What is Active Directory

Published on November 2016 | Categories: Documents | Downloads: 28 | Comments: 0 | Views: 224
of 18
Download PDF   Embed   Report



>What is Active Directory? Active Directory is a Meta Data. Active Directory is a data base which stores a data base like your user information, computer information and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD. >What is domain? Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user needs only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The ‘domain’ is simply your computer address not to confuse with an URL. A domain address might look something like 211.170.469. >What is domain controller? A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination. >What is LDAP? Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2. >What is KCC? KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intra-site replication. Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP. >Where is the AD database held? What other folders are related to AD? The AD data base is store in c:\windows\ntds\NTDS.DIT. >What is the SYSVOL folder? The sysVOL folder stores the server’s copy of the domain’s public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. >Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multi master peer-to-peer read and write relationship that hosts copies of the Active Directory. >Cannot create a new universal user group. Why? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.

>Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory. >What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network. >How do you view all the GCs in the forest? C:\>repadmin /showreps domain_controller OR You can use Replmon.exe for the same purpose. OR AD Sites and Services and nslookup gc._msdcs. To find the in GC from the command line you can try using DSQUERY command. dsquery server -isgc to find all the GC’s in the forest you can try dsquery server -forest -isgc. > What are the physical components of Active Directory? Domain controllers and Sites. Domain controllers are physical computers which are running Windows Server operating system and Active Directory data base. Sites are a network segment based on geographical location and which contains multiple domain controllers in each site. > What are the logical components of Active Directory? Domains, Organizational Units, trees and forests are logical components of Active Directory. > What are the Active Directory Partitions? Active Directory database is divided into different partitions such as Schema partition, Domain partition, and Configuration partition. Apart from these partitions, we can create Application partition based on the requirement. > What is group nesting? Adding one group as a member of another group is called ‘group nesting’. This will help for easy administration and reduced replication traffic. > What is the feature of Domain Local Group?

Domain local groups are mainly used for granting access to network resources.A Domain local group can contain accounts from any domain, global groups from any domain and universal groups from any domain. For example, if you want to grant permission to a printer located at Domain A, to 10 users from Domain B, then create a Global group in Domain B and add all 10 users into that Global group. Then, create a Domain local group at Domain A, and add Global group of Domain B to Domain local group of Domain A, then, add Domain local group of Domain A to the printer(of Domain A) security ACL.

>What is LSDOU? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. >Why doesn’t LSDOU work under Windows NT? If the NTConfig.pol file exists, it has the highest priority among the numerous policies. >How many number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group. > What’s the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. > How many passwords by default are remembered when you check “Enforce Password History Remembered”? User’s last 6 passwords. > Can GC Server and Infrastructure place in single server? No, As Infrastructure master does the same job as the GC. It does not work together. > Which is service in your windows is responsible for replication of Domain controller to another domain controller. KCC generates the replication topology. Use SMTP / RPC to replicate changes.

> What Intrasite and Intersite Replication? Intrasite is the replication within the same site & intersite the replication between sites. > What is lost & found folder in ADS? It’s the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder.

> What is Garbage collection? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours. > What System State data contains? Contains Startup files, Registry Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder

>What is REPLMON? The Microsoft definition of the Replmon tool is as follows; This GUI tool enables administrators to view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication. >What is ADSIEDIT ? ADSIEDIT :ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT. >What is NETDOM ? NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels. >What is REPADMIN? This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers.Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors.

>Explain about Trust in AD ? To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created. The forest sets the default boundaries of trust, not the domain, and implicit, transitive trust is automatic for all domains within a forest. As well as two-way transitive trust, AD trusts can be a shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests or non-AD domains. Trusts in Windows 2000 (native mode) One-way trust – One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain. Two-way trust – Two domains allow access to users on both domains. Trusting domain – The domain that allows access to users from a trusted domain. Trusted domain – The domain that is trusted; whose users have access to the trusting domain. Transitive trust – A trust that can extend beyond two domains to other trusted domains in the forest. Intransitive trust – A one way trust that does not extend beyond two domains. Explicit trust – A trust that an admin creates. It is not transitive and is one way only. Cross-link trust – An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains. Windows 2000 Server – supports the following types of trusts: Two-way transitive trusts. One-way intransitive trusts. Additional trusts can be created by administrators. These trusts can be: >What is tombstone lifetime attribute ? The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC. >What are application partitions? When do I use them ? AN application diretcory partition is a directory partition that is replicated only to specific domain controller.Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundany,availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest. >How do you create a new application partition ? Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

>How do you view all the GCs in the forest? C:\>repadmin /showreps domain_controller where domain_controller is the DC you want to query to determine whether it?s a GC. The output will include the text DSA Options: IS_GC if the DC is a GC. >Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Yes, you can use dirXML or LDAP to connect to other directories. In Novel you can use E-directory.

