windows 2003 key question ans
TRANSCRIPT
-
7/27/2019 Windows 2003 Key Question ANS
1/44
What Is Active Directory?
Active directory is a directory Service that stores information about objects on a network and makes thisinformation available to users and network administrators.
Active Directory gives network users access to permitted resources anywhere on the network
using a single logon process.
It provides network administrators with hierarchical view of the network and a single point of
administration for all network objects
a. Active Directory is a technology created by Microsoft, Introduce with windows 2000
b. Active Directory is Multimaster replication. Which lets us update the directory at any
domain controllers
b. Active Driectory is a centralized hierarchical Directory Database. A directory service stores
information about network resources and make the resources accessible to users and computers.
c.It helps to centrally manage, organize and control access to resources. AD objects include users,
groups, computers, printers, etc. Servers, domains and sites are also consideredas AD objects
d.AD is a searchable Database.
e.Active Directory uses DNS for its namespace.
f. Active Directory uses LADP. Protocol for its client server commnuctaion.
Lightweight Directory Access ProtocolLDAP is the industry standard directory access protocol,making Active Directory widely accessible to management and query applications. Active Directory
supports LDAPv3 and LDAPv2
Lightweight Directory Access Protocol (LDAP) An access protocol that defines howusers canaccess or update directory service objects
Lightweight Directory Access Protocol
Active Directory is an LDAP version 3 directory (with version 2 compatibility), not an X.500 directoryLDAP provides a standard mechanism for naming
objects stored in a directory for
Location in a hierarchyAddition
Removal
Modification
http://en.wikipedia.org/wiki/Technologyhttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocolhttp://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocolhttp://en.wikipedia.org/wiki/Technologyhttp://en.wikipedia.org/wiki/Microsofthttp://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol -
7/27/2019 Windows 2003 Key Question ANS
2/44
Major requirements for Active Directory
Windows Server 2003 Standard or Enterprise editions
NTFS file system
DNS Server
Active Directory partition
A contiguous subtree of the directory that forms a unit of replication. A given replica is always a replica
of some directory partition. The directory always has at least three directory partitions:
The schema, which defines the object classes and attributes contained in Active directory.
The configuration, which identifies the domain controllers, replication topology and other
related information about the domain controllers within a specific implementation of
Active directory.
One or more domains that contain the actual Active directory. object data.
A domain controller always stores the partitions for the schema, configuration, and its own (and no other)
domain. The schema and configuration are replicated to every domain controller in the domain tree or
forest. The domain is replicated only to domain controllers for that domain. A subset of the attributes forall domain objects is replicated to the global catalog.
.
.Note: In a lay man language Active Directory is some thing like Yellow Pages
Domain Controller (D.C.)
A server where A.D. is installed is called D.C.
Features of A.D.:
1. Fully integrated security system with the help of Kerberos.2. Easy administration using group policy.
3. Scalable to any size n/w
4. Flexible (install/uninstall)5. Extensible (modify the schema)
New features in 2003
6. Rename computer name & Domain names.
-
7/27/2019 Windows 2003 Key Question ANS
3/44
7. Cross forest trust relationship.
8. Site-to-Site replication is faster.
What is a DomainA group of computers under common security and administrative boundary
What is a Domain Controller
A Domain controller is system using which we can control access to the resoucres and implement
security on users and computers in the domain
What is DNS, WINS and DHCP
Soln : DNS : Domain Name Service is a name resolution service that translates a
domain name to an IP address and vice versa.
WINS : Its used to resolve netbios names to IP Addresses.
DHCP : Dynamic Host Control Protocol is a protocol for automatically assigningIP addresses to hosts joining a network.
ARP :Address Resolution Protocol is a protocol that maps IP addresses to network cardMAC addresses
Protocol :A formal specification of a means of computer communication
VPN :A Virtual Private Network, a network connected together via securely encrypted
communication tunnels over a public network, such as the global Internet.
How does a PDC act when in Mixed mode and Native mode.
DOMAIN FUNCTIONAL LEVEL
WINDOWS 2000 MIXED FUNCTIONAL LEVEL
Domain controllers THAT WILL BE RUNNING IN THIS MODE AREWindows NT Server 4.0
Windows 2000 ServerWindows Server 2003 So the PDC emulator will have below responsebiltiesSince windows NT server is already there in domain it will be responsible forauthentication and time synchornization FOR WINDOWS 98,NTWORKSTATIONS
Soln : In Mixed mode the PDC acts
1. Account Lockouts
http://windows2003-tips-tricks.blogspot.com/2010/03/what-is-domain.htmlhttp://windows2003-tips-tricks.blogspot.com/2010/03/what-is-domain.html -
7/27/2019 Windows 2003 Key Question ANS
4/44
2. Password changes
In Native Mode:
1. Its used for Authentication.2. Account Lockouts
3. Password changes
4. Time Synchronization
Forest Functional LevelsThe letter THREE contains TRE and Forest contains also TRE
1. Windows 2000 (default) Windows NT 4, Windows 2000, Windows Server 2003 family2. Windows Server 2003 Interim ---- Windows NT 4, Windows Server 2003 family3. Windows Server 2003 Family ----- Windows Server 2003 family
Domain Functional Levels1. Windows 2000 Mixed Mode --- Windows NT 4, Windows 2000 orWindows Server 2003 DCs2. Windows 2000 Native Mode --- Windows 2000,Windows Server 2003 DCs3. Windows Server 2003 InterimNo 2000 DCs--- Windows NT 4, Windows Server 2003 DCs
4. Windows Server 2003 LevelAll Windows Server 2003 DCs
What is Kereboros Authentication
Soln : Kerberos V5 is the primary security protocol for authentication withina
domain.The Kerberos V5 protocol verfies both the identity of theuser and network services. This dual verification is
known as mutual authentication
What is the difference between Domain Tree and Forest.
Soln :Domain TREE will have contiguous namespace. That parent doamin namespace willinhereted to child domain namespace
Forest : will havemultiple domain trees can have a noncontiguous namespaceA forest consists of multiple domain trees. The domain tress in a forest do not form a
contiguous namespace but share a common schema and GC
-
7/27/2019 Windows 2003 Key Question ANS
5/44
Features of Active Directory in windows 2003
Understanding the Structure of Active Directory
What are the boot files.
Soln : NTLDR, BOOT.INI, NTDETECT.COM, BOOTSECT.DOS
What are the prequisite for installation of Exchange Server ?
The pre requsite are
IIS
SMTPWWW service
NNTP
.NET FrameworkASP.NET
Then run Forestprep
The run domainprep
What are the content of System State backup ?
The cotents are
Boot fles,system filesActive directory (if its done on DC)
Sysvol folder(if it done on DC)Cerficate service ( on a CA server)
Cluster database ( on a clsture server)
registryPerformance couter configuration information
Component services class registration database
What are the roles must be on the same server?
Soln:Domain Naming Master and Global catalogue
What are the roles those must not be on the same Domain Controller?
Infrastructure Master and Global Catalogue
Note: If you have only one domain then you wont get any problem even if you have bothof them in the same server.
If you have two or more domains in a forest then they shouldnt be in the same server.
