Very Imp Notes windows

7/26/2019 Very Imp Notes windows

http://slidepdf.com/reader/full/very-imp-notes-windows 1/49

Active Directory: Questions and Answers

What is the difference between Windows 2000 Active Directory and Windows 2003 Active

Directory? Is there any difference in 2000 Group Polices and 2003 Group Polices? What ismeant by ADS and ADS services in Windows 2003?

Windows 2003 Active Directory introduced a number of new security features, as well as

convenience features such as the ability to rename a domain controller and even an entire domain

- see Microsoft's website for more details.

Windows Server 2003 also introduced numerous changes to the default settings that can be

affected by Group Policy - you can see a detailed list of each available setting and which OS is

required to support it by downloading the Group Policy Settings Reference.

ADS stands for Automated Deployment Services, and is used to quickly roll out identically-

configured servers in large-scale enterprise environments. You can get more information from

the ADS homepage.

The benefits of AD over NT4 directory services ?

Active Directory marked a shift in the way that Microsoft manages directory services, moving

from the flat and fairly restrictive namespaces used by NT4 domains and moving to an actual

hierarchical directory structure. There's a sample chapter from theWindows 2000 technical

reference available here that will give you a good introduction into the major differences

between the NT4 and Active Directory directory services.

I want to setup a DNS server and Active Directory domain. What do I do first? If I install

the DNS service first and name the zone 'name.org' can I name the AD domain 'name.org'

too?

Not only can you have a DNS zone and an Active Directory domain with the same name, it's

actually the preferred way to go if at all possible. You can install and configure DNS before

installing Active Directory, or you can allow the Active Directory Installation Wizard (dcpromo)

itself install DNS on your server in the background.

What is the best way to migrate Exchange 2000 mailboxes to Exchange 2003?

The nice folks at MSExchange.org have put together a pretty detailed tutorial on how to migrate

from Exchange 2000 to Exchange 2003 on new hardware. The MSExchange site also hostsonline forums that are frequented by Exchange MVPs who can help you with any specific errors

that you run into along the way.

How do I design two Active Directory domains in a client network?

For Windows Server 2003, your best bet is going to be theDeployment Kit. The section on

"Deploying Network Services" will assist you in designing and installing your DNS servers, and

the section on "Designing and Deploying Directory and Security Services" will assist you with

http://training.winservers.info/2008/11/active-directory-questions-and-answers.html


http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/activedirectory.mspx



http://www.microsoft.com/downloads/details.aspx?FamilyID=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en



http://www.microsoft.com/windowsserver2003/technologies/management/ads/default.mspx



http://www.setup32.com/subject/windows-2000.html


http://www.microsoft.com/mspress/books/sampchap/3173.asp



http://www.setup32.com/subject/dns.html



http://www.setup32.com/subject/active-directory.html



http://www.msexchange.org/tutorials/Migrating-Exchange2000-Exchange-2003-Hardware.html






http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.mspx















deploying Active Directory and configuring trust relationships.

What is difference between ADS and domain controller?

ADS is the Automated Deployment Service, which is used to quickly image, deploy, and

administer servers and domain controllers on a large scale. You can find more information at

the ADS Technology Center .

How can I modify the path of all my users' home directory within Active Directory using a

vbs logon script?

Check out the source code from Robbie Allen's "Active Directory Cookbook ". Recipe 6.4 shows

you how to modify a property value for multiple users. Essentially, you select a container such as

an OU or a domain and then use a FOR loop to loop through each user object in that container.

How do I determine if user accounts have local administrative access?

You can use the net localgroup administrators command on each workstation (probably in a

login script so that it records its information to a central file for later review). This command will

enumerate the members of the Administrators group on each machine you run it on. Alternately,

you can use the Restricted Groups feature of Group Policy to restrict the membership ofAdministrators to only those users you want to belong.

Why am I having trouble printing with XP domain users?

In most cases, the inability to print or access resources in situations like this one will boil down

to an issue with name resolution, either DNS or WINS/NetBIOS. Be sure that your Windows XP

clients' wireless connections are configured with the correct DNS and WINS name servers, as

well as with the appropriate NetBIOS over TCP/IPsettings. Compare your wireless settings to

your wired LAN settings and look for any discrepancies that may indicate where the functional

difference may lie.

I am upgrading from NT to 2003. The only things that are NT are the PDC and BDCs;everything else is 2000 or 2003 member servers. My question is, when I upgrade my NT

domain controllers to 2003, will I need to do anything else to my Windows 2000/2003

member servers that were in the NT domain?

Your existing member servers, regardless of operating system, will simply become member

servers in your upgraded AD domain. If you will be using Organizational Units and Group

Policy (and I hope you are), you'll probably want to move them to a specific OU for

administration and policy application, since they'll be in the default "Computers" container

immediately following the upgrade.

How do I use Registry keys to remove a user from a group?

In Windows Server 2003, you can use the dsmod command-line utility with the -delmbr switch

to remove a group member from the command line. You should also look into the freeware

utilities available from www.joeware.net . ADFind and ADMod are indispensable tools in my

arsenal when it comes to searching and modifying Active Directory.

Why are my NT4 clients failing to connect to the Windows 2000 domain?

Since NT4 relies on NetBIOS for name resolution, verify that your WINS server (you do have a




http://rallenhome.com/books/adcookbook/code.html



http://www.setup32.com/subject/organizational-unit.html



http://www.setup32.com/subject/group-policies.html



http://www.setup32.com/subject/netbios.html










WINS server running, yes?) contains the records that you expect for the 2000 domain controller,

and that your clients have the correct address configured for the WINS server.

Posted by Anuj Sharma at 6:52:00 PM 0 comments Links to this post

Labels:server 2008.server2003 Active Directory, INTERVIEW QUESTION, QuickAnswers, SERVER 2003, SERVER 2008

Wednesday, October 15

Server 2008 Questions And Answers

Q.What are some of the new tools and features provided by Windows Server 2008?

A.Windows Server 2008 now provides a desktop environment similar to Microsoft Windows

Vista and includes tools also found in Vista, such as the new backup snap-in and the BitLocker

drive encryption feature. Windows Server 2008 also provides the new IIS7 web server and theWindows Deployment Service.

Q.What are the different editions of Windows Server 2008?

A.The entry-level version of Windows Server 2008 is the Standard Edition. The Enterprise

Edition provides a platform for large enterprisewide networks. The Datacenter Edition provides

support for unlimited Hyper-V virtualization and advanced clustering services. The Web Edition

is a scaled-down version of Windows Server 2008 intended for use as a dedicated web server.

The Standard, Enterprise, and Datacenter Editions can be purchased with or without the Hyper-V

virtualization technology.

Q.What two hardware considerations should be an important part of the planning process for aWindows Server 2008 deployment?

A.Any server on which you will install Windows Server 2008 should have at least the minimum

hardware requirement for running the network operating system. Server hardware should also be

on the Windows Server 2008 Hardware Compatibility List to avoid the possibility of hardware

and network operating system incompatibility.

Q.How does the activation process differ on Windows Server 2008 as compared to Windows

Server 2003?

A.You can select to have activation happen automatically when the Windows Server 2008

installation is complete. Make sure that the Automatically Activate Windows When I'm Online

check box is selected on the Product Key page.

Q.What are the options for installing Windows Server 2008?

A.You can install Windows Server 2008 on a server not currently configured with NOS, or you

can upgrade existing servers running Windows 2000 Server and Windows Server 2003.

Q.How do you configure and manage a Windows Server 2008 core installation?

