Professional Documents
Culture Documents
MCSE-2003: I P Address
MCSE-2003: I P Address
MCSE-2003: I P Address
I P Address:
There are two versions: 1) IP V4 and 2) IP V6. Of which IPV4 is normally used and
is 32 bit and IPV6 is rarely used and is 128 bit.
Internet Protocol
IP Addressing:
Internet Protocols are in two versions viz., IPV4 and IPV6. IPV4 is 32 Bit and IPV6 is
128 bit. The notation is called Dotted Decimal Notation (DDN). Any computer to contact
another computer need IP Addressing.
8 . 8 . 8 . 8
00000000 00000000 00000000 00000000 ----- 32 bits
0 . 0 . 0 . 0
IP Addressing is classified into 5 classes. This is done using parity bit at the MSB ( Most
Significant Bit) of the First Octet. That is ..
8 . 8 . 8 . 8
MSB
0 000000 0
MSB LSB
Decimal 128 64 32 16 8 4 2 1
Equivalents
0- 0 0 0 0 0 0 0 0
127 0 1 1 1 1 1 1 1 -------------Class A
128- 1 0 0 0 0 0 0 0
191 1 0 1 1 1 1 1 1 -------------Class B
192- 1 1 0 0 0 0 0 0
223 1 1 0 1 1 1 1 1 -------------Class C
224- 1 1 1 0 0 0 0 0
239 1 1 1 0 1 1 1 1 -------------Class D
240- 1 1 1 1 0 0 0 0
255 1 1 1 1 1 1 1 1 -------------Class E
SERVER
|
HUB/S HUB/S
WITCH WITCH
SYS 1
SYS 2 SYS 3 SYS4 SYS 5 SYS 1 SYS 2 SYS 3 SYS 4 SYS 5
5. Profile is different from system to Common profile all over the domain.
system.
1. WIN NT 4.0
------------------------------------------------------------------------------------------------------------
4. A D C: Additional Domain Controller, acts as a Backup server for DCs, like DC,
CDC and NDEF.
Note: All the computers in the domain structure of WIN 2000 and WIN 2003 maintain
FQDN ( Fully Qualified Domain Name).
Note: Only one DC can exist in a complete Forest and any no. of CDCs, NDEFs, ADCs
can exist.
DOMAIN STRUCTURE OF WINDOWS - 2003:
10.A D C: Additional Domain Controller, acts as a Backup server for DCs, like DC,
CDC and NDEF.
Note: All the computers in the domain structure of WIN 2000 and WIN 2003 maintain
FQDN ( Fully Qualified Domain Name).
1. Global Catalog
2. Schema Master
5. Infrastructure Master
6. PDC Emulator
ACTIVE
DIRECTORY
1 2 3 4 5 6
GLOBAL SCHEMA DOM.NAM. RID INFRASTRUCT PDC
CATALOG MASTER OPER. MAST. MASTER MASTER EMULATOR
FWR FWR FWR DWR DWR DWR
Global Catalog: This is a FWR. Maintains complete information about the local domain
and partial information about other domains. At a time more than one GC servers can
exist. This is generally used for authentication purpose.
Schema Master: Defines infrastructure of AD. It contains classes like computers, users,
folders, printers etc and their attributes like first name, last name, email Id,
Computer name, O/S, IP Address, Role, Profiles, Security etc. Any modifications of AD
can be done using Schema Master. It is a FWR. Only one Schema Master can exist in
the entire Forest.
D N O M : It ensures that there is no duplicate domain name exists in the entire Forest.
This is a FWR. Only one DNOM exists in the complete Forest.
Infrastructure Master: It always updates any change that takes place in a domain.
Only one IM can exist in a Domain. This is a DWR.
Global Catalog:
Start----Programs----Admn.Tools----ADS&S----expand sites----default first site-----
expand servers----expand computer 1(Sun1)----NTDS settings----right click on NTDS
setting----OK.
