Académique Documents
Professionnel Documents
Culture Documents
RsOP is the resultant set of policy applied on the object (Group Policy)
26. What is default lease period for DHCP Server?
8 days Default
27. What is the process of DHCP clients for getting the ip address?
Discover Order Receive - Acknowledge
28. What is multicast?
Multicast scopes enable you to lease Class D IP addresses to clients for participation in multicast transmissions, such
as streaming video and audio transmissions.
29. What is superscope?
Superscope enables you to group several standard DHCP scopes into a single administrative group without causing
any service disruption to network clients.
30. What is the System Startup process?
Windows 2K boot process on Intel architecture.
1. Power-On Self Tests (POST) is run.
2. The boot device is found, the Master Boot Record (MBR) is loaded into memory, and its program is run.
3. The active partition is located, and the boot sector is loaded.
4. The Windows 2000 loader (NTLDR) is then loaded.
The boot sequence executes the following steps:
1. The Windows 2000 loader switches the processor to the 32-bit flat memory model.
2. The Windows 2000 loader starts a mini-file system.
3. The Windows 2000 loader reads the BOOT.INI file and displays the operating system selections (boot loader
menu).
4. The Windows 2000 loader loads the operating system selected by the user. If Windows 2000 is selected, NTLDR
runs NTDETECT.COM. For other operating systems, NTLDR loads BOOTSECT.DOS and gives it control.
5. NTDETECT.COM scans the hardware installed in the computer, and reports the list to NTLDR for inclusion in
the Registry under the HKEY_LOCAL_MACHINE_HARDWARE hive.
6. NTLDR then loads the NTOSKRNL.EXE, and gives it the hardware information collected by NTDETECT.COM.
Windows NT enters the Windows load phases.
31. What is WINS hybrid & mixed mode?
Systems that are configured to use WINS are normally configured as a hybrid (H-node) client, meaning they attempt
to resolve NetBIOS names via a WINS server and then try a broadcast (B-node) if WINS is unsuccessful. Most
systems can be configured to resolve NetBIOS names in one of four modes:
Broadcast (B-node)Clients use a broadcast only to resolve names. An enhanced B-node setting has the client use
an LMHOST file as well. The hex value for this setting is 0x1.
Peer-to-Peer (P-node)Clients use WINS only to resolve names. The hex value for this setting is 0x2.
Mixed (M-node)Clients first use a broadcast in an attempt to resolve NetBIOS names. If this fails, they attempt the
resolution via the WINS server. The hex value for this setting is 0x4.
Hybrid (H-node)Clients first use the WINS service in an attempt to resolve NetBIOS names. If this fails, they
attempt the resolution via broadcast. The hex value for this setting is 0x8.
32. What is Disk Quota?
Disk Quota is the specifying the limits of usage on the disks.
iv)Datacenter Edition
2) What is active directory?
Active Directory is the directory service included in the Windows Server 2003 family. Active Directory includes the
directory, which stores information about network resources, as well as all the services that make the information
available and useful. Active Directory is also the directory service included in Windows 2000.
3)What is the active directory database name and where it is located?
Name : NTDS.Dit located in c:\windows\ntds\
4)What is the expansion of .Dit ? Scalable size of NTDS in 2k3?
.Dit Directory Information Tree. It is scalable up to 70 TB.
5) What is schema in AD?
The Active Directory schema defines objects that can be stored in Active Directory. The schema is a list of
definitions that determines the kinds of objects and the types of information about those objects that can be stored in
Active Directory. Because the schema definitions themselves are stored as objects, they can be administered in the
same manner as the rest of the objects in Active Directory. Normally called schema object or metadata.
6) Structure of AD in 2kX?
1) Physical structure
Sites, Domain Controllers
2) Logical structures
Forest, Tree, Domain, OU, object
7) What are the domain functional levels in 2k3?
1) Mixed mode
2) Native mode
3) Interim mode
8) What is Global catalog and GC server?
The global catalog is the central repository of information about objects in a tree or forest. By default, a global
catalog is created automatically on the initial domain controller in the first domain in the forest. A domain controller
that holds a copy of the global catalog is called a global catalog server.
9) What are the functions of GC?
A) It enables a user to log on to a network by providing universal group membership information to a domain
controller when a logon process is initiated.
B) It enables finding directory information regardless of which domain in the forest actually contains the data.
10) What is the active directory database engine name?
ESE (Extensible Storage Engine)
11) What are the partitions available in AD?
i) Schema partition
ii) Configuration Partition
iii) Domain Partition
IV) Application Partition
12) What are the two types of replications?
Inter-site (Site to site) and Intra-site (With in site) replications.
13) What is KCC? What is the function of the KCC?
The KCC is a built-in process that runs on all domain controllers. The KCC configures connection objects between
domain controllers. Within a site, each KCC generates its own connections. For replication between sites, a single
KCC per site generates all connections between sites.
The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to
workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if
the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows
2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master
acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any
one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest
Quicker Q&A
1. What are the required components of Windows Server 2003 for installing
Exchange 2003? - ASP.NET, SMTP, NNTP, W3SVC
2. What must be done to an AD forest before Exchange can be deployed? Setup /forestprep
3. What Exchange process is responsible for communication with AD? DSACCESS
4. What 3 types of domain controller does Exchange access? - Normal Domain
Controller, Global Catalog, Configuration Domain Controller
5. What connector type would you use to connect to the Internet, and what
are the two methods of sending mail over that connector? - SMTP Connector:
Forward to smart host or use DNS to route to each address
6. How would you optimize Exchange 2003 memory usage on a Windows
Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to
boot.ini
7. What would a rise in remote queue length generally indicate? - This means
mail is not being sent to other servers. This can be explained by outages or
performance issues with the network or remote servers.
8. What would a rise in the Local Delivery queue generally mean? - This
indicates a performance issue or outage on the local server. Reasons could be
slowness in consulting AD, slowness in handing messages off to local delivery or
SMTP delivery. It could also be databases being dismounted or a lack of disk space.
9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and
Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP
389, Global Catalog - 3268
10. Name the process names for the following: System Attendant? MAD.EXE,
Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE
11. What is the maximum amount of databases that can be hosted on Exchange
2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.
12. What are the disadvantages of circular logging? - In the event of a corrupt
database, data can only be restored to the last backup.
1. What are the Default shares in Windows Server 2003?
By default, Windows automatically creates special hidden administrative shares that administrators, programs, and
services can use to manage the computer environment or network. These special shared resources are not visible in
Windows Explorer or in My Computer, but you can use the Shared Folders tool in Computer Management to view
them. Depending on the configuration of your computer, you may see some or all the following special shared
resources listed in the Shares folder in Shared Folders:
DriveLetter$: Root partitions and volumes are shared as the drive letter name
appended with the $ character. For example, drive letters C and D are shared as C$
and D$.
ADMIN$: A resource that is used during remote administration of a computer.
IPC$: A resource that shares the named pipes that you must have for communication
between programs. Note that this resource cannot be deleted.
NETLOGON: A resource that is used on domain controllers.
SYSVOL: A resources that is used on domain controllers.
PRINT$: A resource that is used during the remote administration of printers.
FAX$: A shared folder on a server that is used by fax clients during fax transmission.
Note NETLOGON and SYSVOL are not hidden shares but are instead special administrative shares.
Generally, Microsoft recommends that you do not modify these special shared resources. However, if you want to
remove the special shared resources and prevent them from being created automatically, you can do this by editing
the registry.
1.
Q) Can I changed password if my machines connectivity to DC who holds PDC emulator role has
been fails?
A) No you cant the password.
Q) I have been asked if there is set of 30 harddisk configured for raid 5 if two harddisk failed what about
data
A) It depends how u had configured ur RAID its only Raid5 or with with spare if its only raid 5 then in
raid5 if ur 2 nos of HDD goes then ur raid is gone.
Q) How can I Deploy the Latest Patched in Pc through G.P. without having the Admin Right in Pc.
A) Create a batch file and place all the patches in the Net logon, and deploy the batch file through GP to all
the pcs so the same should take affect after restarting the pc.
Q) In Raid 5,Suppose i have 5 HDD of 10-10 GB, After configuring the Raid how much space do i have for
utilise.
A) -1 out of the total (eg- if u r using 5 u will get only 4 because 1 goes for parity).
Q) How Can i Resolve the Svr name through Nslookup
A) what exactly u want to do, nslookup command will let u know through which server u r getting routed,
(eg- c:\nslookup then u will get ur domain name to which u r getting routed. and if u want to get the name
of the pc/server with the ip address then u have to give the command c:\nbtstat -a ip xx-xx-xx-xx)
1. DHCP relay agent where to place it?
Ans: DHCP Relay agent u need to place in Software Router.
Question: How many Zones in Windows 2000 server and Windows 2003 Server ?
Ans: In Windows 2000 there are mainly 3 zones
Standard Primary zone information is written in Txt file
Standard Secondary copy of Primary
Active Directory Integrated Information stores in Active Directory
In Win2k3 one more zone is added that is Stub zone
Stub is like secondary but it contains only copy of SOA records, copy of NS records, copy of A records
for that zone. No copy of MX, SRV records etc.,
With this Stub zone DNS traffic will be low
Question: What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
Answer: Kerberos is the user authentication used in Win2000 and Win2003 Active Directory servers
Kerberos version in 5.0
Port is: 88
It's more secure and encrypted than NTLM (NT authentication)
1.