A.This stripped-down version of Windows Server 2008 is managed from the command line.



https://www.blogger.com/comment.g?blogID=707110569104235443&postID=7708999589490843814


http://ramakrishnalodangi.blogspot.in/2010/04/email-post.g?blogID=707110569104235443&postID=7708999589490843814

http://training.winservers.info/2008/11/active-directory-questions-and-answers.html#links


http://training.winservers.info/search/label/Active%20Directory



http://training.winservers.info/search/label/INTERVIEW%20QUESTION



http://training.winservers.info/search/label/Quick%20Answers




http://training.winservers.info/search/label/SERVER%202003






http://training.winservers.info/2008/10/server-2008-questions-and-answers.html
















Q.Which Control Panel tool enables you to automate the running of server utilities and other

applications?

A.The Task Scheduler enables you to schedule the launching of tools such as Windows Backup

and Disk Defragmenter.

Q.What are some of the items that can be accessed via the System Properties dialog box?

A.You can access virtual memory settings and the Device Manager via the System Properties

dialog box.

Q.Which Windows Server utility provides a common interface for tools and utilities and

provides access to server roles, services, and monitoring and drive utilities?

A.The Server Manager provides both the interface and access to a large number of the utilities

and tools that you will use as you manage your Windows server.

Q.How are local user accounts and groups created?

A.Local user accounts and groups are managed in the Local Users and Groups node in the Server

Manager. Local user accounts and groups are used to provide local access to a server.

Q.When a child domain is created in the domain tree, what type of trust relationship exists

between the new child domain and the tree's root domain?

A.Child domains and the root domain of a tree are assigned transitive trusts. This means that the

root domain and child domain trust each other and allow resources in any domain in the tree to

be accessed by users in any domain in the tree.

Q.What is the primary function of domain controllers?

A.The primary function of domain controllers is to validate users to the network. However,

domain controllers also provide the catalog of Active Directory objects to users on the network.

Q.What are some of the other roles that a server running Windows Server 2008 could fill on the

network?A.A server running Windows Server 2008 can be configured as a domain controller, a file server,

a print server, a web server, or an application server. Windows servers can also have roles and

features that provide services such as DNS, DHCP, and Routing and Remote Access.

Q.Which Windows Server 2008 tools make it easy to manage and configure a server's roles and

features?

A.The Server Manager window enables you to view the roles and features installed on a server

and also to quickly access the tools used to manage these various roles and features. The Server

Manager can be used to add and remove roles and features as needed.

Q.What Windows Server 2008 service is used to install client operating systems over the

network?

A.Windows Deployment Services (WDS) enables you to install client and server operating

systems over the network to any computer with a PXE-enabled network interface.

Q.What domain services are necessary for you to deploy the Windows Deployment Services on

your network?



A.Windows Deployment Services requires that a DHCP server and a DNS server be installed in

the domain.

Q.How is WDS configured and managed on a server running Windows Server 2008?

A.The Windows Deployment Services snap-in enables you to configure the WDS server and add

boot and install images to the server.

Q.What utility is provided by Windows Server 2008 for managing disk drives, partitions, and

volumes?

A.The Disk Manager provides all the tools for formatting, creating, and managing drive volumes

and partitions.

Q.What is the difference between a basic and dynamic drive in the Windows Server 2008

environment?

A.A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions

(simple volumes). Dynamic disks consist of a single partition that can be divided into any

number of volumes. Dynamic disks also support Windows Server 2008 RAID implementations.Q.What is RAID?

A.RAID, or Redundant Array of Independent Disks, is a strategy for building fault tolerance into

your file servers. RAID enables you to combine one or more volumes on separate drives so that

they are accessed by a single drive letter. Windows Server 2008 enables you to configure RAID

0 (a striped set), RAID 1 (a mirror set), and RAID 5 (disk striping with parity).

Q.What is the most foolproof strategy for protecting data on the network?

A.Regular backups of network data provides the best method of protecting you from data loss.

Q.What conceptual model helps provide an understanding of how network protocol stacks such

as TCP/IP work?A.The OSI model, consisting of the application, presentation, session, transport, network, data

link, and physical layers, helps describe how data is sent and received on the network by protocol

stacks.

Q.What protocol stack is installed by default when you install Windows Server 2008 on a

network server?

A.TCP/IP (v4 and v6) is the default protocol for Windows Server 2008. It is required for Active

Directory implementations and provides for connectivity on heterogeneous networks.

Q.When TCP/IP is configured on a Windows server (or domain client), what information is

required?

A.You must provide at least the IP address and the subnet mask to configure a TCP/IP client for

an IPv4 client, unless that client obtains this information from a DHCP server. For IPv6 clients,

the interface ID is generated automatically from the MAC hardware address on the network

adapter. IPv6 can also use DHCP as a method to configure IP clients on the network.

Q.What are two command-line utilities that can be used to check TCP/IP configurations and IP

connectivity, respectively?



A.The ipconfig command can be used to check a computer's IP configuration and also renew the

client's IP address if it is provided by a DHCP server. ping can be used to check the connection

between the local computer and any computer on the network, using the destination computer's

IP address.

Q.What term is used to refer to the first domain created in a new Active Directory tree?

A.The first domain created in a tree is referred to as the root domain. Child domains created in

the tree share the same namespace as the root domain.

Q.How is a server running Windows Server 2008 configured as a domain controller, such as the

domain controller for the root domain or a child domain?

A.Installing the Active Directory on a server running Windows Server 2008 provides you with

the option of creating a root domain for a domain tree or of creating child domains in an existing

tree. Installing Active Directory on the server makes the server a domain controller.

Q.What are some of the tools used to manage Active Directory objects in a Windows Server

2008 domain?A.When the Active Directory is installed on a server (making it a domain controller), a set of

Active Directory snap-ins is provided. The Active Directory Users and Computers snap-in is

used to manage Active Directory objects such as user accounts, computers, and groups. The

Active Directory Domains and Trusts snap-in enables you to manage the trusts that are defined

between domains. The Active Directory Sites and Services snap-in provides for the management

of domain sites and subnets.

Q.How are domain user accounts created and managed?

A.The Active Directory Users and Computers snap-in provides the tools necessary for creating

user accounts and managing account properties. Properties for user accounts include settings

related to logon hours, the computers to which a user can log on, and the settings related to theuser's password.

Q.What type of Active Directory objects can be contained in a group?

A.A group can contain users, computers, contacts, and other nested groups.

Q.What type of group is not available in a domain that is running at the mixed-mode functional

level?

A.Universal groups are not available in a mixed-mode domain. The functional level must be

raised to Windows 2003 or Windows 2008 to make these groups available.

Q.What types of Active Directory objects can be contained in an Organizational Unit?

A.Organizational Units can hold users, groups, computers, contacts, and other OUs. The

Organizational Unit provides you with a container directly below the domain level that enables

you to refine the logical hierarchy of how your users and other resources are arranged in the

Active Directory.

Q.What are Active Directory sites?

A.Active Directory sites are physical locations on the network's physical topology. Each regional



domain that you create is assigned to a site. Sites typically represent one or more IP subnets that

are connected by IP routers. Because sites are separated from each other by a router, the domain

controllers on each site periodically replicate the Active Directory to update the Global Catalog

on each site segment.

Q.How can client computer accounts be added to the Active Directory?

A.Client computer accounts can be added through the Active Directory Users and Computers

snap-in. You can also create client computer accounts via the client computer by joining it to the

domain via the System Properties dialog box. This requires a user account that has administrative

privileges, such as members of the Domain Administrator or Enterprise Administrator groups.