Schema Master:
Go to Run----enter regsvr32 schmmgmt.dll----press OK
Run---- mmc----OK
Go to file menu----add/remove snap in----add snap in----select AD Schema Directory----
add----OK.
Right click on AD schema----select operations master----current schema master
DNOM:
Start----programs----Admn.Tools----ADD&T----Right click on ADDT----select Operations
master
1. Creation of users:
Go to ADUC----expand domain----select users----right click on users----new user----give
OK
User Accounts;
There are two types of user accounts a) system users and b) domain users. System
users are specific to the client system and Domain user can access DC from any client
machine.
S.No System Local Account Domain Local Account
1 A/c is created using local users and A/c is created using AD U&C
groups option.
2 A/c can not be created using AD U&C Can not be created using workgroup
computer/system
3 User A/c limited to one system i.e., User A/c limited to all the systems in
specific to client machine the domain
4 Very low security High security
1. Domain Controllers
2. Member servers
3. Clients
Organizational units:
Groups: Group is a logical collection of users, computers, printers and groups it self.
a) System user accounts or system local accounts: A/cs created using system local
users and groups or using control panel user settings.
Steps:
Procedure 1: Right click on My Computer----Mange----go to local users and groups----
users right click----new user---- user name, and password to be given----create
Managing system user: system user accounts---- for disabling right click on user----‘ a/c
is disabled ‘ option to be selected----apply
b) Domain user accounts or Domain local accounts: User accounts created using
ADUC.
Procedure 1: using GUI i.e., windows mode
Start----Programs----Admn. Tools----ADUC----right click on users----New user----user full
name and log on name----give next----give password----next----next finish.
Go to run----cmd----gpupdate.exe----
Profiles:
The user account information which is loaded as a user logs in is called “Profile”. Profile
contains user information like desktop, my documents, start menu, application data,
cookies, favorites etc.
4. SLP provides very less security for DLP provides high security for the
the profiles (No fault tolerance). profile (high fault tolerance).
5. SLP can not make use of efficient NW DLP can make use of NW resources
resources
6. SLP administration can not be done DLP administration can be done
remotely remotely
Note: The steps for server o/s are also applicable for client o/s.
1. Default: This is a default profile applied to all the users in a domain. User having
this profile can login into all the computers in a domain except DC by default and
his account information is saved in whatever computer he logs in. Here profile
information is different from system to system.
2. Roaming Profile: A user should have default domain local profile to go for a
roaming profile. Roaming profile of any account provides or enables a user to
access his own profile information as it is (same) in any system. To go for
Roaming profile NTFS system is recommended.
Steps:
My computer----C: drive----New Folder----Rename the folder----RC on the
folder----Properties----sharing----enable sharing of this folder----go to
permissions----give full control----give OK.
3. Mandatory Profile: Mandatory profile is a profile that will not allow a user to
save the changes made to his profile.
Home Folder:
It is a facility for a user to access a shared resource over a network as a home drive in
whatever system he logs in.
Steps: First create a share folder in NT File System (NTFS). Give appropriate
permissions to the specified user.
Note: Home folder can be used for Mandatory or Roaming or Local Profile users i.e.,
users of Domain Local Profile.
GROUPS:
Group is a logical collection of users, computers, printers and groups itself. Groups
depend on Domain Functional Levels.
Functional levels: define that level or the mode in which Windows 2003 operating
system working in coordination or compatibility with previous versions of o/s viz., Win
NT 4.0, Windows 2000.
User A/cs:
DL Global Univer
sal
Users out side Users Inside All sides
Using Resources:
Inside Resources Outside Resources All Resources
DL Global Univer
sal
GROUPS:
Group is a logical collection of users, computers, printers and groups itself. Groups
depend on Domain Functional Levels.
1. Mixed Mode: Here Win2003 o/s as domain works or runs in compatibility with
WIN NT 4.0 Server and WIN 2000 Server. Here very few features of 2003 can
be utilized.
