Windows Sever 2008/R2 Interview questions Part 1

JUNE 22, 2011 10 CO EN!S

Difference between 2003 and 2008 1) 2008 is "o#$ination o% vista and windows 200&r2' So#e new servi"es are introdu"ed in it 1' RO(C one new do#ain "ontro))er introdu"ed in it *Read+on), (o#ain "ontro))ers'2' W(S .windows de/)o,#ent servi"es0 instead o% RIS in 200& server &' s1adow "o/, %or ea"1 and ever, %o)ders 2'$oot sequen"e is "1an3ed 4'insta))ation is &2 $it w1ere as 200& it is 15 as we)) as &2 $it, t1at6s w1, insta))ation o% 2008 is %aster 5'servi"es are 7nown as ro)e in it 8' 9rou/ /o)i", editor is a se/arate o/tion in ads 2) !1e #ain di%%eren"e $etween 200& and 2008 is :irtua)i;ation, #ana3e#ent' 2008 1as #ore in$ui)t "o#/onents and u/dated t1ird /art, drivers introdu"es <,/er+: .: %or :irtua)i;ation0 $ut on), on 52$it versions' t1at in")udes <,/er+:, t1en )aun"1 t1e Server Windows server 2008 new features 1. Virtualization with Hy er V 2. !erver "ore # /rovides t1e #ini#u# insta))ation required to "arr, out a s/e"i%i" server ro)e, su"1 as %or a (<CP, (NS or /rint server' ?ro# a se"urit, stand/oint, t1is is attra"tive' ?ewer a//)i"ations and servi"es on t1e sever #a7e %or a s#a))er atta"7 sur%a"e' In t1eor,, t1ere s1ou)d a)so $e )ess #aintenan"e and #ana3e#ent wit1 %ewer /at"1es to insta)), and t1e w1o)e server "ou)d ta7e u/ as )itt)e as &9$ o% dis7 s/a"e a""ordin3 to &' IIS 8 2' $ole based installation @ rat1er t1an "on%i3urin3 a %u)) server insta)) %or a /arti"u)ar ro)e $, uninsta))in3 unne"essar, "o#/onents .and insta))in3 needed e>tras0, ,ou si#/), s/e"i%, t1e ro)e t1e server is to /)a,, and Windows wi)) insta)) w1at6s ne"essar, A not1in3 #ore' %. $ead &nly Do'ain "ontrollers ($&D") It6s 1ard), news t1at $ran"1 o%%i"es o%ten )a"7 s7i))ed I! sta%% to ad#inister t1eir servers, $ut t1e, a)so %a"e anot1er, )ess ta)7ed a$out /ro$)e#' W1i)e "or/orate data "enters are o%ten /1,si"a)), se"ured, servers at $ran"1 o%%i"es rare), 1ave t1e sa#e /1,si"a) se"urit, /rote"tin3 t1e#' !1is #a7es t1e# a "onvenient )aun"1 /ad %or atta"7s $a"7 to t1e #ain "or/orate servers' RO(C /rovides a wa, to #a7e an B"tive (ire"tor, data$ase read+on),' !1us, an, #is"1ie% "arried out at t1e $ran"1 o%%i"e "annot /ro/a3ate its wa, $a"7 to /oison t1e B"tive (ire"tor, s,ste# as a w1o)e' It a)so redu"es tra%%i" on WBN )in7s' ). *nhanced ter'inal services !er#ina) servi"es 1as $een $ee%ed u/ in Server 2008 in a nu#$er o% wa,s' !S Re#oteB// ena$)es re#ote users to a""ess a "entra)i;ed a//)i"ation .rat1er t1an an entire des7to/0 t1at a//ears to $e runnin3 on t1e )o"a) "o#/uter6s 1ard drive' !1ese a//s "an $e a""essed via a We$ /orta) or dire"t), $, dou$)e+")i"7in3 on a "orre"t), "on%i3ured i"on on t1e )o"a) #a"1ine' !S 9atewa, se"ures sessions, w1i"1 are t1en tunne))ed over 1tt/s, so users don6t need to use a :PN to use Re#oteB//s se"ure), over t1e Internet' Co"a) /rintin3 1as a)so $een #ade si3ni%i"ant), easier' +. ,etwor.ccess /rotection i"roso%t6s s,ste# %or ensurin3 t1at ")ients "onne"tin3 to Server 2008 are /at"1ed, runnin3 a %irewa)) and in "o#/)ian"e wit1 "or/orate se"urit, /o)i"ies A and t1at t1ose t1at are not "an $e re#ediated A is use%u)' <owever, si#i)ar %un"tiona)it, 1as $een and re#ains avai)a$)e %ro# t1ird /arties' 8' Windows /ower!hell i"roso%t6s new .is10 "o##and )ine s1e)) and s"ri/tin3 )an3ua3e 1as /roved /o/u)ar wit1 so#e server ad#inistrators, es/e"ia)), t1ose used to wor7in3 in Cinu> environ#ents' In")uded in Server 2008, PowerS1e)) "an #a7e so#e Do$s qui"7er and easier to /er%or# t1an 3oin3 t1rou31 t1e 9UI' B)t1ou31 it #i31t see# )i7e a ste/ $a"7ward in ter#s o% user %riend), o/eration, it6s one o% t1ose %eatures t1at on"e ,ou6ve 3otten used to itE ,ou6)) never want to 3ive u/' $estartable .ctive Directory Do'ain !ervices0 Fou "an now /er%or# #an, a"tions, su"1 as o%%)ine de%ra3#entation o% t1e data$ase, si#/), $, sto//in3 B"tive (ire"tor,' !1is redu"es t1e nu#$er o% instan"es in w1i"1 ,ou #ust restart t1e server in (ire"tor, Servi"es Restore redu"es t1e )en3t1 o% ti#e t1e do#ain "ontro))er is unavai)a$)e to serve requests %ro# *nhance'ents to 1rou /olicy0 i"roso%t 1as added #an, new /o)i", settin3s' In /arti"u)ar, t1ese settin3s en1an"e t1e #ana3e#ent o% Windows ana3e#ent Conso)e .9P C0, w1i"1 was an o/tiona) i"roso%t 1as added new auditin3 "a/a$i)ities to 9rou/ Po)i", and added a sear"1a$)e :ista ")ient "o#/uters' B)) /o)i", #ana3e#ent is now 1and)ed $, #eans o% t1e 9rou/ Po)i", %eature %irst added to Windows Server 200& R2' In addition, ode and t1ere$, i"roso%t an3er, add Ro)es' i"roso%t introdu"es new %eature wit1 278 t1at is <,/er+: Windows Server 2008 ore and #ore "o#/anies are seein3 t1is as a wa, o% redu"in3 1ardware "osts $,

runnin3 severa) =virtua)6 servers on one /1,si"a) #a"1ine' I% ,ou )i7e t1is e>"itin3 te"1no)o3,, #a7e sure t1at ,ou $u, an edition o% Windows Server 2008

data$ase %or )o"atin3 /o)i", settin3s %ro# wit1in 9P C' In Windows Server 2008 R2, 9P C ena$)es ,ou to use a series o% PowerS1e)) "#d)ets to

auto#ate #an, o% t1e tas7s .su"1 as #aintenan"e and )in7in3 o% 9POs0 t1at ,ou wou)d ot1erwise /er%or# in t1e 9UI' In addition, R2 adds new /o)i", settin3s t1at en1an"e t1e #ana3e#ent o% Windows 8 "o#/uters' Windows !erver 2008 $2 new features0 B"tive (ire"tor, Re",")e Gin Windows PowerS1e)) 2'0 B"tive (ire"tor, Bd#inistrative Center .B(BC0 O%%)ine do#ain Doin B"tive (ire"tor, 1ea)t1 "1e"7 B"tive (ire"tor, We$ Servi"es B"tive (ire"tor, Windows Server ana3e#ent Pa"7 i3ration !oo)s

ana3ed Servi"e B""ounts What is server core2 How do you confi3ure and 'ana3e a windows server 2008 core installation2 !1e Server Core insta))ation o/tion is an o/tion t1at ,ou "an use %or insta))in3 Windows Server 2008 or Windows Server 2008 R2' B Server Core insta))ation /rovides a #ini#a) environ#ent %or runnin3 s/e"i%i" server ro)es, w1i"1 redu"es t1e #aintenan"e and #ana3e#ent require#ents and t1e atta"7 sur%a"e %or t1ose server ro)es' B server runnin3 a Server Core insta))ation o% Windows Server 2008 su//orts t1e %o))owin3 server ro)esH

B"tive (ire"tor, (o#ain Servi"es .B( (S0 B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"es .B( C(S0 (<CP Server (NS Server ?i)e Servi"es <,/er+: Print Servi"es Strea#in3 edia Servi"es We$ Server .IIS0 B"tive (ire"tor, Certi%i"ate Servi"es B"tive (ire"tor, (o#ain Servi"es B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"es .B( C(S0 (<CP Server (NS Server ?i)e Servi"es .in")udin3 ?i)e Server Resour"e <,/er+: Print and (o"u#ent Servi"es Strea#in3 edia Servi"es We$ Server .in")udin3 a su$set o% BSP'NE!0 i"roso%t ana3e#ent ana3er0

B server runnin3 a Server Core insta))ation o% Windows Server 2008 R2 su//orts t1e %o))owin3 server ro)esH

B Server Core insta))ation does not in")ude t1e traditiona) %u)) 3ra/1i"a) user inter%a"e' On"e ,ou 1ave "on%i3ured t1e server, ,ou "an #ana3e it )o"a)), at a "o##and /ro#/t or re#ote), usin3 a !er#ina) Server "onne"tion' Fou "an a)so #ana3e t1e server re#ote), usin3 t1e Conso)e . C0 or "o##and+)ine too)s t1at su//ort re#ote use'

Gene%its o% a Server Core insta))ation

!1e Server Core insta))ation o/tion o% Windows Server 2008 or Windows Server 2008 R2 /rovides t1e %o))owin3 $ene%itsH

$educed 'aintenance. Ge"ause t1e Server Core insta))ation o/tion insta))s on), w1at is required to 1ave a #ana3ea$)e server %or t1e su//orted ro)es, )ess #aintenan"e is required t1an on a %u)) insta))ation o% Windows Server 2008' $educed attac- surface. Ge"ause Server Core insta))ations are #ini#a), t1ere are %ewer a//)i"ations runnin3 on t1e server, w1i"1 de"reases t1e atta"7 sur%a"e' $educed 'ana3e'ent. Ge"ause %ewer a//)i"ations and servi"es are insta))ed on a server runnin3 t1e Server Core insta))ation, t1ere is )ess to #ana3e' 4ess dis- s ace re5uired. B Server Core insta))ation requires on), a$out &'4 3i3a$,tes .9G0 o% dis7 s/a"e to insta)) and a//ro>i#ate), & 9G %or o/erations a%ter t1e insta))ation'

How do you ro'ote a !erver "ore to D"2 In order to insta)) B"tive (ire"tor, (S on ,our server "ore #a"1ine ,ou wi)) need to /er%or# t1e %o))owin3 tas7sH

1' Con%i3ure an unattend te>t %i)e, "ontainin3 t1e instru"tions %or t1e (CPRO O /ro"ess' In t1is e>a#/)e ,ou wi)) "reate an additiona) (C %or a do#ain "a))ed /etri)a$')o"a)H

2' Con%i3ure t1e ri31t server "ore settin3s B%ter t1at ,ou need to #a7e sure t1e "ore #a"1ine is /ro/er), "on%i3ured' 1' 2' /)a"eH Per%or# an, "on%i3uration settin3 t1at ,ou require .tas7s su"1 as "1an3in3 "o#/uter na#e, "1an3in3 and "on%i3ure IP address, su$net #as7, de%au)t 3atewa,, (NS address, %irewa)) settin3s, "on%i3urin3 re#ote des7to/ and so on0' B%ter "1an3in3 t1e required server "on%i3uration, #a7e sure t1at %or t1e tas7 o% "reatin3 it as a (C @ ,ou 1ave t1e %o))owin3 require#ents in B /artition %or#atted wit1 N!?S .,ou s1ou)d, it6s a serverI0 B networ7 inter%a"e "ard, "on%i3ure /ro/er), wit1 t1e ri31t driver B networ7 "a$)e /)u33ed in !1e ri31t IP address, su$net #as7, de%au)t 3atewa, !1e ri31t (NS settin3, in #ost "ases, /ointin3 to an e>istin3 interna) (NS in ,our "or/orate networ7

Bnd #ost i#/ortant),, do not %or3etH &' Co/, t1e unattend %i)e to t1e server "ore #a"1ine Now ,ou need to "o/, t1e unattend %i)e %ro# w1erever ,ou6ve stored it' Fou "an run it %ro# a networ7 )o"ation $ut I /re%er to 1ave it )o"a)), on t1e "ore #a"1ine' Fou "an use t1e NE! USE "o##and on server "ore to #a/ to a networ7 /at1 and "o/, t1e %i)e to t1e )o"a) drive' Fou "an a)so use a re3u)ar server/wor7station to 3ra/1i"a)), a""ess t1e "ore6s CJ drive .%or e>a#/)e0 and "o/, t1e %i)e to t1at )o"ation' 2' Run t1e (CPRO O /ro"ess Ne>t ,ou need to #anua)), run (CPRO O' !o run t1e B"tive (ire"tor, (o#ain Servi"es Insta))ation Wi;ard in unattended #ode, use t1e %o))owin3 "o##and at a "o##and /ro#/tH ("/ro#o /unattend Re$oot t1e #a"1ine In order to re$oot t1e server "ore #a"1ine t,/e t1e %o))owin3 te>t in t1e "o##and /ro#/t and /ress Enter' s1utdown /r /t 0 What are $&D"s2 What are advanta3es2 B read+on), do#ain "ontro))er .RO(C0 is a new t,/e o% do#ain "ontro))er in t1e Windows ServerK 2008 o/eratin3 s,ste#' Wit1 an RO(C, or3ani;ations "an easi), de/)o, a do#ain "ontro))er in )o"ations w1ere /1,si"a) se"urit, "annot $e 3uaranteed' Bn RO(C 1osts read+on), /artitions o% t1e B"tive (ire"tor, (o#ain Servi"es .B( (S0 data$ase' Ge%ore t1e re)ease o% Windows Server 2008, i% users 1ad to aut1enti"ate wit1 a do#ain "ontro))er over a wide area networ7 .WBN0, t1ere was no rea) a)ternative' In #an, "ases, t1is was not an e%%i"ient so)ution' Gran"1 o%%i"es o%ten "annot /rovide t1e adequate /1,si"a) se"urit, t1at is required %or a writa$)e do#ain "ontro))er' ?urt1er#ore, $ran"1 o%%i"es o%ten 1ave /oor networ7 $andwidt1 w1en t1e, are "onne"ted to a 1u$ site' !1is "an in"rease t1e a#ount o% ti#e t1at is required to )o3 on' It "an a)so 1a#/er a""ess to networ7 resour"es' Ge3innin3 wit1 Windows Server 2008, an or3ani;ation "an de/)o, an RO(C to address t1ese /ro$)e#s' Bs a resu)t, users in t1is situation "an re"eive t1e %o))owin3 $ene%itsH

I#/roved se"urit, ?aster )o3on ti#es ore e%%i"ient a""ess to resour"es on t1e networ7

What does an $&D" do2

Inadequate /1,si"a) se"urit, is t1e #ost "o##on reason to "onsider de/)o,in3 an RO(C' Bn RO(C /rovides a wa, to de/)o, a do#ain "ontro))er #ore se"ure), in )o"ations t1at require %ast and re)ia$)e aut1enti"ation servi"es $ut "annot ensure /1,si"a) se"urit, %or a writa$)e do#ain "ontro))er' <owever, ,our or3ani;ation #a, a)so "1oose to de/)o, an RO(C %or s/e"ia) ad#inistrative require#ents' ?or e>a#/)e, a )ine+o%+$usiness .COG0 a//)i"ation #a, run su""ess%u)), on), i% it is insta))ed on a do#ain "ontro))er' Or, t1e do#ain "ontro))er #i31t $e t1e on), server in t1e $ran"1 o%%i"e, and it #a, 1ave to 1ost server a//)i"ations' In su"1 "ases, t1e COG a//)i"ation owner #ust o%ten )o3 on to t1e do#ain "ontro))er intera"tive), or use !er#ina) Servi"es to "on%i3ure and #ana3e t1e a//)i"ation' !1is situation "reates a se"urit, ris7 t1at #a, $e una""e/ta$)e on a writa$)e do#ain "ontro))er' Bn RO(C /rovides a #ore se"ure #e"1anis# %or de/)o,in3 a do#ain "ontro))er in t1is s"enario' Fou "an 3rant a non ad#inistrative do#ain user t1e ri31t to )o3 on to an RO(C w1i)e #ini#i;in3 t1e se"urit, ris7 to t1e B"tive (ire"tor, %orest' Fou #i31t a)so de/)o, an RO(C in ot1er s"enarios w1ere )o"a) stora3e o% a)) do#ain user /asswords is a /ri#ar, t1reat, %or e>a#/)e, in an e>tranet or a//)i"ation+%a"in3 ro)e' How do you install an $&D"2 1 a7e sure ,ou are a #e#$er o% (o#ain Bd#in 3rou/ 2' Ensure t1at t1e %orest %un"tiona) )eve) is Windows Server 200& or 1i31er &' Run ad/re/ /rod"/re/ &' Insta)) a writa$)e do#ain "ontro))er t1at runs Windows Server 2008 @ Bn RO(C #ust re/)i"ate do#ain u/dates %ro# a writa$)e do#ain "ontro))er t1at runs Windows Server 2008' Ge%ore ,ou insta)) an RO(C, $e sure to insta)) a writa$)e do#ain "ontro))er t1at runs Windows Server 2008 in t1e sa#e do#ain' !1e do#ain "ontro))er "an run eit1er a %u)) insta))ation or a Server Core insta))ation o% Windows Server 2008' In Windows Server 2008, t1e writa$)e do#ain "ontro))er does not 1ave to 1o)d t1e /ri#ar, do#ain "ontro))er .P(C0 e#u)ator o/erations #aster ro)e' 2' Fou "an insta)) an RO(C on eit1er a %u)) insta))ation o% Windows Server 2008 or on a Server Core insta))ation o% Windows Server 2008' ?o))ow t1e $e)ow ste/sH

C)i"7 !tart, t,/e dc ro'o, and t1en /ress EN!ER to start t1e B"tive (ire"tor, (o#ain Servi"es Insta))ation Wi;ard' On t1e "hoose a De loy'ent "onfi3uration /a3e, ")i"7 *6istin3 forest, ")i"7 .dd a do'ain controller to an e6istin3 do'ain On t1e ,etwor- "redentials /a3e, t,/e t1e na#e o% a do#ain in t1e %orest w1ere ,ou /)an to insta)) t1e RO(C' I% ne"essar,, a)so t,/e a user na#e and /assword %or a #e#$er o% t1e (o#ain Bd#ins 3rou/, and t1en ")i"7,e6t' Se)e"t t1e do#ain %or t1e RO(C, and t1en ")i"7 ,e6t' C)i"7 t1e B"tive (ire"tor, site %or t1e RO(C and ")i"7 ne>t Se)e"t t1e $ead7only do'ain controller "1e"7 $o>, as s1own in t1e %o))owin3 i))ustration' G, de%au)t, t1e D,! server "1e"7 $o> is a)so se)e"ted' !o run t1e (NS server on t1e RO(C, anot1er do#ain "ontro))er runnin3 Windows Server 2008 #ust $e runnin3 in t1e do#ain and 1ostin3 t1e (NS do#ain ;one' Bn B"tive (ire"tor,@inte3rated ;one on an RO(C is a)wa,s a read+on), "o/, o% t1e ;one %i)e' U/dates are sent to a (NS server in a 1u$ site instead o% $ein3 #ade )o"a)), on t1e RO(C'

!o use t1e de%au)t %o)ders t1at are s/e"i%ied %or t1e B"tive (ire"tor, data$ase, t1e )o3 %i)es, and SFS:OC, ")i"7,e6t' !,/e and t1en "on%ir# a (ire"tor, Servi"es Restore ode /assword, and t1en ")i"7 ,e6t' Con%ir# t1e in%or#ation t1at a//ears on t1e Su##ar, /a3e, and t1en ")i"7 ,e6t to start t1e B( (S insta))ation' Fou "an se)e"t t1e $eboot on co' letion "1e"7 $o> to #a7e t1e rest o% t1e insta))ation "o#/)ete auto#ati"a)),'

What is the 'ini'u' re5uire'ent to install Windows 2008 server2

8al- about all the .D7related roles in Windows !erver 20089$2.

