APIPA-Automatic Private IP Addressing
in case of dhcp server if not found then the apipa assigns ip address automatically for the client with the already configured ip addresses ranges from 169.254.0.1-169.254.255.254. it searchs for dhcp server automatically after every 5 mins, if found then it replaces the dhcp dynamic address.
Start Of Authority(SOA) Records indicate that NameServer is authoritative server for the domain.
Exclusion Range is used to reserve a bank of ip addresses so computer that require only static ip address such as DNS servers, legacy printers can use reserved assigned addresses .These are not assigned by DHCP server.
A virtual server can have one home directory and any number of other publishing directories. These other publishing directories are referred to as virtual directories.
AD- uses LDAP Udp 389 and
The FTP server is to accept incoming FTP requests. Copy or move the files that you want to make available to the FTP publishing folder for access. The default folder is drive:InetpubFtproot, where drive is the drive on which IIS is installed
In the client-server model, a file server is a computer responsible for the central storage and management of data files so that other computers on the same network can access the files. A file server allows users to share information over a network without having to physically transfer files by floppy diskette or some other external storage device.
The group policy setting ‘Automatically publish new printers in AD' when disabled, prevents the Add Printer Wizard from automatically publishing shared printers. In addition, Group policy setting ‘Allow printers to be published' should be enabled(default) for printers to be published on that computers.
The different types of backup methodologies are:
► Normal Backup:-This is default backup in which all files are backed up even if it was backed up before.
► Incremental Backup:-In this type of backup only the files that haven't been backed up are taken care of or backed up.
► Differential Backup:-This backup is similar to incremental backup because it does not take backup of those files backed up by normal
backup but different from incremental because it will take backup of differentially backed up files at next time of differential backup.
► Copy Backup:-This type of backup is which is used during system state backup and asr backup. It is used in special conditions only.
► Daily Backup:-This type of backup takes backup of only those files that are created on that particular day.
► System Backup:-This type of backup takes backup of files namely, Boot file, COM+Class Registry, Registry. But in server it takes
backup of ads.
► ASR Backup:-This type of backup takes backup of entire boot partition including OS and user data. This should be the last
troubleshooting method to recover an os from disaster.
Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis.By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.
Navigate domain user properties->give path in profile tab in the format servernamesharename.
The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies.
The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume
If your DNS server fails, you can't resolve host names. You can't resolve domain controller IP Address.
In run use the command ->dcpromo /forceremoval
Microsoft Windows 2000 uses the Setpwd utility to reset the DS Restore Mode password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure if the target server is running in DSRM.
You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003. Backing up the Active Directory is done on one or more of your Active Directory domain Controllers, and is performed by backing up the System State on those servers. The System State contains the local Registry, COM+ Class Registration Database, the System Boot Files, certificates from Certificate Server (if it's installed), Cluster database (if it's installed), NTDS.DIT, and the SYSVOL folder. the tombstone is 60 days (Windows 2000/2003 DCs), or 180 days (Windows Server 2003 SP1 DCs).
You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.
Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.
Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.
Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version recently changed data on other domain controllers does not overwrite System State data during replication.
1. We can give easy name resolution to your clients.
2. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone.
3. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire zone. This reduces zone transfer traffic.
4. AD Integrated zones support both secure and dynamic updates.
5. AD integrated zones are stored as part of the active directory and support domain-wide or forest-wide replication through application partitions in AD.
Reservation using mac address in DHCP.
Requests are on UDP port 68, Server replies on UDP 67.
Using hidden shares on your network is useful if you do not want a shared folder or drive on the network to be easily accessible. Hidden shares can add another layer of protection for shared files against unauthorized people connecting to your network. Using hidden shares helps eliminate the chance for people to guess your password (or be logged into an authorized Windows account) and then receive access to the shared resource.
Windows automatically shares hard drives by default for administrative purposes. They are hidden shares named with the drive letter followed by a dollar sign (e.g., C$) and commented as Default Share. Thus, certain networking and administrator functions and applications can work properly. Not that preventing Windows from creating these hidden or administrative shares by default each time your computer boots up takes a registry change.
The default refresh interval for policies is 90 minutes. The default refresh interval for domain controllers is 5 minutes. Group policy object's group policy refresh intervals may be changed in the group policy object.
Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs). Group policy may be blocked or set so it cannot be overridden. The default is for subobjects to inherit the policy of their parents. There is a maximum of 1000 applicable group policies.
Windows 2003 Active Directory data store, the actual database file, is %SystemRoot%ntdsNTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects.Only the Jet database can manipulate information within the AD datastore.
A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet Protocol (IP) address if a DHCP server is not available or does not exist. The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing(APIPA).
The Backup directory in the %SystemRoot%System32DHCP folder contains backup information for the DHCP configuration and the DHCP database. By default, the DHCP database is backed up every 60 minutes automatically. To manually back up the DHCP database at any time, follow these steps:
1. In the DHCP console, right-click the server you want to back up, and then click Backup.
2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.
If you are using Active Directory-integrated DNS, then your DNS information is stored in Active Directory itself, and you'll need to back up the entire system state. If not, however, The Backup directory in the %SystemRoot%System32Dns folder contains backup information for the DNS configuration and the DNS database.