2. Native Mode: Here Win 2003 domain works in compatibility with WIN 2000
Server only. Here few features of 2000 and 2003 can be utilized.
3. 2003 Mode: 2003 Domain need not run in compatibility with Win 2000 or Win NT
4.0 Servers. Hence maximum features of 2003 can be utilized.
Note: Mixed mode does not support Universal group. Native and 2003 modes
support Universal group.
Group Types:
Can be classified into two varieties--- a) Group Scope & b) Group Type.
Domain Local Scope: Group contain users from other domain but are only allowed to
access domain local resources (within the domain only).
DL DL
Global Group Scope: can have members/users within the domain but can access the
resources outside the domain.
User A/cs within the Domain Access Resources outside the Domain
Global Global
Universal Group Scope: Members can be both from local domain as well as from out
side the domain and access the resources both from local domain as well as from
outside the domain.
Univer Univer
sal sal
b) Group Type: Defines level of security or level of permissions the group has. There
are two types of groups.
1. Distribution group
Distribution Group: has less privileges i.e., they can not modify a group but access a
group.
Security Group: Has high privileges i.e., they can do modification of groups.
Note: No group can be created just using group scope only or group type only i.e.,
group scope and group type always exist in combination.
Note: Mixed mode does not support changing of group. Native mode does not support
changing Domain Local to Global or Global to Domain Local. It only supports change to
Universal.
Changing DFLs:
Note: By default Win 2003 works in Mixed Mode.
Steps:
Start----Programs----ADUC----RC on Domain Name----click on Raise DFL----select the
functional level (selecting Native -2000 or 2003 Mode)----give Raise.
Method – 2:
RC on a group----properties----in that select members----add----select user.
Method – 3:
RC on a user----go to properties----select member of----add to group name.
Method – 4:
Adding a group to group- RC on a group----properties----select member of----give
add.
Method – 5:
RC on a group----properties----members----add----give group name----give OK.
Moving Groups:
Select the user----drag and drop to required container or use option of Moving.
PERMISSIONS:
Permissions can be of different types and different levels. There are three levels of
permissions:
a) Site Level: can be given to a user in order to let him manage entire site i.e., all
the domain trees in the site (Forest). Here only limited permissions can also be
given called—Delegation of Control.
b) Domain Level: User having domain level permissions can manage entire
domain as well as the OUs in the domain.
c) OU Level: These permissions will let the user to manage a particular OU as well
as OUs within that OU.
a) Admin Level: this level of user has sole rights to manage, monitor or change
permissions to any user of the system.
b) Power User Level: the user has little less privileges compared to an
Administrator and little more permissions than ordinary user.
c) Ordinary User Level: this user got privileges in the system i.e., he can not install
or modify the existing content.
Note: Security permissions are only available on NTFS file system and sharing
permissions will only take effect in a Network.
Delegation of Control:
DOC is assigning only particular permissions or rights to an object.
DOC can be done over Site level, Domain level, OU level, and also on servers like
DNS, IIS, DHCP etc. DOC can be done on or for users, computers, printers and
organizational units.
PERMISSIONS:
Write 2 6 10
Modify 3 7 11
Full Control 4 8 12
GROUP POLICIES:
Group Policy: is a set of controls over a container allowing or denying a user or Group
for accessing the resources with in the system or within the Network.
Group policies can be applied over sites, domains and on OU. Group Policies follow
inheritance.
GP inheritance can be block level under sub-levels. Using group policies we can
achieve two levels. 1) Normal Level and 2) Advanced Level of group policies.
1. Normal Level:
Normal level is allowing or denying access to resources already existing.
Ex: Hiding desktop icons, hiding shut down event tracks, hiding network drives, local
drives, hiding or allowing or allowing log off, control panel are some of the profile
information comes under normal level of using group policy.
2. Advanced Level:
Providing access to new resources or providing extra features to existing resources.
Ex: Scripts, software deployment, Folder redirection etc. come under advanced level of
group policies.
