiring stability and high uptime levels. Windows Server 2008 Datacenter edition is tied closely to the underlying hardware through the implementation of custom Hardware Abstraction Layers (HAL). As such, it is currently only possible to obtain Datacenter edition as part of a hardware purchase. As with other versions, the Datacenter edition is available in 32-bit and 64-bit versions and supports 64GB of RAM on 32-bit systems and up to 2TB of RAM on 64-bit systems. In addition, this edition supports a minimum of 8 processors up to a maximum of 64. Upgrade paths to Windows Server 2008 Datacenter Edition are available from the Datacenter editions of Windows 2000 and 2003.

Windows Web Server 2008


Windows Web Server 2008 is essentially a version of Windows Server 2008 designed primarily for the purpose of providing web services. It includes Internet Information Services (IIS) 7.0 along with associated services such as Simple Mail Transfer Protocol (SMTP) and Telnet. It is available in 32-bit and 64-bit versions and supports up to 4 processors. RAM is limited to 4GB and 32GB on 32-bit and 64-bit systems respectively. Windows Web Server 2008 lacks many of the features present in other editions such as clustering, BitLocker drive encryption, multipath I/O, Windows Internet Naming Service (WINS), Removable Storage Management and SAN Management.

Windows Server 2008 Features Matrix


Now that we have covered in general terms the various different editions of Windows Server 2008 we can now look in a little more detail at a feature by feature comparison of the four different editions. This is outlined in the following feature matrix:

90

Feature ADFS Web Agent Directory uIDM Desktop Experience Windows Clustering Windows Server Backup Windows Network Load Balancing (WNLB) Simple TCP/IP Services SMTP Subsystem for Unix-Based Applications (SUA) Telnet Client Telnet Server Microsoft Message Queuing (MSMQ) RPC Over HTTP Proxy Windows Internet Naming Service (WINS) Wireless Client Windows System Resource Manager (WSRM) Simple SAN Management LPR Port Monitor

Enterprise Datacenter Standard Web Itanium Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes No Yes Yes No Yes No Yes Yes No No No No Yes No No Yes No Yes No No No No Yes Yes No Yes Yes Yes No No No Yes Yes Yes Yes No Yes Yes Yes Yes Yes No No Yes No No Yes Yes No Yes Yes Yes Yes Yes No Yes Yes Yes Yes

The Windows Foundation Components for WinFX Yes BITS Server Extensions iSNS Server Service BitLocker Drive Encryption Multipath IO Removable Storage Management TFTP SNMP Server Admin Pack RDC Peer-to-Peer Name Resolution Protocol Recovery Disk Windows PowerShell Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

91

Potrebbero piacerti anche