Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. 2. 3. 4. 5. 6. 1. 2. 3. 4. 5. 6.
Multiple selections of user objects. Active Directory command-line tools. To add additional domain controllers using backup media Universal group membership caching. Secure LDAP traffic. Active Directory quotas
Domain controller rename tool Domain rename Forest trusts Forest restructuring GC replication improvements. Replication enhancements.
Updated features since Windows 2K3
1. Remote document sharing 2. Command-line support for disk management 3. GUID partition table, (64-bit versions only)
4. Shadow copies of shared folders
3. Difference between 2000 & 2003 4. Difference between PDC & BDC
Primary domain controller and Backup domain controller PDC: Maintains the domain security base and authenticate network logon
PDC maintains the master copy of the directory database and validates users.
BDC: Receives the domain security base and authenticate network logon.
BD contains a copy of the directory database and can validate users If the PDC fails then a BDC can be promoted to a PDC
What happens when PDC fails? PDC replicates the SAM database to the BDC s every five minutes. BDC can authenticate logon scripts, request for object access Benefits of BDCs: 1. A BDC can handle login requests, improving user response time. 2. If the PDC goes down BDC can be promoted to PDC and domain will be continue function 3. It is major pain in the neck to reinstall NT server on PDC If you have no BDC The NT Resource Kit utility called NETDOM.EXE, which can be used to not only join domains, but also create computer account and trust relationships PDC failed Sit on BDC and go to server mgr -- select BDC Go to comp menu Promote to BDC
1. Consists of set of specified naming rules to provide host name resolution is the process of computers user-friendly host name to the numerical IP address of that computer. 2. DNS hierarchical distributed database system and associated set of protocols. 3. Mechanism for querying and update database
WINS is NET BIOS name resolution to ip address DNS is resolves to host name to IP address How can I compress my WINS database? NT Server utility called JETPACK.EXE which can be used to compact DHCP and WINS databases. Start a command prompt (cmd.exe) cd d:\winnt\system32\wins net stop WINS jetpack WINS.MDB TMP.MDB net start WINS While you stop the WINS service, clients using WINS to resolve addresses will fail unless another mechanism of name resolution is in place. Jetpack actually compacts WINS.MDB into TMP.MDB, then deletes WINS.MDB and copies TMP.MDB to WINS.MDB.
The DHCP database backs itself up automatically every 60 minutes to the %SystemRoot %\System32\Dhcp\Backup\Jet directory. This interval can be changed:
1. It maintains master copy of zone file when changes need to be made to the zone they should be made only on the standard primary. 2. It is to be authoritative for the zone. 3. It should have forward and reverse lookup zone.
Active directory integrated 1. It is just like standard primary servers, it stores DNS entries in the AD data store rather than in a zone file.
2. AD supports multi master replication there can be more than one AD integrated DNS server for a zone. 3. Changes need to be on any AD integrated DNS server. 4. These benefits are fault tolerance, security, and integrated replication.
Standard secondary
1. Stores copies of zones that it obtains form the standard primary, AD integrated primary, another standard secondary DNS server. 2. Process of copying zone from primary zone to is call zone transfer. 3. It uses forward lookup zone most type of queries, reverse lookup zone might not be needed 4. It is backup service and load balancing.
1. It provides cached information to the client computer without contacting other DNS servers to resolve the query. 2. Its doesnt store any zone whatsoever. 3. Advantages are reduce the n/w traffic and no replication between primary and secondary and cache only servers
Forwarder
To perform host name resolution for other DNS server on a company internal n/w when the host name to be resolved reside in an external DNS domain. Two advantage of this Internal traffic is reduced. Internal zone information is protected form hackers on the internet.
Root server
The purpose of the root server to enable other DNS server on a n/w to access second level domains on the Internet or to access other second level domains on the internal n/w. Win 2k DNS server service supports the dynamic update protocols, means that client computers and update their host names and IP address with DNS server without administrator intervention. In win nt 4.0 administrator manually enter host names and their associated IP address for each computer on the network. Aging and scavenging It is win 2k feature and provides mechanism for performing cleanup and removal of stale resource records which can accumulate zone data. Zone is a storage database for either DNS domain or for a DNS domain and one or more of its sub domain. It is clear text file. It is not created by default, it is configure by administrator when DNS service installed.