>What’s the difference between transferring a FSMO role and seizing ? Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back online, you’ll have a problem. An FSMO role TRANSFER is the graceful movement of the roles from a live, working DC to another live DC During the process, the current DC holding the role(s) is updated, so it becomes aware it is no longer the role holder >I want to look at the RID allocation table for a DC. What do I do? dcdiag /test:ridmanager /s:servername /v (servername is the name of our DC) >What is BridgeHead Server in AD ? A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site. >What is the default size of ntds.dit ? 10 MB in Server 2000 and 12 MB in Server 2003 . >Where is the AD database held and What are other folders related to AD ? AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure. ntds.dit edb.log res1.log res2.log edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database. During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t present, AD will use the edb.log file to update the AD database. The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we’ve discussed >What FSMO placement considerations do you know of ? Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory. In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC. Windows Server 2003 Active Directory is a bit different than the Windows 2000 version when dealing with FSMO placement. In this article I will only deal with Windows Server 2003 Active Directory, but you should bear in mind that most considerations are also true when planning Windows 2000 AD FSMO roles

>How to take backup of AD ? For taking backup of active directory you have to do this : first go START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP OR Open run window and ntbackup and take systemstate backup when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the syatem including AD backup , DNS ETC. >What are the DS* commands ? The following DS commands: the DS family built in utility . DSmod – modify Active Directory attributes. DSrm - to delete Active Directory objects. DSmove – to relocate objects DSadd – create new accounts

DSquery – to find objects that match your query attributes. DSget – list the properties of an object >What are the requirements for installing AD on a new server? An NTFS partition with enough free space. An Administrator’s username and password. The correct operating system version. A NIC Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway). A network connection (to a hub or to another computer via a crossover cable) . An operational DNS server (which can be installed on the DC itself) . A Domain name that you want to use . The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder)

>What is the port no of Kerbrose ? 88 >What is the port no of Global catalog ? 3268 >What is the port no of LDAP ? 389 >Explain Active Directory Schema ? Windows 2000 and Windows Server 2003 Active Directory uses a database set of rules called “Schema”. The Schema is defines as the formal definition of all object classes, and the attributes that make up those object classes, that can be stored in the directory. As mentioned earlier, the Active Directory database includes a default Schema, which defines many object classes, such as users, groups, computers, domains, organizational units, and so on. These objects are also known as “Classes”. The Active Directory Schema can be dynamically extensible, meaning that you can modify the schema by defining new object types and their attributes and by defining new attributes for existing objects. You can do this either with the Schema Manager snap-in tool included with Windows 2000/2003 Server, or programmatically. >How can you forcibly remove AD from a server, and what do you do later? ? Can I get user passwords from the AD database? Dcpromo /forceremoval , an administrator can forcibly remove Active Directory and roll back the system without having to contact or replicate any locally held changes to another DC in the forest. Reboot the server then After you use the dcpromo /forceremoval command, all the remaining metadata for the demoted DC is not deleted on the surviving domain controllers, and therefore you must manually remove it by using the NTDSUTIL command.

In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to manually remove the NTDS Settings object. You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers >What are the FSMO roles? Who has them by default? What happens when each one fails? Flexible Single Master Operation (FSMO) role. Currently there are five FSMO roles: Schema master Domain naming master RID master PDC emulator Infrastructure master >What is domain tree ? Domain Trees: A domain tree comprises several domains that share a common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust relationships. Active Directory is a set of one or more trees. Trees can be viewed two ways. One view is the trust relationships between domains. The other view is the namespace of the domain tree. >What is forests ? A collection of one or more domain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses. >How to Select the Appropriate Restore Method ? You select the appropriate restore method by considering: Circumstances and characteristics of the failure. The two major categories of failure, From an Active Directory perspective, are Active Directory data corruption and hardware failure. Active Directory data corruption occurs when the directory contains corrupt data that has been replicated to all domain controllers or when a large portion of the Active Directory hierarchy has been changed accidentally (such as deletion of an OU) and this change has replicated to other domain controllers.