Q.What firewall setting is required to manage client computers such as Vista clients and

Windows 2008 member servers?

A.The Windows Firewall must allow remote administration for a computer to be managed

remotely.

Q.Can servers running Windows Server 2008 provide services to clients when they are not partof a domain?

A.Servers running Windows Server 2008 can be configured to participate in a workgroup. The

server can provide some services to the workgroup peers but does not provide the security and

management tools provided to domain controllers.

Q.What does the use of Group Policy provide you as a network administrator?

A.Group Policy provides a method of controlling user and computer configuration settings for

Active Directory containers such as sites, domains, and OUs. GPOs are linked to a particular

container, and then individual policies and administrative templates are enabled to control the

environment for the users or computers within that particular container.Q.What tools are involved in managing and deploying Group Policy?

A.GPOs and their settings, links, and other information such as permissions can be viewed in the

Group Policy Management snap-in.

Q.How do you deal with Group Policy inheritance issues?

A.GPOs are inherited down through the Active Directory tree by default. You can block the

inheritance of settings from upline GPOs (for a particular container such as an OU or a local

computer) by selecting Block Inheritance for that particular object. If you want to enforce a

higher-level GPO so that it overrides directly linked GPOs, you can use the Enforce command on

the inherited (or upline) GPO.

Q.How can you make sure that network clients have the most recent Windows updates installed

and have other important security features such as the Windows Firewall enabled before they can

gain full network access?

A.You can configure a Network Policy Server (a service available in the Network Policy and

Access Services role). The Network Policy Server can be configured to compare desktop client

settings with health validators to determine the level of network access afforded to the client.



Q.What is the purpose of deploying local DNS servers?

A.A domain DNS server provides for the local mapping of fully qualified domain names to IP

addresses. Because the DNS is a distributed database, the local DNS servers can provide record

information to remote DNS servers to help resolve remote requests related to fully qualified

domain names on your network.

Q.What types of zones would you want to create on your DNS server so that both queries to

resolve hostnames to IP addresses and queries to resolve IP addresses to hostnames are handled

successfully?

A.You would create both a forward lookup zone and a reverse lookup zone on your Windows

Server 2008 DNS server.

Q.What tool enables you to manage your Windows Server 2008 DNS server?

A.The DNS snap-in enables you to add or remove zones and to view the records in your DNS

zones. You can also use the snap-in to create records such as a DNS resource record.

Q.In terms of DNS, what is a caching-only server?A.A caching-only DNS server supplies information related to queries based on the data it

contains in its DNS cache. Caching-only servers are often used as DNS forwarders. Because they

are not configured with any zones, they do not generate network traffic related to zone transfers.

Q.How is the range of IP addresses defined for a Windows Server 2008 DHCP server?

A.The IP addresses supplied by the DHCP server are held in a scope. A scope that contains more

than one subnet of IP addresses is called a superscope. IP addresses in a scope that you do not

want to lease can be included in an exclusion range.

Q.What TCP/IP configuration parameters can be provided to a DHCP client?

A.The DHCP server can supply a DHCP client an IP address and subnet mask. It also canoptionally include the default gateway address, the DNS server address, and the WINS server

address to the client.

Q.How can you configure the DHCP server so that it provides certain devices with the same IP

address each time the address is renewed?

A.You can create a reservation for the device (or create reservations for a number of devices). To

create a reservation, you need to know the MAC hardware address of the device. You can use the

ipconfig or nbstat command-line utilities to determine the MAC address for a network device

such as a computer or printer.

Q.To negate rogue DHCP servers from running with a domain, what is required for your DHCP

server to function?

A.The DHCP server must be authorized in the Active Directory before it can function in the

domain.


Labels:server 2008.server2003 INTERVIEW QUESTION, Quick Answers, SERVER 2008






http://training.winservers.info/2008/10/server-2008-questions-and-answers.html#links





















Tuesday, August 19

How a Kerberos Logon Works

As most of you are aware, Windows includes a new authentication package, which is Microsoft's

implementation of MIT's Kerberos protocol. This protocol is much more secure than NTLM and

NTLMv2. And with that, I'm going to show you how a client logon happens with Kerberos.

Bob comes into work in the morning, grabs his coffee, and sits down at his workstation. He looks

at the Windows 2000 professional logon at the logon screen, hits ctrl+alt+del, and proceeds to

type his username, password, and after being authenticated by a Windows 2000 domain

controller, logs onto his domain. He starts Microsoft Outlook, to take a look at this morning's

pile of email. This seems like a simple process, but that's far from the truth. Let's take a look at

what happened in the past few seconds.

Domain Logon Authentication

When Bob pressed "Enter" after typing his password, the Kerberos client on his workstation

converted his password to an encryption key. Kerberos is based on the concept of symmetric

encryption keys, which means that the same key is used to encrypt and decrypt a message. This

is also referred to as a shared private key.

After the Kerberos client converted Bob's password to an encryption key, it's saved in the

workstation's credential cache. The workstation then sent an authentication request to the

Domain Controller, or KDC (Key Distribution Center is a Kerberos term, used to describe theservice that distributes the "keys to the kingdom"). The authentication request identifies Bob, and

names the service that he's requesting access to, and some pre-authentication data, that proves

that Bob knows the password. The first portion of the authentication request identifies Bob, and

asks for access to the TGS(Ticket Granting Service). The TGS is the service on the KDC that

issues tickets for access to other services. All of the services within the Kerberos domain trust

the TGS, so they know if a ticket was issued by the TGS, that the user successfully authenticated

himself, and is really who he claims to be..

The second part of the authentication request contains the pre-authentication data, and is a

generic timestamp, encrypted with Bob's long-term key (or password in this case)

When the KDC receives the authentication request, it checks the local AD database for Bob's

password. Decrypts the pre-authentication info that was sent in the package, and if the timestamp

is within the permissible guidelines (allowable clock difference, usually of 5 minutes or so),

sends Bob a TGT (Ticket Granting Ticket) that he's going to use to access the TGS in the future.

http://training.winservers.info/2008/08/how-kerberos-logon-works.html





But even this process isn't so simple (Kerberos is much more complicated than NTLM). To

accomplish this task, the KDC creates a session key for itself and Bob to use in their future

communications, then it encrypts that session key with Bob's password, and embeds another

copy of the session key and some authorization info about Bob (This authorization info is the list

of Bob's SID's (SID history, group membership, and Bob's own SID) which is used where ACL's

are applied.). It encrypts all of this with it's own long-term key. (The portion that was encrypted

with the KDC's long-term key is the actual TGT) The Kerberos implementation in Windows

2000 places the SIDS in the TGT in a field that is defined as optional in the RFC's, which Win2k

uses for access control information, which extends Kerberos from not only authentication, but a

piece of the access control puzzle as well.

When Bob's workstation receives a reply from the KDC, it decrypts the session ticket with Bob's

password, and stores this in the credentials cache. This is the authentication info that Bob's

workstation will use to communicate with the KDC from now on, the next time Bob logs on, the

session ticket will be completely different, as the KDC doesn't reuse it's session keys. Theworkstation also extracts the TGT, which will still be encrypted with the KDC's long-term key,

(which Bob's workstation doesn't know) and stores the encrypted TGT in it's credentials cache.

What does all of this have to do with the way I access resources?" you might ask. I'm going to

give you a bonus, here's how resource access works in the same domain, with the user being

authenticated by Kerberos. Authentication works a bit differently when you are traversing trusts.

I will show you that process in an upcoming article.