Note: There are more than thousand group policies in Windows 2003 Server. Group
policies over Site level, Domain level and Organizational Unit level are same.
Site Level Policy: Group policy applied over the Site level will take effect on all
Domains in the Site:
Steps: Start----Programs----AD Tools & AD sites----RC on default first site name----go to
properties----select Group Policy.
Domain Level Policy: Policy applied over domain level will take effect all over the
Domain but not to other domains. The policy will be applied to all the OUs within the
domain also.
Steps: RC on Domain name----go to properties----select Group Policy----over.
OU Level: Policy applied at OU level will take effect within the OU including OUs in the
OU.
Steps: RC on the OU----go to properties----GP----New----specify the GP (ex: hide search
menu from the start menu) ----edit----under user configuration----expand Admin.
Templates----select start-menu----select search in start-menu----select enable.
There are few advanced features using group policy like software deployment, Scripts,
Folder Re-Direction and Resultant Set Of Policies (RSOP) etc.,
a) Software Deployment:
is used in order to install or deploy one or more applications on to client machines
remotely using group policies.
Note: S/W deployment is achieved using only MSI or Zap Files. If an .exe has to be
deployed that can be converted to an MSI using ‘Wininstalle’.
b) Scripts:
Steps: create new folder ----share the folder----rename----RC new text.doc----in that –
wscript.echo “Hi!! Welcome to Sunmars!!”----rename the file----new vbs.
Run ‘gpupdate’
c) i. Folder Re-direction:
Using Group Policy one particular part of a user profile like my documents, desktop,
start menu, and application data can be re-directed to a different location for
convenience.
Run ‘gpupdate’.
DNS is used to resolve Host Names to IP addresses and IP addresses to Host Names.
DNS is used in 2 cases:
1. For accessing website
2. For directory service
For Website:
2 3
Top Level Domain.
.gov .org .com .mil
Server DNS CACHE 4 Server
1 8 7 6 5 Server
Host Domain
↓ ↓
www. Mail . yahoo . com. --- Root
1) Client computer puts a simple query to the DNS server for a website
(www.mail.yahoo.com)
2) DNS server will check for any information of the query. If it is not resolved the
query is forwarded to the root.
3) Root contains that information about Top Level Domains (.gov; .com; .org; .net;
.mil) and it refers to one of the top level domains.
Here when any computer in the domain wants to contact any computer it has to contact
DNS server to resolve the destination computer name to IP address.
The preferred DNS of any computer in a domain having single DNS server will be same
as the DNS server IP address.
Zone is a DNS record that contains Host Names (A), IP addresses, Pointers(PTR), and
resource records and service records. There are two types of zones:
a) Forward lookup zone
b) Reverse lookup zone
Forward Lookup Zone: contains host names and IP addresses. This is used to resolve
host names to IP addresses.
Reverse Lookup Zone: It contains IP addresses and host names. It is used to resolve
IP addresses to host names.
DNS Event Log: this is a log which maintains any events of the DNS server (warning,
errors, information etc.,).
DNS Cache: DNS cache maintains any recent query resolved by it.
There are two types queries used by DNS. Simple and Recursive queries
Simple Query: This is from the client to the DNS server.
Recursive Query: this is a query from one DNS server to another DNS server.
FOREST OF INDIA.COM
India.com USA.com
DC/PDNS DC/PDNS
SDNS SDNS
1.2 1.11
STUB STUB
Abc.GA
.USA.com
1.9 1.20
1.3 1.4 1.5 1.6 1.7 1.8 1.12 1.13 1.14 1.15 1.16 1.17
S1 S2 S3 S4 S5 S6 C1 C2 C3 C4 C5 C6
Clients Clients
DNS S1 S2 S3 S4 S5 S6 C1 C2 C3 C4 C5 C6
PDNS 1.1 1.1 1.1 1.1 1.1 1.1 1.10 1.10 1.10 1.10 1.10 1.10
SDNS 1.2 1.2 1.2 1.2 1.2 1.2 1.11 1.11 1.11 1.11 1.11 1.11
2. Secondary DNS : is the zone having a duplicate Read only copy of the PDNS zone.
Any information updated in the primary will be copied to the SDNS.