B"tive (ire"tor, (o#ain Servi"es

B"tive (ire"tor, (o#ain Servi"es .B( (S0, %or#er), 7nown as B"tive (ire"tor, (ire"tor, Servi"es, is t1e "entra) )o"ation %or "on%i3uration in%or#ation, aut1enti"ation requests, and in%or#ation a$out a)) o% t1e o$De"ts t1at are stored wit1in ,our %orest' Usin3 B"tive (ire"tor,, ,ou "an e%%i"ient), #ana3e users, "o#/uters, 3rou/s, /rinters, a//)i"ations, and ot1er dire"tor,+ena$)ed o$De"ts %ro# one se"ure, "entra)i;ed )o"ation'

Gene%its

4ower costs o% #ana3in3 Windows networ7s' !i' lify identity 'ana3e'ent $, /rovidin3 a sin3)e view o% a)) user in%or#ation' :oost security wit1 t1e a$i)it, to ena$)e #u)ti/)e t,/es o% se"urit, #e"1anis#s wit1in a sin3)e networ7' ;' rove co' liance $, usin3 B"tive (ire"tor, as a /ri#ar, sour"e %or audit data'

B"tive (ire"tor, Ri31ts

ana3e#ent Servi"es
ana3e#ent Servi"es, a "o#/onent o% Windows

Four or3ani;ation6s inte))e"tua) /ro/ert, needs to $e sa%e and 1i31), se"ure' B"tive (ire"tor, Ri31ts

Server 2008, is avai)a$)e to 1e)/ #a7e sure t1at on), t1ose individua)s w1o need to view a %i)e "an do so' B( R S "an /rote"t a %i)e $, identi%,in3 t1e ri31ts t1at a user 1as to t1e %i)e' Ri31ts "an $e "on%i3ured to a))ow a user to o/en, #odi%,, /rint, %orward, or ta7e ot1er a"tions wit1 t1e ri31ts+#ana3ed in%or#ation' Wit1 B( R S, ,ou "an now sa%e3uard data w1en it is distri$uted outside o% ,our networ7'

B"tive (ire"tor, ?ederation Servi"es

B"tive (ire"tor, ?ederation Servi"es is a 1i31), se"ure, 1i31), e>tensi$)e, and Internet+s"a)a$)e identit, a""ess so)ution t1at a))ows or3ani;ations to aut1enti"ate users %ro# /artner or3ani;ations' Usin3 B( ?S in Windows Server 2008, ,ou "an si#/), and ver, se"ure), 3rant e>terna) users a""ess to ,our or3ani;ation6s do#ain resour"es' B( ?S "an a)so si#/)i%, inte3ration $etween untrusted resour"es and do#ain resour"es wit1in ,our own or3ani;ation'

B"tive (ire"tor, Certi%i"ate Servi"es

ost or3ani;ations use "erti%i"ates to /rove t1e identit, o% users or "o#/uters, as we)) as to en"r,/t data durin3 trans#ission a"ross unse"ured networ7 "onne"tions' B"tive (ire"tor, Certi%i"ate Servi"es .B( CS0 en1an"es se"urit, $, $indin3 t1e identit, o% a /erson, devi"e, or servi"e to t1eir own /rivate 7e,' Storin3 t1e "erti%i"ate and /rivate 7e, wit1in B"tive (ire"tor, 1e)/s se"ure), /rote"t t1e identit,, and B"tive (ire"tor, $e"o#es t1e "entra)i;ed )o"ation %or retrievin3 t1e a//ro/riate in%or#ation w1en an a//)i"ation /)a"es a request'

B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"es

B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"e .B( C(S0, %or#er), 7nown as B"tive (ire"tor, B//)i"ation ode, "an $e used to /rovide dire"tor, servi"es %or dire"tor,+ena$)ed a//)i"ations' Instead o% usin3 ,our or3ani;ation6s B( (S data$ase to store t1e dire"tor,+ena$)ed a//)i"ation data, B( C(S "an $e used to store t1e data' B( C(S "an $e used in "onDun"tion wit1 B( (S so t1at ,ou "an 1ave a "entra) )o"ation %or se"urit, a""ounts .B( (S0 and anot1er )o"ation to su//ort t1e a//)i"ation "on%i3uration and dire"tor, data .B( C(S0' Usin3 B( C(S, ,ou "an redu"e t1e over1ead asso"iated wit1 B"tive (ire"tor, re/)i"ation, ,ou do not 1ave to e>tend t1e B"tive (ire"tor, s"1e#a to su//ort t1e a//)i"ation, and ,ou "an /artition t1e dire"tor, stru"ture so t1at t1e B( C(S servi"e is on), de/)o,ed to t1e servers t1at need to su//ort t1e dire"tor,+ena$)ed a//)i"ation' What are the new Do'ain and <orest <unctional 4evels in Windows !erver 20089$22 Do'ain <unction 4evels !o a"tivate a new do#ain %un"tion )eve), a)) (Cs in t1e do#ain #ust $e runnin3 t1e ri31t o/eratin3 s,ste#' B%ter t1is require#ent is #et, t1e ad#inistrator "an raise t1e do#ain %un"tiona) )eve)' <ere6s a )ist o% t1e avai)a$)e do#ain %un"tion )eve)s avai)a$)e in Windows Server 2008H Windows 2000 ,ative =ode !1is is t1e de%au)t %un"tion )eve) %or new Windows Server 2008 B"tive (ire"tor, do#ains' !u orted Do'ain controllers @ Windows 2000, Windows Server 200&, Windows Server 2008' Windows !erver 2003 =ode !o a"tivate t1e new do#ain %eatures, a)) do#ain "ontro))ers in t1e do#ain #ust $e runnin3 Windows Server 200&' B%ter t1is require#ent is #et, t1e ad#inistrator "an raise t1e do#ain %un"tiona) )eve) to Windows Server 200&' !u !u orted Do'ain controllers @ Windows Server 200&, Windows Server 2008' orted Do'ain controllers @ Windows Server 2008' Windows !erver 2008 =ode Windows 2008 <orest function levels ?orest %un"tiona)it, a"tivates %eatures a"ross a)) t1e do#ains in ,our %orest' !o a"tivate a new %orest %un"tion )eve), a)) t1e do#ain in t1e %orest #ust $e runnin3 t1e ri31t o/eratin3 s,ste# and $e set to t1e ri31t do#ain %un"tion )eve)' B%ter t1is require#ent is #et, t1e ad#inistrator "an raise t1e %orest %un"tiona) )eve)' <ere6s a )ist o% t1e avai)a$)e %orest %un"tion )eve)s avai)a$)e in Windows Server 2008H Windows 2000 forest function level !1is is t1e de%au)t settin3 %or new Windows Server 2008 B"tive (ire"tor, %orests' !u orted Do'ain controllers in all do'ains in the forest @ Windows 2000, Windows Server 200&, Windows Server 2008' Windows !erver 2003 forest function level

!o a"tivate new %orest+wide %eatures, a)) do#ain "ontro))ers in t1e %orest #ust $e runnin3 Windows Server 200&' !u orted Do'ain controllers in all do'ains in the forest @ Windows Server 200&, Windows Server 2008' Windows !erver 2008 forest function level !o a"tivate new %orest+wide %eatures, a)) do#ain "ontro))ers in t1e %orest #ust $e runnin3 Windows Server 2008' !u orted Do'ain controllers in all do'ains in the forest @ Windows Server 2008' !o a"tivate t1e new do#ain %eatures, a)) do#ain "ontro))ers in t1e do#ain #ust $e runnin3 Windows Server 2008' B%ter t1is require#ent is #et, t1e ad#inistrator "an raise t1e do#ain %un"tiona) )eve) to Windows Server 2008' When a child do'ain is created in the do'ain tree> what ty e of trust relationshi e6ists between the new child do'ain and the trees root do'ain2 8ransitive and two way. 1tt/H//te"1net'#i"roso%t'"o#/en+us/)i$rar,/""8848&5L28WS'10L2M'as/> Which Windows !erver 2008 tools 'a-e it easy to 'ana3e and confi3ure a servers roles and features2 !1e Server ana3er window ena$)es ,ou to view t1e ro)es and %eatures insta))ed on a server and a)so to qui"7), a""ess t1e too)s used to #ana3e t1ese ana3er "an $e used to add and re#ove ro)es and %eatures as needed various ro)es and %eatures' !1e Server

What is WD!2 How is WD! confi3ured and 'ana3ed on a server runnin3 Windows !erver 20082 !1e Windows (e/)o,#ent Servi"es is t1e u/dated and redesi3ned version o% Re#ote Insta))ation Servi"es .RIS0' Windows (e/)o,#ent Servi"es ena$)es ,ou to de/)o, Windows o/eratin3 s,ste#s, /arti"u)ar), Windows :ista' Fou "an use it to set u/ new "o#/uters $, usin3 a networ7+$ased insta))ation' !1is #eans t1at ,ou do not 1ave to insta)) ea"1 o/eratin3 s,ste# dire"t), %ro# a C( or (:('

Gene%its o% Windows (e/)o,#ent Servi"es

Windows (e/)o,#ent Servi"es /rovides or3ani;ations wit1 t1e %o))owin3 $ene%itsH

B))ows networ7+$ased insta))ation o% Windows o/eratin3 s,ste#s, w1i"1 redu"es t1e "o#/)e>it, and "ost w1en "o#/ared to #anua) insta))ations' (e/)o,s Windows i#a3es to "o#/uters wit1out o/eratin3 s,ste#s' Su//orts #i>ed environ#ents t1at in")ude Windows :ista, i"roso%t Windows NP and i"roso%t Windows Server 200&' Gui)t on standard Windows :ista setu/ te"1no)o3ies in")udin3 Windows PE, 'wi# %i)es, and i#a3e+$ased setu/'

Prerequisites %or insta))in3 Windows (e/)o,#ent Servi"es

Four "o#/utin3 environ#ent #ust #eet t1e %o))owin3 te"1ni"a) require#ents to insta)) Windows (e/)o,#ent Servi"esH

.ctive Directory. B Windows (e/)o,#ent Servi"es server #ust $e eit1er a #e#$er o% an B"tive (ire"tor, do#ain or a do#ain "ontro))er %or an B"tive (ire"tor, do#ain' !1e B"tive (ire"tor, do#ain and %orest versions are irre)evantE a)) do#ain and %orest "on%i3urations su//ort Windows (e/)o,#ent Servi"es'

DH"/. Fou #ust 1ave a wor7in3 (,na#i" <ost Con%i3uration Proto"o) .(<CP0 server wit1 an a"tive s"o/e on t1e networ7 $e"ause Windows (e/)o,#ent Servi"es uses PNE, w1i"1 re)ies on (<CP %or IP addressin3' D,!. Fou #ust 1ave a wor7in3 (,na#i" Na#e Servi"es .(NS0 server on t1e networ7 to run Windows (e/)o,#ent Servi"es' .n ,8<! artition. !1e server runnin3 Windows (e/)o,#ent Servi"es requires an N!?S %i)e s,ste# vo)u#e %or t1e i#a3e store' "redentials. !o insta)) t1e ro)e, ,ou #ust $e a #e#$er o% t1e Co"a) Bd#inistrators 3rou/ on t1e Windows (e/)o,#ent Servi"es server' !o insta)) an i#a3e, ,ou #ust $e a #e#$er o% t1e (o#ain Users 3rou/' Windows !erver 2003 !/1 or !/2 with $;! installed. RIS does not 1ave to $e "on%i3ured, $ut #ust $e insta))ed'

1tt/H//te"1net'#i"roso%t'"o#/en+us/)i$rar,/""855&20L28WS'10L2M'as/>OGP PQ1 ,a'e so'e of the 'a?or chan3es in 1/& in Windows !erver 2008.

Cost savin3s t1rou31 /ower o/tions

In Windows Server 2008, a)) /ower o/tions 1ave $een 9rou/ Po)i", ena$)ed, /rovidin3 a /otentia)), si3ni%i"ant "ost savin3s' Contro))in3 /ower o/tions t1rou31 9rou/ Po)i", "ou)d save or3ani;ations a si3ni%i"ant a#ount o% #one,' Fou "an #odi%, s/e"i%i" /ower o/tions t1rou31 individua) 9rou/ Po)i", settin3s or $ui)d a "usto# /ower /)an t1at is de/)o,a$)e $, usin3 9rou/ Po)i",'

B$i)it, to $)o"7 devi"e insta))ation

In Windows Server 2008, ,ou "an "entra)), restri"t devi"es %ro# $ein3 insta))ed on "o#/uters in ,our or3ani;ation' Fou wi)) now $e a$)e to "reate /o)i", settin3s to "ontro) a""ess to devi"es su"1 as USG drives, C(+RW drives, (:(+RW drives, and ot1er re#ova$)e #edia'

I#/roved se"urit, settin3s

In Windows Server 2008, t1e %irewa)) and IPse" 9rou/ Po)i", settin3s are "o#$ined to a))ow ,ou to )evera3e t1e advanta3es o% $ot1 te"1no)o3ies, w1i)e e)i#inatin3 t1e need to "reate and #aintain du/)i"ate %un"tiona)it,' So#e s"enarios su//orted $, t1ese "o#$ined %irewa)) and IPse" /o)i", settin3s are se"ure server+to+server "o##uni"ations over t1e Internet, )i#itin3 a""ess to do#ain resour"es $ased on trust re)ations1i/s or 1ea)t1 o% a "o#/uter, and /rote"tin3 data "o##uni"ation to a s/e"i%i" server to #eet re3u)ator, require#ents %or data /riva", and se"urit,'

E>/anded Internet E>/)orer settin3s #ana3e#ent

In Windows Server 2008, ,ou "an o/en and edit Internet E>/)orer 9rou/ Po)i", settin3s wit1out t1e ris7 o% inadvertent), a)terin3 t1e state o% t1e /o)i", settin3 $ased on t1e "on%i3uration o% t1e ad#inistrative wor7station' !1is "1an3e re/)a"es ear)ier $e1avior in w1i"1 so#e Internet E>/)orer /o)i", settin3s wou)d "1an3e $ased on t1e /o)i", settin3s ena$)ed on t1e ad#inistrative wor7station used to view t1e settin3s

Printer assi3n#ent $ased on )o"ation

!1e a$i)it, to assi3n /rinters $ased on )o"ation in t1e or3ani;ation or a 3eo3ra/1i" )o"ation is a new %eature in Windows Server 2008' In Windows Server 2008, ,ou "an assi3n /rinters $ased on site )o"ation' W1en #o$i)e users #ove to a di%%erent )o"ation, 9rou/ Po)i", "an u/date t1eir /rinters %or t1e new )o"ation' o$i)e users returnin3 to t1eir /ri#ar, )o"ations see t1eir usua) de%au)t /rinters'

Printer driver insta))ation de)e3ated to users

In Windows Server 2008, ad#inistrators "an now de)e3ate to users t1e a$i)it, to insta)) /rinter drivers $, usin3 9rou/ Po)i",' !1is %eature 1e)/s to #aintain se"urit, $, )i#itin3 distri$ution o% ad#inistrative "redentia)s' What is the .D $ecycle :in2 How do you use it2 B"tive (ire"tor, Re",")e Gin 1e)/s #ini#i;e dire"tor, servi"e downti#e $, en1an"in3 ,our a$i)it, to /reserve and restore a""identa)), de)eted B"tive (ire"tor, o$De"ts wit1out restorin3 B"tive (ire"tor, data %ro# $a"7u/s, restartin3 B"tive (ire"tor, (o#ain Servi"es .B( (S0, or re$ootin3 do#ain "ontro))ers' W1en ,ou ena$)e B"tive (ire"tor, Re",")e Gin, a)) )in7+va)ued and non+)in7+va)ued attri$utes o% t1e de)eted B"tive (ire"tor, o$De"ts are /reserved and t1e o$De"ts are restored in t1eir entiret, to t1e sa#e "onsistent )o3i"a) state t1at t1e, were in i##ediate), $e%ore de)etion' ?or e>a#/)e, restored user a""ounts auto#ati"a)), re3ain a)) 3rou/ #e#$ers1i/s and "orres/ondin3 a""ess ri31ts t1at t1e, 1ad i##ediate), $e%ore de)etion, wit1in and a"ross do#ains' B"tive (ire"tor, Re",")e Gin is %un"tiona) %or $ot1 B( (S and B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"es .B( C(S0 environ#ents' G, de%au)t, B"tive (ire"tor, Re",")e Gin in Windows Server 2008 R2 is disa$)ed' !o ena$)e it, ,ou #ust %irst raise t1e %orest %un"tiona) )eve) o% ,our B( (S or B( C(S environ#ent to Windows Server 2008 R2, w1i"1 in turn requires a)) %orest do#ain "ontro))ers or a)) servers t1at 1ost instan"es o% B( C(S "on%i3uration sets to $e runnin3 Windows Server 2008 R2'

!o ena$)e B"tive (ire"tor, Re",")e Gin usin3 t1e Ena$)e+B(O/tiona)?eature "#d)et

1' 1' C)i"7 !tart, ")i"7 .d'inistrative 8ools, ri31t+")i"7 .ctive Directory =odule for Windows /ower!hell, and t1en ")i"7 $un as ad'inistrator' Bt t1e B"tive (ire"tor, #odu)e %or Windows PowerS1e)) "o##and /ro#/t, t,/e t1e %o))owin3 "o##and, and t1en /ress EN!ERH

Ena$)e+B(O/tiona)?eature +Identit, RB(O/tiona)?eatureS +S"o/e RB(O/tiona)?eatureS"o/eS +!ar3et RB(Entit,S ?or e>a#/)e, to ena$)e B"tive (ire"tor, Re",")e Gin %or "ontoso'"o#, t,/e t1e %o))owin3 "o##and, and t1en /ress EN!ERH Ena$)e+B(O/tiona)?eature @Identit, =CNTRe",")e Gin ?eature,CNTO/tiona) ?eatures,CNT(ire"tor, Servi"e,CNTWindows N!,CNTServi"es,CNTCon%i3uration,(CT"ontoso,(CT"o#6 @S"o/e ?orestOrCon%i3urationSet @!ar3et ="ontoso'"o#6 What are .D !na shots2 How do you use the'2 B sna/s1ot is a s1adow "o/,A"reated $, t1e :o)u#e S1adow Co/, Servi"e .:SS0Ao% t1e vo)u#es t1at "ontain t1e B"tive (ire"tor, data$ase and )o3 %i)es' Wit1 B"tive (ire"tor, sna/s1ots, ,ou "an view t1e data inside su"1 a sna/s1ot on a do#ain "ontro))er wit1out t1e need to start t1e server in (ire"tor, Servi"es Restore ode' Windows Server 2008 1as a new %eature a))owin3 ad#inistrators to "reate sna/s1ots o% t1e B"tive (ire"tor, data$ase %or o%%)ine use' Wit1 B( sna/s1ots ,ou "an #ount a $a"7u/ o% B( (S under a di%%erent set o% /orts and 1ave read+on), a""ess to ,our $a"7u/s t1rou31 C(BP' !1ere are quite a %ew s"enarios %or usin3 B( sna/s1ots' ?or e>a#/)e, i% so#eone 1as "1an3ed /ro/erties o% B( o$De"ts and ,ou need to revert to t1eir /revious va)ues, ,ou "an #ount a "o/, o% a /revious sna/s1ot to an a)ternate /ort and easi), e>/ort t1e required attri$utes %or ever, o$De"t t1at was "1an3ed' !1ese va)ues "an t1en $e i#/orted into t1e runnin3 instan"e o% B( (S' Fou "an a)so restore de)eted o$De"ts or si#/), view o$De"ts %or dia3nosti" /ur/oses' It does not a))ow ,ou to #ove or "o/, ite#s or in%or#ation %ro# t1e sna/s1ot to t1e )ive data$ase' In order to do t1at ,ou wi)) need to #anua)), e>/ort t1e re)evant o$De"ts or attri$utes %ro# t1e sna/s1ot, and #anua)), i#/ort t1e# $a"7 to t1e )ive B( data$ase' !te s for usin3 !na shot0 1. Create a snapshot: o/en C ('e>e, Ntdsuti), a"tivate instan"e ntds, sna/s1ot, "reate, )ist a))'

2. =ountin3 an .ctive Directory sna shot0 Ge%ore "onne"tin3 to t1e sna/s1ot we need to #ount it' G, )oo7in3 at t1e resu)ts o% t1e Cist B)) "o##and in a$ove ste/, identi%, t1e sna/s1ot t1at ,ou wis1 to #ount, and note t1e nu#$er ne>t to it' !,/e Ntdsuti), Sna/s1ot, Cist a)), t1e o$De"ts in t1ese sna/s1ots' ount 2' !1e sna/s1ot 3ets #ounted to "HUJSNBPQ200M012400&0Q:OCU ECJ' Now ,ou "an re%er t1is /at1 to see

3. "onnectin3 an .ctive Directory sna shot0 In order to "onne"t to t1e B( sna/s1ot ,ou6ve #ounted ,ou wi)) need to use t1e (SB BIN "o##and' (SB BIN is a "o##and+)ine too) t1at is $ui)t into Windows Server 2008' It is avai)a$)e i% ,ou 1ave t1e B"tive (ire"tor, (o#ain Servi"es .B( (S0 or B"tive (ire"tor, Ci31twei31t (ire"tor, Servi"es .B( C(S0 server ro)e insta))ed' B%ter usin3 (SB BIN to e>/ose t1e in%or#ation inside t1e B( sna/s1ot, ,ou "an use an, 9UI too) t1at "an "onne"t to t1e s/e"i%ied /ort, too)s su"1 as B"tive (ire"tor, Users and Co#/uters .(SB'#s"0, B(SIE(I!'#s", C(P'e>e or ot1ers' Fou "an a)so "onne"t to it $, usin3 "o##and )ine too)s su"1 as C(I?(E or CS:(E, too)s t1at a))ow ,ou to e>/ort in%or#ation %ro# t1at data$ase' dsa#ain +d$/at1 V "HUJSNBPQ200M012400&0Q:OCU ECJUWindowsUN!(SUntds'ditV +)da//ort 1028M

!1e a$ove "o##and wi)) a))ow ,ou to a""ess t1e data$ase usin3 /ort 1028M' Now ,ou "an use C(P'e>e too) to "onne"t to t1is #ounted instan"e'

@. Disconnectin3 fro' the .ctive Directory sna shot0 In order to dis"onne"t %ro# t1e B( sna/s1ot a)) ,ou need to do is to t,/e C!RCWC at t1e (SB BIN "o##and /ro#/t window' Fou6)) 3et a #essa3e indi"atin3 t1at t1e (S s1ut down su""ess%u)),'

%. An'ountin3 the sna shot0 Run "o##and, Ntdsuti), Sna/s1ot, Cist a)), Un#ount 2'

What is &ffline Do'ain Boin2 How do you use it2 Fou "an use o%%)ine do#ain Doin to Doin "o#/uters to a do#ain wit1out "onta"tin3 a do#ain "ontro))er over t1e networ7' Fou "an Doin "o#/uters to t1e do#ain w1en t1e, %irst start u/ a%ter an o/eratin3 s,ste# insta))ation' No additiona) restart is ne"essar, to "o#/)ete t1e do#ain Doin' !1is 1e)/s redu"e t1e ti#e and e%%ort required to "o#/)ete a )ar3e+s"a)e "o#/uter de/)o,#ent in /)a"es su"1 as data"enters' ?or e>a#/)e, an or3ani;ation #i31t need to de/)o, #an, virtua) #a"1ines wit1in a data"enter' O%%ine do#ain Doin #a7es it /ossi$)e %or t1e virtua) #a"1ines to $e Doined to t1e do#ain w1en t1e, initia)), start %o))owin3 t1e o/eratin3 s,ste# insta))ation' No additiona) restart is required to "o#/)ete t1e do#ain Doin' !1is "an si3ni%i"ant), redu"e t1e overa)) ti#e required %or wide+s"a)e virtua) #a"1ine de/)o,#ents' B do#ain Doin esta$)is1es a trust re)ations1i/ $etween a "o#/uter runnin3 a Windows o/eratin3 s,ste# and an B"tive (ire"tor, do#ain' !1is o/eration requires state "1an3es to B( (S and state "1an3es on t1e "o#/uter t1at is Doinin3 t1e do#ain' !o "o#/)ete a do#ain Doin in t1e /ast usin3 /revious Windows o/eratin3 s,ste#s, t1e "o#/uter t1at Doined t1e do#ain 1ad to $e runnin3 and it 1ad to 1ave networ7 "onne"tivit, to "onta"t a do#ain "ontro))er' O%%)ine do#ain Doin /rovides t1e %o))owin3 advanta3es over t1e /revious require#entsH

!1e B"tive (ire"tor, state "1an3es are "o#/)eted wit1out an, networ7 tra%%i" to t1e "o#/uter' !1e "o#/uter state "1an3es are "o#/)eted wit1out an, networ7 tra%%i" to a do#ain "ontro))er' Ea"1 set o% "1an3es "an $e "o#/)eted at a di%%erent ti#e'

1tt/H//te"1net'#i"roso%t'"o#/en+us/)i$rar,/o%%)ine+do#ain+Doin+dDoin+ste/+$,+ste/L28WS'10L2M'as/> What are <ine71rained /asswords2 How do you use the'2 Fou "an use %ine+3rained /assword /o)i"ies to s/e"i%, #u)ti/)e /assword /o)i"ies wit1in a sin3)e do#ain' Fou "an use %ine+3rained /assword /o)i"ies to a//), di%%erent restri"tions %or /assword and a""ount )o"7out /o)i"ies to di%%erent sets o% users in a do#ain' ?or e>a#/)e, ,ou "an a//), stri"ter settin3s to /rivi)e3ed a""ounts and )ess stri"t settin3s to t1e a""ounts o% ot1er users' In ot1er "ases, ,ou #i31t want to a//), a s/e"ia) /assword /o)i", %or a""ounts w1ose /asswords are s,n"1roni;ed wit1 ot1er data sour"es' 8al- about $estartable .ctive Directory Do'ain !ervices in Windows !erver 20089$2. What is this feature 3ood for2

Restarta$)e B( (S is a %eature in Windows Server 2008 t1at ,ou "an use to /er%or# routine #aintenan"e tas7s on a do#ain "ontro))er, su"1 as a//),in3 u/dates or /er%or#in3 o%%)ine de%ra3#entation, wit1out restartin3 t1e server' W1i)e B( (S is runnin3, a do#ain "ontro))er runnin3 Windows Server 2008 $e1aves t1e sa#e wa, as a do#ain "ontro))er runnin3 WindowsK 2000 Server or Windows Server 200&' W1i)e B( (S is sto//ed, ,ou "an "ontinue to )o3 on to t1e do#ain $, usin3 a do#ain a""ount i% ot1er do#ain "ontro))ers are avai)a$)e to servi"e t1e )o3on request' Fou "an a)so )o3 on to t1e do#ain wit1 a do#ain a""ount w1i)e t1e do#ain "ontro))er is started in (ire"tor, Servi"es Restore .(SR 0 i% ot1er do#ain "ontro))ers are avai)a$)e to servi"e t1e )o3on request' I% no ot1er do#ain "ontro))er is avai)a$)e, ,ou "an )o3 on to t1e do#ain "ontro))er w1ere B( (S is sto//ed in (ire"tor, Servi"es Restore on), $, usin3 t1e (SR B"tive (ire"tor,' ode .(SR 0 Bd#inistrator a""ount and /assword $, de%au)t, as in Windows 2000 Server B"tive (ire"tor, or Windows Server 200& ode i"roso%tK

Gene%its o% restarta$)e B( (S
Restarta$)e B( (S redu"es t1e ti#e t1at is required to /er%or# o%%)ine o/erations su"1 as o%%)ine de%ra3#entation' It a)so i#/roves t1e avai)a$i)it, o% ot1er servi"es t1at run on a do#ain "ontro))er $, 7ee/in3 t1e# runnin3 w1en B( (S is sto//ed' In "o#$ination wit1 t1e Server Core insta))ation o/tion o% Windows Server 2008, restarta$)e B( (S redu"es t1e overa)) servi"in3 require#ents o% a do#ain "ontro))er' In Windows 2000 Server B"tive (ire"tor, and Windows Server 200& B"tive (ire"tor,, ,ou #ust restart t1e do#ain "ontro))er in (SR w1en ,ou /er%or# o%%)ine de%ra3#entation o% t1e data$ase or a//), se"urit, u/dates' In "ontrast, ,ou "an sto/ Windows Server 2008 B( (S as ,ou sto/ ot1er servi"es t1at are runnin3 )o"a)), on t1e server' !1is #a7es it /ossi$)e to /er%or# o%%)ine B( (S o/erations #ore qui"7), t1an ,ou "ou)d wit1 Windows 2000 Server and Windows Server 200&' Fou "an use i"roso%t ana3e#ent Conso)e . C0 sna/+ins, or t1e Net'e>e "o##and+)ine too), to sto/ or restart B"tive (ire"tor,K (o#ain Servi"es .B( (S0 in t1e Windows ServerK 2008 o/eratin3 s,ste#' Fou "an sto/ B( (S to /er%or# tas7s, su"1 as o%%)ine de%ra3#entation o% t1e B( (S data$ase, wit1out restartin3 t1e do#ain "ontro))er' Ot1er servi"es t1at run on t1e server, $ut t1at do not de/end on B( (S to %un"tion, are avai)a$)e to servi"e ")ient requests w1i)e B( (S is sto//ed' Bn e>a#/)e o% su"1 a servi"e is (,na#i" <ost Con%i3uration Proto"o) .(<CP0

Windows 2008 Server Interview Xuestions Part II

OC!OGER 1M, 2011 2 CO EN!S

1. What are the ;' ortant Windows ort nu'bers0 R(P @ &&8M @ .windows rd/ /ort nu#$er and re#ote des7to/ /ort nu#$er0 ,?!P @ 21 @ .%i)e trans%er /roto"o)0 !?!P @ 5M @ . t%t/ /ort nu#$er 0 !e)net @ 2& @ . te)net /ort nu#$er0 ,S !P @ 24 @ . S !P /ort nu#$er0 (NS @ 4& @ . dns /ort nu#$er and (o#ain Na#e S,ste# /ort nu#$er0 (<CP @ 58 @ .(<CP /ort nu#$er and (,na#i" <ost Con%i3uration Proto"o) /ort nu#$er 0 POP& @ 110 @ . /ost o%%i"e Proto"o) & /ort 0 <!!P @ 80 @ .1tt/ /ort nu#$er0 <!!PS @ 22& @ .1tt/s /ort nu#$er0 NN!P @ 11M @ . Networ7 News !rans%er Proto"o) Port nu#$er 0 N!P @ 12& @ .nt/ /ort nu#$er and networ7 !i#e Proto"o) and SN!P /ort nu#$er 0 I BP @ 12& @ .Internet essa3e B""ess Proto"o) /ort nu#$er0 SS !P @ 254 @ . S !P Over SS) 0 SI BP @ MM& @ . I BP Over SSC 0 SPOP& @ MM4 @ . POPO Over SS C0 !i#e @ 12& @ . nt/ /ort nu#$er and networ7 !i#e Proto"o) and SN!P /ort nu#$er 0 NetGios @ 1&8 @ . Na#e Servi"e 0 NetGios @ 1&M @ . (ata3ra# Servi"e 0 (<CP C)ient @ 425 @ .(<CP C)ient /ort nu#$er0 (<CP Server @ 428 @ .(<CP Server /ort nu#$er0 9)o$a) Cata)o3 @ &258 @ .9)o$a) Cata)o3 /ort nu#$er0 C(BP @ &8M @ . C(BP /ort nu#$er and Ci31twei31t (ire"tor, B""ess Proto"o) /ort nu#$er 0 RPC @ 1&4 @ .re#ote /ro"edure "a)) Port nu#$er0 Per$eros @ 88 @ . Per$eros Port Nu#$er0 SS< @ 22 @ . ss1 /ort nu#$er and Se"ure S1e)) /ort nu#$er0 2. How to chec- to'bstone lifeti'e value in your <orest !o#$stone )i%eti#e va)ue di%%erent %ro# OS to OS, %or windows server 2000/200& it6s 50 da,s, In Windows Server 200& SP1, de%au)t to#$stone )i%eti#e .!SC0 va)ue 1as in"reased %ro# 50 da,s to 180 da,s, a3ain in Windows Server 200& R2 !SC va)ue 1as $een de"reased to 50 da,s, Windows Server

200& R2 SP2 and windows server 2008 it6s 180 da,s I% ,ou #i3ratin3 windows 200& environ#ent to windows 2008 t1en its 50 da,6s ,ou "an use t1e $e)ow "o##and to "1e"7/view t1e "urrent to#$stone )i%eti#e va)ue %or ,our (o#ain/?orest dsquer, Y Z"nTdire"tor, servi"e,"nTwindows nt,"nTservi"es,"nT"on%i3uration,d"TV @s"o/e $ase @attr to#$stone)i%eti#e Re/)a"e %orest(N wit1 ,our do#ain /artition (N, %or do#ainna#e'"o# t1e (N wou)d $e d"Tdo#ainna#e, d"T"o# Sour"eH 1tt/H//te"1net'#i"roso%t'"o#/en+us/)i$rar,/""882M&2.WS'100'as/> 3. How to find the do'ain controller that contains the lin3erin3 ob?ect ;f we enable !trict $e lication "onsistency Cin3erin3 o$De"ts are not /resent on do#ain "ontro))ers t1at )o3 Event I( 1M88' !1e sour"e do#ain "ontro))er "ontains t1e )in3erin3 o$De"t ;f we doesnCt enable !trict $e lication "onsistency Cin3erin3 o$De"ts are not /resent on do#ain "ontro))ers t1at )o3 Event I( 1&88' (o#ain "ontro))er t1at doesn6t )o3 Event I( 1&88 and t1at do#ain "ontro))er "ontain t1e )in3erin3 o$De"t Fou 1ave a 100 (o#ain "ontro))ers w1i"1 doesn6t ena$)e Stri"t Re/)i"ation Consisten",, t1en ,ou wi)) 3et t1e Event I( 1&88 on a)) t1e MM (o#ain "ontro))ers e>"e/t t1e one t1at "ontain t1e )in3erin3 o$De"t Need to Re#ove Cin3erin3 O$De"ts %ro# t1e a%%e"ted do#ain "ontro))er or de"o##ission t1e do#ain "ontro))er Fou "an use Event Co#$ too) .Event"o#$#t'e>e0 is a #u)ti+t1readed too) t1at "an $e used to 3at1er s/e"i%i" events %ro# t1e Event :iewer )o3s o% di%%erent "o#/uters at t1e sa#e ti#e' Fou "an down)oad t1ese too)s %ro# t1e %o))owin3 )o"ationH 1tt/H//www'#i"roso%t'"o#/down)oads/detai)s'as/>[?a#i),I(TMd258a5M+48%%+2ae8+M5ee+$18"28M0"%%d\(is/)a,Can3Ten @. What are .ctive Directory orts0 Cist o% B"tive (ire"tor, Ports %or B"tive (ire"tor, re/)i"ation and B"tive (ire"tor, aut1enti"ation, t1is /orts "an $e used to "on%i3ure t1e ?irewa)) .ctive Directory re lication7 !1ere is no de%ined /ort %or B"tive (ire"tor, re/)i"ation, B"tive (ire"tor, re/)i"ation re#ote /ro"edure "a))s .RPC0 o""ur d,na#i"a)), over an avai)a$)e /ort t1rou31 RPCSS .RPC End/oint avai)a$)e /ort $, usin3 RPCSS .RPC End/oint &ther re5uired orts for .ctive Directory !CP 4& @ (SN .(NS (own)oad0 U(P 4& @ (SN .(NS Xueries0 !CP 22+ WINS U(P 22+ WINS !CP &&8M+ R(P .Re#ote (es7to/0 !CP 1&4 @ S+RPC !CP 1024 \ 1025 @ B( Co3in \ re/)i"ation !CP &8M @ C(BP !CP 5&M @ C(BP over SSC/!CS !CP &258 +9)o$a) Cata)o3 !CP &258 @ 9)o$a) Cata)o3 over SSC/!SC U(P 1&8 \ 1&8 @ NetGIOS re)ated U(P 88 @ Per$eros v4 !CP 224 @ S G , !CP 1&M @ S G %. How to do active directory health chec-s2 Bs an ad#inistrator ,ou 1ave to "1e"7 ,our a"tive dire"tor, 1ea)t1 dai), to redu"e t1e a"tive dire"tor, re)ated issues, i% ,ou are not #onitorin3 t1e 1ea)t1 o% ,our a"tive dire"tor, w1at wi)) 1a//en Cet6s sa, one o% t1e (o#ain Contro))er %ai)ed to re/)i"ate, %irst da, ,ou wi)) not 1ave an, issue' I% t1is wi)) "ontinue t1en ,ou wi)) 1ave )o3in issue and ,ou wi)) not %ind t1e o$De"t "1an3e and new o$De"t, t1at6s "reated and "1an3ed in ot1er (o#ain Contro))er t1is wi)) )ead to ot1er issues I% t1e (o#ain Contro))er is not re/)i"ated #ore t1en 50 da,6s t1en it wi)) )ead to Cin3erin3 issue "o''and to chec- the re lication to all the D"Cs(throu3h this we can chec- .ctive Directory Health) Re/ad#in /re/)su# /$,sr" /$,dest /sortHde)ta i"roso%t+ds a//er 0 on /ort 1&4 a//er0 $, usin3 /ort 1&4 <ile $e lication !ervices (<$!)7 !1ere is no de%ined /ort %or ?RS, ?RS re/)i"ation over re#ote /ro"edure "a))s .RPCs0 o""urs d,na#i"a)), over an

Dou can also save the co''and out ut to te6t file> by usin3 the below co''and Re/ad#in /re/)su# /$,sr" /$,dest /sortHde)ta SS"HUre/)i"ationQre/ort't>t t1is wi)) )ist t1e do#ain "ontro))ers t1at are %ai)in3 to re/)i"ate wit1 t1e de)ta va)ue Fou "an dai), run t1is to "1e"7 ,our a"tive dire"tor, 1ea)t1 ). 1/$*!A48 falied with access denied error0 Una$)e to 3et t1e resu)t %ro# 3/resu)t on windows 200& server, 3/resu)t return wit1 t1e a""ess denied errors, ,ou "an a$)e to u/date t1e 3rou/ /o)i", wit1out issue Run t1e %o))owin3 "o##ands to re3ister t1e userenv'd)) and re"o#/i)e t1e rso/ #o% %i)e !o reso)ve t1e a""ess denied error w1i)e doin3 t1e 3/resu)t' 1' O/en a "#d 1' re+re3ister t1e userenv'd)) Re3svr&2 /n /I "HUwinntUs,ste#&2Uuserenv'd)) 2' C( "HUwindowsUs,ste#&2Uw$e# &' o%"o#/ s"erso/'#o% 2' 9/u/date /%or"e 4' 9/resu)t Now ,ou a$)e to run t1e 3/resu)t wit1out error and even server re$oot not required %or t1is /ro"edure +. What is the co''and to find out site na'e for 3iven D" ds5uery server ,DD"01 7site do#ain "ontro))er na#e T NF(C01 8. "o''and to find all D"s in the 3iven site Co##and to %ind a)) t1e (o#ain Contro))ers in t1e Z(e%au)t+?irst+Site+Na#eV site ds5uery server 7o rdn 7site Default7<irst7!ite7,a'e Site na#e T (e%au)t+?irst+Site+Na#e E. How 'any ty es of 5ueries D,! does2 Iterative Xuer, Re"ursive Xuer, ;terative Fuery In t1is quer, t1e ")ient as7 t1e na#e server %or t1e $est /ossi$)e answer, t1e na#e server "1e"7 t1e "a"1e and ;one %or w1i"1 it6s aut1oritative and returns t1e $est /ossi$)e answer to t1e ")ient, w1i"1 wou)d $e t1e %u)) answer )i7e IP address or tr, t1e ot1er na#e server $ecursive Fuery C)ient de#ands eit1er a %u)) answer or an error #essa3e .)i7e re"ord or do#ain na#e does not e>ist0 C)ient #a"1ine a)wa,s send re"ursive quer, to t1e (NS server, i% t1e (NS server does not 1ave t1e requested in%or#ation, (NS server send t1e iterative quer, to t1e ot1er na#e server .t1rou31 %orwarders or se"ondar, (NS server0 unti) it 3ets t1e in%or#ation, or unti) t1e na#e quer, %ai)s'

Windows Server 2008 B"tive (ire"tor, Interview Xuestions Part 1

OC!OGER 20, 2011 14 CO EN!S

C)i"7 <ere %or Windows Server 2008 Interview Xuestions Part 1 C)i"7 <ere %or Windows Server 2008 Interview Xuestions Part ii

F. What is .ctive Directory2

Active Directory is t1e dire"tor, servi"e used $, Windows 2000' B dire"tor, servi"e is a "entra)i;ed, 1ierar"1i"a) data$ase t1at "ontains in%or#ation a$out users and resour"es on a networ7' In Windows 2000, t1is data$ase is "a))ed t1e Active Directory data store' !1e B"tive (ire"tor, data store "ontains in%or#ation a$out various t,/es o% networ7 o$De"ts, in")udin3 /rinters, s1ared %o)ders, user a""ounts, 3rou/s, and "o#/uters' In a Windows 2000 do#ain, a read/write "o/, o% t1e B"tive (ire"tor, data store is /1,si"a)), )o"ated on ea"1 do#ain "ontro))er in t1e do#ain' 8hree ri'ary ur oses of .ctive Directory are0

] !o /rovide user )o3on and aut1enti"ation servi"es ] !o ena$)e ad#inistrators to or3ani;e and #ana3e user a""ounts 3rou/s, and networ7 resour"es ] !o ena$)e aut1ori;ed users to easi), )o"ate networ7 resour"es, re3ard)ess o% w1ere t1e, are )o"ated on t1e networ7

B directory service "onsists o% two /artsAa "entra)i;ed, 1ierar"1i"a) data$ase t1at "ontains in%or#ation a$out users and resour"es on a networ7, and a servi"e t1at #ana3es t1e data$ase and ena$)es users o% "o#/uters on t1e networ7 to a""ess t1e data$ase' In Windows 2008, t1e data$ase is "a))ed t1e B"tive (ire"tor, data store, or so#eti#es Dust t1e dire"tor,' !1e B"tive (ire"tor, data store "ontains in%or#ation a$out various t,/es o% networ7

o$De"ts, in")udin3 /rinters, s1ared %o)ders, user a""ounts, 3rou/s, and "o#/uters' Windows 2000 Server "o#/uters t1at 1ave a "o/, o% t1e B"tive (ire"tor, data store, and t1at run B"tive (ire"tor, are "a))ed domain controllers' In a Windows 2008 do#ain, a read/write "o/, o% t1e B"tive (ire"tor, data store is /1,si"a)), )o"ated on ea"1 do#ain "ontro))er in t1e do#ain'

F. What are the hysical co' onents of active directory2

4o3ical "o' onents of .ctive Directory In "reatin3 t1e 1ierar"1i"a) data$ase stru"ture o% B"tive (ire"tor,, i"roso%t %a"i)itated )o"atin3 resour"es su"1 as %o)ders and /rinters $, na#e rat1er t1an $, /1,si"a) )o"ation' !1ese lo3ical buildin3 bloc-s include do'ains> trees> forests> and &As. !1e /1,si"a) )o"ation o% o$De"ts wit1in B"tive (ire"tor, is re/resented $, in")udin3 a)) o$De"ts in a 3iven )o"ation in its own site' Ge"ause a do#ain is t1e $asi" unit on w1i"1 B"tive (ire"tor, is $ui)t, t1e do#ain is introdu"ed %irstE %o))owed $, trees and %orests .in w1i"1 do#ains are )o"ated0E and t1en OUs, w1i"1 are "ontainers )o"ated wit1in a do#ain' Do'ain0 B domain is a )o3i"a) 3rou/in3 o% networ7ed "o#/uters in w1i"1 one or #ore o% t1e "o#/uters 1as one or #ore s1ared resour"es, su"1 as a s1ared %o)der or a s1ared /rinter, and in w1i"1 a)) o% t1e "o#/uters s1are a "o##on "entra) do#ain dire"tor, data$ase t1at "ontains user a""ount se"urit, in%or#ation' One distin"t advanta3e o% usin3 a do#ain, /arti"u)ar), on a )ar3e networ7, is t1at ad#inistration o% user a""ount se"urit, %or t1e entire networ7 "an $e #ana3ed %ro# a "entra)i;ed )o"ation' In a do#ain, a user 1as on), one user a""ount, w1i"1 is stored in t1e do#ain dire"tor, data$ase' !1is user a""ount ena$)es t1e user to a""ess s1ared resour"es .t1at t1e user 1as /er#issions to a""ess0 )o"ated on an, "o#/uter in t1e do#ain B"tive (ire"tor, do#ains "an 1o)d #i))ions o% o$De"ts, as o//osed to t1e Windows N! do#ain stru"ture, w1i"1 was )i#ited to a//ro>i#ate), 20,000 o$De"ts' Bs in /revious versions o% B"tive (ire"tor,, t1e B"tive (ire"tor, data$ase %i)e .ntds'dit0 de%ines t1e do#ain' Ea"1 do#ain 1as its own ntds'dit %i)e, w1i"1 is stored on .and re/)i"ated a#on30 a)) do#ain "ontro))ers $, a /ro"ess "a))ed multimaster replication' !1e do#ain "ontro))ers #ana3e t1e "on%i3uration o% do#ain se"urit, and store t1e dire"tor, servi"es data$ase' !1is arran3e#ent /er#its "entra) ad#inistration o% do#ain a""ount /rivi)e3es, se"urit,, and networ7 resour"es' Networ7ed devi"es and users $e)on3in3 to a do#ain va)idate wit1 a do#ain "ontro))er at startu/' B)) "o#/uters t1at re%er to a s/e"i%i" set o% do#ain "ontro))ers #a7e u/ t1e do#ain' In addition, 3rou/ a""ounts su"1 as 3)o$a) 3rou/s and do#ain )o"a) 3rou/s are de%ined on a do#ain+wide $asis' 8rees B tree is a 3rou/ o% do#ains t1at s1ares a "onti3uous na#es/a"e' In ot1er words, a tree "onsists o% a /arent do#ain /)us one or #ore sets o% "1i)d do#ains w1ose na#e re%)e"ts t1at o% a /arent' ?or e>a#/)e, a /arent do#ain na#ed e>a#"ra#'"o# "an in")ude "1i)d do#ains wit1 na#es su"1 as /rodu"ts'e>a#"ra#'"o#, sa)es'e>a#"ra#'"o#, and #anu%a"turin3'e>a#"ra#'"o#' ?urt1er#ore, t1e tree stru"ture "an "ontain 3rand"1i)d do#ains su"1 as a#eri"a'sa)es'e>a#"ra#'"o# or euro/e'sa)es'e>a#"ra#'"o#, and so on, as s1own in ?i3ure 1+2' B do#ain "a))ed que'"o# wou)d not $e)on3 to t1e sa#e tree' ?o))owin3 t1e inverted tree "on"e/t ori3inated $, N'400, t1e tree is stru"tured wit1 t1e /arent do#ain at t1e to/ and "1i)d do#ains $eneat1 it' B)) do#ains in a tree are )in7ed wit1 two+wa,, transitive trust re)ations1i/sE in ot1er words, a""ounts in an, one do#ain "an a""ess resour"es in anot1er do#ain and vi"e versa'

<orests B forest is a 3rou/in3 or 1ierar"1i"a) arran3e#ent o% one or #ore se/arate, "o#/)ete), inde/endent do#ain trees' Bs su"1, %orests 1ave t1e %o))owin3 "1ara"teristi"sH

B)) do#ains in a %orest s1are a "o##on s"1e#a' B)) do#ains in a %orest s1are a "o##on 3)o$a) "ata)o3' B)) do#ains in a %orest are )in7ed $, i#/)i"it two+wa, transitive trusts'

!rees in a %orest 1ave di%%erent na#in3 stru"tures, a""ordin3 to t1eir do#ains' (o#ains in a %orest o/erate inde/endent),, $ut t1e %orest ena$)es "o##uni"ation a"ross t1e entire or3ani;ation'

&r3anizational Anit0 Bn or3ani;ationa) unit .OU0 is a "ontainer used to or3ani;e o$De"ts wit1in one do#ain into )o3i"a) ad#inistrative 3rou/s' Bn OU "an "ontain o$De"ts su"1 as user a""ounts, 3rou/s, "o#/uters, /rinters, a//)i"ations, s1ared %o)ders, and ot1er OUs %ro# t1e sa#e do#ain' OUs are re/resented $, a %o)der i"on wit1 a $oo7 inside' !1e (o#ain Contro))ers OU is "reated $, de%au)t w1en B"tive (ire"tor, is insta))ed to 1o)d new stru"tureAt1e OU stru"ture wit1in a do#ain is inde/endent o% t1e OU stru"tures o% ot1er do#ains' !1ere are t1ree reasons %or de%inin3 an OUH i"roso%t Windows Server 200& do#ain "ontro))ers' OUs "an $e added to ot1er OUs to %or# a 1ierar"1i"a) stru"tureE t1is /ro"ess is 7nown as nestin3 OUs' Ea"1 do#ain 1as its own OU

!o de)e3ate ad#inistration @ In t1e Windows Server 200& o/eratin3 s,ste#, ,ou "an de)e3ate ad#inistration %or t1e "ontents o% an OU .a)) users, "o#/uters, or resour"e o$De"ts in t1e OU0 $, 3rantin3 ad#inistrators s/e"i%i" /er#issions %or an OU on t1e OU6s a""ess "ontro) )ist' !o ad#inister 9rou/ Po)i", !o 1ide o$De"t

/hysical "o' onents of .ctive Directory !1ere are two /1,si"a) "o#/onents o% B"tive (ire"tor,H

(o#ain Contro))ers Sites

Do'ain "ontrollers Bn, server on w1i"1 ,ou 1ave insta))ed B"tive (ire"tor, is a domain controller' !1ese servers aut1enti"ate a)) users )o33in3 on to t1e do#ain in w1i"1 t1e, are )o"ated, and t1e, a)so serve as "enters %ro# w1i"1 ,ou "an ad#inister B"tive (ire"tor, in Windows Server 2008' B do#ain "ontro))er stores a "o#/)ete "o/, o% a)) o$De"ts "ontained wit1in t1e do#ain, /)us t1e s"1e#a and "on%i3uration in%or#ation re)evant to t1e %orest in w1i"1 t1e do#ain is )o"ated' Un)i7e Windows N!, t1ere are no /ri#ar, or $a"7u/ do#ain "ontro))ers' Si#i)ar to Windows 2000 and Windows Server 200&, a)) do#ain "ontro))ers 1o)d a #aster, edita$)e "o/, o% t1e B"tive (ire"tor, data$ase' Ever, do#ain #ust 1ave at )east one (C' B do#ain #a, 1ave #ore t1an one (CE 1avin3 #ore t1an one (C /rovides t1e %o))owin3 $ene%itsH

!ites

<ault tolerance0 I% one do#ain "ontro))er 3oes down, anot1er one is avai)a$)e to aut1enti"ate )o3on requests and )o"ate resour"es t1rou31 t1e dire"tor,' 4oad balancin30 B)) do#ain "ontro))ers wit1in a site /arti"i/ate equa)), in do#ain a"tivities, t1us s/readin3 out t1e )oad over severa) servers' !1is "on%i3uration o/ti#i;es t1e s/eed at w1i"1 requests are servi"ed'

G, "ontrast to t1e )o3i"a) 3rou/in3 o% B"tive (ire"tor, into %orests, trees, do#ains, and OUs,

i"roso%t in")udes t1e "on"e/t o% sites to 3rou/ to3et1er

resour"es wit1in a %orest a""ordin3 to t1eir /1,si"a) )o"ation and/or su$net' B siteis a set o% one or #ore IP su$nets, w1i"1 are "onne"ted $, a 1i31+ s/eed, a)wa,s avai)a$)e )o"a) area networ7 .CBN0 )in7' ?i3ure 1+4 s1ows an e>a#/)e wit1 two sites, one )o"ated in C1i"a3o and t1e ot1er in New For7' B site "an "ontain o$De"ts %ro# #ore t1an one tree or do#ain wit1in a sin3)e %orest, and individua) trees and do#ains "an en"o#/ass #ore t1an one site' !1e use o% sites ena$)es ,ou to "ontro) t1e re/)i"ation o% data wit1in t1e B"tive (ire"tor, data$ase as we)) as to a//), /o)i"ies to a)) users and "o#/uters or de)e3ate ad#inistrative "ontro) to t1ese o$De"ts wit1in a sin3)e /1,si"a) )o"ation' In addition, sites ena$)e users to $e aut1enti"ated $, do#ain "ontro))ers in t1e sa#e /1,si"a) )o"ation rat1er t1an a distant )o"ation as o%ten as /ossi$)e' Fou s1ou)d "on%i3ure a sin3)e site %or a)) wor7 )o"ations "onne"ted wit1in a 1i31+s/eed, a)wa,s avai)a$)e CBN )in7 and desi3nate additiona) sites %or )o"ations se/arated %ro# ea"1 ot1er $, a s)ower wide area networ7 .WBN0 )in7' Usin3 sites /er#its ,ou to "on%i3ure B"tive (ire"tor, re/)i"ation to ta7e advanta3e o% t1e 1i31+s/eed "onne"tion' It a)so ena$)es users to "onne"t to a do#ain "ontro))er usin3 a re)ia$)e, 1i31+s/eed "onne"tion'

F. What are the co' onents of .ctive Directory0

&b?ect0 Bn object is an, s/e"i%i" ite# t1at "an $e "ata)o3ed in B"tive (ire"tor,' E>a#/)es o% o$De"ts in")ude users, "o#/uters, /rinters, %o)ders, and %i)es' !1ese ite#s are ")assi%ied $, a distin"t set o% "1ara"teristi"s, 7nown asattributes' ?or e>a#/)e, a user "an $e "1ara"teri;ed $, t1e userna#e, %u)) na#e, te)e/1one nu#$er, e#ai) address, and so on' Note t1at, in 3enera), o$De"ts in t1e sa#e "ontainer 1ave t1e sa#e t,/es o% attri$utes $ut are "1ara"teri;ed $, di%%erent va)ues o% t1ese attri$utes' !1e B"tive (ire"tor, s"1e#a de%ines t1e e>tent o% attri$utes t1at "an $e s/e"i%ied %or an, o$De"t' "lasses !1e B"tive (ire"tor, servi"e, in turn, ")assi%ies o$De"ts into classes' !1ese ")asses are )o3i"a) 3rou/in3s o% si#i)ar o$De"ts, su"1 as users' Ea"1 ")ass is a series o% attri$utes t1at de%ine t1e "1ara"teristi"s o% t1e o$De"t' !che'as !1e schema is a set o% ru)es t1at de%ine t1e ")asses o% o$De"ts and t1eir attri$utes t1at "an $e "reated in B"tive (ire"tor,' It de%ines w1at attri$utes "an $e 1e)d $, o$De"ts o% various t,/es, w1i"1 o% t1e various ")asses "an e>ist, and w1at o$De"t ")ass "an $e a /arent o% t1e "urrent o$De"t ")ass' ?or e>a#/)e, t1e User ")ass "an "ontain user a""ount o$De"ts and /ossess attri$utes su"1 as /assword, 3rou/ #e#$ers1i/, 1o#e %o)der, and so on' W1en ,ou %irst insta)) B"tive (ire"tor, on a server, a de%au)t s"1e#a is "reated, "ontainin3 de%initions o% "o##on), used o$De"ts and /ro/erties su"1 as users, "o#/uters, and 3rou/s' !1is de%au)t s"1e#a a)so "ontains de%initions o% o$De"ts and /ro/erties needed %or t1e %un"tionin3 o% B"tive (ire"tor,' 1lobal catalo3 B global catalog server is a do#ain "ontro))er t1at 1as an additiona) dut,Ait #aintains a 3)o$a) "ata)o3' B 3)o$a) "ata)o3 is a #aster, sear"1a$)e data$ase t1at "ontains in%or#ation a$out ever, o$De"t in ever, do#ain in a %orest' !1e 3)o$a) "ata)o3 "ontains a "o#/)ete re/)i"a o% a)) o$De"ts in B"tive (ire"tor, %or its 1ost do#ain, and "ontains a /artia) re/)i"a o% a)) o$De"ts in B"tive (ire"tor, %or ever, ot1er do#ain in t1e %orest'

B 3)o$a) "ata)o3 server /er%or#s two i#/ortant %un"tionsH Provides 3rou/ #e#$ers1i/ in%or#ation durin3 )o3on and aut1enti"ation <e)/s users )o"ate resour"es in B"tive (ire"tor,

F. What are the rotocols used by .D2

Ge"ause B"tive (ire"tor, is $ased on standard dire"tor, a""ess /roto"o)s, su"1 as Ci31twei31t (ire"tor, B""ess Proto"o) .C(BP0 version &, and t1e Na#e Servi"e Provider Inter%a"e .NSPI0, it "an intero/erate wit1 ot1er dire"tor, servi"es e#/)o,in3 t1ese /roto"o)s' C(BP is t1e dire"tor, a""ess /roto"o) used to quer, and retrieve in%or#ation %ro# B"tive (ire"tor,' Ge"ause it is an industr,+standard dire"tor, servi"e /roto"o), /ro3ra#s "an $e deve)o/ed usin3 C(BP to s1are B"tive (ire"tor, in%or#ation wit1 ot1er dire"tor, servi"es t1at a)so su//ort C(BP' !1e NSPI /roto"o), w1i"1 is used $, dire"tor,' i"roso%t E>"1an3e 2'0 and 4'x ")ients, is su//orted $, B"tive (ire"tor, to /rovide "o#/ati$i)it, wit1 t1e E>"1an3e

F. =ini'u' re5uire'ent to install Win 2008 .D2

1' 2' &' 2' 4' 5' 8' 8' 1' 2' &' 2' 4' Bn N!?S /artition wit1 enou31 %ree s/a"e Bn Bd#inistrator6s userna#e and /assword !1e "orre"t o/eratin3 s,ste# version B NIC Pro/er), "on%i3ured !CP/IP .IP address, su$net #as7 and @ o/tiona) @ de%au)t 3atewa,0 B networ7 "onne"tion .to a 1u$ or to anot1er "o#/uter via a "rossover "a$)e0 Bn o/erationa) (NS server .w1i"1 "an $e insta))ed on t1e (C itse)%0 B (o#ain na#e t1at ,ou want to use (e%au)t "ontainersH !1ese are "reated auto#ati"a)), w1en t1e %irst do#ain is "reated' O/en .ctive Directory Asers and "o' uters, and t1en veri%, t1at t1e %o))owin3 "ontainers are /resentH "o' uters, Asers, and<orei3n!ecurity/rinci als' (e%au)t do#ain "ontro))ers or3ani;ationa) unitH O/en .ctive Directory Asers and "o' uters, and t1en veri%, t1is or3ani;ationa) unit' (e%au)t+?irst+Site+Na#e B"tive (ire"tor, data$aseH !1e B"tive (ire"tor, data$ase is ,our Ntds'dit %i)e' :eri%, its e>isten"e in t1e LS,ste#rootLUNtds %o)der' 9)o$a) "ata)o3 serverH !1e %irst do#ain "ontro))er $e"o#es a 3)o$a) "ata)o3 server, $, de%au)t' !o veri%, t1is ite#H a' C)i"7 !tart, /oint to /ro3ra's, ")i"7 .d'inistrative 8ools, and t1en ")i"7 .ctive Directory !ites and !ervices' $' (ou$)e+")i"7 !ites to e>/and it, e>/and !ervers, and t1en se)e"t ,our do#ain "ontro))er' "' (ou$)e+")i"7 t1e do#ain "ontro))er to e>/and t1e server "ontents' d' Ge)ow t1e server, an ,8D! !ettin3s o$De"t is dis/)a,ed' Ri31t+")i"7 t1e o$De"t, and t1en ")i"7 /ro erties' e' On t1e 1eneral ta$, ,ou "an o$serve a 3)o$a) "ata)o3 "1e"7 $o>, w1i"1 s1ou)d $e se)e"ted, $, de%au)t'

F. How do you verify whether the .D installation is ro er2

$oot do'ainH !1e %orest root is "reated w1en t1e %irst do#ain "ontro))er is insta))ed' :eri%, ,our "o#/uter networ7 identi%i"ation in =y "o' uter' !1e (o#ain Na#e S,ste# .(NS0 su%%i> o% ,our "o#/uter s1ou)d #at"1 t1e do#ain na#e t1at t1e do#ain "ontro))er $e)on3s to' B)so, ensure t1at ,our

"o#/uter re3isters t1e /ro/er "o#/uter ro)e' !o veri%, t1is ro)e, use t1e net accounts "o##and' !1e "o#/uter ro)e s1ou)d sa, Z/ri#ar,V or Z$a"7u/V de/endin3 on w1et1er it is t1e %irst do#ain "ontro))er in t1e do#ain' !hared syste' volu'eH B Windows 2000 do#ain "ontro))er s1ou)d 1ave a s1ared s,ste# vo)u#e )o"ated in t1e LS,ste#rootLUS,svo)US,svo) %o)der' !o veri%, t1is ite#, use t1e net share "o##and' !1e B"tive (ire"tor, a)so "reates two standard /o)i"ies durin3 t1e insta))ation /ro"essH !1e (e%au)t (o#ain /o)i", and t1e (e%au)t (o#ain Contro))ers /o)i", .)o"ated in t1e LS,ste#rootLUS,svo)U(o#ainUPo)i"ies %o)der0' !1ese /o)i"ies are dis/)a,ed as t1e %o))owin3 3)o$a)), unique identi%iers .9UI(s0H ^&1G2?&20+015(+11(2+M24?+00C02?GM82?M_ re/resentin3 t1e (e%au)t (o#ain /o)i", ^5BC1885C+015?+11(2+M24?+00C02%GM82?M_ re/resentin3 t1e (e%au)t (o#ain Contro))ers /o)i", !$V resource records0 Fou #ust 1ave a (NS server insta))ed and "on%i3ured %or B"tive (ire"tor, and t1e asso"iated ")ient so%tware to %un"tion "orre"t),' i"roso%t re"o##ends t1at ,ou use i"roso%t (NS server, w1i"1 is su//)ied wit1 Windows 2000 Server as ,our (NS server' <owever, ana3er i"roso%t ana3e#ent Conso)e . C0 sna/+in to veri%, t1at t1e i"roso%t (NS server is not required' !1e (NS server t1at ,ou use #ust su//ort t1e Servi"e Resour"e Re"ord .SR: RR0 Requests %or Co##ents .R?C0 2042, and t1e d,na#i" u/date /roto"o) .R?C 21&50' Use t1e (NS a//ro/riate ;ones and resour"e re"ords are "reated %or ea"1 (NS ;one' B"tive (ire"tor, "reates its SR: RRs in t1e %o))owin3 %o)dersH

Q sd"s/("/QSites/(e%au)t+%irst+site+na#e/Q!"/ Q sd"s/("/Q!"/ o Q7er$eros o Q)da/

In t1ese )o"ations, an SR: RR is dis/)a,ed %or t1e %o))owin3 servi"esH

F. What is 4D./2
S1ort %or Lightweight Directory Access Protocol, a set o% /roto"o)s %or a""essin3 in%or#ation dire"tories' C(BP is $ased on t1e standards "ontained wit1in t1e N'400 standard, $ut is si3ni%i"ant), si#/)er' Bnd un)i7e N'400, C(BP su//orts !CP/IP, w1i"1 is ne"essar, %or an, t,/e o% Internet a""ess' Ge"ause it6s a si#/)er version o% N'400, C(BP is so#eti#es "a))ed X.500 lite.

F. What is <$! (<ile re lication services)2

!1e ?i)e Re/)i"ation Servi"e .?RS0 re/)i"ates s/e"i%i" %i)es usin3 t1e sa#e #u)ti+#aster #ode) t1at B"tive (ire"tor, uses' It is used $, t1e (istri$uted ?i)e S,ste# %or re/)i"ation o% (?S trees t1at are desi3nated as do#ain root re/)i"as' It is a)so used $, B"tive (ire"tor, to s,n"1roni;e "ontent o% t1e SFS:OC vo)u#e auto#ati"a)), a"ross do#ain "ontro))ers' !1e reason t1e ?RS servi"e re/)i"ates "ontents o% t1e SFS:OC %o)der is so ")ients wi)) a)wa,s 3et a "onsistent )o3on environ#ent w1en )o33in3 on to t1e do#ain, no #atter w1i"1 do#ain "ontro))er a"tua)), 1and)es t1e request' W1en a ")ient su$#its a )o3on request, 1e or s1e su$#its t1at request %or aut1enti"ation to t1e SFS:OC dire"tor,' B su$%o)der o% t1is dire"tor,, "a))ed Us"ri/ts, is s1ared on t1e networ7 as t1e net)o3on s1are' Bn, )o3on s"ri/ts "ontained in t1e net)o3on s1are are /ro"essed at )o3on ti#e' !1ere%ore, t1e ?RS is res/onsi$)e %or a)) do#ain "ontro))ers /rovidin3 t1e sa#e )o3on dire"tor, stru"ture to ")ients t1rou31out t1e do#ain'

F. "an you connect .ctive Directory to other 3rd7 arty Directory !ervices2 ,a'e a few o tions.
Fes ,ou "an Conne"t B"tive (ire"tor, to ot1er &rd +/art, (ire"tor, Servi"es su"1 as di"tonaries used $, SBP, (o#ino et" wit1 t1e 1e)/ o% . i"roso%t Identit, Inte3ration Server 0 ,ou "an use dirN C or C(BP to "onne"t to ot1er dire"tories .ie' E+dire"tor, %ro# Nove))0' IIS

F. Where is the .D database held2 What other folders are related to .D2
B( (ata$ase is saved in Ls,ste#rootL/ntds' Fou "an see ot1er %i)es a)so in t1is %o)der' !1ese are t1e #ain %i)es "ontro))in3 t1e B( stru"ture

ntds'dit ed$')o3 res1')o3 res2')o3 ed$'"17

W1en a "1an3e is #ade to t1e Win2P data$ase, tri33erin3 a write o/eration, Win2P re"ords t1e transa"tion in t1e )o3 %i)e .ed$')o30' On"e written to t1e )o3 %i)e, t1e "1an3e is t1en written to t1e B( data$ase' S,ste# /er%or#an"e deter#ines 1ow %ast t1e s,ste# writes t1e data to t1e B( data$ase %ro# t1e )o3 %i)e' Bn, ti#e t1e s,ste# is s1ut down, a)) transa"tions are saved to t1e data$ase' (urin3 t1e insta))ation o% B(, Windows "reates two %i)esH res1')o3 and res2')o3' !1e initia) si;e o% ea"1 is 10 G' !1ese %i)es are used to ensure t1at "1an3es "an $e written to dis7 s1ou)d t1e s,ste# run out o% %ree dis7 s/a"e' !1e "1e"7/oint %i)e .ed$'"170 re"ords transa"tions "o##itted to t1e B( data$ase .ntds'dit0' (urin3 s1utdown, a Zs1utdownV state#ent is written to t1e ed$'"17 %i)e' !1en, durin3 a re$oot, B( deter#ines t1at a)) transa"tions in t1e ed$')o3 %i)e 1ave $een "o##itted to t1e B( data$ase' I%, %or so#e reason, t1e ed$'"17 %i)e doesn6t e>ist on re$oot or t1e s1utdown state#ent isn6t /resent, B( wi)) use t1e ed$')o3 %i)e to u/date t1e B( data$ase' !1e )ast %i)e in our )ist o% %i)es to 7now is t1e B( data$ase itse)%, ntds'dit' G, de%au)t, t1e %i)e is )o"ated inUN!(S, a)on3 wit1 t1e ot1er %i)es we6ve dis"ussed'

F. What is the !D!V&4 folder2

!1e SFS:OC %o)der is "riti"a) $e"ause it "ontains t1e do#ain6s /u$)i" %i)es' !1is dire"tor, is s1ared out .as SFS:OC0, and an, %i)es 7e/t in t1e SFS:OC %o)der are re/)i"ated to a)) ot1er do#ain "ontro))ers in t1e do#ain usin3 t1e ?i)e Re/)i"ation Servi"e .?RS0Aand ,es, t1at6s i#/ortant to 7now on t1e e>a#' 8he !D!V&4 folder also contains the followin3 ite's0

!1e NE!CO9ON s1are, w1i"1 is t1e )o"ation w1ere do#ain )o3on requests are su$#itted %or /ro"essin3, and w1ere )o3on s"ri/ts "an $e stored %or ")ient /ro"essin3 at )o3on ti#e' Windows 9rou/ Po)i"ies ?RS %o)ders and %i)es t1at #ust $e avai)a$)e and s,n"1roni;ed $etween do#ain "ontro))ers i% t1e ?RS is in use' (istri$uted ?i)e S,ste# .(?S0, %or e>a#/)e, uses t1e ?RS to 7ee/ s1ared data "onsistent $etween re/)i"as'

Fou "an 3o to SFS:OC %o)der $, t,/in3 H Ls,ste#rootL/s,svo) on (C'

F. ,a'e the .D ,"s and re lication issues for each ,"

YS"1e#a NC, YCon%i3uration NC, Y (o#ain NC !che'a ,"0 !1is NC is re/)i"ated to ever, ot1er do#ain "ontro))er in t1e %orest' It "ontains in%or#ation a$out t1e B"tive (ire"tor, s"1e#a, w1i"1 in turn de%ines t1e di%%erent o$De"t ")asses and attri$utes wit1in B"tive (ire"tor,' "onfi3uration ,"0 B)so re/)i"ated to ever, ot1er (C in t1e %orest, t1is NC "ontains %orest+wide "on%i3uration in%or#ation /ertainin3 to t1e /1,si"a) )a,out o% B"tive (ire"tor,, as we)) as in%or#ation a$out dis/)a, s/e"i%iers and %orest+wide B"tive (ire"tor, quotas' Do'ain ,"0 !1is NC is re/)i"ated to ever, ot1er (C wit1in a sin3)e B"tive (ire"tor, do#ain' !1is is t1e NC t1at "ontains t1e #ost "o##on),+a""essed B"tive (ire"tor, dataH t1e a"tua) users, 3rou/s, "o#/uters, and ot1er o$De"ts t1at reside wit1in a /arti"u)ar B"tive (ire"tor, do#ain'

F. What are a

lication artitions2 When do ; use the'2

B10 B//)i"ation (ire"tor, Partition is a /artition s/a"e in B"tive (ire"tor, w1i"1 an a//)i"ation "an use to store t1at a//)i"ation s/e"i%i" data' !1is /artition is t1en re/)i"ated on), to so#e s/e"i%i" do#ain "ontro))ers' !1e a//)i"ation dire"tor, /artition "an "ontain an, t,/e o% data e>"e/t se"urit, /rin"i/)es .users, "o#/uters, 3rou/s0' YYB20 !1ese are s/e"i%i" to Windows Server 200& do#ains' Bn a//)i"ation dire"tor, /artition is a dire"tor, /artition t1at is re/)i"ated on), to s/e"i%i" do#ain "ontro))ers' B do#ain "ontro))er t1at /arti"i/ates in t1e re/)i"ation o% a /arti"u)ar a//)i"ation dire"tor, /artition 1osts a re/)i"a o% t1at /artition' On), do#ain "ontro))ers runnin3 Windows Server 200& "an 1ost a re/)i"a o% an a//)i"ation dire"tor, /artition'

F. How do you create a new a

lication artition2

!1e (nsC#d "o##and is used to "reate a new a//)i"ation dire"tor, /artition' E>' to "reate a /artition na#ed ZNewPartitionV on t1e do#ain "ontro))er (C1'"ontoso'"o#, )o3 on to t1e do#ain "ontro))er and t,/e %o))owin3 "o##and' (nsC#d (C1/"reatedire"tor,/artition NewPartition'"ontoso'"o#

F. How do you view re lication ro erties for .D artitions and D"s2

G, usin3 re/)i"ation #onitor 3o to start S run S t,/e re l'on

F. What is the 1lobal "atalo32

!1e global catalog is t1e "entra) re/ositor, o% in%or#ation a$out o$De"ts in a tree or %orest' G, de%au)t, a 3)o$a) "ata)o3 is "reated auto#ati"a)), on t1e initia) do#ain "ontro))er in t1e %irst do#ain in t1e %orest' B do#ain "ontro))er t1at 1o)ds a "o/, o% t1e 3)o$a) "ata)o3 is "a))ed a global catalog server' Fou "an desi3nate an, do#ain "ontro))er in t1e %orest as a 3)o$a) "ata)o3 server' B"tive (ire"tor, uses #u)ti#aster re/)i"ation to re/)i"ate t1e 3)o$a) "ata)o3 in%or#ation $etween 3)o$a) "ata)o3 servers in ot1er do#ains' It stores a %u)) re/)i"a o% a)) o$De"t attri$utes in t1e dire"tor, %or its 1ost do#ain and a /artia) re/)i"a o% a)) o$De"t attri$utes "ontained in t1e dire"tor, %or ever, do#ain in t1e %orest' !1e /artia) re/)i"a stores attri$utes #ost %requent), used in sear"1 o/erations .su"1 as a user6s %irst and )ast na#es, )o3on na#e, and so on0' Bttri$utes are #ar7ed or un#ar7ed %or re/)i"ation in t1e 3)o$a) "ata)o3 w1en t1e, are de%ined in t1e B"tive (ire"tor, s"1e#a' O$De"t attri$utes re/)i"ated to t1e 3)o$a) "ata)o3 in1erit t1e sa#e /er#issions as in sour"e do#ains, ensurin3 t1at data in t1e 3)o$a) "ata)o3 is se"ure' Bnot1er (e%inition o% 9)o$a) Cata)o3H 1lobal "atalo3 !erver B global catalog server is a do#ain "ontro))er t1at 1as an additiona) dut,Ait #aintains a 3)o$a) "ata)o3' B 3)o$a) "ata)o3 is a #aster, sear"1a$)e data$ase t1at "ontains in%or#ation a$out ever, o$De"t in ever, do#ain in a %orest' !1e 3)o$a) "ata)o3 "ontains a "o#/)ete re/)i"a o% a)) o$De"ts in B"tive (ire"tor, %or its 1ost do#ain, and "ontains a /artia) re/)i"a o% a)) o$De"ts in B"tive (ire"tor, %or ever, ot1er do#ain in t1e %orest'

B 3)o$a) "ata)o3 server /er%or#s two i#/ortant %un"tionsH Provides 3rou/ #e#$ers1i/ in%or#ation durin3 )o3on and aut1enti"ation <e)/s users )o"ate resour"es in B"tive (ire"tor,

F. What is sche'a2

!1e B"tive (ire"tor, s"1e#a de%ines o$De"ts t1at "an $e stored in B"tive (ire"tor,' !1e schema is a )ist o% de%initions t1at deter#ines t1e 7inds o% o$De"ts and t1e t,/es o% in%or#ation a$out t1ose o$De"ts t1at "an $e stored in B"tive (ire"tor,' Ge"ause t1e s"1e#a de%initions t1e#se)ves are stored as o$De"ts, t1e, "an $e ad#inistered in t1e sa#e #anner as t1e rest o% t1e o$De"ts in B"tive (ire"tor,' !1e s"1e#a is de%ined $, two t,/es o% o$De"tsH s"1e#a ")ass o$De"ts .a)so re%erred to as s"1e#a ")asses0 and s"1e#a attri$ute o$De"ts .a)so re%erred to as s"1e#a attri$utes0'

F. 1" and infrastructure 'aster should not be on sa'e server> why2

Un)ess ,our do#ain "onsists o% on), one do#ain "ontro))er, the infrastructure 'aster should not be assi3ned to a do'ain controller thatCs also a 1lobal "atalo3 server' I% t1e in%rastru"ture #aster and 9)o$a) Cata)o3 are stored on t1e sa#e do#ain "ontro))er, t1e in%rastru"ture #aster wi)) not %un"tion $e"ause it wi)) never %ind data t1at is out o% date' It t1ere%ore won6t ever re/)i"ate "1an3es to t1e ot1er do#ain "ontro))ers in t1e do#ain' !1ere are two e>"e/tionsH

9)o$a) Cata)o3'

I% a)) ,our do#ain "ontro))ers are 9)o$a) Cata)o3 servers, it won6t #atter $e"ause a)) servers wi)) 1ave t1e )atest "1an3es to t1e I% ,ou are i#/)e#entin3 a sin3)e B"tive (ire"tor, do#ain, no ot1er do#ains e>ist in t1e %orest to 7ee/ tra"7 o%, so in e%%e"t, t1e in%rastru"ture #aster is out o% a Do$

F. Why not 'a-e all D"s in a lar3e forest as 1"s2

W1en a)) t1e (C $e"o#e a 9C re/)i"ation tra%%i" wi)) 3et in"reased and we "ou)d not 7ee/ t1e In%rastru"ture #aster and 9C on t1e sa#e do#ain ,so at)ease one d" s1ou)d $e a"t wit1out 1o)din3 t1e 9C ro)e '

F. 8ryin3 to loo- at the !che'a> how can ; do that2

Re3ister t1e s"1##3#t'd)) wit1 t1e "o##and re3svr&2

F. What are the !u

ort 8ools2 Why do ; need the'2

Su//ort !oo)s are t1e too)s t1at are used %or /er%or#in3 t1e "o#/)i"ated tas7s easi),' !1ese "an a)so $e t1e t1ird /art, too)s' So#e o% t1e Su//ort too)s in")ude (e$u3:iewer, (e/enden",:iewer, Re3istr, onitor, et"'

F. What is 4D/2 What is $*/4=&,2 What is .D!;*D;82 What is ,*8D&=2 What is $*/.D=;,2
4D/ @ Ca$e) (istri$ution Proto"o) .C(P0 is o%ten used to esta$)is1 PCS CSPs w1en tra%%i" en3ineerin3 is not required' It esta$)is1es CSPs t1at %o))ow t1e e>istin3 IP routin3, and is /arti"u)ar), we)) suited %or esta$)is1in3 a %u)) #es1 o% CSPs $etween a)) o% t1e routers on t1e networ7' $e l'on @ Re/)#on dis/)a,s in%or#ation a$out B"tive (ire"tor, Re/)i"ation' .D!;*D;8 @ B(SIEdit is a i"roso%t ana3e#ent Conso)e . C0 sna/+in t1at a"ts as a )ow+)eve) editor %or B"tive (ire"tor,' It is a 9ra/1i"a) User Inter%a"e .9UI0 too)' Networ7 ad#inistrators "an use it %or "o##on ad#inistrative tas7s su"1 as addin3, de)etin3, and #ovin3 o$De"ts wit1 a dire"tor, servi"e' !1e attri$utes %or ea"1 o$De"t "an $e edited or de)eted $, usin3 t1is too)' B(SIEdit uses t1e B(SI a//)i"ation /ro3ra##in3 inter%a"es .BPIs0 to a""ess B"tive (ire"tor,' !1e %o))owin3 are t1e required %i)es %or usin3 t1is too)H B(SIE(I!'(CC B(SIE(I!' SC ,*8D&= + NE!(O is a "o##and+)ine too) t1at a))ows #ana3e#ent o% Windows do#ains and trust re)ations1i/s' It is used %or $at"1 #ana3e#ent o% trusts, Doinin3 "o#/uters to do#ains, veri%,in3 trusts, and se"ure "1anne)s' $*/.D=;, @ REPB( IN is a $ui)t+in Windows dia3nosti" "o##and+)ine uti)it, t1at wor7s at t1e B"tive (ire"tor, )eve)' B)t1ou31 s/e"i%i" to Windows, it is a)so use%u) %or dia3nosin3 so#e E>"1an3e re/)i"ation /ro$)e#s, sin"e E>"1an3e Server is B"tive (ire"tor, $ased' REPB( IN doesn6t a"tua)), %i> re/)i"ation /ro$)e#s %or ,ou' Gut, ,ou "an use it to 1e)/ deter#ine t1e sour"e o% a #a)%un"tion'

F. What are the ,a'in3 "onventions used in .D2

Wit1in B"tive (ire"tor,, ea"1 o$De"t 1as a na#e' W1en ,ou "reate an o$De"t in B"tive (ire"tor,, su"1 as a user or a "o#/uter, ,ou assi3n t1e o$De"t a na#e' !1is na#e #ust $e unique wit1in t1e do#ainA,ou "an6t assi3n an o$De"t t1e sa#e na#e as an, ot1er o$De"t .re3ard)ess o% its t,/e0 in t1at do#ain' Bt t1e sa#e ti#e t1at ,ou "reate an o$De"t, not on), do ,ou assi3n a na#e to t1e o$De"t, $ut B"tive (ire"tor, a)so assi3ns identi%iers to t1e o$De"t' B"tive (ire"tor, assi3ns ever, o$De"t a 3)o$a)), unique identi%ier .9UI(0, and assi3ns #an, o$De"ts a se"urit, identi%ier .SI(0' B !"#D is t,/i"a)), a &2+di3it 1e>ade"i#a) nu#$er t1at unique), identi%ies an o$De"t wit1in B"tive (ire"tor,' B $#D is a unique nu#$er "reated $, t1e Windows 2000 Se"urit, su$s,ste# t1at is assi3ned on), to security principal objects .users, 3rou/s, and "o#/uters0 w1en t1e, are "reated'Windows 2000 uses SI(s to 3rant or den, a se"urit, /rin"i/a) o$De"t a""ess to ot1er o$De"ts and networ7 resour"es' B"tive (ire"tor, uses a 1ierar"1i"a) na#in3 "onvention t1at is $ased on Ci31twei31t (ire"tor, B""ess Proto"o) .C(BP0 and (NS standards' &b?ects in .ctive Directory can be referenced by usin3 one of three .ctive Directory na'e ty es0

Re)ative distin3uis1ed na#e .R(N0 (istin3uis1ed na#e .(N0 User /rin"i/a) na#e .UPN0

. relative distinguished name .R(N0 is t1e na#e t1at is assi3ned to t1e o$De"t $, t1e ad#inistrator w1en t1e o$De"t is "reated' ?or e>a#/)e, w1en I "reate a user na#ed B)anC, t1e R(N o% t1at user is B)anC' !1e R(N on), identi%ies an o$De"tAit doesn6t identi%, t1e o$De"t6s )o"ation wit1in B"tive (ire"tor,' !1e R(N is t1e si#/)est o% t1e t1ree B"tive (ire"tor, na#e t,/es, and is so#eti#es "a))ed t1e "o##on na#e o% t1e o$De"t'

. distinguished name (D,) "onsists o% an o$De"t6s R(N, /)us t1e o$De"t6s )o"ation in B"tive (ire"tor,' !1e (N su//)ies t1e "o#/)ete /at1 to t1e o$De"t' Bn o$De"t6s (N in")udes its R(N, t1e na#e o% t1e or3ani;ationa) unit.s0 t1at "ontains t1e o$De"t .i% an,0, and t1e ?X(N o% t1e do#ain' ?or e>a#/)e, su//ose t1at I "reate a user na#ed B)anC in an or3ani;ationa) unit "a))ed US in a do#ain na#ed E>/ortsin"'"o#' !1e (N o% t1is user wou)d $eHB)anC`US'E>/ortsin"'"o# . user principal name (A/,) is a s1ortened version o% t1e (N t1at is t,/i"a)), used %or )o3on and e+#ai) /ur/oses' B UPN "onsists o% t1e R(N /)us t1e ?X(N o% t1e do#ain' Usin3 #, /revious e>a#/)e, t1e UPN %or t1e user na#ed B)anC wou)d $eH B)anC`E>/ortsin"'"o# Bnot1er wa, ,ou "an t1in7 o% a UPN is as a (N stri//ed o% a)) or3ani;ationa) unit re%eren"es'

F. What are sites2 What are they used for2

B site "onsists o% one or #ore !CP/IP su$nets, w1i"1 are s/e"i%ied $, an ad#inistrator' Bdditiona)),, i% a site "ontains #ore t1an one su$net, t1e su$nets s1ou)d $e "onne"ted $, 1i31+s/eed, re)ia$)e )in7s' Sites do not "orres/ond to do#ainsHFou "an 1ave two or #ore sites wit1in a sin3)e do#ain, or ,ou "an 1ave #u)ti/)e do#ains in a sin3)e site'B site is so)e), a 3rou/in3 $ased on IP addresses' ?i3ure 2+8 s1ows two sites "onne"ted $, a s)ow WBN )in7'

!1e /ur/ose o% sites is to ena$)e servers t1at re3u)ar), "o/, data to ot1er servers .su"1 as B"tive (ire"tor, re/)i"ation data0 to distin3uis1 $etween servers in t1eir own site .w1i"1 are "onne"ted $, 1i31+s/eed )in7s0 and servers in anot1er site .w1i"1 are "onne"ted $, s)ower+s/eed WBN )in7s0' Re/)i"ation $etween do#ain "ontro))ers in t1e sa#e site is %ast, and t,/i"a)), ad#inistrators "an /er#it Windows 2000 to auto#ati"a)), /er%or# t1is tas7' Re/)i"ation $etween a do#ain "ontro))er in one site and do#ain "ontro))ers in ot1er sites is s)ower .$e"ause it ta7es /)a"e over a s)ow WBN )in70 and o%ten s1ou)d $e s"1edu)ed $, t1e ad#inistrator so t1at use o% networ7 $andwidt1 %or re/)i"ation is #ini#i;ed durin3 t1e networ76s /ea7+a"tivit, 1ours' Sites and B"tive (ire"tor, re/)i"ation "an $e "on%i3ured $, usin3 B"tive (ire"tor, Sites and Servi"es' Ases of site0 Sites are /ri#ari), used to "ontro) re/)i"ation tra%%i"' (o#ain "ontro))ers wit1in a site are /rett, #u"1 %ree to re/)i"ate "1an3es to t1e B"tive (ire"tor, data$ase w1enever "1an3es are #ade' (o#ain "ontro))ers in di%%erent sites "o#/ress t1e re/)i"ation tra%%i" and o/erate $ased on a de%ined s"1edu)e, $ot1 o% w1i"1 are intended to "ut down on networ7 tra%%i"' ore s/e"i%i"a)),, sites are used to "ontro) t1e %o))owin3H

Wor7station )o3on tra%%i" Re/)i"ation tra%%i" (istri$uted ?i)e S,ste# .(?S0

WhatCs the difference between a site lin-Cs schedule and interval2 Site Cin7 is a /1,si"a) "onne"tion o$De"t on w1i"1 t1e re/)i"ation trans/ort #e"1anis# de/ends on' Gasi"a)), to s/ea7 it is t1e t,/e o% "o##uni"ation #e"1anis# used to trans%er t1e data $etween di%%erent sites' Site Cin7 S"1edu)e is not1in3 $ut w1en t1e re/)i"ation /ro"ess 1as to $e ta7es /)a"e and t1e interva) is not1in3 $ut 1ow #an, ti#es t1e re/)i"ation 1as to $e ta7es /)a"e in a 3ive ti#e /eriod i'e Site Cin7 S"1edu)e'

F. What is re lication2 How it occurs in .D2 What is G"" and ;!81

Ea"1 do#ain "ontro))er stores a "o#/)ete "o/, o% a)) B"tive do#ain "ontro))ers in t1e sa#e do#ain' (o#ain "ontro))ers in a do#ain auto#ati"a)), re/)i"ate dire"tor, in%or#ation %or a)) o$De"ts in t1e do#ain to ea"1 ot1er' W1en ,ou /er%or# an a"tion t1at "auses an u/date to B"tive (ire"tor,, ,ou are a"tua)), #a7in3 t1e "1an3e at one o% t1e do#ain "ontro))ers' !1at do#ain "ontro))er t1en re/)i"ates t1e "1an3e to a)) ot1er do#ain "ontro))ers wit1in t1e do#ain' Fou "an "ontro) re/)i"ation o% tra%%i" $etween do#ain "ontro))ers in t1e networ7 $, s/e"i%,in3 1ow o%ten re/)i"ation o""urs and t1e a#ount o% data t1at ea"1 do#ain "ontro))er re/)i"ates at one ti#e' (o#ain "ontro))ers i##ediate), re/)i"ate "ertain i#/ortant u/dates, su"1 as t1e disa$)in3 o% a user a""ount' B"tive (ire"tor, uses #u)ti#aster re/)i"ation, in w1i"1 no one do#ain "ontro))er is t1e #aster do#ain "ontro))er' Instead, a)) do#ain "ontro))ers wit1in a do#ain are /eers, and ea"1 do#ain "ontro))er "ontains a "o/, o% t1e dire"tor, data$ase t1at "an $e written to' (o#ain "ontro))ers "an 1o)d di%%erent in%or#ation %or s1ort /eriods o% ti#e unti) a)) do#ain "ontro))ers 1ave s,n"1roni;ed "1an3es to B"tive (ire"tor,' B)t1ou31 B"tive (ire"tor, su//orts #u)ti#aster re/)i"ation, so#e "1an3es are i#/ra"ti"a) to /er%or# in #u)ti#aster %as1ion' One or #ore do#ain "ontro))ers "an $e assi3ned to /er%or# sin3)e+#aster re/)i"ation .o/erations not /er#itted to o""ur at di%%erent /)a"es in a networ7 at t1e sa#e ti#e0' %perations master roles are s/e"ia) ro)es assi3ned to one or #ore do#ain "ontro))ers in a do#ain to /er%or# sin3)e+#aster re/)i"ation' (o#ain "ontro))ers dete"t "o))isions, w1i"1 "an o""ur w1en an attri$ute is #odi%ied on a do#ain "ontro))er $e%ore a "1an3e to t1e sa#e attri$ute on anot1er do#ain "ontro))er is "o#/)ete), /ro/a3ated' Co))isions are dete"ted $, "o#/arin3 ea"1 attri$ute6s /ro/ert, version nu#$er, a nu#$er s/e"i%i" to

an attri$ute t1at is initia)i;ed u/on "reation o% t1e attri$ute' B"tive (ire"tor, reso)ves t1e "o))ision $, re/)i"atin3 t1e "1an3ed attri$ute wit1 t1e 1i31er /ro/ert, version nu#$er'

F. What can you do to ro'ote a server to D" if youCre in a re'ote location with slow W., lin-2
Insta)) %ro# edia In Windows Server 200& a new %eature 1as $een added, and t1is ti#e it6s one t1at wi)) a"tua)), #a7e our )ives easierI Fou "an ediaV and it6s avai)a$)e $, runnin3 (CPRO O wit1 t1e /adv swit"1' It6s not a re/)a"e#ent %or networ7 re/)i"ation, we /ro#ote a do#ain "ontro))er usin3 %i)es $a"7ed u/ %ro# a sour"e do#ain "ontro))eraaa !1is %eature is "a))ed ZInsta)) %ro# sti)) need networ7 "onne"tivit,, $ut now we "an use an o)d S,ste# State "o/, %ro# anot1er Windows Server 200&, "o/, it to our %uture (C, and 1ave t1e %irst and $asi" re/)i"ation ta7e /)a"e %ro# t1e #edia, instead o% a"ross t1e networ7, t1is savin3 va)ua$)e ti#e and networ7 resour"es' W1at ,ou $asi"a)), 1ave to do is to $a"7 u/ t1e s,ste#s data o% an e>istin3 do#ain "ontro))er, restore t1at $a"7u/ to ,our re/)i"a "andidate, use (CPro#o /Bdv to te)) it to sour"e %ro# )o"a) #edia, rat1er t1an a networ7 sour"e' !1is a)so wor7s %or 3)o$a) "ata)o3s' I% we /er%or# a $a"7u/ o% a 3)o$a) "ata)o3 server, t1en we "an "reate a new 3)o$a) "ata)o3 server $, /er%or#in3 (CPro#o %ro# t1at restored #edia'

#&' (imitations
It on), wor7s %or t1e sa#e do#ain, so ,ou "annot $a"7 u/ a do#ain "ontro))er in do#ain B and "reate a new do#ain G usin3 t1at #edia' It6s on), use%u) u/ to t1e to#$stone )i%eti#e wit1 a de%au)t o% 50 da,s' So i% ,ou 1ave an o)d $a"7u/, t1en ,ou "annot "reate a new do#ain "ontro))er usin3 t1at, $e"ause ,ou6)) run into t1e /ro$)e# o% reani#atin3 de)eted o$De"ts'

F. How can you forcibly re'ove .D fro' a server> and what do you do later2
De'otin3 Windows !erver 2003 D"s0 (CPRO O .B"tive (ire"tor, Insta))ation Wi;ard0 is a to33)e swit"1, w1i"1 a))ows ,ou to eit1er insta)) or re#ove B"tive (ire"tor, (Cs' !o %or"i$), de#ote a Windows Server 200& (C, run t1e %o))owin3 "o##and eit1er at t1e Start, Run, or at t1e "o##and /ro#/tH d"/ro#o /%or"ere#ova) Note: I% ,ou6re runnin3 Certi%i"ate Servi"es on t1e (C, ,ou #ust %irst re#ove Certi%i"ate Servi"es $e%ore "ontinuin3' I% ,ou s/e"i%, t1e /%or"ere#ova) swit"1 on a server t1at doesn6t 1ave B"tive (ire"tor, insta))ed, t1e swit"1 is i3nored and t1e wi;ard /retends t1at ,ou want to insta)) B"tive (ire"tor, on t1at server' On"e t1e wi;ard starts, ,ou wi)) $e /ro#/ted %or t1e Bd#inistrator /assword t1at ,ou want to assi3n to t1e )o"a) ad#inistrator in t1e SB data$ase' I% ,ou 1ave Windows Server 200& Servi"e Pa"7 1 insta))ed on t1e (C, ,ou6)) $ene%it %ro# a %ew en1an"e#ents' !1e wi;ard wi)) auto#ati"a)), run "ertain "1e"7s and wi)) /ro#/t ,ou to ta7e a//ro/riate a"tions' ?or e>a#/)e, i% t1e (C is a 9)o$a) Cata)o3 server or a (NS server, ,ou wi)) $e /ro#/ted' Fou wi)) a)so $e /ro#/ted to ta7e an a"tion i% ,our (C is 1ostin3 an, o% t1e o/erations #aster ro)es' De'otin3 Windows 2000 D"sH On a Windows 2000 do#ain "ontro))er, %or"ed de#otion is su//orted wit1 Servi"e Pa"7 2 and )ater' !1e rest o% t1e /ro"edure is si#i)ar to t1e /ro"edure I des"ri$ed %or Windows Server 200&' Just #a7e sure t1at w1i)e runnin3 t1e wi;ard, ,ou ")ear t1e Z!1is server is t1e )ast do#ain "ontro))er in t1e do#ainV "1e"7 $o>' On Windows 2000 Servers ,ou won6t $ene%it %ro# t1e en1an"e#ents in Windows Server 200& SP1, so i% t1e (C ,ou are de#otin3 is a 9)o$a) Cata)o3 server, ,ou #a, 1ave to #anua)), /ro#ote so#e ot1er (C to a 9)o$a) Cata)o3 server' "leanin3 the =etadata on a !urvivin3 D" 0 On"e ,ou6ve su""ess%u)), de#oted t1e (C, ,our Do$ is not quite done ,et' Now ,ou #ust ")ean u/ t1e B"tive (ire"tor, #etadata' Fou #a, $e wonderin3 w1, I need to ")ean t1e #etadata #anua)),' !1e #etadata %or t1e de#oted (C is not de)eted %ro# t1e survivin3 (Cs $e"ause ,ou %or"ed t1e de#otion' W1en ,ou %or"e a de#otion, B"tive (ire"tor, $asi"a)), i3nores ot1er (Cs and does its own t1in3' Ge"ause t1e ot1er (Cs are not aware t1at ,ou re#oved t1e de#oted (C %ro# t1e do#ain, t1e re%eren"es to t1e de#oted (C need to $e re#oved %ro# t1e do#ain' B)t1ou31 B"tive (ire"tor, 1as #ade nu#erous i#/rove#ents over t1e ,ears, one o% t1e $i33est "riti"is#s o% B"tive (ire"tor, is t1at it doesn6t ")ean u/ t1e #ess ver, we))' !1is is o$vious in #ost "ases $ut, in ot1er "ases, ,ou won6t 7now it un)ess ,ou start di33in3 dee/ into B"tive (ire"tor, data$ase' !o ")ean u/ t1e #etadata ,ou use N!(SU!IC' !1e %o))owin3 /ro"edure des"ri$es 1ow to ")ean u/ #etadata on a Windows Server 200& SP1' B""ordin3 to i"roso%t, t1e version o% N!(SU!IC in SP1 1as $een en1an"ed "onsidera$), and does a #u"1 $etter Do$ o% ")ean+u/, w1i"1 o$vious), #eans t1at t1e i"roso%t Pnow)ed3e Gase arti")e )*+,-., Z<ow to ear)ier versions didn6t do a ver, 3ood Do$' ?or Windows 2000 (Cs, ,ou #i31t want to "1e"7 out re#ove data in B"tive (ire"tor, a%ter an unsu""ess%u) do#ain "ontro))er de#otion'V <ere6s t1e ste/+$,+ste/ /ro"edure %or ")eanin3 #etadata on Windows Server 200& (CsH 1' 2' &' 2' 4' 5' 8' 8' Co3on to t1e (C as a (o#ain Bd#inistrator' Bt t1e "o##and /ro#/t, t,/e ntdsuti)' !,/e #etadata ")eanu/' !,/e "onne"tions' !,/e "onne"t to server serverna#e, w1ere serverna#e is t1e na#e o% t1e server ,ou want to "onne"t to' !,/e quit or q to 3o one )eve) u/' Fou s1ou)d $e at t1e !,/e se)e"t o/eration tar3et' !,/e )ist do#ains' Fou wi)) see a )ist o% do#ains in t1e %orest, ea"1 wit1 a di%%erent nu#$er' etadata C)eanu/ /ro#/t'

M' 10' 11' 12' 1&' 12' 14' 15'

!,/e se)e"t do#ain nu#$er, w1ere nu#$er is t1e nu#$er asso"iated wit1 t1e do#ain o% ,our server !,/e )ist sites' !,/e se)e"t site nu#$er, w1ere nu#$er is t1e nu#$er asso"iated wit1 t1e site o% ,our server' !,/e )ist servers in site' !,/e se)e"t server nu#$er, w1ere nu#$er is t1e nu#$er asso"iated wit1 t1e server ,ou want to re#ove' !,/e quit to 3o to etadata C)eanu/ /ro#/t' !,/e re#ove se)e"ted server' Fou s1ou)d see a "on%ir#ation t1at t1e re#ova) "o#/)eted su""ess%u)),' !,/e quit to e>it ntdsuti)'

Fou #i31t a)so want to ")eanu/ (NS data$ase $, de)etin3 a)) (NS re"ords re)ated to t1e server' In 3enera), ,ou wi)) 1ave $etter )u"7 usin3 %or"ed /ro#otion on Windows Server 200&, $e"ause t1e na#in3 "onte>ts and ot1er o$De"ts don6t 3et ")eaned as qui"7), on Windows 2000 9)o$a) Cata)o3 servers, es/e"ia)), servers runnin3 Windows 2000 SP& or ear)ier' (ue to t1e nature o% %or"ed de#otion and t1e %a"t t1at it6s #eant to $e used on), as a )ast resort, t1ere are additiona) t1in3s t1at ,ou s1ou)d 7now a$out %or"ed de#otion' Even a%ter ,ou6ve used N!(SU!IC to ")ean t1e #etadata, ,ou #a, sti)) need to do additiona) ")eanin3 #anua)), usin3 B(SIEdit or ot1er su"1 too)s