5 Transitive trust - A trust which can extend beyond two domains to other trusted domains in the tree. Intransitive trust - A one way trust that does not extend beyond two domains. Explicit trust - A trust that an administrator creates. It is not transitive and is one way only. Cross-link trust - An explicit trust between domains in different trees or in the same tree when a descendent/ancestor (child/parent) relationship does not exist between the two domains. Trusting domain - The domain that allows access to users on another domain. Trusted domain - The domain that is trusted, whose users have access to the trusting domain.
10. What is the process of DHCP for getting the IP address to the client
New client follows four steps to obtain a new lease from the DHCP server: 1. The client must request an IP address from a DHCP server. 2. A DHCP server offers an IP address to the client. 3. The client selects the desired IP address and notifies the appropriate DHCP server. 4. The appropriate DHCP server responds to the client confirming the lease. These four steps are referred to as request, offer, selection, and acknowledgement. IP Request DHCP client starts broadcasts to obtain an IP address. This broadcast is a DHCPDISCOVER message for a DHCP server. The message contains the Media Access Control (MAC) address and the Net BIOS name of the client. The broadcast packet has the source address 0.0.0.0 and the destination address 255.255.255.255. If the client does not receive a response from a DHCP server, it immediately retries four times. The interval of the retries is 2, 4, 8, and 16 seconds. If after the four attempts the server still does not respond, the client continues to broadcast at intervals of five minutes. IP Offer When the DHCP server receive the request for an IP address, they return an offer message, DHCPOFFER packet contains the following information: 1. DHCP MAC address 2. DHCP IP address 3. Offered IP address 4. Sub net mask of offered IP address 5. Lease time 6. Client MAC address
6 IP Selection Select the desired IP address and notifies the appropriate DHCP server IP Acknowledgement Acknowledgement contains original IP information as well as additional DHCP option. DHCP server reserves the IP address for the client lease is valid until it expires. Windows Server 2003DHCP new features: 1. 2. 3. 4. 5. 6. 7. 8. 9. DHCP client alternate configuration DHCP database backup and restore Automatic assignment of IP addresses Enhanced performance monitoring and server reporting capabilities Expanded scope support for multicast scopes and super scopes Support for user-specified and vendor-specified option classes Integration of DHCP with DNS Detection of unauthorized DHCP servers through the use of AD integration Dynamic support for BOOTP clients.
11.
FAT 1 2 3 4 5 NTFS
1 NTFS is nothing but new technology file system 2 It support file compression, files and folder lever security 3 Naming convention and speed access file 4 It has ACL for user and group SID 6 It is binary tree to locate files 7 No need run ckh.disk 8 Where in NTFS 5.0 supports in win 2000 9 Supports DFS,EFS, disk quotas Convert c:\ data /fs : ntfs /v
12.
PORT FTP TFTP HTTP HTTPS SQL
What are the port numbers for FTP, Telnet, HTTP,DNS FTP 21 HTTP 80 DNS 53
NUM 21 69 80 443 156 PORT TELNET POP3 IMAP 4 NNTP SMTP NUM 23 110 143 119 25 DHCP RIS PORT RDP LDAP DNS 67 180 NUM 389 3389 53
7 SSL UDP KERBROS 443 138 88 SNMP BOOTP DFS 161 68 445 CLUSTER 3343 Global Catalog3268 SQL 156
13.
3 types of profiles Local profile This profile to be stored on to that computer automatically It will retain desktop settings for each user from session to session in local profile Roaming profile These profiles are on server rather than local computer It will retain desktop settings for each user from session to session in local profile and roaming profile Mandatory user profile User cannot change this profile It can be changed during single logon session but change not saved to the mandatory user profile when user logs of It will not retain desktop settings for each user from session to session in mandatory profile
14.
What is sub netting and super netting What is the use of terminal services What is the protocol used for terminal services
8
RDP protocol
20.
Medium Level 1. What is the difference between Authorized DHCP and Non Authorized DHCP 2. Difference between intersite and intrasite replication
Intra site replication 1. With in a single site consists of one or more TCP/IP subnets that are specified by an administrator are connected by high-speed reliable link. 2. Win 2k by default automatically performs the intra site replication 3. And user RPC over IP protocol 4. It is uncompress format and fast replication. 5. KCC builds the replication topology.