-
7/27/2019 Windows 2003 Key Question ANS
6/44
Flexible Single Master Operation Roles(D.R.I.P.S)
1. Domain Naming Master Forest Wide Roles
2. Schema Master Forest Wide Roles3. RID Master Domain Wide Roles
4. PDC Emulator Domain Wide Roles
5. Infrastructure Master Domain Wide Roles
RID MASTER: Allocates RIDs to other domain controllers and Used whensecurity principals or object are created{ RID makes the individual security principal security identifier (SID) uniquewithin a domainBuilt-in RIDs are consistent between domains, for example, Built-inAdministrator has a RID of 500 RID master gives other domain controllers RIDs to use whennew objects are created }
PDC EMULATOR: Provides backward compatibilityfor windows 2000 per versions in the domain
Acts as a central manager for user password changes, replication, andaccount lockoutsHandles time synchronization
Infrastructure Master:This domain controller records changes madeconcerningobjects in a domain. All changes are reported to the Infrastructure Masterfirst,and then they are replicated out to the other domain controllers. TheInfrastructureMaster deals with groups and group memberships for all domain objects. It isalso an Infrastructure Master's role to update other domains with changes
thathave been made to objects
Manages user and group references for objects between domainsUpdates ACLs and group memberships as requiredQueries the global catalog to ensure that references are currentRole should not be assigned to a global catalog server
-
7/27/2019 Windows 2003 Key Question ANS
7/44
Exception 1: There is only a single domain in the forestException 2: All domain controllers are also global catalog servers
Domain Naming Master: palys the role of adding or removing of domains.
{ Ensures domain names are unique in the forest.
Domains cannot be added or removed if the domain naming master is not available.Enterprise Admins level access is required in order to add and remove domains }
Schema Master: is responsible for any update or change in the active directory SCHEMA
In Windows 2000 there are mainly 3 zones
1.Standard Primary zone information writes in Txt file
2.Standard Secondary copy of Primary
3.Active Directory Integrated Information stores in Active Directory
in win2k3 one more zone is added that is Stub zone
STUB ZONE : Is like secondary but it contains only copy of SOA records, copy of NS
records, copy of A records for that zone. No copy of MX, SRV records etc.,With this Stub zone DNS traffic will be low
In Raid 5,Suppose i have 5 HDD of 10-10 GB, After configuring the Raid how
much space do i have for utilise.
A) -1 out of the total (eg- if u r using 5 u will get only 4 because 1 goes for
parity).
How to synchronize manually a client computer to a domain controller?
Windows 2000 (Win2K) and later computers in a domain should automatically
synchronize time with a domain controller. But some times you may get a situation tosynchronize manually.
To manually synchronize time, open a command-line window, and run
Net stop w32time
Run
w32time update
Run
Net start w32time
-
7/27/2019 Windows 2003 Key Question ANS
8/44
Manually verify the synchronization between the client computer and a domain
controller. Also check the System event log to ensure that the W32Time service has not
logged additional error messages.
What are the commands do we use for DNS?Nslookup (and all interactive mode commands)
Ipconfig /fulshdns
Ipconfig /registerdns
What is the difference between Primary zone and Secondary zone?
Primary zone has read and write permissions, where as Secondary zone has read only
permission.
Note: Secondary zone is used for Backup and Load balancing.
How to check whether DNS is working or not?
Type the command nslookup at command promptThen it gives the DNS server name and its IP address
What is Dynamic Updates in DNS?
Generally we need to create a host record for newly joined computer (either client or
Member server or Domain controller). If you enable dynamic Update option, then DNS it
self creates associated host record for newly joined computers
What is an iterative query?
This is the query which been queried by a client system to DNS server. If the DNS server as answer
for that query it will answer. Other wise it repaly with no resource records found
The query that has been sent to the DNS server from a Client is called iterative query
What is Recursive query?
Now your DNS server requests the root level DNS server for specific IP address. NowDNS server says that I dont know but I can give the address other person who can help
you in finding IP address
What is the structure and purpose of a directory service?
A directory service consists of a database that stores information about network
resources, such as computer and printers, and the services that make this information
available to users and applications.
-
7/27/2019 Windows 2003 Key Question ANS
9/44
What is a forest?
Collection of one or more domain trees that do not form a contiguous namespace. Forests
allow organizations to group divisions that operate independently but still need tocommunicate with one another.
All trees in a forest share common Schema, configuration partitions and Global Catalog.
All trees in a give forest trust each other with two way transitive trust relations.
Tool Description
GPResult.exe
Displays Group Policy settings and
Resultant Set of Policy (RSoP) for a
user or a computer
Uses new WMI-based RSoP provider
to show policy status
GPUpdate.exe
Refreshes local and Active DirectoryGroup Policy settings, including
security settings
Supersedes now obsolete /refreshpolicy
option for secedit command
HOSTNAME Displays the computer name of the localsystem.
IPCONFIG Displays the TCP/IP properties for networkadapters installed on the system. You can also use it torenew and release DHCP information.
NBTSTAT Displays statistics and current connectionsfor NetBIOS over TCP/IP.
NET Displays a family of useful networkingcommands.
NETSH Displays and manages the networkconfiguration of local and Remote computers.
-
7/27/2019 Windows 2003 Key Question ANS
10/44
NETSTAT Displays current TCP/IP connections andprotocol statistics.
NSLOOKUP Checks the status of a host or IP addresswhen used with DNS.
PATHPINGTraces network paths and displays packetloss information.
PINGTests the connection to a remote host.
ROUTE Manages the routing tables on the system.
TRACERT During testing, determines the networkpath taken to a remote host.
To learn how to use these command-line tools, type the
name at a command prompt followed by /?.Windows Server 2003 then provides an overview of
howthe command is used (in most cases).
Using NET Tools
You can more easily manage most of the tasksperformed with the NET commands by using graphicaladministrative tools and Control Panel utilities.However, some of the NET tools are very useful forperforming tasks quickly or for obtaining information,
-
7/27/2019 Windows 2003 Key Question ANS
11/44
especially during telnet sessions to remote systems.These commandsinclude
NET SEND Sends messages to users logged in to aparticular system NET START Starts a service on the system NET STOP Stops a service on the system NET TIME Displays the current system time orsynchronizes the system time with another computer NET USE Connects and disconnects from a sharedresource NET VIEW Displays a list of network resourcesavailable to the systemTo learn how to use any of the NET command-line tools,type NET HELP followedby the command name, such as NET HELP SEND.Windows Server 2003 then provides an overview ofhow the command is used.
42.What is the similarities if I have 4 to 5 Domain Tress.
Soln : common schema and may have common DNS root namespace
32. What is AD Replication
Soln : A Process of copying information updates from one Domain ControllerTo another.
29. Can a DHCP Server be integrated with DNS.
Soln : YES
30. Can we restore the system state data on different servers. Soln : No. But if we have the same Hardware it is possible
Recommended Not to do so.
-
7/27/2019 Windows 2003 Key Question ANS
12/44
26. What is sysvol, and explain the same
Soln : It contains Public Files of All DCs in a Domain
It user FRS for Replication
It contains Group Policy Information
It contains Netlogon share for Client logon requestIt contains the policy folder shared as netlogon.