Resource Access Authentication

Since Bob was authenticated by the KDC, he received a TGT, which allows him to request

access to other resources. Since Bob needs to access the word doc reports.doc on the

FILESERV1 fileserver, he's going to request access to FILESERV1. Bob might be opening the

document from the recent documents menu, or browsing for it in Windows Explorer, however

Bob is opening the file, is irrelevant. The Kerberos client performs all authentication in the

background, without any user intervention. Below is a detailed process of the entire negotiation.

First Bob's workstation sends a message to the domain controller that granted it's TGT. The

message is a Ticket Granting Service Request, that includes Bob's username, the authenticator,

the TGT that was sent back to Bob's workstation during the logon, and the name of the service

that Bob is requesting access to. (In this case it's FILESERV1) When the KDC receives the

message from Bob's workstation, it decrypts the TGT portion of the message, with it's own

private long-term key, and pulls out the session key that it embedded during the logon session. It



uses the session key to decrypt the authenticator section of the message. If everything checks out

OK, it creates a session key for Bob to utilize when talking to FILESERV1.

The KDC now constructs a message to Bob in 2 parts. The first part is the actual session key for

Bob to use when talking to the FILESERV1 file server, which is then encrypted in Bob's logon

session key. The second part is the session key that Bob is going to use to talk to the

FILESERV1 server, but it's encrypted in FILESERV1's long-term key. This message is sent to

Bob's workstation

When Bob's machine gets this message, it decrypts the first part of the message and saves the

session key for FILESERV1 in it's credentials cache. Then, it pulls the second portion of the

message out (which is encrypted in FILESERV1's long term key, which by the way, Bob's

workstation does not know the key by which it was encrypted) and also stores it in it's credentials

cache.

Now Bob's workstation is going to access the FILESERV1 server. Bob's machine sendsFILESERV1 a Kerberos App Request, which sends the has in it an authenticator encrypted in the

session key that the KDC gave to Bob to use when talking to FILESERV1, and the encrypted

ticket that the KDC gave to Bob, which is the Bob-FILESERV1 session key, encrypted in

FILESERV1's long-term key, that the KDC stores in the Database.

When FILESERV1 receives this message, FILESERV1 decrypts the ticket with it's own long-

term key, and is able to read the session key that the KDC gave to Bob for use with FILESERV1.

It then decrypts the rest of Bob's message with the session key, viola', an authenticated session is

established.

I know this seems extremely complicated, but in relative terms of authentication, it's a simple,

and secure process. I'm more than satisfied with Microsoft's implementation of Kerberos in

Windows 2000, I think it's a long needed building block for a secure OS. We won't see full

benefit of Kerberos, until all of our clients are Win2k, since AD servers still support the old

NTLM, and NTLM2 authentication protocols, but I think that day is coming soon....

There is another set of events that occurs after this exchange, that set of events refers to access

control, I'll also explain that in another article


Labels:server 2008.server2003 DHCP, INTERVIEW QUESTION,KEYWORDS, SERVER

2003, SERVER 2008

Tuesday, August 12






http://training.winservers.info/2008/08/how-kerberos-logon-works.html#links


http://training.winservers.info/search/label/DHCP





http://training.winservers.info/search/label/KEYWORDS























Some Networking Questions

What are the two types of transmission technology available?

(i) Broadcast and (ii) point-to-point

What is subnet? A generic term for section of a large networks usually separated by a bridge or router.

Difference between the communication and transmission.

Transmission is a physical movement of information and concern issues like bit polarity,

synchronisation, clock etc.

Communication means the meaning full exchange of information between two communication

media.

What are the possible ways of data exchange?

(i) Simplex (ii) Half-duplex (iii) Full-duplex.

What is SAP?

Series of interface points that allow other computers to communicate with the other layers of

network protocol stack.

What do you meant by "triple X" in Networks?

The function of PAD (Packet Assembler Disassembler) is described in a document known as

X.3. The standard protocol has been defined between the terminal and the PAD, called X.28;

another standard protocol exists between hte PAD and the network, called X.29. Together, thesethree recommendations are often called "triple X"

What is frame relay, in which layer it comes?

Frame relay is a packet switching technology. It will operate in the data link layer.

What is terminal emulation, in which layer it comes?

Telnet is also called as terminal emulation. It belongs to application layer.

What is Beaconing?

The process that allows a network to self-repair networks problems. The stations on the network

notify the other stations on the ring when they are not receiving the transmissions. Beaconing is

used in Token ring and FDDI networks.

What is redirector?

Redirector is software that intercepts file or prints I/O requests and translates them into network

requests. This comes under presentation layer.

http://training.winservers.info/2008/08/some-networking-questions.html





What is NETBIOS and NETBEUI?

NETBIOS is a programming interface that allows I/O requests to be sent to and received from a

remote computer and it hides the networking hardware from applications.

NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and

IBM for the use on small subnets.

What is RAID?

A method for providing fault tolerance by using multiple hard disk drives.

What is passive topology?

When the computers on the network simply listen and receive the signal, they are referred to as

passive because they don’t amplify the signal in any way. Example for passive to pology - linear

bus.

What is Brouter?

Hybrid devices that combine the features of both bridges and routers.

What is cladding?

A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.

What is point-to-point protocol.?

A communications protocol used to connect computers to remote networking services including

Internet service providers.

How Gateway is different from Routers?

A gateway operates at the upper levels of the OSI model and translates information between two

completely different network architectures or data formats

What is attenuation?

The degeneration of a signal over distance on a network cable is called attenuation.

What is MAC address?

The address for a device as it is identified at the Media Access Control (MAC) layer in the

network architecture. MAC address is usually stored in ROM on the network adapter card and is

unique.

Difference between bit rate and baud rate.?

Bit rate is the number of bits transmitted during one second whereas baud rate refers to the



number of signal units per second that are required to represent those bits.

baud rate = bit rate / N

where N is no-of-bits represented by each signal shift

What is Bandwidth?

Every line has an upper limit and a lower limit on the frequency of signals it can carry. This

limited range is called the bandwidth.

What are the types of Transmission media?

Signals are usually transmitted over some transmission media that are broadly classified in to

two categories.

Guided Media:These are those that provide a conduit from one device to another that includetwisted-pair, coaxial cable and fiber-optic cable. A signal traveling along any of these media is

directed and is contained by the physical limits of the medium. Twisted-pair and coaxial cable

use metallic that accept and transport signals in the form of electrical current. Optical fiber is a

glass or plastic cable that accepts and transports signals in the form of light.

Unguided Media: This is the wireless media that transport electromagnetic waves without using

a physical conductor. Signals are broadcast either through air. This is done through radio

communication, satellite communication and cellular telephony.

What is Project 802?

It is a project started by IEEE to set standards to enable intercommunication between equipment

from a variety of manufacturers. It is a way for specifying functions of the physical layer, the

data link layer and to some extent the network layer to allow for interconnectivity of major LAN

protocols.It consists of the following:

802.1 is an internetworking standard for compatibility of different LANs and MANs across

protocols.

802.2 Logical link control (LLC) is the upper sublayer of the data link layer which is non-

architecture-specific, that is remains the same for all IEEE-defined LANs.

Media access control (MAC) is the lower sublayer of the data link layer that contains some

distinct modules each carrying proprietary information specific to the LAN product being used.

The modules are Ethernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).

802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.



What is Protocol Data Unit?

The data unit in the LLC level is called the protocol data unit (PDU). The PDU contains of four

fields a destination service access point (DSAP), a source service access point (SSAP), a control

field and an information field. DSAP, SSAP are addresses used by the LLC to identify the

protocol stacks on the receiving and sending machines that are generating and using the data.