Inter site replication
1. It is not automatically performed replication. 2. It takes place between DC in deferent sites that are typically separated by WAN links. 3. And administrator schedules it. 4. It is normally slower than intra site replication 5. Replication is sent in a compress format to save n/w bandwidth. 6. Two protocols are used RPC over IP and SMTP 7. And this replication topology is controlled b setting for the cost of each link.
AD replications 3 types
3 ) Replication partition
Replication Replication is the process of coping information updates from the Active directory data store on one domain controller to other domain controller. The purpose of the replication to synchronize Active directory data among the domain controller in the domain and forest.
1. Replication of Active directory is usually partial means only changes, not a complete copy of Active directory data store are copied. 2. Win 2k automatically performs the replication in Win 2K domain or forest that are with in a single site. 3. Multi master replication changes can be made on any domain, no onedomain controller controls change made to AD or AD replication. 4. AD said to be multi master replication, NT 4.0 is single master replication
9 5. AD uses update sequence numbers (USN) along with time stamps. 6. By default replication to be performed every 30-secs after the time data is never pushed from one DC to another, It is always pulled.
1. Consists of identical sized areas of formatting disk space located on two or more dynamic disks. 2. And treated as a single volume 3. Data is stored a block at a time evenly and sequentially among all of the disks. 4. No provide fault tolerance. 5. It provides faster disk access than any other types of volumes because single file will be stored across multiple disks. 6. It can be format with FAT 16/32 or NTFS. RAID 5 Volumes 1. Consists of identical sized areas of formatting disk space located on three or more dynamic disks. 2. And treated as a single volume. 3. Data is stored a block at a time evenly and sequentially among all of the disks and addition data parity information also written across all of the disks. 4. It provides fault tolerance. 5. Write performance is little slower because of the processor time required to generate the parity information. 6. It can be format with FAT 16/32 or NTFS. 7. It doesnt support in Win 2k professional AND capacity of disk space is calculated x-1/x Mirrored volume (RAID 1) 1. Consists of exactly duplicated in its entirety on to second dynamic disk by using single drive letter.
10 2. It provides high-level fault tolerance. 3. There is no speed loss and speed gain and can be formatted with FAT 16/32 or NTFS.
11
10. 11.
12. What are the problems that are generally come across DHCP
Unable to lease address from DHCP server Unable to renew lease address
12
Troubleshoot Verify the DHCP service started DHCP service has been authorized in AD Verifies the DHCP scope exists on the DHCP server Verifies the DHCP scope is active If scope con not be used to assign IP address until is activated Physical connection to the n/w means n/w card, cable, and hub
What is the role responsible for time synchronization What is TTL & how to set TTL time in DNS How to take DNS and WINS Backup
1. 2. 3. 4.
DCHP.MDB - The main database DHCP.TMP - Temporary DHCP storage. JET*.LOG - Transaction logs used to recover data. SYSTEM.MDB - USed to track the structure of the DHCP database.
Netsh for DHCP offer a command-line tool administration of DHCP servers At the netsh> type dhcp. At the dhcp> command prompt, type: server \\ServerName
16. 17.
DFS System administrators can make it easy for users to access and manage files that are physically distributed across a network. You can make files distributed across multiple servers appear to users as if they reside in one place on the network. Users no longer need to know and specify the actual physical location of files in order to access them.
Distributed File System features:
13 DFS Components DFS root - Shared directory contain other Shared directories, Files, DFS links, and other DFS roots. One root is allowed per server.
o
DFS link - A link from a DFS root to one or more shared files, another DFS root, or a domain-based volume There can be up to 1000 DFS links for a DFS root.
DFS path : The combination of a Dfs root and a Dfs link. An example of a Dfs path is \\server\dfs\a\b\c\link, where \\server\dfs is the Dfs root, and \a\b\c\ is the Dfs link. DFS replication : The process of copying data from a data store or file system to multiple computers to synchronize the data.
18.
19.