ANS: SMTP
What is the use of NNTP with exchange?
ANS: This protocol is used the news group in exchange.
1.
Upgrading the functional level of a domain to Windows 2000 Native should only be done if there are
no Windows NT domain controllers remaining on the network. By upgrading to Windows 2000 Native
functional level,
additional features become available including: group nesting, universal groups, SID History, and the
ability to convert
security groups and distribution groups.
Windows Server 2003 Interim
The third functional level is Windows Server 2003 Interim and it is often used when upgrading from
Windows NT to Windows Server 2003. Upgrading to this domain functional level provides support for
Windows NT and Windows Server 2003 domain controllers. However, like Windows 2000 Mixed, it does
not provide new features.
Windows Server 2003
The last functional level is Windows Server 2003. This domain functional level only provides support for
Windows Server 2003 domain controllers. If you want to take advantage of all the features included with
Windows Server 2003, you must implement this functional level. One of the most important features
introduced
at this functional level is the ability to rename domain controllers
Forest Level
Forest Level
PDC Emulator
Domain Level
RID Master
Domain Level
Infrastructure Master
Domain Level
In a Windows 2000 domain, the PDC emulator server role performs the following
functions:
Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator first.
Authentication failures that occur at a given DC in a domain because of an incorrect
password are forwarded to the PDC emulator for validation before a bad password
failure message is reported to the user.
Account lockout is processed on the PDC emulator.
Time synchronization for the domain.
Group Policy changes are preferentially written to the PDC emulator.
Additionally, if your domain is a mixed mode domain that contains Windows NT 4
BDCs, then the Windows 2000 domain controller, that is the PDC emulator, acts as
a Windows NT 4 PDC to the BDCs.
There is only one PDC emulator per domain.
Note: Some consider the PDC emulator to only be relevant in a mixed mode
domain. This is not true. Even after you have changed your domain to native mode
(no more NT 4 domain controllers), the PDC emulator is still necessary for the
reasons above.
4. RID Master (Domain level)
The RID master FSMO role holder is the single DC responsible for processing RID
Pool requests from all DCs within a given domain. It is also responsible for
removing an object from its domain and putting it in another domain during an
object move.
When a DC creates a security principal object such as a user, group or computer
account, it attaches a unique Security ID (SID) to the object. This SID consists of a
domain SID (the same for all SIDs created in a domain), and a relative ID (RID)
that makes the object unique in a domain.
Each Windows 2000 DC in a domain is allocated a pool of RIDs that it assigns to the
security principals it creates. When a DC's allocated RID pool falls below a
threshold, that DC issues a request for additional RIDs to the domain's RID master.
The domain RID master responds to the request by retrieving RIDs from the
domain's unallocated RID pool and assigns them to the pool of the requesting DC.
There is one RID master per domain in a directory.
5. Infrastructure Master (Domain level)
The DC that holds the Infrastructure Master FSMO role is responsible for cross
domain updates and lookups. When an object in one domain is referenced by
another object in another domain, it represents the reference by the GUID, the SID
(for references to security principals), and the distinguished name (DN) of the
object being referenced. The Infrastructure role holder is the DC responsible for
updating an object's SID and distinguished name in a cross-domain object
reference.
When a user in DomainA is added to a group in DomainB, then the Infrastructure
master is involved. Likewise, if that user in DomainA, who has been added to a
group in DomainB, then changes his username in DomainA, the Infrastructure
master must update the group membership(s) in DomainB with the name change.
If Domain Naming
Master
If PDC Emulator
The server holding the PDC emulator role will cause the most
problems if it is unavailable. This would be most noticeable in a
mixed mode domain where you are still running NT 4 BDCs and
if you are using downlevel clients (NT and Win9x). Since the
PDC emulator acts as a NT 4 PDC, then any actions that depend
on the PDC would be affected (User Manager for Domains,
Server Manager, changing passwords, browsing and BDC
replication).
In a native mode domain the failure of the PDC emulator isn't as
critical because other domain controllers can assume most of
the responsibilities of the PDC emulator.
If RID Master
PDC Emulator
RID Master
FSMO TOOLS
Q8. Tools to find out what servers in your domain/forest hold what server roles?
1. Active Directory Users and Computers:- use this snap-in to find out where the
domain level FSMO roles are located (PDC Emulator, RID Master, Infrastructure Master), and
also to change the location of one or more of these 3 FSMO roles.