F. "an ; 3et user asswords fro' the .D database2

Bs o% #, Pnow)ed3e t1ere is no wa, to e>tra"t t1e /assword %ro# B( (ata$ase' G, t1e wa, t1ere is a too) "a))ed cache du' ' Usin3 it we "an e>tra"t t1e "a"1ed /asswords %ro# Windows NP #a"1ine w1i"1 is Doined to a (o#ain'

F. ,a'e so'e &A desi3n considerations.

(esi3n OU stru"ture $ased on B"tive (ire"tor, $usiness require#ents N! Resour"e do#ains #a, %o)d u/ into OUs Create nested OUs to 1ide o$De"ts O$De"ts easi), #oved $etween OUs (e/art#ents , 9eo3ra/1i" Re3ion, Jo$ ?un"tion, O$De"t !,/e

F. What is to'bstone lifeti'e attribute2

!1e nu#$er o% da,s $e%ore a de)eted o$De"t is re#oved %ro# t1e dire"tor, servi"es' !1is assists in re#ovin3 o$De"ts %ro# re/)i"ated servers and /reventin3 restores %ro# reintrodu"in3 a de)eted o$De"t' !1is va)ue is in t1e (ire"tor, Servi"e o$De"t in t1e "on%i3uration NC'

F. How would you find all users that have not lo33ed on since last 'onth2
I% ,ou are usin3 windows 200& do#ain environ#ent, t1en 3oto B"tive (ire"tor, Users and Co#/uters, se)e"t t1e Saved Xueries, ri31t ")i"7 it and se)e"t new quer,, t1en usin3 t1e "usto# "o##on queries and de%ine quer, t1ere is one w1i"1 s1ows da,s sin"e )ast )o3on

F. What are the D!H co''ands2

D!'od @ #odi%,B"tive(ire"tor,attri$utes D!r' @ to de)ete B"tive (ire"tor, o$De"ts D!'ove + to re)o"ate o$De"ts D!add @ "reatenewa""ounts D!5uery+ to%indo$De"tst1at#at"1,ourquer,attri$utes D!3et+ )istt1e/ro/ertieso%ano$De"t

WhatCs the difference between 4D;<D* and "!VD*2 Asa3e considerations2

CS:(E is a "o##and t1at "an $e used to i#/ort and e>/ort o$De"ts to and %ro# t1e B( into a CS:+%or#atted %i)e' B CS: .Co##a Se/arated :a)ue0 %i)e is a %i)e easi), reada$)e in E>"e)' I wi)) not 3o to )en3t1 into t1is /ower%u) "o##and, $ut I wi)) s1ow ,ou so#e $asi" sa#/)es o% 1ow to i#/ort a )ar3e nu#$er o% users into ,our B(' O% "ourse, as wit1 t1e (SB(( "o##and, CS:(E "an do #ore t1an Dust i#/ort users' Consu)t ,our 1e)/ %i)e %or #ore in%o' Ci7e CS:(E, C(I?(E is a "o##and t1at "an $e used to i#/ort and e>/ort o$De"ts to and %ro# t1e B( into a C(I?+%or#atted %i)e' B C(I? .C(BP (ata Inter"1an3e ?or#at0 %i)e is a %i)e easi), reada$)e in an, te>t editorE 1owever it is not reada$)e in /ro3ra#s )i7e E>"e)' !1e #aDor di%%eren"e $etween CS:(E and C(I?(E .$esides t1e %i)e %or#at0 is t1e %a"t t1at C(I?(E "an $e used to edit and de)ete e>istin3 B( o$De"ts .not Dust users0, w1i)e CS:(E "an on), i#/ort and e>/ort o$De"ts

What is D<!2
!1e (istri$uted ?i)e S,ste# is used to $ui)d a 1ierar"1i"a) view o% #u)ti/)e %i)e servers and s1ares on t1e networ7' Instead o% 1avin3 to t1in7 o% a s/e"i%i" #a"1ine na#e %or ea"1 set o% %i)es, t1e user wi)) on), 1ave to re#e#$er one na#eE w1i"1 wi)) $e t1e =7e,6 to a )ist o% s1ares %ound on #u)ti/)e servers on t1e networ7' !1in7 o% it as t1e 1o#e o% a)) %i)e s1ares wit1 )in7s t1at /oint to one or #ore servers t1at a"tua)), 1ost t1ose s1ares' (?S 1as t1e "a/a$i)it, o% routin3 a ")ient to t1e ")osest avai)a$)e %i)e server $, usin3 B"tive (ire"tor, site #etri"s' It "an a)so $e insta))ed on a ")uster %or even $etter /er%or#an"e and re)ia$i)it,' It is i#/ortant to understand t1e new "on"e/ts t1at are /art o% (?S' Ge)ow is an de%inition o% ea"1 o% t1e#' Dfs root0 Fou "an t1in7 o% t1is as a s1are t1at is visi$)e on t1e networ7, and in t1is s1are ,ou "an 1ave additiona) %i)es and %o)ders'

Dfs lin-0 B )in7 is anot1er s1are so#ew1ere on t1e networ7 t1at 3oes under t1e root' W1en a user o/ens t1is )in7 t1e, wi)) $e redire"ted to a s1ared %o)der' Dfs tar3et (or re lica)0 !1is "an $e re%erred to as eit1er a root or a )in7' I% ,ou 1ave two identi"a) s1ares, nor#a)), stored on di%%erent servers, ,ou "an 3rou/ t1e# to3et1er as (%s !ar3ets under t1e sa#e )in7' !1e i#a3e $e)ow s1ows t1e a"tua) %o)der stru"ture o% w1at t1e user sees w1en usin3 (?S and )oad $a)an"in3'

!1e a"tua) %o)der stru"ture o% (?S and )oad $a)an"in3

F. What are the ty es of re lication in D<!2

!1ere are two t,/es o% re/)i"ationH

Buto#ati" @ w1i"1 is on), avai)a$)e %or (o#ain (?S anua) @ w1i"1 is avai)a$)e %or stand a)one, (?S and requires a)) %i)es to $e re/)i"ated #anua)),'

F. Which service is res onsible for re licatin3 files in !D!V&4 folder2

?i)e Re/)i"ation Servi"e .?R

netdiag /test:dsgetdc /v dcdiag /s: domaincontroller /test:fsmocheck type repadmin /options +DISABLE_I B!" D_#E$L netdiag /test:dns dcdiag /s: domaincontroller /test:kno%sofroleholders /ver&ose netdom comp'tername ('rrent(omp'ter ame /add: e%(omp'ter ame)* (ommand+line ,ool#ename "sing the etdom

repadmin /sho%repsServer ame/':Domain ame."ser ame/p%:/)0E#I12 S"(ESS1"LL #E$LI(A,I! 34L5.S2S,E5.('rrent(ontrolSet.Services. etlogon.$arameters6)#ED"(E $D( 7!#4L!ADdcdiag /test:replications )to verify repliaton %orking34E2_L!(AL_5A(3I E.S2S,E5.('rrent(ontrolSet.Services. ,DS.Diagnostics)gar&age collection entrynet stop ntfrs dcdiag /test:netlogons netdom /filtersidstr'steddomain

d"dia3 /vI''

d"dia3 /v SS "HUadQdia3't>t d"dia3 /testH(NS /(NSBCC @ .#a, ta7e a %ew #o#ents, $e /atient0

d"dia3 /testH(NS /(NSBCC /e /v SS "HUadQdia3't>t d"dia3 /testH("Pro#o /e /v SS "HUadQdia3't>t d"dia3 /testHRe3isterIn(NS SS "HUadQdia3't>t netdia3'e>e /v SS "HUadQdia3't>t nets1 d1"/ s1ow server nets1 d1"/ s1ow server SS "HUadQdia3't>t re/ad#in /s1owre/s SS "HUadQdia3't>t re/ad#in /re/)su# /errorson),I'' re/ad#in /re/)su# /errorson), SS "HUadQdia3't>

Windows Server Health Checkup

20=.$
Windows !erver Health "hec-u "/A O""asiona) 1i31 CPU s/i7es are o7 as )on3 as ,ou are aware o% t1e /ro"ess "ausin3 t1is' B server s1ou)d #aintain 80L CPU uti)i;ation %or an e>tended /eriod o% ti#e' I% it does it #a, $e ti#e to u/3rade' Its a 3ood idea to 7ee/ !as7 ,our trou$)es1ootin3 to see trends' "hec- "/A Asa3e 1' O/en !as7 ana3er 2' C1e"7 t1e Pro"esses ta$, ensure t1ere are no /ro"esses "onsu#in3 e>"essive CPU &' C1e"7 t1e Per%or#an"e ta$, ensure t1ere are no sin3)e CPU6s t1at 1ave e>"essive CPU usa3e "hec- "/A HW 1' O/en (evi"e ana3er .ri31t ")i"7 "o#/uter @S ana3e0 2' Ensure t1at no CPU6s 1ave red N or ,e))ow a underneat1 t1e Pro"essors /rocesses ;n7De th "hecS,sInterna)sH Co/, /rocess =onitor )o"a)),, t1en )aun"1 it' 1' Bna),;e ea"1 /ro"ess and wat"1 w1at o/erations o/en t1e re3 7e,s, %i)e et"' Co/, /rocess *6 lorer )o"a)),, t1en )aun"1 it' 1' Bna),;e ea"1 /ro"ess $ased u/on t1e nu#$er o% t1reads, 1and)es, )oaded (CC6s, et"' =e'ory 9enera) ru)e o% t1u#$ is to #a7e sure t1e 3enera) #e#or, uti)i;ation does not e>"eed 80Lwit1in a 3iven /eriod o% ti#e' "hec- =e'ory .vailability 1' O/en !as7 ana3er 2' Se)e"t t1e Per%or#an"e ta$ &' Coo7 at t1e P1,si"a) #e#or, $o>, and #u)ti/), t1e tota) #e#or, $, '2 2' I% t1e tota) avai)a$)e #e#or, is )ess t1an t1is nu#$er t1en t1e $o> is "urrent), uti)i;in3 #ore t1an 80 /er"ent o% t1e #e#or,' "urrent utilization by rocess ana3er o/en durin3 t1e duration o%

1' 2' &'

Se)e"t t1e Pro"ess ta$ C1e"7 t1e =s1ow /ro"esses %ro# a)) users6 $o> in t1e $otto# )e%t "orner C)i"7 t1e "o)u#n 1eader = e# Usa3e6 to sort t1e /ro"esses $, #e#or, uti)i;ation, 1i31est to )owest' !1is wi)) 1e)/ ,ou deter#ine w1at /ro"esses are "urrent), uti)i;in3 t1e #e#or, on t1e $o> and "an 1e)/ ,ou narrow ,our sear"1 %or #e#or, intensive /ro"esses'

,etwor"hec- ,;" HW 1' :eri%, $ot1 ends o% t1e networ7 "a$)e are se"ure), seated in t1e /ort 2' On t1e $a"7 o% t1e server veri%, ,ou 1ave a 3reen $)in7in3 )in7 )i31t on t1e NIC /ort &' :eri%, NIC <W is wor7in3 /ro/er), $, usin3 (evi"e ana3er and ensure t1e a"tive NICs are s1owin3 3reen 2' :eri%, 3atewa,, IP, su$net #as7, (NS, (NS su%%i>es, et"' are /ro/er), "on%i3ured' 4' I% ever,t1in3 is /ro/er), "on%i3ured and <W is wor7in3, ,ou s1ou)d $e a$)e to 3et a /in3 res/onse %ro# t1e 3atewa,' "hec- ,etwor- "onnections <ere are so#e ot1er "1e"7s ,ou s1ou)d /er%or# to ensure /ro/er networ7 "onne"tivit,H 1' i/"on%i3 /a)) wi)) dis/)a, a)) ,ou !CP/IP settin3s in")udin3 ,ou BC address 2' i/"on%i3 /%)us1dns wi)) %)us1 ,our dns reso)ver "a"1e &' i/"on%i3/dis/)a,dns wi)) dis/)a, w1at is in ,our dns na#e "a"1e 2' Netstat +an "o##and wi)) s1ow a)) t1e "onne"tions \ /orts %ro# a #a"1ine 4' N$tstat "o##and wi)) s1ow net $ios t"//i/ "onne"tion stats 5' !ra"ert RIP or (NS Na#eS "o##and wi)) s1ow ,ou t1e /at1 t1e /a"7et ta7es, t1e routers, and t1e res/onse ti#e %or ea"1 1o/' 8' /at1/in3 RIP or (NS Na#eS "o##and "o#$ines /in3 and tra"ert to t1e 100t1 de3ree' It /in3s ea"1 1o/ 100 ti#es and is 3reat %or testin3 wan "onne"tivit, Dis- ! ace B)) 7inds o% $ad stu%% "an 1a//en w1en ,our dis7 s/a"e is %i))in3 u/' !1e $est wa, to a))eviate t1is is to write a s"ri/t to noti%, ,ou w1en ,ou rea"1 a "ertain t1res1o)d' In a %uture /ost I6)) s1are a #et1od %or ,ou to do Dust t1atI1owever i% t1ere is a /ro$)e# and ,ou need to /er%or# a 1ea)t1 "1e"7 t1en 1ere is 1ow ,ou "1e"7 t1e s/a"e t1e o)d %as1ion wa,' !o "1e"7 dis7 s/a"e #anua)),H

86 96
&' 2'

Ri31t C)i"7 on =y "o' uter Se)e"t =ana3e Se)e"t (is7 ana3e#ent :a)idate ea"1 dis7 #ore t1an 10 /er"ent %ree s/a"e

*vent 4o3s Event )o3s "an revea) a #ore 1istori"a) /ers/e"tive on w1at is 3oin3 on wit1 t1e s,ste# and a//)i"ations' !1in3s to )oo7 %or w1en trou$)es1ootin3 event )o3s is to quer, eit1er t1e s,ste# or t1e a//)i"ation )o3s and )oo7 %or t1e /resen"e o% events t1at 1ave a ti#esta#/ near t1e ti#e o% t1e issue ,ou are trou$)es1ootin3' Events 1ave & "ate3ories in t1e event viewerH

;nfor'ational0 Noted wit1 a w1ite i"on and )etter =i6' Su""ess%u) o/erations are )o33ed as in%or#ationa)' Usua)), not used in trou$)es1ootin3 /ro$)e#s or %ai)ures Warnin30 Noted wit1 a ,e))ow i"on and e>")a#ation /oint' !1ese usua)), are )oo7ed u/ as t1e, serve as /redi"tive %uture %ai)ure indi"ators, su"1 as dis7 s/a"e runnin3 )ow, d1"/ i/ address )ease renewa) %ai)ures, et"' *rror0 Noted wit1 a red "ir")e i"on and =>6' !1ese are indi"ations t1at so#et1in3 1as %ai)ed outri31t and are a 3ood startin3 /oint %or trou$)es1ootin3'

W1en )oo7in3 at event )o3s, use t1e in%or#ation to deter#ine t1e %o))owin3H

Is t1e in"ident tied to a /arti"u)ar ti#e or outa3e in"ident[ Is t1is a one+o%%, or 1as t1is /arti"u)ar error o""urred #u)ti/)e ti#es in t1e /ast[ (oes t1is error a//ear on ot1er s,ste#s or is it unique to t1e s,ste# t1at 1as %ai)ed[

!ervices

!rou$)es1ootin3 servi"es s1ou)d $e )i#ited to t1e s/e"i%i" t1at is a%%e"ted $, t1e /ro$)e# $ein3 trou$)es1ot' Ea"1 server wi)) 1ave s/e"i%i" servi"es var,in3 u/on t1e t,/es o% a//)i"ations runnin3' Fou s1ou)d do"u#ent 1ow ,our servers servi"es are "on%i3ured to and "o#/are t1at to t1e server in question to see i% an,t1in3 is not "on%i3ured "orre"t),' "luster Servers t1at 1ost a//)i"ations and servi"es t1at require 1i31 avai)a$i)it, s1ou)d $e ")ustered so t1at i% one node %ai)s t1e ot1er "an /i"7 u/ t1e wor7)oad' C)ustered servers need t1e sa#e t,/e o% 1ea)t1 "1e"7s as stand+a)one s,ste#s e>"e/t ,ou wi)) want to "1e"7 on t1e 1ea)t1 o% t1e ")uster' "hec- "luster $esource !tatus O/en C)uster Bd#inistratorH Co3 onto server, se)e"t $tart @S /un @S "luadmin 2' C1e"7 t1e Resour"es and ensure a)) are On)ine &' I% C)uster Bd#inistrator does not o/en, ensure t1at t1e C)uster Servi"e is runnin3 on t1e node' 2' C)uster resour"e status "an a)so $e "1e"7ed %ro# a re#ote server' ?ro# a "o##and /ro#/t, Dust t,/e @ cluster res 0cluster name1

86

"lient !ide Health Ri31t ")i"7 on , Co#/uter, se)e"t 'anage 2' O/en (evi"e ana3e :6 (ri)) down to $2$# and /A#D 2ontrollers, veri%, t1at t1e <GB <W is visi$)e and does not s1ow an, errors 2' I% it does not s1ow u/ in (evi"e ana3er, ,ou #a, need to re+s"an %or t1e <W, re+seat t1e %i$er "ard, or re+insta)) t1e driver' 4' I% t1e <GB is s1owin3 1ea)t1, in (evi"e ana3er, o/en t1e too) t1at ,ou use to view "on%i3uration and settin3s %or t1e %i$er "ard and veri%, t1ere aren6t an, trans#it/re"eive errors on )in7 statisti"s or "ounters

86

!witch Health 1' a7e sure %i$er is /ro/er), "onne"ted to ea"1 swit"1 2' a7e sure swit"1 1as no errors &' I% ,ou6re usin3 ;onin3 veri%, it is /ro/er), "on%i3ured "hec- <iber and !., "onnectivity 1' Co3 onto san a//)ian"e and veri%, t1at t1e SBN is in 3enera) 3ood 1ea)t1 and no #aDor errors are /resent %or t1e "ontro))ers, )oo/s, swit"1es, or /orts' 2' Ensure t1at t1e CUNs are /resented to t1e servers in t1e ")uster ,4:! So#e a//)i"ations wi)) require ,ou to s/read t1e )oad a"ross #u)ti/)e servers' We$ servers are a ver, /o/u)ar "1oi"e to networ7 )oad $a)an"e' Bs wit1 ")usters we wi)) need to "1e"7 t1e status o% t1e )oad $a)an"in3' "hec- ,4:! !tatus "=D 4ine 1' ?ro# a "o##and /ro#/t on t1e )o"a) s,ste#, run =w)$s quer,6' !1is wi)) 3ive ,ou t1e "onver3en"e status o% t1e )o"a) node wit1 t1e n)$s ")uster' 2' Ot1er use%u) NCGS "o##andsH w)$s sto/ .sto/s n)$s0, w)$s start .starts n)$s0, w)$s drainsto/ .drains node0 "hec- ,4:! "onfi3urations 1' O/en u/ t1e networ7 /ro/erties @S Networ7 Coad Ga)an"in3, ri31t ")i"7 \ se)e"t Pro/erties 2' On t1e C)uster Para#eters ta$, veri%, t1at t1e IP address is "on%i3ured %or t1e s1ared NCGS IP and t1at t1e su$net #as7, do#ain, and o/eration #ode are "on%i3ured "orre"t1,' &' On t1e <ost Para#ters ta$, #a7e sure ea"1 node o% t1e ")uster 1as a unique 1ost identi%ier' B)so veri%, t1e IP and su$net #as7 are "on%i3ured %or t1e )o"a) va)ues' 2' B)so #a7e sure t1at ,our swit"1 1as a stati" BRP entr, i% usin3 #u)ti+"ast NCGS' !1e entr, s1ou)d $e t1at o% t1e virtua) BC o% t1e ")uster' !o 3et t1e virtua) BC o% t1e ")uster, ,ou "an run t1e %o))owin3 "o##andH3(4$ #5)'A2 0virtual #5 address1 ,a'e $esolution !o 1ea)t1"1e"7 na#e reso)ution, o/en a "o##and /ro#/t and enter t1e %o))owin3

nsloo-u Iserverna'eJ

:eri%, t1at t1e serverna#e is "orre"t), entered in (NS I% a re"ord does not s1ow u/ in t1e (NS quer,, or #a/s to a di%%erent na#e, /er%or# a reverse )oo7u/ $, IP address to see w1at na#e is asso"iated wit1 t1e IP address H nsloo-u I;/ addressJ

I% no na#e s1ows u/ asso"iated wit1 t1e IP address, )o3 into t1e do#ain "ontro))er and "1e"7 t1e (NS re"ords %or t1is /arti"u)ar na#e/i/ address

86
2' &'

?ro# a (o#ain Contro))er 3o to start#Jrun#Jdns'3't.'sc E>/and t1e ?orward Coo7u/ bones E>/and t1e ;one %or ,ou /ri#ar, ;one t1at 1o)ds t1e re"ords %or t1e s,ste#/s ,ou are trou$)es1ootin3

:a)idate t1at t1e re"ord e>ists' I% it does not e>ist #anua)), enter t1e re"ord na#e and IP address $, ri31t ")i"7in3 on t1is sa#e ;one, 1' 2' Se)e"t new 1ost .a0 Enter t1e na#e and IP address C1e"7 t1e $o> ne>t to "reate associated ointer (/8$) record C)i"7 add Host

:6 ;6

Bdditiona)), )o3 $a"7 into t1e node t1at ,ou #anua)), entered t1e re"ord %or and ensure t1at (NS is re3isterin3 in (NS 1' 2' Ri31t ")i"7 on t1e , Networ7 P)a"es i"on on t1e des7to/ and se)e"t Pro/erties (ou$)e ")i"7 on t1e /ri#ar, ada/ter Se)e"t ro erties <i31)i31t internet rotocol (8"/9;/) and se)e"t /ro/erties :a)idate t1e IP addresses o% t1e (NS servers are "orre"t Se)e"t .dvanced Se)e"t D,! ta$ a7e sure t1e $o> is "1e"7ed ne>t to $e3ister this connectionCs address in D,!