20. What is the difference between Domain DFS and Standalone DFS
o
Stand alone DFS root - Not published in Active Directory, cannot be replicated, and can be on any Windows 2000 Server. This provides no fault tolerance with the DFS topology stored on one computer. A DFS can be accessed using the following syntax: \\Server\DFSname
Domain DFS root - It is published in Active Directory, can be replicated, and can be on any Windows 2000 Server. Files and directories must be manually replicated to other servers or Windows 2000 must be configured to replicate files and directories. Configure the domain DFS root, then the replicas when configuring automatic replication. Domain DFS root directories can be accessed using the following syntax:
14 \\domain\DFSname
High Level 1. Can we establish trust relationship between two forests 2. What is FSMO Roles
FSMO roles : AD supports multi master replication of the data store between all DC in the domain. Only one DC called Operation master. Operation master roles can be moved to other DC or Forest, these roles are FSMO PDC, RID, Infrastructure masters are Domain wide operation masters. Domain naming master, Schema master are Forest wide operation masters.
15
8. What is tombstone period Tomb stone objects have quotas. When security principle deletes objects windows creates tombstone object for a designated period of time by default 60 days before purging the tombstone from the system. These tombstone objects count towards the security principle quota
A. Because of the complex replication available in Windows 2000 and the Active Directory just deleting an object would result in it potentially being recreated at the next replication interval and so deleted objects are 'Tombstone' instead. This basically marks them as deleted and applies to all objects. Objects marked as tombstoned are actually deleted 60 days after their original tombstone status setting, however this time can be changed by modifying tombstonelifetime
16
9. What is white space and Garbage collection During ordinary operation the white space in the AD database file becomes fragmented. Each time GB collection runs every 12 hours by default, white space automatically defragmenter online to optimize with in the database file. If the size of the database backup is increased due to the white space , use off line defragmentation to reduce the size of the Ntds.dit file.
Active Directory performs garbage collection. Deleted AD objects are tagged with a tombstone rather than being immediately removed. The Tombstone lifetime attribute by default of 60 days defines how long the tombstone object will remain in the database until it is deleted.
Garbage collection process uses online defragmentation and this process cannot reduce the size of the database file. Must take the DC offline and use the ntdsutil command-line utility to perform an offline defragmentation and return the space to the file system. Use ADSIEdit to change the garbage collection period.
10. What are the monitoring tools used for Server and Network Heath. How to define alert mechanism 11. How to deploy the patches and what are the software used for this process
Patches can be deployed using MBSA ( Microsoft base line security analyzer) or SUS
Software Update Services - SUS
1. SUS (Software Update Services) for your Windows 2003 Domain. The SUS program is free from Microsoft 2. You can update service and copies down all the patches, security updates and hotfixes. If you have the time you can test then 'Approve' the patches for your XP clients. When time is short you can omit the approval stage or just give the patches a quick look. What SUS does is removes the need for clients to individually connect to Microsoft's site every time there is a new hotfix. Thus saving network traffic and reducing user error. As a bonus you can create a Group Policy to control who gets what and when. For example, apply patches to XP computers in Accounts OU at 02:00hrs.
17
3 Elements of SUS
1. SUS itself, the service which runs on the Windows 2003 (Member) server 2. AU which runs on the clients. 3. Group policy which regulates which clients get which patches. What SUS does is work with Intellimirror and Group Policy to support XP clients.
Installing SUS
Server Side 1) Download the SUS product as a .msi from Microsoft (No worries it's free) 2) Make sure that your server is running at least IIS v 5.0 3) Run the installation Wizard 4) On the server, you need at least 500MB disk space per locale. How to Install AU clients Apply SP1 on XP or SP3 on Windows 2000 Pro - that's all you need to do on the client side. The rest of the install is handled by Group Policy.
WSUS
WSUS (Windows Update Service) will enable you to update Office, SQL Server, and other Microsoft products. SUS on the other hand neither supports Windows 9x nor does it support Microsoft Office. Watch out for WUS, currently in beta testing. To download SUS from Microsoft's site, install, test and then approve the updates and to control SUS via Group Policy.
12.
Cluster : Group of computers that from client and application point of view appear as a single domain. It is implemented on 2-32 win 2k server computers Tow impartant futures: High availability If a computer is the cluster that is running a critical application fails another computer in the cluster will automatically starts the application and user will be seamlessly directed to the computer takes over running the application. Load balancing Spreading utilization across multiple computers, if a web server experience more utilization that single computer users will be seamlessly directed to the computer with lowest utilization.
13.
1. 2. 3. 4. 5.
18
14. 15.