A DHCP scope is a valid range of IP addresses which are available for assignments or lease to client computers on a particular subnet. In a DHCP server, you configure a scope to determine the address pool of ip which the server can provide to DHCP clients.
Scopes determine which IP addresses are provided to the clients. Scopes should be defined and activated before DHCP clients use the DHCP server for its dynamic IP configuration. You can configure as many scopes on a DHCP server as is required in your network environment
A DHCP server is the server that is responsible for assigning unique IP address to the computers on a network. No two computers (actually, no two network cards1 [even if two are in one computer]) can have the same IP address on a network at the same time or there will be conflicts. To that end, DHCP servers will take a request from a computer that has just been added (or is renewing) to the network and assign it a unique IP address that is available. These assignments typically only last for a limited time (an hour to a week usually) and so you are never guaranteed that the IP address for a particular computer will remain the same when using a DHCP (some DHCP servers allow you to specify that a computer gets the same address all the time however).
A (Host) record is used to resolve name to ip address while PTR (pointer) record is used to resolve ip address to name.
The key reason for integrating DNS and AD is efficiency. This is particularly true where you have lots of replication traffic. You can't resolve host names. You can't find services, like a domain controller.
Domain Name System (or Service or Server), a service that resolves domain names into IP addresses and vice versa. Because domain names are alphabetic, they're easier to remember.The Internet however, is really based on ip addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 184.108.40.206.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.
► Windows Server 2003, Web Edition :- is mainly for building and hosting Web applications, Web pages, and XML Web Services.
► Windows Server 2003, Standard Edition :- is aimed towards small to medium sized businesses. Flexible yet versatile, Standard Edition supports file and printer sharing, offers secure Internet connectivity, and allows centralized desktop application deployment
► Windows Server 2003, Enterprise Edition :- is aimed towards medium to large businesses. It is a full-function server operating system that supports up to eight processors and provides enterprise-class features such as eight-node clustering using Microsoft Cluster Server (MSCS) software and support for up to 32 GB of memory.
► Windows Server 2003, Datacenter Edition:- is the flagship of the Windows Server line and designed for immense infrastructures demanding high security and reliability.
► Windows Server 2003, Compute Cluster Edition:- is designed for working with the most difficult computing problems that would require high performance computing clusters.
► Windows Storage Server 2003:- is optimised to provide dedicated file and print sharing services. It is only available through OEMs when purchased pre-configured with network attached storage devices.
An object is a set of attributes that represents a network resource, say a user, a computer, a group policy, etc and object attributes are characteristics of that object stored in the directory. Organizational units act as a container for objects. Objects can be arranged according to security and administrative requirement in an organization. You can easily manage and locate objects after arranging them into organizational units. Administrator can delegate the authority to manage different organizational units and it can be nested to other organizational units. Create an OU if you want to:
► Create a company's structure and organization within a domain - Without OUs, all users are maintained and
displayed in a single list, the Users container, regardless of a user's department, location, or role.
► Delegate administrative control - Grant administrative permissions to users or groups of users at the OU level.
► Accommodate potential changes in a company's organizational structure - Users can easily be reorganized between
OUs, while reorganizing users between domains generally requires more time and effort.
► Group objects with similar network resources - This way it is easy to perform any administrative tasks. For example,
all user accounts for temporary employees can be grouped in an OU.
► Restrict visibility - Users can view only the objects for which they have access.
The sysvol folder stores the servers copy of the domains public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.
Start->dsa.msc->double click on users->right click on any users->properties->click on account->click on logon hours->logon denied->select time (by dragging mouse)->click on logon permission->ok.
To assign a domain user with local administrative right in any client of domain we should log in to the respected client system then, Start->control panel->user accounts->give username, password and name of domain->add->advanced->locations->find now->select others(in that select administrator user)->ok->next->ok.
A workgroup is an interconnection of a number of systems that share resources such as files &printers without a dedicated server .Each workgroup maintains a local database for user accounts, security etc. A domain, on the otherhand is an interconnection of systems that share resources with one or more dedicated server, which can be used to control security and permissions for all users in the domain. Domain maintains a centralized database and hence a centralized management of user accounts, policies etc are established. If you have a user account on domain then you can log on to any system without user account on that particular system.
DOS batch files
(.com, .bat, or even .exe)
Document and SettingsAll Users
All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.
dial-in with callback.
"Save password as encrypted clear text" must be selected on User Properties Account Tab Options, since the Macs only store their passwords that way.
Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure store of user credentials that includes passwords and X.509 certificates.
If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.
When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account's security token, which determines access levels to objects throughout the system and network.
SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.
Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.
The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.
The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.
The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments.
Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak)
Four types of authentication are used across forests:
(1) Kerberos and NTLM network logon for remote access to a server in another forest;
(2) Kerberos and NTLM interactive logon for physical logon outside the user's home forest;
(3) Kerberos delegation to N-tier application in another forest; and
(4) user principal name (UPN) credentials.
Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.
Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object-people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL).
Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.
Start -> Control Panel -> Network and Internet Connections -> Network Connections.
Note, however, that you cannot upgrade from ME and 98 to Windows Server 2003.
When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function. This is accomplished by right-clicking the application or setup program and selecting Properties -> Compatibility -> selecting the previously supported operating system.
The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup.