1. Define clean PC in Active Directory?
A clean PC is defined as a computer with only the following items on it before you run Discover:
★ The operating system
★ The service packs for the operating system
If you install Veritas Software Console on the computer, it is by definition no longer a clean PC. You must install Veritas Software Console somewhere, but not on the clean PC.
2. How to create a Third-Party MSI package in Active Directory?
1) Start with a clean PC, or one that is representative of the computers in your network.
2) Start Discover to take a picture of the representative PC's software configuration. This
is the Before snapshot.
3) Install a program on the PC on which you took the Before snapshot.
4) Reboot the PC.
5) Run the new program to verify that it works.
6) Quit the program.
7) Start Discover and take an After snapshot of the PC's new configuration. Discover compares the Before and the After snapshots and notes the changes. It creates a Microsoft Installer package with information about how to install that program on such a PC in the future.
8) (Optional) Use Veritas Software Console to customize the Microsoft Installer package.
9) Clean the reference computer to prepare to run Discover again.
10) (Optional) Perform a test installation of the program on non-production workstations.
3. How to create a Site link in Active Directory?
To create a new site link:
1) Click Active Directory Sites and Services.
2) Expand the Inter-Site Transports node, right-click IP (or click SMTP if you want to
use SMTP as the inter-site transport protocol), and then click New Site Link. If you have only one site in Active Directory, you receive a message that states that two sites are required for the site link to work. Click OK to continue.
4. How to allow only secure dynamic updates?
1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) Under DNS, expand the applicable DNS server, expand Forward Lookup Zones (or Reverse Lookup Zones) , and then click the applicable zone.
3) On the Action menu, click Properties.
4) On the General tab, verify that the zone type is Active Directory-integrated.
5) In the Allow dynamic updates? box, click Only secure updates.
5. How to set the Aging feature on an individual zone?
1) Right-click the zone, and then click Properties.
2) Click Aging.
3) Click to select the Scavenge Stale Resource Records check box, and then set the interval that you want the Aging feature to use.
If the Aging feature is not enabled at the server level, and you attempt to enable the Aging feature at the zone level, the Aging feature does not work. After you select the appropriate aging periods and you enable the Scavenging feature on the server, outdated records are scavenged.
6. How to enable Aging and Scavenging?
1) Open the DNS manager.
2) In the left pane, under the DNS icon, right-click the server name.
3) Click Set Aging/Scavanging for all zones.
4) Click to select the Scavenge Stale Resource Records check box, and then set the interval that you want the Aging feature to use.
7. How to configure the Windows 2000 Domain Name System to age records?
When any records are orphaned, dynamic DNS on a Windows 2000-based server does not age these records by renaming them or by moving computers to different subnets out of their zones, unless the server is configured to perform this task. Orphans can occur if a group of computers are installed from an image, and then renamed at a later time on another subnet. The reverse look up pointers may not be deleted if the computer is disconnected from the network immediately after the installation. The automatic deletion of these records is possible by enabling the Aging and Scavenging feature on the DNS server.
8. How to configure the Reverse Lookup Zone?
1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) In the console tree, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Reverse Lookup Zones.
4) Right-click Reverse Lookup Zones, and then click New Zone.
5) When the New Zone Wizard starts, click Next to continue.
6) Click Standard secondary, and then click Next. In the Network ID box, type the network ID (for example, type 192.168.0), and then click Next.
7) On the Zone File page, click Next, and then click Finish.
9. How to configure the Forward Lookup Zone?
1) Open the DNS MMC in the Secondary Name Server.
2) In the console tree, under DNS, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Forward Lookup Zones.
4) Right-click Forward Lookup Zones, and then click New Zone.
5) When the New Zone Wizard starts, click Next to continue.
6) Click Standard secondary, and then click Next.
7) In the Name box, type the name of the zone (for example, example.com), and then click Next.
8) On the Master DNS Servers page, type the IP address of the primary name server for this zone, click Add, click Next, and then click Finish.
10. How to configure a secondary Name Server in Windows 2000?
1) Open DNS MMC.
2) In the console tree, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Forward Lookup Zones.
4) Right-click the zone that you want (for example, example.com), and then click Properties.
5) Click the Name Servers tab, and then click Add.
6) In the Server name box, type the host name of the server that you want to add, for example, namesvr2.example.com.
7) In the IP address box, type the IP address of the name server that you want to add (for example, 192.168.0.22), and then click Add.
8) Click OK, and then click OK.
9) In the console tree, click Reverse Lookup Zones, right-click the zone that you want, and then click Properties.
10) Click the Name Servers tab, and then click Add.
11) In the Server name box, type the host name of the server that you want to add, for example, namesvr2.example.com.
12) In the IP address box, type the IP address of the name server that you want to add (for example, 192.168.0.22), and then click Add.
13) Click OK, and then click OK.
11. How to create a DNS entry for the Web Server?
1) Start the DNS snap-in.
2) Under DNS, expand Server1 (where Server1 is the host name of the DNS server). Expand Forward Lookup Zones.
4) Under Forward Lookup Zones, right-click the zone that you want (for example, Microsoft.com), and then click New Alias.
5) In the Alias name box, type www.
6) In the Fully qualified name for target host box, type the fully qualified host name of the DNS server on which IIS is installed. For example, type dns.microsoft.com, and then click OK.
12. How to enable DNS Dynamic Updates on a DHCP Server?
1) Select the scope or DHCP server on which you want to permit dynamic DNS updates.
2) On the Action menu, click Properties, and then click the DNS tab.
3) Click to select the Automatically Update DHCP Client Information In DNS check box.
4) To update a client's DNS records based on the type of DHCP request that the client makes and only when it is requested, click Update DNS Only If DHCP Client Requests.
5) To always update a client's forward and reverse lookup records, click Always Update DNS.
6) Click to select the Discard Forward Lookups When Leases Expire check box to have the DHCP server delete the Host resource record for a client when its DHCP lease expires and is not renewed.
7) Click to select the Enable Updates For DNS Clients That Do Not Support Dynamic Updates check box to enable the DHCP server to update the forward and reverse lookup records for clients that cannot update their own forward lookup records. If you do not select this check box, the DHCP server does not automatically update the DNS records of non-Windows 2000 clients.
13. How to Configure DNS Dynamic Update on a Windows 2000 DHCP Server?
1) Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
2) Click the appropriate DHCP server or a scope on the appropriate DHCP server.
3) On the Action menu, click Properties.
4) Click the DNS tab.
5) To enable DNS dynamic update for DHCP clients that support it, click to select the Automatically update DHCP client information in DNS check box. This check box is selected by default.
6) To enable DNS dynamic update for DHCP clients that do not support it, click to select the Enable updates for DNS clients that do not support dynamic updates check box. This check box is selected by default.
14. How to configure DNS Dynamic Update on a Windows 2000 DNS Server?
1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) Click the appropriate zone under either Forward Lookup Zones or Reverse Lookup Zones.
3) On the Action menu, click Properties.
4) On the General tab, verify that the zone type is either Primary or Active Directory integrated.
5) If the zone type is Primary, click Yes in the Allow dynamic updates? list.
6) If the zone types is Active Directory-integrated, click either Yes or Only secure updates in the Allow dynamic updates? list, depending on whether you want DNS dynamic updates to be secure.
15. How to configure DNS dynamic update on a Windows 2000 DNS client computer?
1) Click Start, point to Settings, and then click Network and Dial-up Connections.
2) Right-click the network connection that you want to configure, and then click Properties.
3) Click either the General tab (for the local area connection) or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.
4) Click Advanced, and then click the DNS tab.
5) To use DNS dynamic update to register both the IP addresses for this connection and the full computer name of the computer, click to select the Register this connection's addresses in DNS check box. This check box is selected by default.
6) To configure a connection-specific DNS suffix, type the DNS suffix in the DNS suffix for this connection box.
7) To use DNS dynamic update to register the IP addresses and the connection-specific domain name for this connection, click to select the Use this connection's DNS suffix in DNS registration check box. This check box is selected by default.
16. How Windows 2000-Based Computers Update Their DNS Names?
Windows 2000 computers try to dynamically register host address (A) and pointer (PTR) resource records. All computers register records based on their full computer name. Dynamic updates can be sent for any of the following reasons or events:
★ An IP address is added, removed, or modified for any one of the installed network connections.
★ An IP address lease changes or renews. For example, if you use the ipconfig /renew command.
★ You use the ipconfig /registered command to manually force a refresh of the client name registration in DNS.
★ At startup time, when the computer is turned on.
When one of these events triggers a dynamic update, the DHCP Client service (not the DNS Client service) sends updates. This process is designed so that if a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections used on the system, including connections that are not configured to use DHCP.
17. How to configure DNS dynamic update in Windows 2000?
The DNS service allows client computers to dynamically update their resource records in DNS and improves DNS administration. You can use DDNS in conjunction with DHCP to update resource records when a computer's IP address is changed.