Start of authority (SOA) resource record indicates the name of origin for the zone and contains the name of the server that is the primary source for information about the zone. It also indicates other basic properties of the zone. Name server (NS) resource record is used DNS servers are designated as authoritative for the zone. By listing a server in the NS RR, it becomes known to others as an authoritative server for the zone. This means that any server specified in the NS RR is to be considered an authoritative source by others, and is able to answer with certainty any queries made for names included in the zone. By default, the DNS server will only allow a zone transfer to authoritative DNS servers listed in the name server (NS) resource records for the zone Conditional forwarder Configures the DNS server to forward a query it receives to a DNS server depending on the DNS name contained in the query.
16.
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative (DNS) servers for that zone. A stub zone is used to keep a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone and thereby maintain DNS name resolution efficiency.
Stub zone Keeps the DNS server hosting a parent zone aware of all the DNS servers authoritative for a child zone
A stub zone consists of:
1. The start of authority (SOA) resource record, name server (NS) resource records, and the glue
A resource records for the delegated zone. 2. The IP address of one or more master servers that can be used to update the stub zone. Use stub zones to: 1. Keep delegated zone information current 2. Improve name resolution 3. Simplify DNS administration.
17.
19 Conflagration partition Contains information about structure of AD for the entire forest including structure of domain, trees, forest, sites, trustee relation ships with in the forest. And it is replicated to all domain controllers in the forest. Domain partition Contains replicated only to the domain controller with this domain. Application partition Data will be part of AD data store only
18. 19.
What are the two services required for replication Can we use a linux DNS Sever in 2000 Domain
20. What is the difference between IIS Version 5 and IIS Version 6
A. IPv6 is the next verions of the Internet Protocol, version 6.0 hence IPv6. Below are the 4 main reasons that IP version 4.0 needs an upgrade:
o o o o
Address space limitation - Basically there are not many IP addresses left and with everything from watches having IP addresses we need more Performance - IP has a very strict header format which can waste a great deal of bandwidth Security - The next version of IP has excellent security measures which up to now have had to be handled by higher layers Autoconfigure - IP configuration is quite complex and which DHCP moves to improve this the next version allows a computer to just plug into the network and go
Current IP addresses consist of 32 bits, represented as 4 bytes, dotted-quad format, e.g. 200.200.200.202. IP version 6 uses 128 bits for addresses!
21.
Automated System Recovery (ASR) It is win 2003 server replacement for NT 4.0 s RDISK. All registry configuration settings can be saved and later restored ASR disk has to be updated manually
20 You can create ASR sets on a regular basis as part of system recovery in case of system failure. Use ASR as a last resort in system recovery, options such as the startup options Safe Mode and Last Known Good Configuration. ASR is a recovery option that has two parts: ASR backup and ASR restore. You can access the backup portion through the Automated System Recovery Preparation Wizard located in Backup. The Automated System Recovery Preparation Wizard backs up the System State System State You can access the restore part of ASR by pressing F2 when prompted Using All information on this computer in the simple wizard also creates an ASR floppy disk and an ASR set. ASR supports FAT16 volumes up to 2.1 GB only. ASR does not support 4 GB FAT16 partitions that use a cluster size of 64K. If your system contains 4-GB FAT16 partitions, convert them from FAT16 to NTFS before using ASR.
How can I change the Recovery Console administrator password on a domain controller
A. When you use the Recovery Console (RC), the system uses the account passwords in the local SAM file. But if a system is a domain controller (DC), it doesn't use the local SAM file, so changing the Administrator password changes the Active Directory (AD) account and not the local SAM password. To modify the SAM password, perform the following steps: 4. Shut down the DC on which you want to change the password. 5. Restart the computer. When the system displays the selection menu during the restart process, press F8 to view advanced startup options. 6. Select Directory Service Restore Mode. 7. After you successfully log on, to change the local Administrator password, at a command prompt, type the following command:
net user administrator *
8. Restart the computer. If you don't know the password, you can demote the DC to a regular server, change the password, then promote the system to a DC. You can also copy the SAM in the %SystemRoot%\Repair folder to the %SystemRoot%\System32\Config folder. .
22. What are the different levels that we can apply Group Policy
Site level , domain level , OU level
23. What is Domain Policy, Domain controller policy, Local policy and Group policy
21
24.
25.