Open Active Directory Users and Computers, right click on the domain you want to view the
FSMO roles for and click "Operations Masters". A dialog box (below) will open with three
tabs, one for each FSMO role. Click each tab to see what server that role resides on. To
change the server roles, you must first connect to the domain controller you want to move
it to. Do this by right clicking "Active Directory Users and Computers" at the top of the
Active Directory Users and Computers snap-in and choose "Connect to Domain Controller".
Once connected to the DC, go back into the Operations Masters dialog box, choose a role to
move and click the Change button.
When you do connect to another DC, you will notice the name of that DC will be in the field
below the Change button (not in this graphic).
2. Active Directory Domains and Trusts - use this snap-in to find out where the Domain
Naming Master FSMO role is and to change it's location.
The process is the same as it is when viewing and changing the Domain level FSMO roles in
Active Directory Users and Computers, except you use the Active Directory Domains and
Trusts snap-in. Open Active Directory Domains and Trusts, right click "Active Directory
Domains and Trusts" at the top of the tree, and choose "Operations Master". When you do,
you will see the dialog box below. Changing the server that houses the Domain Naming
Master requires that you first connect to the new domain controller, then click the Change
button. You can connect to another domain controller by right clicking "Active Directory
Domains and Trusts" at the top of the Active Directory Domains and Trusts snap-in and
choosing "Connect to Domain Controller".
3. Active Directory Schema - this snap-in is used to view and change the Schema Master
FSMO role. However... the Active Directory Schema snap-in is not part of the default
Windows 2000 administrative tools or installation. You first have to install the Support Tools
from the \Support directory on the Windows 2000 server CD or install the Windows 2000
Server Resource Kit. Once you install the support tools you can open up a blank Microsoft
Management Console (start, run, mmc) and add the snap-in to the console. Once the snapin is open, right click "Active Directory Schema" at the top of the tree and choose
"Operations Masters". You will see the dialog box below. Changing the server the Schema
Master resides on requires you first connect to another domain controller, and then click the
Change button.
You can connect to another domain controller by right clicking "Active Directory Schema" at
the top of the Active Directory Schema snap-in and choosing "Connect to Domain
Controller".
4.Netdom
The easiest and fastest way to find out what server holds what FSMO role is by using the
Netdom command line utility. Like the Active Directory Schema snap-in, the Netdom utility
is only available if you have installed the Support Tools from the Windows 2000 CD or the
Win2K Server Resource Kit.
To use Netdom to view the FSMO role holders, open a command prompt window and type:
netdom query fsmo and press enter. You will see a list of the FSMO role servers:
Finally, you can use the Ntdsutil.exe utility to gather information about and change
servers for FSMO roles. Ntdsutil.exe, a command line utility that is installed with Windows
2000 server, is rather complicated and beyond the scope of this document.
6. DUMPFSMOS
Command-line tool to query for the current FSMO role holders
Part of the Microsoft Windows 2000 Server Resource Kit
Downloadable from http://www.microsoft.com/windows2000
/techinfo/reskit/default.asp
Prints to the screen, the current FSMO holders
Calls NTDSUTIL to get this information
7. NLTEST
Command-line tool to perform common network administrative tasks
Type "nltest /?" for syntax and switches
Common uses
Get a list of all DCs in the domain
Get the name of the PDC emulator
Query or reset the secure channel for a server
Call DsGetDCName to query for an available domain controller
8. Adcheck (470k) (3rd party)
A simple utility to view information about AD and FSMO roles
http://www.svrops.com/svrops/downloads/zipfiles/ADcheck.msi
A stub zone is a read-only copy of a zone that contains only those resource records necessary to identify
the authoritative DNS servers for the actual zone. A stub zone is used to keep a parent zone aware of the
authoritative DNS servers for a delegated zone and thereby maintain DNS name resolution efficiency.
For example, a customer who is running Windows 2000 (that has both a parent and child domain) will
typically create a delegation record in the parent zone for the child domain, thus enabling the child DNS
server to host the primary zone for the child domain. As new DNS servers are added to the child domain,
the delegation record must be updated manually on the parent DNS server to reflect those new child DNS
servers.
Alternatively, with stub zones, the parent DNS server can host a stub zone for the child domain and
become aware of new child DNS servers automatically when the stub zone is loaded or reloaded.
Stub zones are not limited to use in a parent-child domain topology; they also can be used to resolve
resource records in other domains in the forest and, theoretically, for other forests as well.
The administrator cannot modify a stub zone's resource records. Any changes the administrator wants to
make to the resource records in a stub zone must be made in the original, primary zone from which the
stub zone is derived. Unlike secondary zones, stub zones can be stored in Active Directory.
