Académique Documents
Professionnel Documents
Culture Documents
Installation Facts
You should know the following facts about Active Directory installation:
If you are installing a Windows Server 2003 server into an existing Windows 2000 Active
Directory structure, you must first prepare Active Directory for the installation by taking the
following steps:
Installing from a replica media set will create the initial Active Directory database using a
backup copy and then replicate in any changes since the backup. This prevents a lot of the
replication traffic that is normally created on a network when a server is promoted to a
domain controller.
A central component of windows, used to manage, and administrator users, computers and
printers in the network from active directory.
What is DNS? What is “forward lookup zone” and “reverse lookup zone”?
DNS is domain naming service and used to resolve host names to IP addresses and IP
addresses to host names. The computer understands only numbers to communicate with each
other. Its also easier way to make access websites by assigning names to websites.
When we use web address e.g. http://ittechjobs.net in browser, computer uses DNS for IP
address to redirect the website.
'A' record: It is called host record and it is used to map name to IP address. This is the record
in DNS with the help of which DNS finds the host name.
'MX' Record: it is called mail exchanger record. It is the record needed to locate the mail
servers in the network. This record is also found in DNS.
Scope: Scope contains IP address like subnet mask, gateway IP, DNS server IP and exclusion
range which a client can use to communicate with the other PCs in the network.
Super scope: When we combine two or more scopes together it is called super scope.
LAN cables are classified into CAT 5 and CAT 6.CAT 5 Supports 100 MBPS of speed while
CAT 6 supports 1 GBPS of speed.
RJ45 connector connections are different in LAN cable as compared to cross cable.
E.g.:
Straight Cable
Cross Cable:
Wire Becomes
1----------------------3
2----------------------6
3----------------------1
6----------------------2
By default the LAN Cable is 100 Meters but you may observe drop of signals after 80
Meters.
This command displays the information about IP assigned to a computer. From the output we
can know the information of IP address, DNS IP address and Gateway address assigned to
that computer.
When DHCP server is unavailable, windows client computer assigns an IP address itself to
communicate with other computers in the network.
APIPA stands for automatic private IP addressing. It is in the range of 169.254.X.X.
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method
called FSMO (Flexible Single Master Operation).
· PDC - PDC Emulator is domain-specific and one for each domain.
By default in active directory installation, FSMO Roles are on the same DC.However,
administrator would want to transfer these roles to default DC to Different DC.
In most cases an administrator can keep the FSMO role holders in on the same DC as has
been configured by the Active Directory installation process. However, there are scenarios
where an administrator would want to move one or more of the FSMO roles from the default
holder DC to a different DC.
In order to transfer roles from one DC to another DC, administrator should aware which DC
is holding the exact role and what role it holds. Expert technical knowledge and better
understanding of technical terms are prerequisite for Administrator and he or she prepare
himself herself before implementing this terms to live servers.
How to find which server holds the exact role. This article illustrates the few methods which
are below.
Finding the RID Master, PDC Emulator, and Infrastructure Masters via GUI
To find out who currently holds the Domain-Specific RID Master, PDC Emulator, and
Infrastructure Master FSMO Roles:
1. Open the Active Directory Users and Computers snap-in from the Administrative
Tools folder.
2. Right-click the Active Directory Users and Computers icon again and press Operation
Masters.
3. Select the appropriate tab for the role you wish to view.
To find out who currently holds the Domain Naming Master Role:
1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools
folder.
2. Right-click the Active Directory Domains and Trusts icon again and press Operation
Masters.
regsvr32 schmmgmt.dll
3. From the Run command open an MMC Console by typing MMC.
7. Click the Active Directory Schema icon. After it loads right-click it and press
Operation Masters.
Active directory uses Kerberos Security for server to sevrer auhentication and for trust
establishment.
One way trust in which one domain is the trusted domain and other is the trusting domain.
Two way transitive trusts are by default between all domains in a forest.
As a result,users in parent domain can access resourses in child domain and vise versa.The
same senario is a with tree structure.When a user tries to access a resource in another domain
controller,the trust establishment takes place accross domain boundries.
Shortcut Trusts can be established between two domains and it is a different from the
standard trusts within the trust tree. In this situation users in one domain can rapidly
authenticated to other domains and vise versa.
he following table lists various protocols and their associated ports that might be used in
an Exchange implementation.
Protocol Description Ports
Used to communicate with mail servers and by POP3 and
TCP 25
SMTP IMAP4 clients to send mail. Note: SMTP with SSL is
Using SSL, TCP 26
rarely used.
Used to retrieve mail from an Exchange Server. Disabled TCP 110
POP3
on the Exchange server by default. Using SSL, TCP 995
Used to retrieve mail and other directories from an
TCP 143
IMAP4 Exchange Server. Disabled on the Exchange server by
Using SSL, TCP 993
default.
HTTP Used by Outlook Web Access for mail access. TCP 80
Using SSL, TCP 443
TCP and UDP 389 for
Active Directory access
LDAP Used to access information from Active Directory.