23. How to change schema master and what is the basic requirement?
Soln: To change schema master one of the Primary FSMO role ,the user should be
the member of SCHEMA ADMINS group and run the below command to
register Schmmgmt.dll dynamic-link in order to make the Schema toolavailable as an MMC snap-in.
Then run MMC and add the snap in and right click properties and change it into the required
DC.
Active Directory and DNSName resolution
Resolve names of servers/clients to IP addresses andvice versa (possibly)
Namespace definition
An Active Directory domains name mustbe representedin DNSActive Directory requires DNSDNS does not require Active Directory
Locating the physical components of Active Directory
Client computers query DNS to locate domain controllers
running specific services, such as global catalog (GC),Kerberos, LDAP, and so on
LDAP
-
7/27/2019 Windows 2003 Key Question ANS
13/44
Lightweight Directory Access Protocol
Active Directory is an LDAP version 3 directory (with
version 2 compatibility), not an X.500 directory
LDAP provides a standard mechanism for namingobjects stored in a directory for
Location in a hierarchy
Addition
Removal
Modification
What is a SID?
Security IDentifier
Variable-length number that is used to identify security
Principals Used in ACLs to identify security principals that are
granted/denied access to objects in Active Directory and
file system resources
When a security principal is moved from one domain to
another in Windows Server 2003, the objects SID
changes
.When a security principal is moved within a domain, its
SID does not change
-
7/27/2019 Windows 2003 Key Question ANS
14/44
What is a RID?Relative IDentifier
When a security principal is created in a Windows Server 2003domain, the principals SID iscomprised of two concatenated values:
The SID of the domain in which the principal is beingcreated
A relative identifier that is unique within that domainWhen a security principal is moved to another domain, itreceives a new SID, which is comprised of the SID of thedestination domain and a RID that is unique within thethat domain
Moves within a domain do not change SIDs/RIDs
What is a GUID?
Globally Unique IDentifier128-bit number generated at the time an object is createdin the directory Never changes Travels with an object
When an object is moved, even between domains in aforest, its GUID does not changeUsed by domain controllers to identify objects inActive Directory for purposes of replication
Not used to identify security principals i
Schema
-
7/27/2019 Windows 2003 Key Question ANS
15/44
Schema is a formal definitiona set of rules. The schema governs the structure of the directory,including how various objects in the directory fit into the directorys hierarchical structure.The schema is what makes Active Directory extensible. As organizations change, it may benecessary to add or modify object attributes, or even to create new classes. The use of certainapplications, in particular, may require these kinds of modifications. Microsoft anticipates thatapplication vendors will provide the means to modify the schema when necessary to support theirapplications specific requirements.
Global CatalogGlobal catalog is a role, which maintains Indexes about objects. It contains full information of the objects
in its own domain and partial information of the objects in other domains.
Universal Group membership information will be stored in global catalog servers and replicate to all
GCs in the forest
.
FSMO Roles
The 5 FSMO server roles:
Schema Master Forest Level One per forest
Domain Naming Master Forest Level One per forestPDC Emulator Domain Level One per domain
RID Master Domain Level One per domain
Infrastructure Master Domain Level One per domain
1. Schema Master (Forest level)
The schema master FSMO role holder is the Domain Controller responsiblefor performing updates to the active directory schema. It contains the only
writable copy of the AD schema. This DC is the only one that can process
updates to the directory schema, and once the schema update is complete,it is replicated from the schema master to all other DCs in the forest. There
is only one schema master in the forest.
2. Domain Naming Master (Forest level)
http://www.svrops.com/svrops/documents/ -
7/27/2019 Windows 2003 Key Question ANS
16/44
The domain naming master FSMO role holder is the DC responsible formaking changes to the forest-wide domain name space of the directory.
This DC is the only one that can add or remove a domain from the
directory, and that is it's major purpose. It can also add or remove crossreferences to domains in external directories. There is only one domain
naming master in the active directory or forest.
3. PDC Emulator (Domain level)
In a Windows 2000 domain, the PDC emulator server role performs the
following functions:Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator first.
Authentication failures that occur at a given DC in a domain because of anincorrect password are forwarded to the PDC emulator for validation before
a bad password failure message is reported to the user.Account lockout is processed on the PDC emulator.
Time synchronization for the domain.Group Policy changes are preferentially written to the PDC emulator.
Additionally, if your domain is a mixed mode domain that contains WindowsNT 4 BDCs, then the Windows 2000 domain controller, that is the PDC
emulator, acts as a Windows NT 4 PDC to the BDCs.
There is only one PDC emulator per domain.
Note: Some consider the PDC emulator to only be relevant in a mixed
mode domain. This is not true. Even after you have changed your domainto native mode (no more NT 4 domain controllers), the PDC emulator is stillnecessary for the reasons above.
4. RID Master (Domain level)
The RID master FSMO role holder is the single DC responsible forprocessing RID Pool requests from all DCs within a given domain. It is also
responsible for removing an object from its domain and putting it inanother domain during an object move.
When a DC creates a security principal object such as a user, group or
computer account, it attaches a unique Security ID (SID) to the object.This SID consists of a domain SID (the same for all SIDs created in a
domain), and a relative ID (RID) that makes the object unique in a domain.
Each Windows 2000 DC in a domain is allocated a pool of RIDs that itassigns to the security principals it creates. When a DC's allocated RID pool
falls below a threshold, that DC issues a request for additional RIDs to the
-
7/27/2019 Windows 2003 Key Question ANS
17/44
domain's RID master. The domain RID master responds to the request by
retrieving RIDs from the domain's unallocated RID pool and assigns themto the pool of the requesting DC.
There is one RID master per domain in a directory.
5. Infrastructure Master (Domain level)
The DC that holds the Infrastructure Master FSMO role is responsible forcross domain updates and lookups. When an object in one domain is
referenced by another object in another domain, it represents the reference
by the GUID, the SID (for references to security principals), and thedistinguished name (DN) of the object being referenced. The Infrastructure
role holder is the DC responsible for updating an object's SID anddistinguished name in a cross-domain object reference.
When a user in DomainA is added to a group in DomainB, then theInfrastructure master is involved. Likewise, if that user in DomainA, who
has been added to a group in DomainB, then changes his username inDomainA, the Infrastructure master must update the group membership(s)
in DomainB with the name change.
There is only one Infrastructure master per domain.
What if a FSMO server fails?
Schema Master No updates to the Active Directory schema will bepossible. Since schema updates are rare (usually done by
certain applications and possibly an Administrator adding
an attribute to an object), then the malfunction of theserver holding the Schema Master role will not pose a
critical problem.
Domain Naming
Master
The Domain Naming Master must be available when
adding or removing a domain from the forest (i.e.running DCPROMO). If it is not, then the domain cannot
be added or removed. It is also needed when promotingor demoting a server to/from a Domain Controller. Like
the Schema Master, this functionality is only used on
occasion and is not critical unless you are modifying yourdomain or forest structure.
http://www.svrops.com/svrops/documents/ -
7/27/2019 Windows 2003 Key Question ANS
18/44
PDC Emulator The server holding the PDC emulator role will cause the
most problems if it is unavailable. This would be mostnoticeable in a mixed mode domain where you are still
running NT 4 BDCs and if you are using downlevel clients
(NT and Win9x). Since the PDC emulator acts as a NT 4PDC, then any actions that depend on the PDC would be
affected (User Manager for Domains, Server Manager,changing passwords, browsing and BDC replication).