:6 ;6
4'

<6 =6 >6

Windows DH"/ ;nterview Fuestions and .nswers

What is dhc 2
(,na#i" <ost Con%i3uration Proto"o) .(<CP0 is a networ7 /roto"o) t1at ena$)es a server to auto#ati"a)), assi3n an IP address to a "o#/uter %ro# a de%ined ran3e o% nu#$ers .i'e', a s"o/e0 "on%i3ured %or a 3iven networ7'

What is the dhc

rocess for client 'achine2

1' B user turns on a "o#/uter wit1 a (<CP ")ient' 2. !1e ")ient "o#/uter sends a $road"ast request ."a))ed a (ISCO:ER or (<CP(ISCO:ER0, )oo7in3 %or a (<CP server to answer' 3. !1e router dire"ts t1e (ISCO:ER /a"7et to t1e "orre"t (<CP server' @. !1e server re"eives t1e (ISCO:ER /a"7et' Gased on avai)a$i)it, and usa3e /o)i"ies set on t1e server, t1e server deter#ines an a//ro/riate address .i% an,0 to 3ive to t1e ")ient' !1e server t1en te#/orari), reserves t1at address %or t1e ")ient and sends $a"7 to t1e ")ient an O??ER .or (<CPO??ER0 /a"7et, wit1 t1at address in%or#ation' !1e server a)so "on%i3ures t1e ")ient6s (NS servers, WINS servers, N!P servers, and so#eti#es ot1er servi"es as we))' %. !1e ")ient sends a REXUES! .or (<CPREXUES!0 /a"7et, )ettin3 t1e server 7now t1at it intends to use t1e address' ). !1e server sends an BCP .or (<CPBCP0 /a"7et, "on%ir#in3 t1at t1e ")ient 1as a $een 3iven a )ease on t1e address %or a server+s/e"i%ied /eriod o% ti#e'

What is dhc sco e 2

(<CP s"o/es are used to de%ine ran3es o% addresses %ro# w1i"1 a (<CP server "an assi3n IP addresses to ")ients'

8y es of sco es in windows dhc 2

,or'al !co e @ B))ows B, G and C C)ass IP address ran3es to $e s/e"i%ied in")udin3 su$net #as7s, e>")usions and reservations' Ea"1 nor#a) s"o/e de%ined #ust e>ist wit1in its own su$net' =ulticast !co e @ Used to assi3n IP address ran3es %or C)ass ( networ7s' o/tions' t1rou31 on t1e wa, to its destination0' u)ti"ast s"o/es do not 1ave su$net #as7s, reservation or ot1er !CP/IP

u)ti"ast s"o/e address ran3es require t1at a !i#e !o Cive .!!C0 va)ue $e s/e"i%ied .essentia)), t1e nu#$er o% routers a /a"7et "an /ass

!u er sco e @ Essentia)), a "o))e"tion o% s"o/es 3rou/ed to3et1er su"1 t1at t1e, "an $e ena$)ed and disa$)ed as a sin3)e entit,'

What is .uthorizin3 DH"/ !ervers in .ctive Directory 2

I% a (<CP server is to o/erate wit1in an Active Directory domain .and is not runnin3 on a do#ain "ontro))er0 it #ust %irst $e aut1ori;ed' !1is "an $e a"1ieved eit1er as /art o% t1e (<CP Server ro)e insta))ation, or su$sequent), usin3 2 eit1er (<CP "onso)e or at t1e "o##and /ro#/t usin3 t1e nets1 too)' I% t1e (<CP server was not aut1ori;ed durin3 insta))ation, invo7e t1e (<CP "onso)e 6$tart 1 All 5rograms 1 Administrative 7ools 1 D8259 , ri31t ")i"7 on t1e (<CP to $e aut1ori;ed and se)e"t But1ori;e' !o a"1ieve t1e sa#e resu)t %ro# t1e "o##and /ro#/t, enter t1e %o))owin3 "o##andH nets1 d1"/ server serverI( initiate aut1 In t1e a$ove "o##and s,nta>, serverI( is re/)a"ed $, t1e IP address or %u)) UNC na#e o% s,ste# on w1i"1 t1e (<CP server is insta))ed'

What orts are used by DH"/ and the DH"/ clients 2

Requests are on U(P /ort 58, Server re/)ies on U(P 58 ' :enefits of usin3 DH"/ (<CP /rovides t1e %o))owin3 $ene%its %or ad#inisterin3 ,our !CP/IP+$ased networ7H Sa%e and re)ia$)e "on%i3uration'(<CP avoids "on%i3uration errors "aused $, t1e need to #anua)), t,/e in va)ues at ea"1 "o#/uter' B)so, (<CP 1e)/s /revent address "on%)i"ts "aused $, a /revious), assi3ned IP address $ein3 reused to "on%i3ure a new "o#/uter on t1e networ7' Redu"es "on%i3uration #ana3e#ent' Usin3 (<CP servers "an 3reat), de"rease ti#e s/ent to "on%i3urin3 and re"on%i3urin3 "o#/uters on ,our networ7' Servers "an $e "on%i3ured to su//), a %u)) ran3e o% additiona) "on%i3uration va)ues w1en assi3nin3 address )eases' !1ese va)ues are assi3ned usin3 (<CP o/tions' B)so, t1e (<CP )ease renewa) /ro"ess 1e)/s assure t1at w1ere ")ient "on%i3urations need to $e u/dated o%ten .su"1 as users wit1 #o$i)e or /orta$)e "o#/uters w1o "1an3e )o"ations %requent),0, t1ese "1an3es "an $e #ade e%%i"ient), and auto#ati"a)), $, ")ients "o##uni"atin3 dire"t), wit1 (<CP servers' !1e %o))owin3 se"tion "overs issues t1at a%%e"t t1e use o% t1e (<CP Server servi"e wit1 ot1er servi"es or networ7 "on%i3urations' Usin3 (NS servers wit1 (<CP Usin3 Routin3 and Re#ote B""ess servers wit1 (<CP u)ti1o#ed (<CP servers'

Describe the rocess of installin3 a DH"/ server in an .D infrastructure 2

O/en Windows Co#/onents Wi;ard' Under Co#/onents , s"ro)) to and ")i"7 Networ7in3 Servi"es' C)i"7 (etai)s ' Under Su$"o#/onents o% Networ7in3 Servi"es , ")i"7 (,na#i" <ost Con%i3uration Proto"o) .(<CP0 and t1en ")i"7 OP ' C)i"7 Ne>t ' I% /ro#/ted, t,/e t1e %u)) /at1 to t1e Windows Server 200& distri$ution %i)es, and t1en ")i"7 Ne>t' Required %i)es are "o/ied to ,our 1ard dis7'

How to authorize a DH"/ server in .ctive Directory & en DH"/ 2

In t1e "onso)e tree, ")i"7 (<CP ' On t1e B"tion #enu, ")i"7 ana3e aut1ori;ed servers' ' !1e ana3e But1ori;ed Servers dia)o3 $o> a//ears' C)i"7 But1ori;e' ' W1en /ro#/ted, t,/e t1e na#e or IP address o% t1e (<CP server to $e aut1ori;ed, and t1en ")i"7 OP' &

What is DH"/;,<&$= 2
(<CPIn%or# is a (<CP #essa3e used $, (<CP ")ients to o$tain (<CP o/tions' W1i)e PPP re#ote a""ess ")ients do not use (<CP to o$tain IP addresses %or t1e re#ote a""ess "onne"tion, Windows 2000 and Windows M8 re#ote a""ess ")ients use t1e (<CPIn%or# #essa3e to o$tain (NS server IP addresses, WINS server IP addresses, and a (NS do#ain na#e' !1e (<CPIn%or# #essa3e is sent a%ter t1e IPCP ne3otiation is "on")uded' !1e (<CPIn%or# #essa3e re"eived $, t1e re#ote a""ess server is t1en %orwarded to a (<CP server' !1e re#ote a""ess server %orwards (<CPIn%or# #essa3es on), i% it 1as $een "on%i3ured wit1 t1e (<CP Re)a, B3ent'

Describe the inte3ration between DH"/ and D,!2

!raditiona)),, (NS and (<CP servers 1ave $een "on%i3ured and #ana3ed one at a ti#e' Si#i)ar),, "1an3in3 aut1ori;ation ri31ts %or a /arti"u)ar user on a 3rou/ o% devi"es 1as #eant visitin3 ea"1 one and #a7in3 "on%i3uration "1an3es' (<CP inte3ration wit1 (NS a))ows t1e a33re3ation o% t1ese tas7s a"ross devi"es, ena$)in3 a "o#/an,6s networ7 servi"es to s"a)e in ste/ wit1 t1e 3rowt1 o% networ7 users, devi"es, and /o)i"ies, w1i)e redu"in3 ad#inistrative o/erations and "osts' !1is inte3ration /rovides /ra"ti"a) o/erationa) e%%i"ien"ies t1at )ower tota) "ost o% owners1i/' Creatin3 a (<CP networ7 auto#ati"a)), "reates an asso"iated (NS ;one, %or e>a#/)e, redu"in3 t1e nu#$er o% tas7s required o% networ7 ad#inistrators' Bnd inte3ration o% (NS and (<CP in t1e sa#e data$ase instan"e /rovides un#at"1ed "onsisten", $etween servi"e and #ana3e#ent views o% IP address+"entri" networ7 servi"es data'

.ctive Directory ;nterview Fuestion and .nswers

JWhat B"tive (ire"tor, is a

is

.ctive

Directory2

eta (ata' B"tive (ire"tor, is a data $ase w1i"1 stores a data $ase )i7e ,our user in%or#ation, "o#/uter in%or#ation and a)so ot1er

networ7 o$De"t in%o' It 1as "a/a$i)ities to #ana3e and ad#inister t1e "o#/)ete Networ7 w1i"1 "onne"t wit1 B(' JWhat is do'ain2

Windows N! and Windows 2000, a do#ain is a set o% networ7 resour"es .a//)i"ations, /rinters, and so %ort10 %or a 3rou/ o% users' !1e user needs on), to )o3 in to t1e do#ain to 3ain a""ess to t1e resour"es, w1i"1 #a, $e )o"ated on a nu#$er o% di%%erent servers in t1e networ7' !1e =do#ain6 is si#/), ,our "o#/uter address not to "on%use wit1 an URC' B do#ain address #i31t )oo7 so#et1in3 )i7e 211'180'25M' JWhat is do'ain controller2

B (o#ain "ontro))er .(C0 is a server t1at res/onds to se"urit, aut1enti"ation requests .)o33in3 in, "1e"7in3 /er#issions, et"'0 wit1in t1e Windows Server do#ain' B do#ain is a "on"e/t introdu"ed in Windows N! w1ere$, a user #a, $e 3ranted a""ess to a nu#$er o% "o#/uter resour"es wit1 t1e use o% a sin3)e userna#e and /assword "o#$ination' JWhat is 4D./2

Ci31twei31t (ire"tor, B""ess Proto"o) C(BP is t1e industr, standard dire"tor, a""ess /roto"o), #a7in3 B"tive (ire"tor, wide), a""essi$)e to #ana3e#ent and quer, a//)i"ations' B"tive (ire"tor, su//orts C(BPv& and C(BPv2' JWhat is G""2

PCC .7now)ed3e "onsisten", "1e"7er0 is used to 3enerate re/)i"ation to/o)o3, %or inter site re/)i"ation and %or intra+site re/)i"ation' Wit1in a site re/)i"ation tra%%i" is done via re#ote /ro"edure "a))s over i/, w1i)e $etween sites it is done t1rou31 eit1er RPC or S !P' JWhere is the .D database held2 What other folders are related to .D2

!1e B( data $ase is store in "HUwindowsUntdsUN!(S'(I!' JWhat is the !D!V&4 folder2

!1e s,s:OC %o)der stores t1e server6s "o/, o% t1e do#ain6s /u$)i" %i)es' !1e "ontents su"1 as 3rou/ /o)i",, users et" o% t1e s,svo) %o)der are re/)i"ated to a)) do#ain "ontro))ers in t1e do#ain' JWhere are the Windows ,8 /ri'ary Do'ain "ontroller (/D") and its :ac-u B"tive (ire"tor,' J"annot create a new universal user 3rou . Why2 Do'ain "ontroller (:D") in !erver 20032

!1e B"tive (ire"tor, re/)a"es t1e#' Now a)) do#ain "ontro))ers s1are a #u)ti #aster /eer+to+/eer read and write re)ations1i/ t1at 1osts "o/ies o% t1e

Universa) 3rou/s are a))owed on), in native+#ode Windows Server 200& environ#ents' Native #ode requires t1at a)) do#ain "ontro))ers $e /ro#oted to Windows Server 200& B"tive (ire"tor,' JWhat is 4!D&A2

Its 3rou/ /o)i", in1eritan"e #ode), w1ere t1e /o)i"ies are a//)ied to 4o"a) #a"1ines, !ites, Do#ains and &r3ani;ationa) Anits' JWhy doesnCt 4!D&A worunder Windows ,82

I% t1e :72onfig.pol %i)e e>ists, it 1as t1e 1i31est /riorit, a#on3 t1e nu#erous /o)i"ies' JHow 'any nu'ber of er'itted unsuccessful lo3ons on .d'inistrator account2 Un)i#ited' Re#e#$er, t1ou31, t1at it6s t1e Bd#inistrator

a""ount, not an, a""ount t1at6s /art o% t1e Bd#inistrators 3rou/' J WhatCs the difference between 3uest accounts in !erver 2003 and other editions2

ore restri"tive in Windows Server 200&' J How 'any asswords by default are re'e'bered when you checK*nforce /assword History $e'e'beredL2

User6s )ast 5 /asswords' J "an 1" !erver and ;nfrastructure lace in sin3le server2

No, Bs In%rastru"ture #aster does t1e sa#e Do$ as t1e 9C' It does not wor7 to3et1er' J Which is service in your windows is res onsible for re lication t1e of Do'ain controller re/)i"ation to another do'ain controller. to/o)o3,'

PCC

3enerates

Use S !P / RPC to re/)i"ate "1an3es'

.ctive Directory /a3e 2

What

;ntrasite

and

;ntersite

$e lication [

Intrasite is t1e re/)i"ation wit1in t1e sa#e site \ intersite t1e re/)i"ation $etween sites' J It6s t1e What %o)der is w1ere ,ou lost "an M %ind t1e found o$De"ts folder #issed due in to .D! [ "on%)i"t'

E>H ,ou "reated a user in OU w1i"1 is de)eted in ot1er (C \ w1en re/)i"ation 1a//ed B(S didn6t %ind t1e OU t1en it wi)) /ut t1at in Cost \ ?ound ?o)der' J What is 1arba3e collection[

9ar$a3e "o))e"tion is t1e /ro"ess o% t1e on)ine de%ra3#entation o% a"tive dire"tor,' It 1a//ens ever, 12 <ours' J Contains Re3istr, Co# e#or, S,ste# B( C)uster SFS:OC ?o)der JWhat is the difference between Windows 2000 .ctive Directory and Windows 2003 .ctive Directory2 ;s there any difference in 2000 1rou /olices "ontro))er and 2003 1rou and /olices2 What is even 'eant by .D! an and .D! services entire in Windows 20032 do#ain Windows 200& B"tive (ire"tor, introdu"ed a nu#$er o% new se"urit, %eatures, as we)) as "onvenien"e %eatures su"1 as t1e a$i)it, to rena#e a do#ain Windows Server 200& a)so introdu"ed nu#erous "1an3es to t1e de%au)t settin3s t1at "an $e a%%e"ted $, 9rou/ Po)i", @ ,ou "an see a detai)ed )ist o% ea"1 avai)a$)e settin3 and w1i"1 OS is required to su//ort it $, down)oadin3 t1e 9rou/ Po)i", Settin3s Re%eren"e' B(S stands %or Buto#ated (e/)o,#ent Servi"es, and is used to qui"7), ro)) out identi"a)),+"on%i3ured servers in )ar3e+s"a)e enter/rise environ#ents' Fou "an 3et #ore in%or#ation %ro# t1e B(S 1o#e/a3e' J; want to setu a D,! server and .ctive Directory do'ain. What do ; do first2 ;f ; install the D,! service first and na'e the zone Nna'e.or3C can ; na'e the .D do'ain Nna'e.or3C too2 Not on), "an ,ou 1ave a (NS ;one and an B"tive (ire"tor, do#ain wit1 t1e sa#e na#e, it6s a"tua)), t1e /re%erred wa, to 3o i% at a)) /ossi$)e' Fou "an insta)) and "on%i3ure (NS $e%ore insta))in3 B"tive (ire"tor,, or ,ou "an a))ow t1e B"tive (ire"tor, Insta))ation Wi;ard .d"/ro#o0 itse)% insta)) (NS on ,our server in t1e $a"73round' JHow do ; deter'ine if user accounts have local ad'inistrative access2 Servi"e W Pa3e Re3istration (ata$ase %i)e %i)es in%or#ation in%or#ation What !yste' Startu/ !tate data contains [ %i)es,

Fou "an use t1e net )o"a) 3rou/ ad#inistrators "o##and on ea"1 wor7station ./ro$a$), in a )o3in s"ri/t so t1at it re"ords its in%or#ation to a "entra) %i)e %or )ater review0' !1is "o##and wi)) enu#erate t1e #e#$ers o% t1e Bd#inistrators 3rou/ on ea"1 #a"1ine ,ou run it on' B)ternate),, ,ou "an use t1e Restri"ted 9rou/s %eature o% 9rou/ Po)i", to restri"t t1e #e#$ers1i/ o% Bd#inistrators to on), t1ose users ,ou want to $e)on3' JWhy a' ; havin3 trouble rintin3 with O/ do'ain users2

In #ost "ases, t1e ina$i)it, to /rint or a""ess resour"es in situations )i7e t1is one wi)) $oi) down to an issue wit1 na#e reso)ution, eit1er (NS or WINS/NetGIOS' Ge sure t1at ,our Windows NP ")ients6 wire)ess "onne"tions are "on%i3ured wit1 t1e "orre"t (NS and WINS na#e servers, as we)) as wit1 t1e a//ro/riate NetGIOS over !CP/IP settin3s' Co#/are ,our wire)ess settin3s to ,our wired CBN settin3s and )oo7 %or an, dis"re/an"ies t1at #a, indi"ate w1ere t1e %un"tiona) di%%eren"e #a, )ie' JWhat is the ;!812 Who has that role by default2

Windows 2000 (o#ain "ontro))ers ea"1 "reate B"tive (ire"tor, Re/)i"ation "onne"tion o$De"ts re/resentin3 in$ound re/)i"ation %ro# intra+site re/)i"ation /artners' ?or inter+site re/)i"ation, one do#ain "ontro))er /er site 1as t1e res/onsi$i)it, o% eva)uatin3 t1e inter+site re/)i"ation to/o)o3, and "reatin3 B"tive (ire"tor, Re/)i"ation Conne"tion o$De"ts %or a//ro/riate $rid3e1ead servers wit1in its site' !1e do#ain "ontro))er in ea"1 site t1at owns t1is ro)e is re%erred to as t1e Inter+Site !o/o)o3, 9enerator .IS!90' JWhat is difference between !erver 2003 vs 20082 1' :irtua)i;ation' .Windows Server 2008 introdu"es <,/er+: .: %or :irtua)i;ation0 $ut on), on 52$it versions' as &' 2' 4' Read On), a wa, o% redu"in3 1ardware "osts $, runnin3 Getter Ro)e+$ased (o#ain Contro))ers severa) =virtua)6 servers ore and #ore "o#/anies are seein3 t1is on one /1,si"a) #a"1ine'0 se"urit,' insta))ation' .RO(C0'

2' Server Core ./rovides t1e #ini#u# insta))ation required to "arr, out a s/e"i%i" server ro)e, su"1 as %or a (<CP, (NS or /rint server0

5' 8' Networ7 B""ess Prote"tion @ wit1 8' M' 200& and 2008 is :irtua)i;ation, Power S1e)) @ i"roso%t6s

En1an"ed "or/orate "o##and )ine s1e)) and s"ri/tin3 IIS #ana3e#ent' 2008 1as #ore in+$ui)d )an3ua3e 1as

ter#ina) se"urit, /roved /o/u)ar wit1 so#e server

servi"es' /o)i"ies' ad#inistrators' 8'

i"roso%t6s s,ste# %or ensurin3 t1at ")ients "onne"tin3 to Server 2008 are /at"1ed, runnin3 a %irewa)) and in "o#/)ian"e

10' Git )o"7er @ S,ste# drive en"r,/tion "an $e a sensi$)e se"urit, #easure %or servers )o"ated in re#ote $ran"1 o%%i"es' !1e #ain di%%eren"e $etween "o#/onents and u/dated t1ird /art, drivers' 11' Windows Bero' JWhat 1 2 & 2 4 5 (NS "on%i3uration' JWhat is 4D/2 C(PH Ca$e) (istri$ution Proto"o) .C(P0 is o%ten used to esta$)is1 PCS CSPs w1en tra%%i" en3ineerin3 is not required' It esta$)is1es CSPs t1at %o))ow t1e stora3e Co"ation )o"ation o% (NS are the re5uire'ents !1e !1e o% t1e t1e s1ared "on%i3 for installin3 .D (o#ain (o#ain data$ase s,ste# and vo)u#e )o3 on a new server2 stru"ture' Na#e' %i)e' %o)der' et1od'

e>istin3 IP routin3, and is /arti"u)ar), we)) suited %or esta$)is1in3 a %u)) #es1 o% CSPs $etween a)) o% t1e routers on t1e networ7' JWhat are the 1rou s ty es available in active directory 2 Se"urit, 3rou/sH Use Se"urit, 3rou/s %or 3rantin3 /er#issions to 3ain a""ess to resour"es' Sendin3 an e+#ai) #essa3e to a 3rou/ sends t1e #essa3e to a)) #e#$ers o% t1e 3rou/' !1ere%ore se"urit, 3rou/s s1are t1e "a/a$i)ities o% distri$ution 3rou/s' (istri$ution 3rou/sH (istri$ution 3rou/s are used %or sendin3 e+#ain #essa3es to 3rou/s o% users' Fou "annot 3rant /er#issions to se"urit, 3rou/s' Even t1ou31 se"urit, 3rou/s 1ave a)) t1e "a/a$i)ities o% distri$ution 3rou/s, distri$ution 3rou/s sti)) requires, $e"ause so#e a//)i"ations "an on), read distri$ution 3rou/s' J*6 lain about the 3rou s sco e in .D2 (o#ain Co"a) 9rou/H Use t1is s"o/e to 3rant /er#issions to do#ain resour"es t1at are )o"ated in t1e sa#e do#ain in w1i"1 ,ou "reated t1e do#ain )o"a) 3rou/' (o#ain )o"a) 3rou/s "an e>ist in a)) #i>ed, native and interi# %un"tiona) )eve) o% do#ains and %orests' (o#ain )o"a) 3rou/ #e#$ers1i/s are not )i#ited as ,ou "an add #e#$ers as user a""ounts, universa) and 3)o$a) 3rou/s %ro# an, do#ain' Just to re#e#$er, nestin3 "annot $e done in do#ain )o"a) 3rou/' B do#ain )o"a) 3rou/ wi)) not $e a #e#$er o% anot1er (o#ain Co"a) or an, ot1er 3rou/s in t1e sa#e do#ain' 9)o$a) 9rou/H Users wit1 si#i)ar %un"tion "an $e 3rou/ed under 3)o$a) s"o/e and "an $e 3iven /er#ission to a""ess a resour"e .)i7e a /rinter or s1ared %o)der and %i)es0 avai)a$)e in )o"a) or anot1er do#ain in sa#e %orest' !o sa, in si#/)e words, 9)o$a) 3rou/s "an $e use to 3rant /er#issions to 3ain a""ess to resour"es w1i"1 are )o"ated in an, do#ain $ut in a sin3)e %orest as t1eir #e#$ers1i/s are )i#ited' User a""ounts and 3)o$a) 3rou/s "an $e added on), %ro# t1e do#ain in w1i"1 3)o$a) 3rou/ is "reated' Nestin3 is /ossi$)e in 9)o$a) 3rou/s wit1in ot1er 3rou/s as ,ou "an add a 3)o$a) 3rou/ into anot1er 3)o$a) 3rou/ %ro# an, do#ain' ?ina)), to /rovide /er#ission to do#ain s/e"i%i" resour"es .)i7e /rinters and /u$)is1ed %o)der0, t1e, "an $e #e#$ers o% a (o#ain Co"a) 3rou/' 9)o$a) 3rou/s e>ist in a)) #i>ed, native and interi# %un"tiona) )eve) o% do#ains and %orests' Universa) 9rou/ S"o/eH !1ese 3rou/s are /re"ise), used %or e#ai) distri$ution and "an $e 3ranted a""ess to resour"es in a)) trusted do#ain as t1ese 3rou/s "an on), $e used as a se"urit, /rin"i/a) .se"urit, 3rou/ t,/e0 in a windows 2000 native or windows server 200& do#ain %un"tiona) )eve) do#ain' Universa) 3rou/ #e#$ers1i/s are not )i#ited )i7e 3)o$a) 3rou/s' B)) do#ain user a""ounts and 3rou/s "an $e a #e#$er o% universa) 3rou/' Universa) 3rou/s "an $e nested under a 3)o$a) or (o#ain Co"a) 3rou/ in an, do#ain

.ctive Directory /a3e @

JWhat is $*/4=&,2 !1e i"roso%t de%inition o% t1e Re/)#on too) is as %o))owsE !1is 9UI too) ena$)es ad#inistrators to view t1e )ow+)eve) status o% B"tive (ire"tor, re/)i"ation, %or"e s,n"1roni;ation $etween do#ain "ontro))ers, view t1e to/o)o3, in a 3ra/1i"a) %or#at, and #onitor t1e status and /er%or#an"e o% do#ain "ontro))er re/)i"ation' JWhat is .D!;*D;8 2 B(SIE(I! HB(SIEdit is a i"roso%t ana3e#ent Conso)e . C0 sna/+in t1at a"ts as a )ow+)eve) editor %or B"tive (ire"tor,' It is a 9ra/1i"a) User