Q1. What is DNS? Domain Name System is a service that can be installed on any windows server operating system to resolve the Name to IPAddress and vice-versa. TCP/IP networks, such as the Internet, use DNS to locate computers and services through user-friendly names Q2. What is DDNS? Dynamic DNS or DDNS is a method of updating, in real time, a Domain Name System to point to a

changing IP address on the Internet. This is used to provide a persistent domain name for a resource that may change location on the network. Q3. What are the resource records in DNS? A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records. CNAME (Canonical Name) Sets an alias for a host name. For example, using this record, zeta.tvpress.com can have an alias as www.tvpress.com. MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain. NS (Name Server) Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record. PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups. SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone). Q4. What are a Forward and Reverse Lookup? Forward Lookup: When a name query is send to the DNS server against to IP address, it is generally said a forward lookup. Reverse Lookup: DNS also provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address. Q5. What is Primary zone? This is the read and writable copy of a zone file in the DNS namespace. This is primary source for information about the zone and it stores the master copy of zone data in a local file or in AD DS. Dy default the primary zone file is named as zone_name.dns in %windir%\System32\DNS folder on the server. Q6. What id Secondary zone? This is the read only copy of a zone file in the DNS namespace. This is secondary source for information about the zone and it get the updated information from the master copy of primary zone. The network access must be available to connect with primary server. As secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS. Q7. What is stub Zone? A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone. A stub zone is practically used to

resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. A stub zone contains: The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. Q8. What is Caching Only Server? Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site. Q9. What is Aging and Scavenging? DNS servers running Windows Server support aging and scavenging features. These features are provided as a mechanism to perform cleanup and removal of stale resource records from the server and zone. This feature removes the dynamically created records when they are stamped as stale. By default, the aging and scavenging mechanism for the DNS Server service is disabled. Scavenging and aging must be enabled both at the DNS server and on the zone Q10. What is SRV record in DNS? The SRV record is a resource record in DNS that is used to identify or point to a computer that host specific services i.e Active directory. Q11. What is Forwarding in DNS? A forwarder is a feature in DNS server that is used to forward DNS queries for external DNS names to DNS servers outside of that network. We ca configure a DNS server as a forwarder to forward the name query to other DNS servers in the network when they cannot resolve locally to that DNS server. Q12. What is Conditional Forwarding in DNS? We can configure the DNS server to forward queries according to specific domain names using conditional forwarders. In this case query is forward to an IP address against a DNS domain name. Q13. What are Queries types in DNS? Recursive Query: This name queries are generally made by a DNS client to a DNS server or by a DNS server that is configured to pass unresolved name queries to another DNS server, in the case of a DNS server configured to use a forwarder. Iterative Query: An iterative name query is one in which a DNS client allows the DNS server to return the best answer it can give based on its cache or zone data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return is a referral. The DNS client can

then query the DNS server for which it obtained a referral. It continues this process until it locates a DNS server that is authoritative for the queried name, or until an error or time-out condition is met. Q13. What are Tools for troubleshooting of DNS? DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, DNS Logs. Q14. How to check DNS health? Using the DCdiag. What is dhcp? Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.

What is the dhcp process for client machine? 1. A user turns on a computer with a DHCP client. 2. The client computer sends a broadcast request (called a DISCOVER or DHCPDISCOVER), looking for a DHCP server to answer. 3. The router directs the DISCOVER packet to the correct DHCP server. 4. The server receives the DISCOVER packet. Based on availability and usage policies set on the server, the server determines an appropriate address (if any) to give to the client. The server then temporarily reserves that address for the client and sends back to the client an OFFER (or DHCPOFFER) packet, with that address information. The server also configures the client's DNS servers, WINS servers, NTP servers, and sometimes other services as well. 5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that it intends to use the address. 6. The server sends an ACK (or DHCPACK) packet, confirming that the client has been given a lease on the address for a server-specified period of time.

What is dhcp scope? DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients. Types of scopes in windows dhcp ? Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet. Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options. Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination).