TCP 3268 for Global
Catalog access
Used to retrieve information from Usenet servers on and TCP 119
NNTP
enables sharing news group public folders. Using SSL, TCP 563
TCP 135
Used to establish an RPC connection (end point mapper) TCP 1024 and above
RPC
and also acts as an RPC client establishing sessions. (multiple ports are
typically enabled)
When contacting Active Directory, a DNS server must be
DNS contacted for name resolution. The Exchange server uses TCP and UDP 53
DNS to find mail servers on the Internet
Used for X.400 connections or connections to Exchange
MTA TCP 102
5.5 servers.
Used for communication and authentication with
Kerberos TCP and UDP 88
Windows 2003 servers.
IP protocol 51 for AH
IP protocol 50 for ESP
UDP 500 for key
IPSec Used to secure server-to-server communications.
exchange
TCP and UDP 88 for
Kerberos
The global catalog is a distributed data repository that contains a searchable, partial representation
of every object in every domain in a multidomain Active Directory forest. The global catalog is stored
on domain controllers that have been designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global catalog are faster because they do
not involve referrals to different domain controllers.
The design of your storage system allows you to optimize the system and protect your data. An
effective design strategy considers file location, protection level for the files, and the necessary
hardware to support it. The table below identifies one way to structure the Exchange system to
ensure optimization and fault tolerance.
Exchange Store
F:\ RAID 5
Databases
Active Directory is the directory service included in the Windows Server 2003 family. Active
Directory includes the directory, which stores information about network resources, as well as all
the services that make the information available and useful. Active Directory is also the directory
service included in Windows 2000.
The Active Directory schema defines objects that can be stored in Active Directory. The schema is
a list of definitions that determines the kinds of objects and the types of information about those
objects that can be stored in Active Directory. Because the schema definitions themselves are
stored as objects, they can be administered in the same manner as the rest of the objects in
Active Directory. Normally called schema object or metadata .
6)Structure of AD in 2kX?
1)Physical structure
Sites ,Domain Controllers
2)Logical structures
Forest, Tree, Domain, OU
1)Mixed mode
2)Native mode
3)Interim mode
8)What is Global catalog and GC server?
The global catalog is the central repository of information about objects in a tree or forest. By
default, a global catalog is created automatically on the initial domain controller in the first domain
in the forest. A domain controller that holds a copy of the global catalog is called a global catalog
server.
i)Schema partition
ii) Configuration Partition
iii) Domain Partition
iv)Application Partition
The KCC is a built-in process that runs on all domain controllers. The KCC configures connection
objects between domain controllers. Within a site, each KCC generates its own connections. For
replication between sites, a single KCC per site generates all connections between sites.
RPC over IP (Used for synchronies transfer) , SMTP over IP (Asynchronies transfer)
Intra site – 15 min ( KCC automatically create the topology for Replication)
Inter-site – 1 hrs.
Security related changes replicated immediately across sites.
i)Schema table
ii)Link Table
iii)Data table
iv)Configuration Table
19)Where is the FRS logs stored in and what is the database engine name?
Any objects deleted from Active directory will not removed from Database immediately. That object
is called tombstone object. The default life time for that object is 60 days.For win 2k3 SP1 180 days
21) What are the FSMO roles in AD and what are the functionalities of those roles?
These roles must be unique in the forest. This means that throughout the entire forest there can be
only one schema master and one domain naming master.
Schema Master Role
The domain controller assigned the schema master role controls all updates and modifications to the
schema. To update the schema of a forest, you must have access to the schema master. At any time,
there can be only one schema master in the entire forest.
Domain Naming Master Role
The domain controller holding the domain naming master role controls the addition or removal of
domains in the forest. There can be only one domain naming master in the entire forest at any time.
Domain-Wide Operations Master Roles
Every domain in the forest must have the following roles:
3)Relative identifier (RID), or relative ID, master 4) Primary domain controller (PDC) emulator 5)
Infrastructure master
These roles must be unique in each domain. This means that each domain in the forest can have only
one RID master, PDC emulator master, and infrastructure master.
RID Master Role
The domain controller assigned the RID master role allocates sequences of relative IDs to each of the
various domain controllers in its domain. At any time, there can be only one domain controller acting
as the RID master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a
unique security ID. The security ID consists of a domain security ID (that is the same for all security
IDs created in the domain) and a relative ID that is unique for each security ID created in the domain.
To move an object between domains (using Movetree.exe: Active Directory Object Manager), you
must initiate the move on the domain controller acting as the RID master of the domain that
currently contains the object.
PDC Emulator
WINS is used to offer NetBIOS clients the ability to resolve NetBIOS names without broadcasts within
a routed environment. This causes the network traffic to be reduced. Each client can register it's
services at the WINS server when starting and query the WINS server to resolve NetBIOS names of
other clients.
Within Windows 2000, clients are automatically installed to provide client-side support for
registering and resolving NetBIOS names. This can be disabled by disabling NetBIOS over TCP/IP in
the WINS tab of the TCP/IP protocol.
But DNS is a complete name resolution server. It resolves DNS name, NETBIOS name to IP viceversa.
Short for Domain Name System (or Service or Server), an Internet service that translates domain
names into IP addresses. Because domain names are alphabetic, they're easier to remember. The
Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a
DNS service must translate the name into the corresponding IP address. For example, the domain
name www.example.com might translate to 198.105.232.4.