5. Active Directory Integrated : DNS in a domain controller will be integrated with the
active directory in order to maintain any updates that take place in AD can be updated.
Installation of DNS : There are 3 situations where installation of DNS can be done.
With reference to AD :
1. Before installation of AD : This is a situation where no AD is present but web
server has to configured.
2. While installing AD (DC) : This is a situation while configuring DC.
3. After installing AD : This is a situation DNS has to be moved from one
computer to another or from DC to another computer.
Note: Forest DNS zone can only be seen in the DNS integrated with DC. Domain DNS
zone can be seen in DNS of both DC as well as NDEF.
SOA: contains serial no: primary DNS server, refresh interval and zone expiry time.
Serial no. specifies the updation of the zone. It will regularly increment until it is
refreshed.
Primary Server: defines the first DNS server of the zone.
Expiry time: If the zone is not refreshed for a particular amount of time, then the zone
will be expired i.e, it is not accessible.
Refresh Interval: DNS refreshes all the zones at every 15 minutes by default. If the zone
is not getting refreshed it will try every 10 minutes.
Name Server (NS): NS record specifies the host name and the IP address of the DNS
server. We can have multiple NS. NS record is also useful in case of zone transfer.
Host Record (A): is also known as “Glue Record” which maintains name of the host and
IP address of the host.
Other Records:
Cname: alias record-(c=canomycal)- this is a duplicate name used on behalf of host
name for security reasons.
PTR: Pointer: is a record in reverse look-up zone that maintains IP address associated
to that host.
Cname in reverse look-up zone: this record creates a duplicate IP on behalf of the
original IP (original pointer) for security reasons.
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
2. nslookup
3. ping –a <ipaddress>
4. In Windows 98 --- “winipcfg”---- in run command
D H C P:
Static IP addressing:
Assigning IP address manually on a console machine is called Static IP addressing.
Disadvantages:
1. It is time consuming
2. Possibility of mishap
3. Changing IP address or related information may be a tedious job
4. Less secured
5. No centralized database for computer like, names, ip addresses and their MAC
addresses can be maintained directly.
Dynamic IP addressing:
Assigning IP addressing to the machines from a remote system is called dynamic IP
addressing. Two types of Dynamic IP addressing:
1) DHCP and 2) RAS (Remote Access Server)
DHCP: is used for dynamically allocating IP addresses within local area network and
also in WAN with the help of RAS.
RAS: is used to assign IP addresses using dialup connection to set up connection.
DHCP OFFER - BC
DHCP REQUEST- BC
DHCP ACK. - UC
D H C P:
Installation of DHCP:
Minimum requirements are:
1. Server O/S
2. Member server
3. Domain Administration Login
4. Static IP address
Configuring DHCP: DHCP contains five components minimum, of which major two
components are Scope and Server options. Scope in turn contains/maintains four basic
components. Hence the DHCP should contain a minimum of 5 components (Scope(4)
and Server options).
1. Scope: is a container which contains four basic components; they are address pool,
address lease; reservation and scope options.
Steps to create a Scope:
Start----Programs----Administrative tools----DHCP----RC on the computer name----select
Authorize and then Refresh. ( Initially the dhcp will be with downward arrow orange
mark and after refreshing the arrow turns to green and will be upwards).
RC on computer name again and select New Scope----next----specify the scope name
(Ex: Scope 1)----specify the range of IP addresses----next----next----next----give Yes----
next----specify the domain name specify the server name----select resolve give add----
next----next----next----finish.
Components of Scope:
a) Address Pool : contains/maintains list of available IP addresses and excluded
range of IP addresses.
2. Server Options: Server options and scope options are same, but sever options are
common for all the scopes in a DHCP.