A stub zone is composed of:
The start-of-authority (SOA) resource record, name server (NS) resource records, and the glue A
resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone.
In short about stub zone
1) Allow a parent domain to automatically identify the DNS servers in a child domain.
2)Only contain the SOA, NS, and A records.
3)The DNS server is able to query NS directly instead of through recursion with root hints.
4)Changes to zones are made when the master zone is updated or loaded.
The local list of master zones define physically local servers from which to transfer.
Using the Local List of Masters
Using the Local List of Masters
Master servers are DNS servers that the stub zone will contact to retrieve the necessary resource
records. It is comparable to the list of servers defined when creating a secondary zone ( i.e.. the list of
servers from which the zone is transferred). When more than one server appears in the list and a zone
update is requested, the list of master servers is used and the servers are prioritized by the order in which
they appear in the list.
When Active Directory-integrated stub zones are replicated into different physical sites, it is recommended
that they be updated using a local list of master servers in each site. For example, an Active Directoryintegrated stub zone, widgets.microsoft.com, was loaded in a site in Seattle and replicated to a site in
Boston. Master servers for the stub zone exist in each of these sites.
When the stub zone in Boston is updated, the domain controller may contact both master servers for
resource records in widgets.microsoft.com. However, because of network traffic, the administrator may
want the domain controller in Boston to use only the master server in Boston and not the master server in
Seattle. To force the domain controller in Boston to use only the master server in Boston, the
administrator can specify that the stub zone in Boston be updated using a local list of master servers.
Master server list in the stub zone properties dialog box
To use a local list of masters, enable the checkbox "Use the list above as a local list of master" on the
General tab of the stub zone properties. This option will only be available if the zone is stored in Active
Directory. Stub zones that are not stored in active directory will only use the list of masters that are
specified in the stub zone properties.
The DNS server forwards the query to the DNS server with the IP address 192.168.200.1, which is
associated with research.example.com.
Forward-only Server
Forward-only Server
A DNS server can be configured to not perform recursion after the forwarders fail; if it does not get a
successful query response from any of the servers configured as forwarders, then it sends a negative
response to the DNS client.
The option to prevent recursion can be set for each conditional forwarder in Windows .NET Server. For
example, a DNS server can be configured to perform recursion for the domain name
research.example.com, but not to perform recursion for the domain name example.com.
Warning If you disable recursion on the Advance tab in DNS server properties, you will not be able to use
forwarders on the same server.
New Registry Keys
This key toggles recursion for a particular domain:
Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\<zone name>
Name: ForwarderSlave
Type: REG_DWORD
Valid Range: 0x0 (recursion) and 0x1 (no recursion)
This key sets the forwarder timeout for a particular domain:
Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\<zone name>
Name: ForwarderTimeout
Type: REG_DWORD
Valid Range: any number (seconds)
This key lists the order of forwarders a domain will use:
Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\<zone name>
Name: MasterServers
Type: REG_SZ
Valid Range: spaced list of IP addresses used in order
DNS Group Policies in the Default Domain Policy
1. Primary DNS suffix
Allows you specify a primary DNS suffix for a group of computers and prevents users, including
administrators, from changing it.
2. Dynamic update
Determines if dynamic update is enabled.
3. DNS suffix search list
When this setting is enabled, if a user submits a query for a single-label name, such as widgets, a local
DNS client attaches a suffix, such as microsoft.com, resulting in the query widgets.microsoft.com before
sending the query to a DNS server.
4.Primary DNS suffix devolution
Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process.
5. Register PTR records
Determines whether the registration of PTR resource records is enabled for the computers to which this
policy is applied.
6. Registration refresh interval
Specifies the registration refresh interval of A and PTR resource records for computers to which
this setting is applied. This setting may be applied to computers using dynamic update only.
7. Replace addresses in conflicts
Determines whether a DNS client that attempts to register its A resource record should overwrite
an existing A resource record containing conflicting IP addresses.
8. Register DNS records with connection-specific DNS suffix
Determines if a computer performing dynamic registration may register its A and PTR resource
records with a concatenation of its computer name and a connection-specific DNS suffix.
9. TTL set in the A and PTR records
Specifies the value for the Time-To-Live (TTL) field in A and PTR resource records registered in
the computers to which this setting is applied.
10. Update security level
Specifies whether the computers to which this setting is applied use secure dynamic update or
standard dynamic update to register DNS records.
11. Update top-level domain zones
Specifies whether the computers to which this policy is applied may send dynamic updates to the
zones named with a single label name--also known as top-level domain zones, for example, com.