In a native mode domain the failure of the PDC emulatorisn't as critical because other domain controllers can
assume most of the responsibilities of the PDC emulator.
RID Master The RID Master provides RIDs for security principles
(users, groups, computer accounts). The failure of this
FSMO server would have little impact unless you areadding a very large number of users or groups.
Each DC in the domain has a pool of RIDs already, and aproblem would occur only if the DC you adding the
users/groups on ran out of RIDs.
Infrastructure Master This FSMO server is only relevant in a multi-domain
environment. If you only have one domain, then theInfrastructure Master is irrelevant. Failure of this server
in a multi-domain environment would be a problem ifyou are trying to add objects from one domain to
another.
Placing FSMO Server Roles
So where are these FSMO server roles found? Is there a one to one relationshipbetween the server roles and the number of servers that house them?
The first domain controller that is installed in a Windows 2000 domain, by default,
holds all five of the FSMO server roles. Then, as more domain controllers are
added to the domain, the FSMO roles can be moved to other domain controllers.Moving a FSMO server role is a manual process, it does not happen automatically.
But what if you only have one domain controller in your domain? That is fine. Ifyou have only one domain controller in your organization then you have one forest,
one domain, and of course the one domain controller. All 5 FSMO server roles will
exist on that DC. There is no rule that says you have to have one server for eachFSMO server role.
http://www.svrops.com/svrops/documents/ -
7/27/2019 Windows 2003 Key Question ANS
19/44
However, it is always a good idea to have more than one domain controller in adomain for a number of reasons. Assuming you do have multiple domain
controllers in your domain, there are some best practices to follow for placingFSMO server roles.
The Schema Master and Domain Naming Master should reside on the same server,and that machine should be a Global Catalog server. Since all three are, bydefault, on the first domain controller installed in a forest, then you can leave them
as they are.
Note: According to MS, the Domain Naming master needs to be on a GlobalCatalog Server. If you are going to separate the Domain Naming master and
Schema master, just make sure they are both on Global Catalog servers.
The Infratructure Master should not be on the same server that acts as a GlobalCatalog server.
The reason for this is the Global Catalog contains information about every object in
the forest. When the Infrastructure Master, which is responsible for updating ActiveDirectory information about cross domain object changes, needs information about
objects not in it's domain, it contacts the Global Catalog server for this information.If they both reside on the same server, then the Infratructure Master will never
think there are changes to objects that reside in other domains because the Global
Catalog will keep it constantly updated. This would result in the InfrastructureMaster never replicating changes to other domain controllers in it's domain.
Note: In a single domain environment this is not an issue.
Microsoft also recommeds that the PDC Emulator and RID Master must be on the
same server. This is not mandatory like the Infrastructure Master and the GlobalCatalog server above, but is recommended. Also, since the PDC Emulator will
receive more traffic than any other FSMO role holder, it should be on a server thatcan handle the load.
It is also recommended that all FSMO role holders be direct replication partnersand they have high bandwidth connections to one another as well as a Global
Catalog server.
FSMO Tools
How do find out what servers in your domain/forest hold what server roles? Howdo you move a server role from one server to another? There are several tools
that can be used to find out this information.
Permissions
http://www.svrops.com/svrops/documents/ -
7/27/2019 Windows 2003 Key Question ANS
20/44
Before you can transfer a role, you must have the appropriate permissionsdepending on which role you plan to transfer:
Schema Master member of the Schema Admins group
Domain NamingMaster member of the Enterprise Admins group
PDC Emulatormember of the Domain Admins groupand/or the Enterprise Admins group
RID Mastermember of the Domain Admins groupand/or the Enterprise Admins group
Infrastructure Mastermember of the Domain Admins group
and/or the Enterprise Admins group
Active Directory Users and Computers - use this snap-in to find out where thedomain level FSMO roles are located (PDC Emulator, RID Master, Infrastructure
Master), and also to change the location of one or more of these 3 FSMO roles.
Open Active Directory Users and Computers, right click on the domain you want to
view the FSMO roles for and click "Operations Masters". A dialog box (below) willopen with three tabs, one for each FSMO role. Click each tab to see what server
that role resides on. To change the server roles, you must first connect to thedomain controller you want to move it to. Do this by right clicking "Active
Directory Users and Computers" at the top of the Active Directory Users and
Computers snap-in and choose "Connect to Domain Controller". Once connected tothe DC, go back into the Operations Masters dialog box, choose a role to move and
click the Change button.When you do connect to another DC, you will notice the name of that DC will be in
the field below the Change button (not in this graphic).
-
7/27/2019 Windows 2003 Key Question ANS
21/44
Active Directory Domains and Trusts - use this snap-in to find out where theDomain Naming Master FSMO role is and to change it's location.
The process is the same as it is when viewing and changing the Domain level FSMO
roles in Active Directory Users and Computers, except you use the Active DirectoryDomains and Trusts snap-in. Open Active Directory Domains and Trusts, right click
"Active Directory Domains and Trusts" at the top of the tree, and choose
"Operations Master". When you do, you will see the dialog box below. Changingthe server that houses the Domain Naming Master requires that you first connect
to the new domain controller, then click the Change button. You can connect to
another domain controller by right clicking "Active Directory Domains and Trusts"at the top of the Active Directory Domains and Trusts snap-in and choosing
"Connect to Domain Controller".
-
7/27/2019 Windows 2003 Key Question ANS
22/44
Active Directory Schema - this snap-in is used to view and change the SchemaMaster FSMO role. However... the Active Directory Schema snap-in is not part ofthe default Windows 2000 administrative tools or installation. You first have to
install the Support Tools from the \Support directory on the Windows 2000 serverCD or install the Windows 2000 Server Resource Kit. Once you install the support
tools you can open up a blank Microsoft Management Console (start, run, mmc)
and add the snap-in to the console. Once the snap-in is open, right click "ActiveDirectory Schema" at the top of the tree and choose "Operations Masters". You
will see the dialog box below. Changing the server the Schema Master resides onrequires you first connect to another domain controller, and then click the Change
button.
You can connect to another domain controller by right clicking "Active DirectorySchema" at the top of the Active Directory Schema snap-in and choosing "Connect
to Domain Controller".
-
7/27/2019 Windows 2003 Key Question ANS
23/44
More Tools
In addition to the tools mentioned above, there are other tools that can be used to
view the FSMO server roles. Perhaps the easiest and fastest way to find out whatserver holds what FSMO role is by using the Netdom command line utility. Like
the Active Directory Schema snap-in, the Netdom utility is only available if youhave installed the Support Tools from the Windows 2000 CD or the Win2K Server
Resource Kit.
To use Netdom to view the FSMO role holders, open a command prompt window
and type:netdom query fsmo and press enter. You will see a list of the FSMO role servers:
-
7/27/2019 Windows 2003 Key Question ANS
24/44
Another tool that comes with the Support Tools is the Active DirectoryRelication Monitor. Open this utility from Start, Programs, Windows 2000
Support Tools. Once open, click Edit, Add Monitored Server and add the name of a
Domain Controller. Once added, right click the Server name and chooseproperties. Click the FSMO Roles tab to view the servers holding the 5 FSMO roles
(below). You cannot change roles using Replication Monitor, but this tool has manyother useful purposes in regard to Active Directory information. It is something
you should check out if you haven't already.
-
7/27/2019 Windows 2003 Key Question ANS
25/44
Finally, you can use the Ntdsutil.exe utility to gather information about and
change servers for FSMO roles. Ntdsutil.exe, a command line utility that isinstalled with Windows 2000 server, is rather complicated and beyond the scope of
this document.
FIVE FSMO ROLES(DRIPS)
D-Domain naming master ( FORSET WIDE )
R-Relative identifier (RID) master (DOMAIN WIDE)
I-Infrastructure master(DOMAIN WIDE)
P-Primary Domain Controller (PDC) emulator(DOMAIN WIDE)
-
7/27/2019 Windows 2003 Key Question ANS
26/44
S-Schema master( FORSET WIDE )
8. If DHCP is not available what happens to the client
Client will not get IP and it cannot be participated in network . If client already gotthe IP and having lease duration it use the IP till the lease duration expires
3. Difference between 2000 & 2003
In windows 2000 we cannot rename domain. Where as in Windows 2003 we can rename Domain
In 2000 it supports of 8 processors and 64 GB RAM (In 2000 Advance Server) whereas in 2003
supports up to 64 processors and max of 512GB RAM.
Win 2000 Supports IIS 5.0 and 2003 Supports IIS6.0
Win 2000 doesnt support Dot net whereas 2003 Supports Microsoft .NET 2.0
Win 2000 doesnt have any 64 bit server operating system whereas 2003 has 64 bit server
operating systems (Windows Server 2003 X64 Std and Enterprise Edition)
In 2003 we have concept of Volume shadow copy service
In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trust elationship.
Win 2000 supports IPV4 whereas 2003 supports IPV4 and IPV6.
We can drag-and-drop the objects
DNS Stub zone has introduced in win2k3
-
7/27/2019 Windows 2003 Key Question ANS
27/44
Domains can be renamed or moved to a different level in an AD tree
Schema attributes can be deleted as well as added
Volume shadow copy services is introduced
New command-line tools
Windows Server 2003 includes a number of built-in command-line tools that were not available inWindows 2000, including:
dsadd-- allows you to create objects from the command line
dsmove -- moves an object from one OU or container to another within the same domain dsrm -- will delete an object from Active Directory dsquery -- will return an object or list of objects that matches criteria that you specify dsget-- will return one or more attributes of a particular Active Directory object
DNS Stub zone has introduced
windows 2k - IIS 5 and windows 2k3 - II6
In 2000 we dont have end user policy management,
whereas in 2003 we have a End user policy management which
is done in GPMC (Group policy management console).
Difference Between windows 2008 & 2003
2008 is combination of vista and windows 2003r2. Some new services are introduced in it1. RODC one new domain controller introduced in it
[Read-only Domain controllers.]2. WDS (windows deployment services) instead of RIS in 2003 server3. shadow copy for each and every folders4.boot sequence is changed5.installation is 32 bit where as 2003 it is 16 as well as 32 bit, thats why installation of 2008 is
-
7/27/2019 Windows 2003 Key Question ANS
28/44
faster6.services are known as role in it7. Group policy editor is a separate option in ads8) The main difference between 2003 and 2008 is Virtualization, management.
2008 has more inbuilt components and updated third party drivers Microsoft introduces newfeature with 2k8 that is Hyper-V Windows Server 2008 introduces Hyper-V (V for Virtualization)but only on 64bit versions. More and more companies are seeing this as a way of reducinghardware costs by running several 'virtual' servers on one physical machine. If you like thisexciting technology, make sure that you buy an edition of Windows Server 2008 that includesHyper-V, then launch the Server Manger, add Roles
What is the Global Catalog
Global catalog is a role, which maintains Indexes about objects. It contains full information of the objects
in its own domain and partial information of the objects in other domains.
Universal Group membership information will be stored in global catalog servers and replicate to all
GCs in the forest
Where is the AD database held?
.%System root%/NTDS/NTDS.DIT (DIT Directory Information
Tree).
What is LDAP?
Lightweight Directory access protocol. LDAP is a client-server protocol for
accessing a directory service
What is Site?
what is kcc?
kcc stands for knowledge consistency checker.apart of the
ISTG role in active
directory.the kcc checks and as am option, re creates
topology information for the active directory domain
What is WSUS server? Basci requirement of installing? difference between WSUS ans SUS? benifits
of both?
-
7/27/2019 Windows 2003 Key Question ANS
29/44
WSUS - Windows Software Update Server.All the updates are
downloaded into WSUS,then directed to the client PC's during
the idle time of client PC's.
To Configure WSUS Server
1)Run set up of WSUS server in win 2003 server with IIS
runnig.No antivirus is required.
2)set the ip addr of proxy server in the set up wizard
3)set the synchronizing time.
4)approve the updates
Finish..........
difference b/w SUS and WSUS
SUS did a great job of keeping Windows up to date, but WUS
will be able to update other products such as Microsoft
Office, Exchange Server, and ISA Server. Eventually, WUS
will be able to keep all current Microsoft server productsup to date
5. Difference between DC & ADC
There is no difference between in DC and ADC both contains write copy ofAD. Both can also handles FSMO roles (If transfers from DC to ADC). It is justfor identification. Functionality wise there is no difference.
7. Types of DNS Servers
Primary DNS
Secondary DNS
Active Directory Integrated DNS
Forwarder
Caching only DNS
10. what is the process of DHCP for getting the IP address to the client
There is a four way negotiation process b/w client and server
DHCP Discover (Initiated by client)
-
7/27/2019 Windows 2003 Key Question ANS
30/44
DHCP Offer (Initiated by server)
DHCP Select (Initiated by client)
DHCP Acknowledgement (Initiated by Server)
DHCP Negative Acknowledgement (Initiated by server if any issues afterDHCP offer)
12. What are the port numbers for FTP, Telnet, HTTP, DNS
FTP-21, Telnet 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389
How dow you check whether Active Directory has been installed properly or not?
1.By checking SRV Records In DNS Server.
After Active Diretory is installed, DC will register SRV
records in DNS.
2. Verify SYSVOL Folder
3. Verify Database and Log files
NTDS.DIT,edb.*,Res*.log
TERMSActive Directory schema Contains the definition of all object classes and attributes used in the
Active Directory database
.attributes Used to define the characteristics of an object class within Active Directory
.
distinguished name (DN) An LDAP component used to uniquely identify an object throughoutthe entire LDAP hierarchy by referring to the relative distinguished name, domain name, and the
container holding the object.
domain A logically structured organization of objects, such as users, computers, groups, and printers,
that are part of a network and share a common directory database. Domains are defined by an administrator and
administered as a unit with common rules and procedures.
Domain Name System (DNS) A hierarchical name resolution system that resolves host names and
fully qualified domain names (FQDNs) into IP addresses and vice versa. It is a method for maintaining
domain naming structure and locating network resources.
forest A collection of Active Directory trees that do not necessarily share a contiguous DNS naming
convention but do share a common global catalog and schema.
forest root domain The first domain created within the Active Directory structure.
global catalog An index of the objects and attributes used throughout the Active Directory structure.
-
7/27/2019 Windows 2003 Key Question ANS
31/44
It contains a partial replica of every Windows Server 2003 domain within Active Directory,
enabling users to find any object in the directory.
Group Policy The Windows Server 2003 feature that allows for policy creation that affects domain
users and computers. Policies can be anything from desktop settings to application assignment tosecurity settings and more.
Internet connection sharing (ICS) A Windows Server 2003 service that allows the use of a single, live
Internet IP address to be shared among multiple clients. DHCP and DNS cannot be configured.
Lightweight Directory Access Protocol (LDAP) An access protocol that defines how users can
access or update directory service objects
.
Management Saved Console (MSC) The filename extension of a console saved using the MMC.
Microsoft Management Console (MMC) A customizable management interface that can contain
a number of management tools to provide a single, unified application for network administration.
multi-master replication A replication model in which any domain controller accepts and replicatesdirectory changes to any other domain controller. This differs from other replication models in
which one computer stores the single modifiable copy of the directory and other computers store
back-up copies.
network address translation (NAT) The process of converting between IP addresses used within an
intranet or other private network (called a stub domain) and Internet IP addresses.This approach makes it
possible to use a large number of addresses within the stub domain without depleting the limited number
of available numeric Internet IP addresses. Also, the network is protected when NAT replaces the source
internal address and ports of all outgoing packets with a single public IP address.
object A collection of attributes that represent items within Active Directory, such as users, groups,
computers, and printers.
object classes Define which types of objects can be created within Active Directory, such as users,
groups, and printers.
organizational unit (OU) An Active Directory logical container used to organize objects within a
single domain. Objects such as users, groups, computers, and other OUs can be stored in an OUcontainer
.
relative distinguished name (RDN) An LDAP component used to identify an object within the
objects container.
Routing and Remote Access Services (RRAS) A Windows Server 2003 service that allows usersto access a company network or access the Internet through a variety of ways such as dial-up,VPN,
or NAT services.
site A combination of one or more Internet Protocol (IP) subnets connected by a high-speed connection
.
site link A low-bandwidth or unreliable/occasional connection between sites. The site links can be
adjusted for replication availability, bandwidth costs, and replication frequency.They enable control
over replication and logon traffic
-
7/27/2019 Windows 2003 Key Question ANS
32/44
.
snap-ins The management tools that are added to an MMC interface.
taskpad Allows you to simplify administrative procedures by providing a graphical representation of
the tasks that can be performed in an MMC.
transitive trust The ability for domains or forests to trust one another, even though they do nothave a direct explicit trust between them.
tree A hierarchical collection of domains that share a contiguous DNS namespace.
user principal name A user-account naming convention that includes both the user name and
domain name in the format [email protected].
virtual private networking (VPN) A Windows Server 2003 service that allows a private and
secure connection with a company network over the Internet.
Event Logging and Viewing
Event logs provide historical information that can help you track down system and security problems.The Event Log service controls whether events are tracked on Windows Server 2003 systems. When this
service is started, you can track user actions and system resource usage events with the following event
logs:
Application Log
Records events logged by applications, such as the failure of Microsoft SQL Server to access a
database. Default location is: %SystemRoot%\system32\config\AppEvent.Evt.
Directory Service
Records events logged by Active Directory directory service and its related services. Default
location is: %SystemRoot%\system32\config\NTDS.Evt.
DNS Server
Records DNS queries, responses, and other DNS activities. Default location is: %SystemRoot
%\system32\config\DNSEvent.Evt.
File Replication Service
Records file replication activities on the system. Default location is: %SystemRoot
%\system32\config\NtFrs.Evt.
Security Log
mailto:[email protected]:[email protected] -
7/27/2019 Windows 2003 Key Question ANS
33/44
Records events you've set for auditing with local or global group policies. Default location is:
%SystemRoot%\system32\config\SecEvent.Evt.
Windows Time and Windows Server 2003
Stand-alone and member servers are configured to synchronize with a time server automatically. Thistime server is referred to as the authoritative time server. The way Windows Time works depends on
whether the system is part of a workgroup or a domain.
Here's a basic overview of how Windows Time works in workgroups:
Systems are configured to synchronize with an Internet time server automatically. This time
server is referred to as the authoritative time server. The default time server is time.windows.com.
You can also select other servers, such as time.nist.gov, as the authoritative time server.
The Windows Time service uses the Simple Network Time Protocol (SNTP) to poll theauthoritative time server every four hours by default. The registry values MinPollInterval andMaxPollInterval under \HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Services\W32Time\Config control the exact rates.
If there are differences in time between the time server and the system, the Windows Time
service slowly corrects the time. The registry values UpdateInterval and FrequencyCorrectRateunder \HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Services\W32Time\Config
control the exact correction rate.
Note
The SNTP defaults to using User Datagram Protocol (UDP) port 123. If this port isn't open to theInternet, you can't synchronize the system with an Internet time server.
In domains, a domain controller is chosen automatically as the reliable time source for the domain, and
other computers in the domain sync time with this server. Should this server be unavailable to provide
time services, another domain controller takes over. You cannot, however, change the Windows Timeconfiguration. If you want to better manage Windows Time in a domain, you should install the
appropriate components. The two key components are:
Windows NTP Client
Installs Windows Time and allows the system to synchronize its clock with designated time
servers. The client is much more configurable than the standard time service that comes withWindows XP. You have precise control through Group Policy of every feature of the time
service.
-
7/27/2019 Windows 2003 Key Question ANS
34/44
Windows NTP Server
Installs Windows Time and configures the system to be a time server. Windows NTP clients,
which can be Windows XP or Windows Server 2003 systems, can then synchronize time with thiscomputer. As with NTP clients, you have precise control through Group Policy of every feature
of the time service.
Active Directory Command-Line Tools
Several tools are provided to let you manage Active Directory from the command line. You can use:
DSADD
Adds computers, contacts, groups, organizational units, and users to Active Directory. Typedsadd objectname /? at the command line to display help information on using the command,
such as dsadd computer /?.
DSGET
Displays properties of computers, contacts, groups, organizational units, users, sites, subnets, andservers registered in Active Directory. Type dsget objectname /? at the command line to display
help information on using the command, such as dsget subnet /?.
DSMOD
Modifies properties of computers, contacts, groups, organizational units, users, and servers that
already exist in Active Directory. Type dsmod objectname /? at the command line to display help
information on using the command, such as dsmod server /?.
DSMOVE
Moves a single object to a new location within a single domain or renames the object without
moving it. Type dsmove /? at the command line to display help information on using the
command.
DSQUERY
Finds computers, contacts, groups, organizational units, users, sites, subnets, and servers in
Active Directory using search criteria. Type dsquery /? at the command line to display helpinformation on using the command.
DSRM
Removes objects from Active Directory. Type dsrm /? at the command line to display helpinformation on using the command.
-
7/27/2019 Windows 2003 Key Question ANS
35/44
NTDSUTIL
To view site, domain, and server information, manage operations masters, and perform database
maintenance of Active Directory. Type ntdsutil /? at the command line to display helpinformation on using the command.
Active Directory Support Tools
Many Active Directory tools are provided in the support toolkit. A list of some of the most useful support
tools you can use to configure, manage, and troubleshoot Active Directory is shown in Table 7-1.
Table 7-1. Quick Reference for Active Directory Support Tools
Support Tool Executable
Name
Description
Active Directory
Administration Tool
Ldp.exe Performs Lightweight Directory Access Protocol
(LDAP) operations on Active Directory
Active Directory Replication
Monitor
Replmon.exe Manages and monitors replication using a graphical
user interface (GUI)
Directory Services Access
Control Lists Utility
Dsacls.exe Manages access control lists for objects in Active
Directory
Distributed File System Utility Dfsutil.exe Manages the Distributed File System (DFS) and
displays DFS information
DNS Server TroubleshootingTool
Dnscmd.exe Manages properties of Domain Name System (DNS)servers, zones, and resource records
Move Tree Movetree.exe Moves objects from one domain to another
Replication Diagnostics Tool Repadmin.exe Manages and monitors replication using thecommand line
Security Descriptor Check
Utility
Sdcheck.exe Checks access control list propagation, replication,
and inheritance
-
7/27/2019 Windows 2003 Key Question ANS
36/44
Table 7-1. Quick Reference for Active Directory Support Tools
Support Tool Executable
Name
Description
Security ID Checker Sidwalker.exe Sets access control lists on objects previously ownedby moved, deleted, or orphaned accounts
Windows Domain Manager Netdom.exe Allows domain and trust relationships managementfrom the command line
Table 12-2. Windows Server 2003 Support for RAID
RAID
Level
RAID
Type
Description Major Advantages
0 Disk
striping
Two or more volumes, each on a separate
drive, are configured as a striped set. Data isbroken into blocks, called stripes, and then
written sequentially to all drives in the striped
set.
Speed/performance.
1 Disk
mirroring
Two volumes on two drives are configured
identically. Data is written to both drives. Ifone drive fails, there's no data loss because the
other drive contains the data. (Doesn't include
disk striping.)
Redundancy. Better write
performance than disk stripingwith parity.
5 Disk
stripingwith parity
Uses three or more volumes, each on a
separate drive, to create a striped set withparity error checking. In the case of failure,
data can be recovered.
Fault tolerance with less overhead
than mirroring. Better readperformance than disk mirroring.
Understanding Scopes
Scopes are pools of IP addresses that you can assign to clients through leases and reservations. A
reservation differs from a lease in that an IP address is assigned to a particular computer until you
-
7/27/2019 Windows 2003 Key Question ANS
37/44
remove the reservation. This allows you to set semipermanent addresses for a limited number of DHCP
clients.
You'll create scopes to specify IP address ranges that are available for DHCP clients. For example, youcould assign the IP address range 192.168.12.2 192.168.12.250 to a scope called Enterprise Primary.
Scopes can use public or private IP addresses on
PUBLIC IP NETWORK NUMBER
Class A Network 1-126 1.0.0.0-
126.255.255.255
Class B Network 128-191 128.0.0.0-
191.255.255.255
Class C Network 192-223 192.0.0.0-
223.255.255.255
Class D Network 224-239 224.0.0.0-
239.255.255.255
The IP address 127.0.0.1 is used for local loopback.
PRIVATE IP NETWORK NUMBER
Class A Network 10.0.0.0 10.255.255.255
Class B Network 172.16.0.0 172.31.255.255
Class C Network 192.168.0.0 192.168.255.255
A single DHCP server can manage multiple scopes. Three types of scopes are available:
Normal scopes
-
7/27/2019 Windows 2003 Key Question ANS
38/44
Used to assign IP address pools for class A, B, and C networks.
Multicast scopes
Used to assign IP address pools for class D networks. Computers use multicast IP addresses as
secondary IP addresses in addition to a standard IP address assigned from a class A, B, or Cnetwork.
Superscopes
These are containers for other scopes and are used to simplify management of multiple scopes.
Tip
Although you can create scopes on multiple network segments, you'll usually want these segments to be
in the same network class, such as all class C IP addresses. Don't forget that you must configure DHCP
relays to relay DHCP broadcast requests between network segments. You can configure relay agents withthe Routing and Remote Access Service (RRAS) and the DHCP Relay Agent Service. You can also
configure some routers as relay agents
Changing the Log Usage
DHCP Server has a self-monitoring system that checks disk space usage. By default, the maximum size
of all DHCP server logs is 70 MB, with each individual log being limited to one-seventh of this space. If
the server reaches the 70 MB limit or an individual log grows beyond the allocated space, logging ofDHCP activity stops until log files are cleared out or space is otherwise made available. Normally, this
happens when a new day is reached and the server clears out the previous week's log file.
Registry keys that control the log usage and other DHCP settings are located in the folder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\ Parameters.
Installing DNS Servers
You can configure any Windows Server 2003 system as a DNS server. Four types of DNS servers are
available:
Active Directoryintegrated primary server
A DNS server that's fully integrated with Active Directory. All DNS data is stored directly inActive Directory.
Primary server
The main DNS server for a domain that uses partial integration with Active Directory. This server
stores a master copy of DNS records and the domain's configuration files. These files are stored
as text with the .dns extension.
-
7/27/2019 Windows 2003 Key Question ANS
39/44
Secondary server
A DNS server that provides backup services for the domain. This server stores a copy of DNS
records obtained from a primary server and relies on zone transfers for updates. Secondaryservers obtain their DNS information from a primary server when they're started, and they
maintain this information until the information is refreshed or expired.
Forwarding-only server
A server that caches DNS information after lookups and always passes requests to other servers.
These servers maintain DNS information until it's refreshed or expired or until the server isrestarted. Unlike secondary servers, forwarding-only servers don't request full copies of a zone's
database files. This means that when you start a forwarding-only server, its database contains no
information.
Before you configure a DNS server, you must install the DNS Server service. Afterward, you can
configure the server to provide integrated, primary, secondary, or forwarding-only DNS services.
Active directory does not support deletion of schema objects; however, objects can be marked as
deactivated providing many of the benefits of deletion
Hardware RAID Versus Software RAID
RAID is usually implemented using a RAID disk controller and disk controllers are expensive. Software RAID is usually implemented at the disk partition level rather than the physical disk
level as in hardware RAID.
The drawback to software RAID is that it requires the network server processor to perform thework usually done by the RAID controller in hardware RAID.
Software-based RAID does have one advantage over hardware-based RAID. In software-basedRAID, the RAID implementation can be based on disk partitions rather than entire disk drives.
RAID 1 Configuration
RAID 1 has two different implementations: disk mirroring and disk duplexing. In disk mirroring, everything written to one disk is also written to a second disk.
Disk duplexing eliminates the single point of failure that exists in disk mirroring.
Level 10
-
7/27/2019 Windows 2003 Key Question ANS
40/44
RAID level 10 is known as mirroring with striping. This level uses a striped array of disks, which are
then mirrored to another identical set of striped disks. RAID level 10 provides the performance benefits
of disk striping (level 0) with the disk redundancy of mirroring (level 1). RAID 10 provides the highestread/write performance of any of the Hybrid RAID levels, but uses twice as many disks.
What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
SMTP--25, POP3--110, IMAP4-143, RPC-135, LDAP - 389, Global Catalog 3268
List of important port numbers
15 - Netstat
21 - FTP
23 - Telnet25 - SMTP
42 - WINS
53 - DNS67 - Bootp
68 - DHCP
80 - HTTP88 - Kerberos
101 - HOSTNAME
110 - POP3
119 - NNTP123 - NTP (Network time protocol)
139 - NetBIOS
161 - SNMP
180 - RIS389 - LDAP (Lightweight Directory Access Protocol)
443 - HTTPS (HTTP over SSL/TLS)520 - RIP
79 - FINGER
37 - Time
3389 - Terminal services443 - SSL (https) (http protocol over TLS/SSL)
220 - IMAP3
3268 - AD Global Catalog3269 - AD Global Catalog over SSL
500 - Internet Key Exchange, IKE (IPSec) (UDP 500)
What is difference between scope and superscope
Scope in dhcp, where u can specify a range of IP Address which will be leased tothe dhcp clients.
Superscope is the combination of multiple scopes.
http://windows2003-tips-tricks.blogspot.com/2010/03/list-of-important-port-numbers.htmlhttp://windows2003-tips-tricks.blogspot.com/2010/03/what-is-difference-between-scope-and.htmlhttp://windows2003-tips-tricks.blogspot.com/2010/03/list-of-important-port-numbers.htmlhttp://windows2003-tips-tricks.blogspot.com/2010/03/what-is-difference-between-scope-and.html -
7/27/2019 Windows 2003 Key Question ANS
41/44
1.Default lease Length is 8days in the DHCP server
DHCP.mdb is the DHCP assigned IP address database file
In windows NT the SAM database is limited in size to approximately 40MB(40,000 objects)
Windows NT uses a flat namespace meaning that the name of the domain does not reflect a hierarchical
naming structure, Windows NT uses WINS FOR ITS name resolution Active directory uses DNS for its
naming resolution
A RELATIVE DISTINGUISHED NAME IS the name that is assigned to the object by the administrator
when the object is created for example when I create a user named ALANC the RDN is the Simplest ofthe three Active Directory name types and is sometimes called the common name of the object
A DISTINGUISHED NAME CONSISTS OF an objects RDN, plus the objects location in Active
directory . The DN supplies the complete path on the object. An objects DN includes its RDN. The name
of the organizational unit that contains the objects(if any) and the FQDN of the domain for Examplesuppose that. I create a user named ALANC in an organizational unit called US in a domain named
exportsinc.com the DN of this user would be:[email protected]
A name that uniquely identifies an object by using the relative distinguished name for the object, plus the
names of container objects and domains that contain the object. The distinguished name identifies theobject as well as its location in a tree. Every object in Active Directory has a distinguished name. A
typical distinguished name might be
CN=MyName,CN=Users,DC=Microsoft,DC=Com
This identifies the MyName user object in the microsoft.com domain
A user principal name is a shortened version of the DN that is typically used for logon and e-mail
purposes a UPN consists of the RDN plus the FQDN of the domain using my pervious Example the UPN
for the user named alanc would be:[email protected]
WHAT IS ZONE ?
Zones are delegated portions of the DNS namespace
A zone is a collection of hierarchical domain names
A zone is essentially a collection of resource records
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected] -
7/27/2019 Windows 2003 Key Question ANS
42/44
Zone is a contiguous portion of the domain namespace for which a
DNS server has authority to resolve DNS Queries
Global Catalog
A global catalog is used primarily for four main functions:
Enables users to find Active Directory information from anywhere in the forest.
Provides universal group membership information to facilitate logging on to the network.
Supplies authentication services when a user from another domain logs on using a user
principal name (UPN) (A UPN is a representation of a users logon credentials in the form
[email protected] a UPN is used, a domain name does not need to be explicitly specifiedin the Log on to drop-down box.)
Responds to directory lookup requests from Exchange 2000 and other applications.
The first domain controller in Active Directory automatically becomes a global catalog server.To provide
redundancy, additional domain controllers can easily be configured to also be global catalog servers.
Multiple global catalogs can improve user query and logon authentication performance, especially in
Active Directory environments that include geographically distant sites connected by WAN links.Microsoft recommends that each Active Directory site be configured with at least one domain controller
acting as a global catalog server.
What is the difference between LDAPv2 and LDAPv3?
LDAPv3 was developed in the late 1990's to replace LDAPv2. LDAPv3 adds thefollowing features to LDAP:
o Strong Authentication via SASL
o Integrity and Confidentiality Protection via TLS (SSL)
o Internationalization through the use of Unicode
o Referrals and Continuations
o Schema Discovery
o Extensibility (controls, extended operations, and more)
LDAPv2 is considered historical. As deploying both LDAPv2 and LDAPv3
simultaneously can be quite problematic, LDAPv2 should be avoided. LDAPv2 isdisabled by default.
Types of Server ClustersThere are three types of server clusters, based on how the cluster systems, callednodes, are connected to the devices that store the cluster configuration and state
-
7/27/2019 Windows 2003 Key Question ANS
43/44
data. This data must be stored in a way that allows each active node to obtain thedata even if one or more nodes are down. The data is stored on a resource calledthe quorum resource. The data on the quorum resource includes a set of clusterconfiguration information plus records (sometimes called checkpoints) of the mostrecent changes made to that configuration. A node coming online after an outage
can use the quorum resource as the definitive source for recent changes in theconfiguration.The sections that follow describe the three different types of server clusters:
Single quorum device cluster, also called a standard quorum cluster
Majority node set cluster
Local quorum cluster, also called a single node cluster
Event ID for sudden restart or shut down on windows 2003 is 6008
Types of system memory dumps:
Small Dump: Also known as Minidump (64K) containing minimal debugging information (stop code,parameters, stack, drivers).
Kernel Dump: Medium size dump containing kernel data structures, drivers and current process &thread information. Very useful.
Complete Dump: Large memory dump containing complete contents of memory. Can take considerable
time to dump memory.1. How do you delete a lingering object? Windows Server 2003 provides a command called
Repadmin that provides the ability to delete lingering objects in the Active Directory.
Share permissions Share permissions are Full Control, Read, and Change. Least restrictive permission is the users effective permission.A denied permission always overrides an allowed permission When NTFS and Share permissions are applied to a folder the most restrictive will be applied when
we access the folder over the network
37.What is the difference between seize and Transfer?
Soln : Seize : 1. When we decommission the server
5. When we dont bring up the server on the network.
-
7/27/2019 Windows 2003 Key Question ANS
44/44
Transfer : Transfer the roles using GUI. Normal transfer.
Active directoryLogical Structure DOTDomainsOrganizational units
TreesForests
Physical Structure SDSitesDomain controllers