After configuring DHCP scope on the client side IP address can be renewed or released
from the DHCP using two commands:
a) ipconfig /release
b) ipconfig /renew
Super Scope: is used in a DHCP server when single DHCP has to assign IP
addresses for multiple networks.
Note: One scope one network only. Another scope another network.
Ex: Scope 1 ------ 192.168.1.0 to 192.168.1.254
Scope 2 ------ 192.168. 2.0 to 192.168.2.254 and so on
There can be multiple DHCP servers in a single domain, but they should be authorized
to assign IP addresses.
Note:
1. There is no “authorize” concept in WIN NT.
2. WIN 2000 has Authorize option, but it will take 15 minutes to authorize.
3. WIN 2003 DHCP authorize is quick ( Refresh and it will authorize).
IIS is available in almost all flavors of Windows. This is independent of domain. The
version used in Windows 2003 is 6.0. This provides high efficiency and security.
Installation of IIS:
Steps:
Start----Settings----Control Panel----Add Remove Programs----Add Remove Windows
components----Application server----details----select IIS----select details----put a tick for
FTP----give OK----OK.
Configuration of IIS:
Start----Programs----Admin. Tools----go to IIS----expand websites----RC on websites----
New website----Next----description (Ex. Google or Yahoo)----next----assign IP address
or specify an IP address----Host header name (www.google.com or
www.yahoo.com )----give next-----specify the path of the shared folder----next----select
browse----give next----finish.
Copy the name of the page (.htm file). RC on “website”(the new website created)
description----go to properties ---- go to documents----select the default/existing
documents and remove----add and paste the name of the file copied----give OK----apply
and OK.
Go to DNS----create new forward look up zone for the new website----give next----
uncheck last option in the list of options leaving only “primary zone”----next----specify
the zone name (Ex: Google or Yahoo.com) ----next----next----next----finish.
RC on new zone name----create new host record----specify Cname & IP ----OK.
RC on new zone name----create new alias----www----browse the host record and
insert----give OK----close DNS.
Redirecting a website:
Go to IIS-----RC on ‘yahoo’ description----properties----home directory----select a re-
direction to URL----http://www.google.com----apply----OK----close.
Virtual Directory: copy of the main.htm or the page to get included in Virtual Directory.
F T P:
Configuration:
1. FTP site without Isolation of users:
Go to my computer----any drive----new folder----rename----Share the folder----give
proper sharing permissions----add some files to the shared folder----close.
Go to IIS----RC on FTP sites----new FTP site----next specify site description----next----
specify the IP address----next----next----specify the share folder path----next----allow
permissions as required----next ---- finish.
BACKUP:
Is maintaining or having a duplicate copy of the information and restore the information
without any loss of the data when required is referred to as “Backup”.
Note:
Backup for live servers and shared folders can be taken using a service called volume
shadow copy. Volume shadow copy provides taking of Backup for the files which are in
use.
Attributes: every file will have three attributes a) Hidden, b) Read only & c)Archive.
1. Hidden : to hide or display the folders or files
2. Read only : will specify whether it has write protection or not
3. Archive : specifies whether file is backed up or not.
Normal Backup: it backs up/copies all the data and remove the archive bit ‘A”.
Steps to Restore:
Go to backup wizard----advanced----select restore wizard----next----select the item to be
restored----next----select advanced options----next----next……….finish.
Incremental Backup:
Takes the back up of all the files which are having “archive bits” and it removes the
archive bit once the backup is taken.
Differential Backup:
This type of backup will take the backup of all the files having archive bit and will not
remove ‘Archive bit’ after backup.
Note: Incremental backup is used for high speed backup and slow restore.
Differential backup is used for high speed restore and slow backup.
No. of Total Type of ‘A’ Bits ‘A’ Bits No. of Speed Speed
S.No. Files Files Backup Before After Files in of Of
created Backup Backup Restore
Folder
CASE 1