Superscope - Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity. What is Authorizing DHCP Servers in Active Directory? If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized. This can be achieved either as part of the DHCP Server role installation, or subsequently using either DHCP console or at the command prompt using the netsh tool. If the DHCP server was not authorized during installation, invoke the DHCP console (Start - All Programs - Administrative Tools - DHCP), right click on the DHCP to be authorized and select Authorize. To achieve the same result from the command prompt, enter the following command: netsh dhcp server serverID initiate auth In the above command syntax, serverID is replaced by the IP address or full UNC name of system on which the DHCP server is installed. What ports are used by DHCP and the DHCP clients ? Requests are on UDP port 68, Server replies on UDP 67 . Benefits of using DHCP DHCP provides the following benefits for administering your TCP/IP-based network: Safe and reliable configuration. DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP address being reused to configure a new computer on the network. Reduces configuration management. Using DHCP servers can greatly decrease time spent to configuring and reconfiguring computers on your network. Servers can be configured to supply a full range of additional configuration values when assigning address leases. These values are assigned using DHCP options. Also, the DHCP lease renewal process helps assure that where client configurations need to be updated often (such as users with mobile or portable computers who change locations frequently), these changes can be made efficiently and automatically by clients communicating directly with DHCP servers. The following section covers issues that affect the use of the DHCP Server service with other services or network configurations. Using DNS servers with DHCP Using Routing and Remote Access servers with DHCP Multihomed DHCP servers. Describe the process of installing a DHCP server in an AD infrastructure? Open Windows Components Wizard. Under Components , scroll to and click Networking Services. Click Details . Under Subcomponents of Networking Services , click Dynamic Host Configuration Protocol (DHCP) and then click OK . Click Next . If prompted, type the full path to the Windows Server 2003 distribution files, and then click Next. Required files are copied to your hard disk.

How to authorize a DHCP server in Active Directory Open DHCP? In the console tree, click DHCP . On the Action menu, click Manage authorized servers. . The Manage Authorized Servers dialog box appears. Click Authorize. . When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK. What is DHCPINFORM? DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access clients do not use DHCP to obtain IP addresses for the remote access connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS domain name. The DHCPInform message is sent after the IPCP negotiation is concluded. The DHCPInform message received by the remote access server is then forwarded to a DHCP server. The remote access server forwards DHCPInform messages only if it has been configured with the DHCP Relay Agent. Describe the integration between DHCP and DNS? Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data.

>What is the difference between Windows 2000 Active Directory and Windows 2003 Active Directory? Is there any difference in 2000 Group Polices and 2003 Group Polices? What is meant by ADS and ADS services in Windows 2003? Windows 2003 Active Directory introduced a number of new security features, as well as convenience features such as the ability to rename a domain controller and even an entire domain Windows Server 2003 also introduced numerous changes to the default settings that can be affected by Group Policy – you can see a detailed list of each available setting and which OS is required to support it by downloading the Group Policy Settings Reference.

ADS stands for Automated Deployment Services, and is used to quickly roll out identically-configured servers in large-scale enterprise environments. You can get more information from the ADS homepage. >I want to setup a DNS server and Active Directory domain. What do I do first? If I install the DNS service first and name the zone ‘name.org’ can I name the AD domain ‘name.org’ too? Not only can you have a DNS zone and an Active Directory domain with the same name, it’s actually the preferred way to go if at all possible. You can install and configure DNS before installing Active Directory, or you can allow the Active Directory Installation Wizard (dcpromo) itself install DNS on your server in the background. >How do I determine if user accounts have local administrative access? You can use the net local group administrators command on each workstation (probably in a login script so that it records its information to a central file for later review). This command will enumerate the members of the Administrators group on each machine you run it on. Alternately, you can use the Restricted Groups feature of Group Policy to restrict the membership of Administrators to only those users you want to belong. >What is the ISTG? Who has that role by default? Windows 2000 Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).

>What is LDP? LDP: Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network. >What are the Groups types available in active directory ? Security groups: Use Security groups for granting permissions to gain access to resources. Sending an email message to a group sends the message to all members of the group. Therefore security groups share the capabilities of distribution groups. Distribution groups: Distribution groups are used for sending e-main messages to groups of users. You cannot grant permissions to security groups. Even though security groups have all the capabilities of distribution groups, distribution groups still requires, because some applications can only read distribution groups.

>Explain about the groups scope in AD? Domain Local Group: Use this scope to grant permissions to domain resources that are located in the same domain in which you created the domain local group. Domain local groups can exist in all mixed, native and interim functional level of domains and forests. Domain local group memberships are not limited as you can add members as user accounts, universal and global groups from any domain. Just to remember, nesting cannot be done in domain local group. A domain local group will not be a member of another Domain Local or any other groups in the same domain. Global Group: Users with similar function can be grouped under global scope and can be given permission to access a resource (like a printer or shared folder and files) available in local or another domain in same forest. To say in simple words, Global groups can be use to grant permissions to gain access to resources which are located in any domain but in a single forest as their memberships are limited. User accounts and global groups can be added only from the domain in which global group is created. Nesting is possible in Global groups within other groups as you can add a global group into another global group from any domain. Finally to provide permission to domain specific resources (like printers and published folder), they can be members of a Domain Local group. Global groups exist in all mixed, native and interim functional level of domains and forests. Universal Group Scope: These groups are precisely used for email distribution and can be granted access to resources in all trusted domain as these groups can only be used as a security principal (security group type) in a windows 2000 native or windows server 2003 domain functional level domain. Universal group memberships are not limited like global groups. All domain user accounts and groups can be a member of universal group. Universal groups can be nested under a global or Domain Local group in any domain.