18. Do you know how to set up DNS for a child domain?
To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server. Set the child DNS server to point to itself only.
19. How do I set up DNS for other DCs in the domain that are running DNS?
For each additional DC that is running DNS, the preferred DNS setting is the parent DNS server (first DC in the domain), and the alternate DNS setting is the actual IP address of network interface.
Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.
If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.
No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the DC in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 DC running DNS. If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.
Legacy operating systems continue to use NetBIOS for name resolution to find a DC; however it is recommended that you point all computers to the Windows 2000 or Windows Server 2003 DNS server for name resolution.
24. How to synchronies time amongst DCs using net time?
★ Net time mypdc /set /y
★ This synchronizes the local computer time with the server named Mypdc.
★ The /set - Time not only be queried, but synchronized with the specified server.
★ The /y switch skips the confirmation for changing the time on the local computer
25. Tell me do I need to configure forwarders in DNS?
By default, Windows 2000 DNS use the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.
26. Do you know what is the "." zone in my forward lookup zone?
This setting designates the Windows 2000 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.
As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.
28. Tell me why can't I use WINS for name resolution like it is used in Microsoft Windows NT 4.0?
A Windows 2000 DC does not register Active Directory-related information with a WINS server; it only registers this information with a DNS server that supports dynamic updates such as a Windows 2000 DNS server. Other Windows 2000-based computers do not query WINS to find Active Directory-related information.
29. Do you know what does a DC register in DNS?
The Netlogon service registers all the SRV records for that DC. These records are displayed as the _msdcs, _sites, _tcp, and _udp folders in the forward lookup zone that matches your domain name. Other computers look for these records to find Active Directory-related information.
30. Do you know why do I have to point my DC to itself for DNS?
The Netlogon service on the DC registers a number of records in DNS that enable other DCs and computers to find Active Directory-related information. If the DC is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. The preferred DNS setting for the DC is itself; no other DNS servers should be listed. The only exception to this rule is with additional DCs. Additional DCs in the domain must point to the first DC (which runs DNS) that was installed in the domain and then to themselves as secondary.
The most common mistakes are:
★ The DC is not pointing to itself for DNS resolution on all network interfaces.
★ The "." zone exists under forward lookup zones in DNS.
★ Other computers on the local area network (LAN) do not point to the Windows 2000 DNS server for DNS.
An object's attribute is set concurrently to one value at one master, and another value at a second master.
33. How to create Third-Party Microsoft installer package?
If you want to install a third-party program by using this method, you must install a copy of Veritas Software Console by Seagate Software at a location that is accessible by the reference computer. This program is available on the Windows 2000 CD-ROM in Valueadd3rdpartyMgmtWinstleSwiadmle.msi. This includes a copy of WinINSTALL limited edition, which allows for basic functionality.
34. Distinguishing a DC from a Windows 2000 member server?
★ The NTDS registry key exists in the HKLMSYSTEMCCSSERVICES portion of the registry.
★ The SYSVOL and NETLOGON shares exist. (The SYSVOL share and its contents exist after demotion of a DC.)
★ NBTSTAT shows that the 1C name (Domain) has been registered. Type nbtstat -n from a command prompt and note the presence of the 1C name.
★ The computer role from the NET ACCOUNTS utility lists the computer role as "PRIMARY" and standalone servers as "SERVERS." Type net accounts from the command prompt.
★ The NET START command indicates that the Kerberos Key Distribution Center (KDC) service is running. Type net start |more.
★ The computer responds to LDAP queries (specifically, to port 389 or 3268).
★ The "Connect to server %S" command in Ntdsutil.exe functions only against Windows 2000 DCs.
★ The Change button on the Network Identification tab in My Computer is disabled when Windows 2000 is configured as a DC. A note appears indicating this.
★ Run Netdiag (a Resource Kit utility) and observe the "Machine is a Primary DC" entry in the output. Type netdiag /v from the command prompt.
35. How to configure a one-way trust?
Perform the following steps to configure the one-way trust:
1) On a domain controller in the trusted domain, start the Active Directory Domains and Trusts console.
2) In the Domains that trust this domain pane, click Add.
3) In the Add Trusting Domain dialog box, type the name of the trusting domain, type a password, and then type the password again in the Confirm password box.
4) Click OK.
5) In the Active Directory dialog box, click OK to verify the trust.
6) Enter a user name and password of a user that has permissions to modify trust relationships in the trusting domain.