The control field specifies whether the PDU frame is a information frame (I - frame) or a

supervisory frame (S - frame) or a unnumbered frame (U - frame).

What are the different type of networking / internetworking devices?

Repeater:Also called a regenerator, it is an electronic device that operates only at physical layer.

It receives the signal in the network before it becomes weak, regenerates the original bit pattern

and puts the refreshed copy back in to the link.

Bridges: These operate both in the physical and data link layers of LANs of same type. They

divide a larger network in to smaller segments. They contain logic that allow them to keep the

traffic for each segment separate and thus are repeaters that relay a frame only the side of the

segment containing the intended recipent and control congestion.

Routers:They relay packets among multiple interconnected networks (i.e. LANs of different

type). They operate in the physical, data link and network layers. They contain software that

enable them to determine which of the several possible paths is the best for a particular

transmission.

Gateways:They relay packets among networks that have different protocols (e.g. between a LAN

and a WAN). They accept a packet formatted for one protocol and convert it to a packet

formatted for another protocol before forwarding it. They operate in all seven layers of the OSI

model.

What is ICMP?

ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by

hosts and gateways to send notification of datagram problems back to the sender. It uses the echo

test / reply to test whether a destination is reachable and responding. It also handles both control

and error messages.

What are the data units at different layers of the TCP / IP protocol suite?



The data unit created at the application layer is called a message, at the transport layer the data

unit created is called either a segment or an user datagram, at the network layer the data unit

created is called the datagram, at the data link layer the datagram is encapsulated in to a frame

and finally transmitted as signals along the transmission media.

What is difference between ARP and RARP?

The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit

physical address, used by a host or a router to find the physical address of another host on its

network by sending a ARP query packet that includes the IP address of the receiver.

The reverse address resolution protocol (RARP) allows a host to discover its Internet address

when it knows only its physical address.

What is the minimum and maximum length of the header in the TCP segment and IP

datagram? The header should have a minimum length of 20 bytes and can have a maximum length of 60

bytes.

What is the range of addresses in the classes of internet addresses?

Class A 0.0.0.0 - 127.255.255.255

Class B 128.0.0.0 - 191.255.255.255

Class C 192.0.0.0 - 223.255.255.255

Class D 224.0.0.0 - 239.255.255.255

Class E 240.0.0.0 - 247.255.255.255

What is the difference between TFTP and FTP application layer protocols?

The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host

but does not provide reliability or security. It uses the fundamental packet delivery services

offered by UDP.

The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a

file from one host to another. It uses the services offer by TCP and so is reliable and secure. It

establishes two connections (virtual circuits) between the hosts, one for data transfer and another

for control information.

What are major types of networks and explain?

Server-based network

Peer-to-peer network



Peer-to-peer network, computers can act as both servers sharing resources and as clients using

the resources.

Server-based networks provide centralized control of network resources and rely on server

computers to provide security and network administration

What are the Types Of topologies for networks?

BUS topology:In this each computer is directly connected to primary network cable in a single

line.

Advantages:Inexpensive, easy to install, simple to understand, easy to extend.

STAR topology:In this all computers are connected using a central hub.Advantages:

Can be inexpensive, easy to install and reconfigure and easy to trouble shoot physical problems.

RING topology:In this all computers are connected in loop.

Advantages:

All computers have equal access to network media, installation can be simple, and signal does

not degrade as much as in other topologies because each computer regenerates it.

What is mesh network?

A network in which there are multiple network links between computers to provide multiple paths for data to travel.

What is difference between baseband and broadband transmission?

In a baseband transmission, the entire bandwidth of the cable is consumed by a single signal. In

broadband transmission, signals are sent on multiple frequencies, allowing multiple signals to be

sent simultaneously.

Explain 5-4-3 rule?

In a Ethernet network, between any two points on the network ,there can be no more than five

network segments or four repeaters, and of those five segments only three of segments can be

populated.

What MAU?

In token Ring , hub is called Multistation Access Unit(MAU).



What is the difference between routable and non- routable protocols?

Routable protocols can work with a router and can be used to build large networks. Non-

Routable protocols are designed to work on small, local networks and cannot be used with a

router

Why should you care about the OSI Reference Model?

It provides a framework for discussing network operations and design.

What is logical link control?

One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802

standard. This sublayer is responsible for maintaining the link between computers when they are

sending data across the physical network connection.

What is virtual channel? Virtual channel is normally a connection from one source to one destination, although multicast

connections are also permitted. The other name for virtual channel is virtual circuit.

What is virtual path?

Along any transmission path from a given source to a given destination, a group of virtual

circuits can be grouped together into what is called path.

What is packet filter?

Packet filter is a standard router equipped with some extra functionality. The extra functionality

allows every incoming or outgoing packet to be inspected. Packets meeting some criterion areforwarded normally. Those that fail the test are dropped.

What is traffic shaping?

One of the main causes of congestion is that traffic is often busy. If hosts could be made to

transmit at a uniform rate, congestion would be less common. Another open loop method to help

manage congestion is forcing the packet to be transmitted at a more predictable rate. This is

called traffic shaping.

What is multicast routing?

Sending a message to a group is called multicasting, and its routing algorithm is called multicast

routing.

What is region?

When hierarchical routing is used, the routers are divided into what we will call regions, with

each router knowing all the details about how to route packets to destinations within its own



region, but knowing nothing about the internal structure of other regions.

What is silly window syndrome?

It is a problem that can ruin TCP performance. This problem occurs when data are passed to the

sending TCP entity in large blocks, but an interactive application on the receiving side reads 1

byte at a time.

What are Digrams and Trigrams?

The most common two letter combinations are called as digrams. e.g. th, in, er, re and an. The

most common three letter combinations are called as trigrams. e.g. the, ing, and, and ion.

Expand IDEA.

IDEA stands for International Data Encryption Algorithm.

What is wide-mouth frog? Wide-mouth frog is the simplest known key distribution center (KDC) authentication protocol.

What is Mail Gateway?

It is a system that performs a protocol translation between different electronic mail delivery

protocols.

What is IGP (Interior Gateway Protocol)?

It is any routing protocol used within an autonomous system.

What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous systems use to identify the set of

networks that can be reached within or via each autonomous system.

What is autonomous system?

It is a collection of routers under the control of a single administrative authority and that uses a

common Interior Gateway Protocol.

What is BGP (Border Gateway Protocol)?

It is a protocol used to advertise the set of networks that can be reached with in an autonomous

system. BGP enables this information to be shared with the autonomous system. This is newer

than EGP (Exterior Gateway Protocol).

What is Gateway-to-Gateway protocol?

It is a protocol formerly used to exchange routing information between Internet core routers.



What is NVT (Network Virtual Terminal)?

It is a set of rules defining a very simple virtual terminal interaction. The NVT is used in the start

of a Telnet session.

What is a Multi-homed Host?

It is a host that has a multiple network interfaces and that requires multiple IP addresses is called

as a Multi-homed Host.

What is Kerberos?

It is an authentication service developed at the Massachusetts Institute of Technology. Kerberos

uses encryption to prevent intruders from discovering passwords and gaining unauthorized

access to files.

What is OSPF?

It is an Internet routing protocol that scales well, can route traffic along multiple paths, and usesknowledge of an Internet's topology to make accurate routing decisions.

What is Proxy ARP?

It is using a router to answer ARP requests. This will be done when the originating host believes

that a destination is local, when in fact is lies beyond router.

What is SLIP (Serial Line Interface Protocol)?

It is a very simple protocol used for transmission of IP datagrams across a serial line.

What is RIP (Routing Information Protocol)? It is a simple protocol used to exchange information between the routers.

What is source route?

It is a sequence of IP addresses identifying the route a datagram must follow. A source route may

optionally be included in an IP datagram header.

What is the purpose of the finally clause of a try-catch-finally statement?

The finally clause is used to provide the capability to execute code no matter whether or not an

exception is thrown or caught.

What is the Locale class?

The Locale class is used to tailor program output to the conventions of a particular geographic,

political, or cultural region.



What do heavy weight components mean?

Heavy weight components like Abstract Window Toolkit (AWT), depend on the local

windowing toolkit. For example, java.awt.Button is a heavy weight component, when it is

running on the Java platform for Unix platform, it maps to a real Motif button. In this

relationship, the Motif button is called the peer to the java.awt.Button. If you create two Buttons,

two peers and hence two Motif Buttons are also created. The Java platform communicates with

the Motif Buttons using the Java Native Interface. For each and every component added to the

application, there is an additional overhead tied to the local windowing system, which is why

these components are called heavy weight.

Which package has light weight components?

javax.Swing package. All components in Swing, except JApplet, JDialog, JFrame and JWindoware lightweight components.

What are peerless components?

The peerless components are called light weight components.

What is the difference between the Font and FontMetrics classes?

The FontMetrics class is used to define implementation-specific properties, such as ascent and

descent, of a Font object.

What happens when a thread cannot acquire a lock on an object?

If a thread attempts to execute a synchronized method or synchronized statement and is unable to

acquire an object's lock, it enters the waiting state until the lock becomes available.

What is the difference between the Reader/Writer class hierarchy and the

InputStream/OutputStream class hierarchy?

The Reader/Writer class hierarchy is character-oriented, and the InputStream/OutputStream class

hierarchy is byte-oriented.

What classes of exceptions may be caught by a catch clause?

A catch clause can catch any exception that may be assigned to the Throwable type. This



includes the Error and Exception types.

What is the difference between throw and throws keywords?

The throw keyword denotes a statement that causes an exception to be initiated. It takes the

Exception object to be thrown as argument. The exception will be caught by an immediately

encompassing try-catch construction or propagated further up the calling hierarchy. The throws

keyword is a modifier of a method that designates that exceptions may come out of the mehtod,

either by virtue of the method throwing the exception itself or because it fails to catch such

exceptions that a method it calls may throw.

If a class is declared without any access modifiers, where may the class be accessed?

A class that is declared without any access modifiers is said to have package or friendly access.

This means that the class can only be accessed by other classes and interfaces that are definedwithin the same package.

What is the Map interface?

The Map interface replaces the JDK 1.1 Dictionary class and is used associate keys with values.

Does a class inherit the constructors of its superclass?

A class does not inherit constructors from any of its superclasses.

Name primitive Java types.

The primitive types are byte, char, short, int, long, float, double, and boolean.

Which class should you use to obtain design information about an object?

The Class class is used to obtain information about an object's design.

How can a GUI component handle its own events?

A component can handle its own events by implementing the required event-listener interface

and adding itself as its own event listener.

How are the elements of a GridBagLayout organized?

The elements of a GridBagLayout are organized according to a grid. However, the elements are



of different sizes and may occupy more than one row or column of the grid. In addition, the rows

and columns may have different sizes.

What advantage do Java's layout managers provide over traditional windowing systems?

Java uses layout managers to lay out components in a consistent manner across all windowing

platforms. Since Java's layout managers aren't tied to absolute sizing and positioning, they are

able to accommodate platform-specific differences among windowing systems.

What are the problems faced by Java programmers who don't use layout managers?

Without layout managers, Java programmers are faced with determining how their GUI will be

displayed across multiple windowing systems and finding a common sizing and positioning that

will work within the constraints imposed by each windowing system.

What is the difference between static and non-static variables?

A static variable is associated with the class as a whole rather than with specific instances of a

class. Non-static variables take on unique values with each object instance.

What is the difference between the paint() and repaint() methods?

The paint() method supports painting via a Graphics object. The repaint() method is used to

cause paint() to be invoked by the AWT painting thread.

What is the purpose of the File class?

The File class is used to create objects that provide access to the files and directories of a local

file system.

What restrictions are placed on method overloading?

Two methods may not have the same name and argument list but different return types.

What restrictions are placed on method overriding?

Overridden methods must have the same name, argument list, and return type. The overriding

method may not limit the access of the method it overrides. The overriding method may not

throw any exceptions that may not be thrown by the verridden method.



What is casting?

There are two types of casting, casting between primitive numeric types and casting between

object references. Casting between numeric types is used to convert larger values, such as double

values, to smaller values, such as byte values. Casting between object references is used to refer

to an object by a compatible class, interface, or array type reference.

Name Container classes.

Window, Frame, Dialog, FileDialog, Panel, Applet, or ScrollPane

What class allows you to read objects directly from a stream?

The ObjectInputStream class supports the reading of objects from input streams.

How are this() and super() used with constructors?

this() is used to invoke a constructor of the same class. super() is used to invoke a superclass

constructor.

How is it possible for two String objects with identical values not to be equal under the ==

operator?

The == operator compares two objects to determine if they are the same object in memory. It is

possible for two String objects to have the same value, but located indifferent areas of memory.

What an I/O filter?

An I/O filter is an object that reads from one stream and writes to another, usually altering the

data in some way as it is passed from one stream to another.

What is the Set interface?

The Set interface provides methods for accessing the elements of a finite mathematical set. Sets

do not allow duplicate elements.

What is the List interface?

The List interface provides support for ordered collections of objects.

What is the purpose of the enableEvents() method?



What is polymorphism?

Polymorphism allows methods to be written that needn't be concerned about the specifics of the

objects they will be applied to. That is, the method can be specified at a higher level of

abstraction and can be counted on to work even on objects of yet unconceived classes.

What is design by contract?

The design by contract specifies the obligations of a method to any other methods that may use

its services and also theirs to it. For example, the preconditions specify what the method required

to be true when the method is called. Hence making sure that preconditions are. Similarly,

postconditions specify what must be true when the method is finished, thus the called method has

the responsibility of satisfying the post conditions.

In Java, the exception handling facilities support the use of design by contract, especially in thecase of checked exceptions. The assert keyword can be used to make such contracts.

What are use cases?

A use case describes a situation that a program might encounter and what behavior the program

should exhibit in that circumstance. It is part of the analysis of a program. The collection of use

cases should, ideally, anticipate all the standard circumstances and many of the extraordinary

circumstances possible so that the program will be robust.

What is the difference between interface and abstract class?

o interface contains methods that must be abstract; abstract class may contain

concrete methods.

o interface contains variables that must be static and final; abstract class may

contain non-final and final variables.

o members in an interface are public by default, abstract class may contain non-

public members.

o interface is used to "implements"; whereas abstract class is used to "extends".

o interface can be used to achieve multiple inheritance; abstract class can be used

as a single inheritance.

o interface can "extends" another interface, abstract class can "extends" another

class and "implements" multiple interfaces.

o interface is absolutely abstract; abstract class can be invoked if a main() exists.

o interface is more flexible than abstract class because one class can



only "extends" one super class, but "implements" multiple interfaces.

o If given a choice, use interface instead of abstract class


Labels:server 2008.server2003 INTERVIEW QUESTION

Tuesday, August 5

ADS MORE INTERVIEW QUESTIONS

What is an Active Directory (AD)?

The Microsoft Windows 2003 Active Directory glossary defines an Active Directory as ―a

structure supported by Windows 2003 that lets any object on a network be tracked and located.

Active Directory is the directory service used in Windows 2003 Server and provides the

foundation for Windows 2003 distributed networks.‖ A directory service ―provides the methodsfor storing directory data and making this data available to network users and administrators. For

example, Active Directory stores information about user accounts, such as names, phone

numbers, and so on, and enables other authorized users on the same network to access this

information.‖

The AD, or Active Directory, is a database based on the LDAP (Lightweight Directory Access

Protocol) standard, which makes the information contained within the AD easily available to

other applications across different platforms. The AD contains user accounts, computer accounts,

organizational units, security groups, and group policy object - all of which have a unique name

and a unique path. All unique objects in the AD use a domain contained within the AD as a

means of authentication.

What is a domain?

The Microsoft Windows 2003 Active Directory glossary defines a domain as ―a single security

boundary of a Windows NT-based computer network. Active Directory is made up of one or

more domains. On a standalone workstation, the domain is the computer itself. A domain can

span more than one physical location. Every domain has its own security policies and security

relationships with other domains. When multiple domains are connected by trust relationships

and share a common schema, configuration, and global catalog, they constitute a domain tree.

Multiple domain trees can be connected together to create a forest.‖

What is a tree?

The Microsoft Windows 2003 Active Directory glossary defines a tree as ―a set of Windows NT

domains connected together through transitive, bidirectional trust, sharing a common schema,

configuration, and global catalog. The domains must form a contiguous hierarchical namespace

such that if a.com is the root of the tree, b.a.com is a child of a.com, c.b.a.com is a child of

b.a.com, and so on.‖






http://training.winservers.info/2008/08/some-networking-questions.html#links





http://training.winservers.info/2008/08/ads-more-interview-questions.html











Server 4.0, but is enabled by Directory Services to store many types of policy data, for example:

file deployment, application deployment, logon/logoff scripts and startup/shutdown scripts,

domain security, Internet Protocol security (IPSec), and so on. The collections of policies are

referred to as Group Policy objects (GPOs).‖

A group policy object (GPO) is defined as ―a virtual collec tion of policies. It is given a unique

name, such as a globally unique identifier (GUID). GPOs store group policy settings in two

locations: a Group Policy container (GPC) (preferred) and a Group Policy template (GPT). The

GPC is an Active Directory object that stores version information, status information, and other

policy information (for example, application objects). The GPT is used for file-based data and

stores software policy, script, and deployment information. The GPT is located on the system

volume folder of the domain controller. A GPO can be associated with one or more Active

Directory containers, such as a site, domain, or organizational unit. Multiple containers can be

associated with the same GPO, and a single container can have more than one associated GPO.‖

A GPO is broken into two major sections, the Computer Configuration and the User

Configuration. The Computer Configuration holds policies that are relevant only to the machine

itself. The Computer Configuration can control printers, network settings, Startup and Shutdown

scripts. One of the more useful policies based under the Computer Configuration setting is the

loopback policy, which allows User Configurations policies to be applied to a computer,

regardless of the user (unless the user is denied the GPO). Under the

User Configuration, logon and logoff scripts can be configured, folders can be redirected, and

security settings can be tweaked.

What is an access control list (ACL)?The Microsoft Windows 2003 Active Directory glossary def ines an access control list as ―a set

of data associated with a file, directory, or other resource that defines the permissions that users

and/or groups have for accessing it. In the Active Directory™ service, an ACL is a list of access

control entries (ACEs) stored with the object it protects. In the Windows NT® operating system,

an ACL is stored as a binary value, called a security descriptor.‖

What is an access control entry (ACE)?

The Microsoft Windows 2003 Active Directory glossary states that ―each ACE contains a

security identifier (SID), which identifies the principal (user or group) to whom the ACE applies,

and information on what type of access the ACE grants or denies.‖

P01 - Can we add a Server within Windows Server 2003 in a 2000 Domain ?

Yes, DC under Windows Server 2000 and Windows Server 2003 can cohexist.

Before doing this you have to prepare the AD schema ,with adprep /forestprep



P02 - How to name an AD domain ?

The rules are mainly given from DNS : acceptable naming conventions for domain names

include the use of alphanumeric characters (the letters A through Z and numerals 0 through 9)

and the hyphen (-). A period (.) in a domain name is always used to separate the discrete parts of

a domain name commonly known as labels. Each domain label can be no longer than 63 bytes.

The first label may not be a number.

Extra restrictions must be considered :

_ If you want that the NetBIOS domain name corresponding to your domain reman simple, use

less than 15 characters. _ don't use the same domain that you use on the internet, but in order to

avoid that it happens after, book the domain you use internaly on the internet _ don't use the

prefixe .local

Q01 - How to create a forest with a domain ?

1. Click Start, Run, and type dcpromo.2. On the Welcome page, click Next.

3. On the Operating System Compatibility page, click Next.

4. On the Domain Controller Type page, click Domain controller

for a new domain and click Next.

5. On the Create New Domain page, click Domain in a new forest

and click Next.

6. Type the full DNS name for the new domain and click Next.

7. Verify the NetBIOS name and click Next.

8. Specify a location and click Next.

9. Choose a location and click Next.10. Verify an existing DNS server or click Install and configure…,

and then click Next.

11. Specify whether or not to assign default permissions.

12. When prompted, specify a password.

13. Review the Summary page, and click Next.

14. When prompted, restart the computer.

Q02 - How to add a DC (Domain Controler) to an existing domain ? -

1. Run dcpromo.

2. On the Domain Controller Type page, select the Additional

domain controller for an existing domain checkbox.

3. On the Network Credentials page, type the user name,

password, and user domain.

4. On the Database and Log Folders page, type the location in

which you want to install the database and log folders, or click



IP or SMTP, depending on which protocol the site link you will use, and then click New Site

Link.

2. In the Name box, type a name for the link.

3. Click two or more sites to connect, click Add, and then click OK.

To configure site links, perform the following steps:

1. Open Active Directory Sites and Services, expand Sites, expand Inter-Site Transports, and

then click IP or SMTP, depending on which protocol the site link is configured to use.

2. Right-click the site link, and then click Properties.

3. On the General page of the Properties dialog box, change the values for site associations, cost,

replication interval, and schedule as required, and then click OK.

4. Perform one of the following as appropriate:

In the Sites not in this site link box, click the site you want to add, and then click Add.

In the Sites in this site link box, click the site you want removed and then click Remove.

In the Cost box, enter a value for the cost of replication.

5. Click Change Schedule, select the block of time you want to schedule, and then click eitherReplication Not Available or Replication Available, and then click OK.

If you want to Create a Site Link Bridge

Before you can create new site link bridges, you must first disable default bridging of all site

links to permit the creation of new site link bridges.

To disable default bridging of all site links, perform the following steps:

1. Open Active Directory Sites and Services, expand Sites, expand Inter-Site Transports, right-

click either IP or SMTP, depending on the protocol for which you want to disable bridging of all

site links, and then click Properties.

2. In the Properties dialog box, clear the Bridge all site links check box, and then click OK.

To create a site link bridge, perform the following steps:

1. Open Active Directory Sites and Services, expand Sites, expand Inter-Site Transports, right-

click either IP or SMTP, depending on the protocol that

you want to create a site link bridge for, and then click New Site Link Bridge.

2. In the Name box, type a name for the site link bridge.

3. Click two or more site links to be bridged, click Add, and then click OK.

Q18 - How to Manage a Site Topology ?

How to Manage a Site Topology ?

To create a preferred bridgehead server, perform the following steps:1. Open Active Directory Sites and Services, expand Sites, expand the site that contains the

server that you want to configure, expand Servers, and then in the console tree, right-click the

domain controller that you want to make a preferred bridgehead server, and then click Properties.

2. Choose the intersite transport or transports to designate the computer a preferred bridgehead

server, click Add, and then click OK.

To determine the domain controller that holds the role of the intersite topology generator in the



3. Do one of the following:

o In the Enter the name of another domain controller box, type the name of the domain controller

that will be the new role holder, and then click OK. -or-

o In the Or, select an available domain controller list, click the domain controller that will be the

new role holder, and then click OK.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click

Operations Master.

5. Click Change.

6. Click OK to confirm that you want to transfer the role, and then click Close.

Q21 - How to Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles ?

1. Click Start, point to Administrative Tools, and then click Active Directory Users and

Computers.

2. Right-click Active Directory Users and Computers, and then click Connect to Domain

Controller. NOTE: You must perform this step if you are not on the domain controller to whichyou want to transfer the role. You do not have to perform this step if you are already connected

to the domain controller whose role you want to transfer.

3. Do one of the following:

o In the Enter the name of another domain controller box, type the name of the domain controller

that will be the new role holder, and then click OK. -or-

o In the Or, select an available domain controller list, click the domain controller that will be the

new role holder, and then click OK.

4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and

then click Operations Master.

5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure),and then click Change.

6. Click OK to confirm that you want to transfer the role, and then click Close.

Q22 - How to backup AD ?

AD is backed Up when you save the System State on a DC with the Backup accessory.

1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click

Backup.

2. Click the Backup tab.

3. Click to select the System State check box. (All of the components to be backed up are listed

in the right pane. You cannot individually select each item.) NOTE: During the system state

backup, you must select to back up the Winnt\Sysvol folder. You must also select this option

during the restore operation to have a working sysvol after the recovery.

The following information applies only to domain controllers. You can restore member servers

the same way, but in normal mode. If any of the following conditions are not met, the system

state is not restored. Backup attempts to restore the system state, but does not succeed.



The drive letter on which the %SystemRoot% folder is located must be the same as when it was

backed up.

The %SystemRoot% folder must be the same folder as when it was backed up.

If sysvol or other Active Directory databases were located on another volume, they must exist

and have the same drive letters also. The size of the volume does not matter.

Q23 - How to restore AD ?

There is different methods, depending with the state of your AD : Normal : if you have lost only

one DC, you have to restore DC and then datas Authoritative : with many DCs, you can restaure

whatever you want and select it.

How to Perform a Normal Restore

To perform a primary restore, you must be a member of the Administrators group on the local

computer, or you must have been delegated the appropriate permissions. If the computer is in a

domain, members of the Domain Admins group can perform this procedure.

To perform a primary restore of Active Directory, perform the following steps:1. Restart your domain controller in Directory Services Restore Mode.

2. Start the Backup utility.

3. On the Welcome to the Backup or Restore Wizard page, click Advanced Mode.

4. On the Welcome to Backup Utility Advanced Mode page, on the Restore and Manage Media

tab, select what you want to restore, and then click Start Restore.

5. In the Warning dialog box, click OK.

6. In the Confirm Restore dialog box, click Advanced.

7. In the Advanced Restore Options dialog box, click When restoring replicated data sets, mark

the restored data as the primary data for all replicas, and then click OK twice. Important

Selecting this option ensures that the File Replication Service (FRS) data is

replicated to the other servers. Select this option only when you want to restore the first replica

set to the network.

8. In the Restore Progress dialog box, click Close.

9. In the Backup Utility dialog box, click Yes.

Warning

When you restore the system state data, the Backup utility erases the system state data that is on

your computer and replaces it with the system state data that you are restoring, including system

state data that is not related to Active Directory. Depending on how old the system state data is,

you may lose configuration changes that you recently made to the computer. To minimize thisrisk, back up the system state data regularly.

How to Perform an Authoritative Restore

Unlike a normal restore, an authoritative restore requires the use of a separate command-line

tool, Ntdsutil. No backup utilities, including the Windows Server 2003 system utilities, can

perform an authoritative restore.



domain controller, preferably one in the client’s own subnet. The domain controller uses the

client’s IP address to identify the client’s Active Directory site. If the domain contr oller is not in

the closest site, then the domain controller returns the name of the client’s site, and the client

tries to find a domain controller in that site by querying DNS. If the client has already attempted

to find a domain controller in that site, then the client will continue using the current, nonoptimal

domain controller. Once the client finds a domain controller it likes, it caches that domain

controller’s information, and the client will continue to use that domain controller for future

contacts (unless the domain

Use of Netdom command NetDom examples Sample workstation or member server operations Adding

a workstation or member server to a domain Add the workstation mywksta to the Windows NT 4.0

domain microsoft: NETDOM ADD /d:microsoft mywksta /ud:mydomain\admin /pd:password Add the

workstation mywksta to the Windows 2000 domain devgroup.microsoft.com in the organizational unit

(OU) Dsys/workstations: NETDOM ADD /d:devgroup.microsoft.com mywksta

/OU:OU=Dsys,OU=Workstations,DC=microsoft,DC=com Note If /OU is not specified the account is

created in the Computers container. Joining a workstation or member server to a domain Join mywksta

to the devgroup.microsoft.com domain in the Dsys/workstations organizational unit. NETDOM JOIN

/d:devgroup.microsoft.com mywksta /OU:OU=Dsys,OU=Workstations,DC=microsoft,DC=com In addition

to adding the computer account to the domain, the workstation is modified to contain the appropriate

shared secret to complete the Join operation. Removing a workstation or member server from a domain

To remove mywksta from the mydomain domain and have the workstation be part of a workgroup:

NETDOM REMOVE /d:mydomain mywksta /ud:mydomain\admin /pd:password Moving a workstation or

member server from one domain to another To move mywksta from its current domain into the

mydomain domain: NETDOM MOVE /d:mydomain mywksta /ud:mydomain\admin /pd:password If the

destination is a Windows 2000 domain, the SIDHistory for the workstation is updated, retaining the

security permissions that the computer account had previously. Resetting the secure channel for a

workstation, member server, or Windows NT 4.0 BDC To reset the secure channel secret maintained

between mywksta and devgroup.microsoft.com (regardless of OU): NETDOM RESET

/d:devgroup.microsoft.com mywksta To reset the secure channel between the Windows NT 4.0 PDC for

Northamerica and the backup domain controller NABDC: NETDOM RESET /d:Northamerica NABDC

Forcing a secure channel session between a member and a specific domain controller Members may

often establish secure channel sessions with non-local domain controllers. To force a secure channelsession between a member and a specific domain controller, add the /Server option to the RESET

command: NETDOM RESET /d:devgroup.microsoft.com mywksta /Server:mylocalbdc Verifying a

workstation or member server secure channel To verify the secure channel secret maintained between

mywksta and devgroup.microsoft.com: NETDOM VERIFY /d:devgroup.microsoft.com mywksta Sample

domain TRUST operations Establishing a trust relationship When used with the TRUST command, the

/d:domain parameter always refers to the trusted domain. To have the Windows NT 4.0 resource



the main email ports are: * POP3 – port 110

* IMAP – port 143

* SMTP – port 25

* HTTP – port 80

* Secure SMTP (SSMTP) – port 465

* Secure IMAP (IMAP4-SSL) – port 585

* IMAP4 over SSL (IMAPS) – port 993

* Secure POP3 (SSL-POP) – port 995

LDAP directory can be accessed on port 3268

Very Imp Notes windows

Documents

Transcript of Very Imp Notes windows