RAID Levels and Types RAID, an acronym of Redundant Array of Independent (Inexpensive) Disks is the talk of the day. These are an array of disk to give more power, performance, fault tolerance and accessibility to the data, as a single storage system. It’s not mere combination of disks but all the disks are combined providing standard MTBF (mean time before failure) reliability scheme; otherwise chances are performance would be affected drastically if disks are not combined as a single storage unit. RAID 0 – Striping: It is the Stripped Disk Array with no fault tolerance and it requires at least 2 drives to be implemented. Due to no redundancy feature, RAID 0 is considered to be the lowest ranked RAID level. Striped data mapping technique is implemented for high performance at low cost. The I/O performance is also improved as it is loaded across many channels. Regeneration, Rebuilding and functional redundancy are some salient features of RAID 0. RAID 1 – Mirroring: It is the Mirroring (Shadowing) Array meant to provide high performance. RAID 1 controller is able to perform 2 separate parallel reads or writes per mirrored pair. It also requires at least 2 drives to

implement a non-redundant disk array. High level of availability, access and reliability can be achieved by entry-level RAID 1 array. With full redundancy feature available, need of readability is almost negligible. Controller configurations and storage subsystem design is the easiest and simplest amongst all RAID levels. RAID 0+1: It is the RAID array providing high data transference performance with at least 4 disks needed to implement the RAID 0+1 level. It’s a unique combination of stripping and mirroring with all the best features of RAID 0 and RAID 1 included such as fast data access and fault tolerance at single drive level. The multiple stripe segments have added high I/O rates to the RAID performance and it is the best solution for maximum reliability. RAID 2 (ECC): It is the combination of Inherently Parallel Mapping and Protection RAID array. It’s also known as ECC RAID because each data word bit is written to data disk which is verified for correct data or correct disk error when the RAID disk is read. Due to special disk features required, RAID 2 is not very popular among the corporate data storage masses, despite the extremely high data transference rates. RAID 3: RAID 3 works on the Parallel Transfer with Parity technique. The least number of disks required to implement the RAID array is 3 disks. In the RAID 3, data blocks are striped and written on data drives and then the stripe parity is generated, saved and afterwards used to verify the disk reads. Read and write data transfer rate is very high in RAID 3 array and disk failure causes insignificant effects on the overall performance of the RAID. RAID 4: RAID 4 requires a minimum of 3 drives to be implemented. It is composed of independent disks with shared parity to protect the data. Data transaction rate for Read is exceptionally high and highly aggregated. Similarly, the low ratio of parity disks to data disks indicates high efficiency. RAID 5: RAIDS 5 is Independent Distributed parity block of data disks with a minimum requirement of at least 3 drives to be implemented and N-1 array capacity. It helps in reducing the write inherence found in RAID 4. RAID 5 array offers highest data transaction Read rate, medium data transaction Write rate and good cumulative transfer rate. RAID 6: RAIDS 6 is Independent Data Disk array with Independent Distributed parity. It is known to be an extension of RAID level 5 with extra fault tolerance and distributed parity scheme added. RAID 6 is the best available RAID array for mission critical applications and data storage needs, though the controller design is very complex and overheads are extremely high. RAID 7: RAID 7 is the Optimized Asynchrony array for high I/O and data transfer rates and is considered to be the most manageable RAID controller available. The overall write performance is also known to be 50% to 90% better and improved than the single spindle array levels with no extra data transference required for parity handling. RAID 7 is registered as a standard trademark of Storage Computer Corporation. RAID 10: RAID 10 is classified as the futuristic RAID controller with extremely high Reliability and performance

embedded in a single RAID controller. The minimum requirement to form a RAID level 10 controller is 4 data disks. The implementation of RAID 10 is based on a striped array of RAID 1 array segments, with almost the same fault tolerance level as RAID 1. RAID 10 controllers and arrays are suitable for uncompromising availability and extremely high throughput required systems and environment. With all the significant RAID levels discussed here briefly, another important point to add is that whichever level of RAID is used regular and consistent data backup maintenance using tape storage is must as the regular tape storage is best media to recover from lost data scene.

Sponsor Documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in