Inter%a"e .9UI0 too)' Networ7 ad#inistrators "an use it %or "o##on ad#inistrative tas7s su"1 as addin3, de)etin3, and #ovin3 o$De"ts wit1 a dire"tor, servi"e' !1e attri$utes %or ea"1 o$De"t "an $e edited or de)eted $, usin3 t1is too)' B(SIEdit uses t1e B(SI a//)i"ation /ro3ra##in3 inter%a"es .BPIs0 to a""ess B"tive (ire"tor,' !1e %o))owin3 are t1e required %i)es %or usin3 t1is too)H B(SIE(I!'(CC B(SIE(I!' JWhat is ,*8D&= 2 ,*8D&= is a "o##and+)ine too) t1at a))ows #ana3e#ent o% Windows do#ains and trust re)ations1i/s' It is used %or $at"1 #ana3e#ent o% trusts, Doinin3 "o#/uters to do#ains, veri%,in3 trusts, and se"ure "1anne)s' JWhat is $*/.D=;,2 !1is "o##and+)ine too) assists ad#inistrators in dia3nosin3 re/)i"ation /ro$)e#s $etween Windows do#ain "ontro))ers'Bd#inistrators "an use Re/ad#in to view t1e re/)i"ation to/o)o3, .so#eti#es re%erred to as Re/s?ro# and Re/s!o0 as seen %ro# t1e /ers/e"tive o% ea"1 do#ain "ontro))er' In addition, Re/ad#in "an $e used to #anua)), "reate t1e re/)i"ation to/o)o3, .a)t1ou31 in nor#a) /ra"ti"e t1is s1ou)d not $e ne"essar,0, to %or"e re/)i"ation events $etween do#ain "ontro))ers, and to view $ot1 t1e re/)i"ation #etadata and u/+to+dateness ve"tors' JHow to ta-e bac-u of .D 2 ?or ta7in3 $a"7u/ o% a"tive dire"tor, ,ou 1ave to do t1is H %irst 3o S!BR! +S PRO9RB o% a)) t1e ne"essar, in%or#ation a$out t1e s,ate# in")udin3 B( $a"7u/ , (NS E!C' JWhat are the D!H co''ands 2 !1e %o))owin3 (S "o##andsH t1e (S %a#i), $ui)t in uti)it, ' D$mod @ #odi%, B"tive (ire"tor, attri$utes' D$rm to de)ete B"tive (ire"tor, o$De"ts' D$move @ to re)o"ate o$De"ts D$add @ "reate new a""ounts D$;uery @ to %ind o$De"ts t1at #at"1 ,our quer, attri$utes' D$get @ )ist t1e /ro/erties o% an o$De"t JWhat are the re5uire'ents for installin3 .D on a new server2 Bn N!?S /artition wit1 enou31 %ree s/a"e' Bn Bd#inistrator6s userna#e and /assword' !1e "orre"t o/eratin3 s,ste# version' B NIC Pro/er), "on%i3ured !CP/IP .IP address, su$net #as7 and @ o/tiona) @ de%au)t 3atewa,0' B networ7 "onne"tion .to a 1u$ or to anot1er "o#/uter via a "rossover "a$)e0 ' Bn o/erationa) (NS server .w1i"1 "an $e insta))ed on t1e (C itse)%0 ' B (o#ain na#e t1at ,ou want to use ' !1e Windows 2000 or Windows Server 200& C( #edia .or at )east t1e i&85 %o)der0 J*6 lain about 8rust in .D 2 !o a))ow users in one do#ain to a""ess resour"es in anot1er, B"tive (ire"tor, uses trusts' !rusts inside a %orest are auto#ati"a)), "reated w1en do#ains are "reated' !1e %orest sets t1e de%au)t $oundaries o% trust, not t1e do#ain, and i#/)i"it, transitive trust is auto#ati" %or a)) do#ains wit1in a %orest' Bs we)) as two+wa, transitive trust, B( trusts "an $e a s1ort"ut .Doins two do#ains in di%%erent trees, transitive, one+ or two+wa,0, %orest .transitive, one+ or two+wa,0, rea)# .transitive or nontransitive, one+ or two+wa,0, or e>terna) .nontransitive, one+ or two+wa,0 in order to "onne"t to ot1er %orests or non+B( do#ains' !rusts in Windows 2000 .native #ode0 &ne7way trust # One do#ain a))ows a""ess to users on anot1er do#ain, $ut t1e ot1er do#ain does not a))ow a""ess to users on t1e %irst do#ain' 8wo7way trust # !wo do#ains a))ow a""ess to users on $ot1 do#ains' 8rustin3 do'ain # !1e do#ain t1at a))ows a""ess to users %ro# a trusted do#ain' 8rusted do'ain # !1e do#ain t1at is trustedE w1ose users 1ave a""ess to t1e trustin3 do#ain' 8ransitive trust # B trust t1at "an e>tend $e,ond two do#ains to ot1er trusted do#ains in t1e %orest' ;ntransitive trust # B one wa, trust t1at does not e>tend $e,ond two do#ains' *6 licit trust # B trust t1at an ad#in "reates' It is not transitive and is one wa, on),' "ross7lin- trust # Bn e>/)i"it trust $etween do#ains in di%%erent trees or in t1e sa#e tree w1en a des"endant/an"estor ."1i)d//arent0 re)ations1i/ does not e>ist $etween t1e two do#ains' Windows 2000 Server @ su//orts t1e %o))owin3 t,/es o% trustsH !wo+wa, transitive trusts' +SBCCESORIES +S SFS!E !OOCS +S GBCPUP OR O/en S!B!E it wi)) ta7e t1e $a"7u/ run window and nt$a"7u/ and ta7e s,ste#state $a"7u/ w1en t1e $a"7u/ s"reen is %)as1 t1en ta7e t1e $a"7u/ o% SFS!E

One+wa, intransitive trusts' Bdditiona) trusts "an $e "reated $, ad#inistrators' !1ese trusts "an $eH JWhat is to'bstone lifeti'e attribute 2 !1e nu#$er o% da,s $e%ore a de)eted o$De"t is re#oved %ro# t1e dire"tor, servi"es' !1is assists in re#ovin3 o$De"ts %ro# re/)i"ated servers and /reventin3 restores %ro# reintrodu"in3 a de)eted o$De"t' !1is va)ue is in t1e (ire"tor, Servi"e o$De"t in t1e "on%i3uration NIC' JWhat are a lication artitions2 When do ; use the' 2

BN a//)i"ation diret"or, /artition is a dire"tor, /artition t1at is re/)i"ated on), to s/e"i%i" do#ain "ontro))er'On), do#ain "ontro))er runnin3 windows Server 200& "an 1ost a re/)i"a o% a//)i"ation dire"tor, /artition' Usin3 an a//)i"ation dire"tor, /artition /rovides redundan,,avai)a$i)it, or %au)t to)eran"e $, re/)i"atin3 data to s/e"i%i" do#ain "ontro))er /r an, set o% do#ain "ontro))ers an,w1ere in t1e %orest' JHow do you create a new a lication artition 2

Use t1e (nsC#d "o##and to "reate an a//)i"ation dire"tor, /artition' !o do t1is, use t1e %o))owin3 s,nta>H (nsC#d ServerNa#e /Create(ire"tor,Partition ?X(N o% /artition JHow do you view all the 1"s in the forest2 CHUSre/ad#in /s1owre/s do#ainQ"ontro))er w1ere do#ainQ"ontro))er is t1e (C ,ou want to quer, to deter#ine w1et1er it[s a 9C' !1e out/ut wi)) in")ude t1e te>t (SB O/tionsH ISQ9C i% t1e (C is a 9C' J"an you connect .ctive Directory to other 3rd7 arty Directory !ervices2 ,a'e a few o tions. Fes, ,ou "an use dirN C or C(BP to "onne"t to ot1er dire"tories' In Nove) ,ou "an use E+dire"tor, JWhat is ;/!ec /olicy IPSe" /rovides se"ure 3atewa,+to+3atewa, "onne"tions a"ross outsour"ed /rivate wide area networ7 .WBN0 or Internet+$ased "onne"tions usin3 C2!P/IPSe" tunne)s or /ure IPSe" tunne) #ode' IPSe" Po)i", "an $e de/)o,ed via 9rou/ /o)i", to t1e Windows (o#ain "ontro))ers 8 Servers' JWhat are the different ty es of 8er'inal !ervices [ User ode \ B//)i"ation ode' rocess [

JWhat is the !yste' !tartu

Windows 2P $oot /ro"ess on a Inte) ar"1ite"ture' 1' Power+On Se)% !ests .POS!0 are run' 2' !1e $oot devi"e is %ound, t1e aster Goot Re"ord . GR0 is )oaded into #e#or,, and its /ro3ra# is run'

&' !1e a"tive /artition is )o"ated, and t1e $oot se"tor is )oaded' 2' !1e Windows 2000 )oader .N!C(R0 is t1en )oaded' 8he boot se5uence e6ecutes the followin3 ste s0 1' !1e Windows 2000 )oader swit"1es t1e /ro"essor to t1e &2+$it %)at #e#or, #ode)' 2' !1e Windows 2000 )oader starts a #ini+%i)e s,ste#' &' !1e Windows 2000 )oader reads t1e GOO!'INI %i)e and dis/)a,s t1e o/eratin3 s,ste# se)e"tions .$oot )oader #enu0' 2' !1e Windows 2000 )oader )oads t1e o/eratin3 s,ste# se)e"ted $, t1e user' I% Windows 2000 is se)e"ted, N!C(R runs N!(E!EC!'CO ' ?or ot1er o/eratin3 s,ste#s, N!C(R )oads GOO!SEC!'(OS and 3ives it "ontro)' 4' N!(E!EC!'CO s"ans t1e 1ardware insta))ed in t1e "o#/uter, and re/orts t1e )ist to N!C(R %or in")usion in t1e Re3istr, under t1e

<PEFQCOCBCQ BC<INEQ<BR(WBRE 1ive' 5' N!C(R t1en )oads t1e N!OSPRNC'ENE, and 3ives it t1e 1ardware in%or#ation "o))e"ted $, N!(E!EC!'CO ' Windows N! enters t1e Windows )oad /1ases' JHow do you chan3e the D! $estore ad'in assword 2 In Windows 2000 Server, ,ou used to 1ave to $oot t1e "o#/uter w1ose /assword ,ou wanted to "1an3e in (ire"tor, Restore #ode, t1en use eit1er t1e i"roso%t ana3e#ent Conso)e . C0 Co"a) User and 9rou/s sna/+in or t1e "o##and net user ad#inistrator Y to "1an3e t1e Bd#inistrator /assword'

Win2P Server Servi"e Pa"7 2 .SP20 introdu"ed t1e Set/wd uti)it,, w1i"1 )ets ,ou reset t1e (ire"tor, Servi"e Restore re$oot t1e "o#/uter' . i"roso%t re%res1ed Set/wd in SP2 to i#/rove t1e uti)it,[s s"ri/tin3 o/tions'0 In Windows Server 200&, ,ou use t1e Ntdsuti) uti)it, to #odi%, t1e (ire"tor, Servi"e Restore !o do so, %o))ow t1ese ste/sH 1' Start Ntdsuti) .")i"7 Start, RunE enter "#d'e>eE t1en enter ntdsuti)'e>e0' 2' Start t1e (ire"tor, Servi"e Restore ntdsuti)H set dsr# /assword'

ode /assword wit1out 1avin3 to

ode Bd#inistrator /assword'

ode Bd#inistrator /assword+reset uti)it, $, enterin3 t1e ar3u#ent [set dsr# /assword[ at t1e ntdsuti) /ro#/tH

&' Run t1e Reset Password "o##and, /assin3 t1e na#e o% t1e server on w1i"1 to "1an3e t1e /assword, or use t1e nu)) ar3u#ent to s/e"i%, t1e )o"a) #a"1ine' ?or e>a#/)e, to reset t1e /assword on server testin3, enter t1e %o))owin3 ar3u#ent at t1e Reset (SR Bd#inistrator PasswordH reset /assword on server testin3 !o reset t1e /assword on t1e )o"a) #a"1ine, s/e"i%, nu)) as t1e server na#eH Reset (SR Bd#inistrator PasswordH reset /assword on server nu)) Bd#inistrator Password /ro#/tH Reset (SR

2' Fou[)) $e /ro#/ted twi"e to enter t1e new /assword' Fou[)) see t1e %o))owin3 #essa3esH 4' P)ease t,/e /assword %or (S Restore 5' P)ease "on%ir# new /asswordH Password 1as $een set su""ess%u)),' 8' E>it t1e /assword+reset uti)it, $, t,/in3 [quit[ at t1e %o))owin3 /ro#/tsH 8' Reset (SR ntdsuti)H quit JHow do ; use $e3istry -eys to re'ove a user fro' a 3rou 2 Bd#inistrator PasswordH quit ode Bd#inistrator B""ountH

In Windows Server 200&, ,ou "an use t1e ds#od "o##and+)ine uti)it, wit1 t1e +de)#$r swit"1 to re#ove a 3rou/ #e#$er %ro# t1e "o##and )ine' Fou s1ou)d a)so )oo7 into t1e %reeware uti)ities avai)a$)e %ro# www'Doeware'net ' B(?ind and B( od are indis/ensa$)e too)s in #, arsena) w1en it "o#es to sear"1in3 and #odi%,in3 B"tive (ire"tor,' JWhy are 'y ,8@ clients failin3 to connect to the Windows 2000 do'ain2

Sin"e N!2 re)ies on NetGIOS %or na#e reso)ution, veri%, t1at ,our WINS server .,ou do 1ave a WINS server runnin3, ,es[0 "ontains t1e re"ords t1at ,ou e>/e"t %or t1e 2000 do#ain "ontro))er, and t1at ,our ")ients 1ave t1e "orre"t address "on%i3ured %or t1e WINS server' JHow G, 3o to start 3o to start S run S t,/e re/)#on JWhy canCt you restore a D" that was bac-ed u @ 'onths a3o2 do you view usin3 S run re lication ro erties for re/)i"ation S t,/e .D artitions and D"s2 #onitor re/ad#in

Ge"ause o% t1e to#$stone )i%e w1i"1 is set to on), 50 da,s' JDifferent 'odes of .D restore 2

B nonaut1oritative restore is t1e de%au)t #et1od %or restorin3 B"tive (ire"tor,' !o /er%or# a nonaut1oritative restore, ,ou #ust $e a$)e to start t1e do#ain "ontro))er in (ire"tor, Servi"es Restore ode' B%ter ,ou restore t1e do#ain "ontro))er %ro# $a"7u/, re/)i"ation /artners use t1e standard re/)i"ation /roto"o)s to u/date B"tive (ire"tor, and asso"iated in%or#ation on t1e restored do#ain "ontro))er' Bn aut1oritative restore $rin3s a do#ain or a "ontainer $a"7 to t1e state it was in at t1e ti#e o% $a"7u/ and overwrites a)) "1an3es #ade sin"e t1e $a"7u/' I% ,ou do not want to re/)i"ate t1e "1an3es t1at 1ave $een #ade su$sequent to t1e )ast $a"7u/ o/eration, ,ou #ust /er%or# an aut1oritative restore' In t1is one needs to sto/ t1e in$ound re/)i"ation %irst $e%ore /er%or#in3 t1e Bn aut1oritative restore' JHow O O O O O O In E>/and E>/and E>/and t1e t1e Ri31t+")i"7 ?ind (o#ain t1e do you O/en site t1e na#e o% na#e t1e N!(S Contro))ers in Servers server confi3ure a B"tive w1i"1 %o)der t1at ,ou Settin3s, dia)o3 $o>, t1e stand$, to want to stand7by o eration (ire"tor, o/erations see $e t1e ")i"7 se)e"t a t1e #aster )ist stand$, New, na#e o% t1e 'aster is o% o/erations and "urrent for Sites )o"ated t1e #aster t1en ro)e 1o)der, to any of and dis/)a, servers to dis/)a, t1e in its ")i"7 and t1en Servers t1at N!(S the roles2 Servi"es' %o)der' site' Settin3s' ")i"7 OP'

Conne"tion'

O In t1e New O$De"t+Conne"tion dia)o3 $o>, enter an a//ro/riate na#e %or t1e Conne"tion o$De"t or a""e/t t1e de%au)t na#e, and ")i"7 OP'

JWhatCs the difference between transferrin3 a <!=& role and seizin3 2 Sei;in3 an ?S O "an $e a destru"tive /ro"ess and s1ou)d on), $e atte#/ted i% t1e e>istin3 server wit1 t1e ?S O is no )on3er avai)a$)e' I% ,ou /er%or# a sei;ure o% t1e ?S O ro)es %ro# a (C, ,ou need to ensure two t1in3sH t1e "urrent 1o)der is a"tua)), dead and o%%)ine, and t1at t1e o)d (C wi)) NE:ER return to t1e networ7' I% ,ou do an ?S O ro)e Sei;e and t1en $rin3 t1e /revious 1o)der $a"7 on)ine, ,ou6)) 1ave a /ro$)e#' Bn ?S O ro)e !RBNS?ER is t1e 3ra"e%u) #ove#ent o% t1e ro)es %ro# a )ive, wor7in3 (C to anot1er )ive (C (urin3 t1e /ro"ess, t1e "urrent (C 1o)din3 t1e ro)e.s0 is u/dated, so it $e"o#es aware it is no )on3er t1e ro)e 1o)der J; want to loo- at the $;D allocation table for a D". What do ; do2 d"dia3 /testHrid#ana3er /sHserverna#e /v .serverna#e is t1e na#e o% our (C0 JWhat is :rid3eHead !erver in .D 2 B $rid3e1ead server is a do#ain "ontro))er in ea"1 site, w1i"1 is used as a "onta"t /oint to re"eive and re/)i"ate data $etween sites' ?or intersite re/)i"ation, PCC desi3nates one o% t1e do#ain "ontro))ers as a $rid3e1ead server' In "ase t1e server is down, PCC desi3nates anot1er one %ro# t1e do#ain "ontro))er' W1en a $rid3e1ead server re"eives re/)i"ation u/dates %ro# anot1er site, it re/)i"ates t1e data to t1e ot1er do#ain "ontro))ers wit1in its site' JWhat is the default size of ntds.dit 2 10 G in Server 2000 and 12 G in Server 200& '

JWhere is the .D database held and What are other folders related to .D 2 B( (ata$ase is saved in Ls,ste#rootL/ntds' Fou "an see ot1er %i)es a)so in t1is %o)der' !1ese are t1e #ain %i)es "ontro))in3 t1e B( stru"ture' ntds'dit ed$')o3 res1')o3 res2')o3 ed$'"17 W1en a "1an3e is #ade to t1e Win2P data$ase, tri33erin3 a write o/eration, Win2P re"ords t1e transa"tion in t1e )o3 %i)e .ed$')o30' On"e written to t1e )o3 %i)e, t1e "1an3e is t1en written to t1e B( data$ase' S,ste# /er%or#an"e deter#ines 1ow %ast t1e s,ste# writes t1e data to t1e B( data$ase %ro# t1e )o3 %i)e' Bn, ti#e t1e s,ste# is s1ut down, a)) transa"tions are saved to t1e data$ase' (urin3 t1e insta))ation o% B(, Windows "reates two %i)esH res1')o3 and res2')o3' !1e initia) si;e o% ea"1 is 10 G' !1ese %i)es are used to ensure t1at "1an3es "an $e written to dis7 s1ou)d t1e s,ste# run out o% %ree dis7 s/a"e' !1e "1e"7/oint %i)e .ed$'"170 re"ords transa"tions "o##itted to t1e B( data$ase .ntds'dit0' (urin3 s1utdown, a Zs1utdownV state#ent is written to t1e ed$'"17 %i)e' !1en, durin3 a re$oot, B( deter#ines t1at a)) transa"tions in t1e ed$')o3 %i)e 1ave $een "o##itted to t1e B( data$ase' I%, %or so#e reason, t1e ed$'"17 %i)e doesn6t e>ist on re$oot or t1e s1utdown state#ent isn6t /resent, B( wi)) use t1e ed$')o3 %i)e to u/date t1e B( data$ase' !1e )ast %i)e in our )ist o% %i)es to 7now is t1e B( data$ase itse)%, ntds'dit' G, de%au)t, t1e %i)e is )o"ated inUN!(S, a)on3 wit1 t1e ot1er %i)es we6ve dis"ussed JWhat <!=& lace'ent considerations do you -now of 2 Windows 2000/200& B"tive (ire"tor, do#ains uti)i;e a Sin3)e O/eration in Understandin3 ?S O Ro)es in B"tive (ire"tor,' In #ost "ases an ad#inistrator "an 7ee/ t1e ?S O ro)e 1o)ders .a)) 4 o% t1e#0 in t1e sa#e s/ot .or a"tua)),, on t1e sa#e (C0 as 1as $een "on%i3ured $, t1e B"tive (ire"tor, insta))ation /ro"ess' <owever, t1ere are s"enarios w1ere an ad#inistrator wou)d want to #ove one or #ore o% t1e ?S O ro)es %ro# t1e de%au)t 1o)der (C to a di%%erent (C' Windows Server 200& B"tive (ire"tor, is a $it di%%erent t1an t1e Windows 2000 version w1en dea)in3 wit1 ?S O /)a"e#ent' In t1is arti")e I wi)) on), dea) wit1 Windows Server 200& B"tive (ire"tor,, $ut ,ou s1ou)d $ear in #ind t1at #ost "onsiderations are a)so true w1en /)annin3 Windows 2000 B( ?S O ro)es JWhat do you do to install a new Windows 2003 $2 D" in a Windows 2003 .D2 aster #et1od "a))ed ?S O .?)e>i$)e Sin3)e aster O/eration0, as des"ri$ed

I% ,ou6re insta))in3 Windows 200& R2 on an e>istin3 Windows 200& server wit1 SP1 insta))ed, ,ou require on), t1e se"ond R2 C(+RO ' Insert t1e se"ond C( and t1e r2auto'e>e wi)) dis/)a, t1e Windows 200& R2 Continue Setu/ s"reen' I% ,ou6re insta))in3 R2 on a do#ain "ontro))er .(C0, ,ou #ust %irst u/3rade t1e s"1e#a to t1e R2 version .t1is is a #inor "1an3e and #ost), re)ated to t1e new (%s re/)i"ation en3ine0'

!o u/date

t1e

s"1e#a, run

t1e

Bd/re/ uti)it,,

w1i"1

,ou6))

%ind

in

t1e

Co#/onentsUr2Uad/re/

%o)der

on

t1e

se"ond C(+RO '

Ge%ore runnin3 t1is "o##and, ensure a)) (Cs are runnin3 Windows 200& or Windows 2000 wit1 SP2 .or )ater0' <ere6s "o##andH (HUC PNEN!SUR2UB(PREPSad/re/ B(PREP or to Windows 2000 SP2 .or )ater0' X?E an, 25408M .in")uded ot1er in Windows 7e, 2000 SP2 and and )ater0 is /ress required to /revent EN! /otentia) ER do#ain "ontro))er to "orru/tion' quit' /%orest/re/ WBRNIN9H a sa#/)e e>e"ution o% t1e Bd/re/ /%orest/re/

Ge%ore runnin3 ad/re/, a)) Windows 2000 do#ain "ontro))ers in t1e %orest s1ou)d $e u/3raded to Windows 2000 Servi"e Pa"7 1 .SP10 wit1 X?E 25408M,

*User B"tion- I% BCC ,our e>istin3 Windows 2000 do#ain "ontro))ers #eet t1is require#ent, t,/e C and t1en /ress EN!ER to "ontinue' Ot1erwise, t,/e C O/ened Conne"tion to SB: (BC(C01 SSPI Gind su""eeded Current S"1e#a :ersion is &0 U/3radin3 s"1e#a to version &1 Conne"tin3 to ZSB:(BC(C01c Co33in3 in as "urrent user usin3 SSPI I#/ortin3 dire"tor, %ro# %i)e ZCHUWIN(OWSUs,ste#&2Us"1&1')d%V Coadin3 entriesI 1&M entries #odi%ied su""ess%u)),' !1e "o##and 1as "o#/)eted su""ess%u)), Bd/re/ su""ess%u)), u/dated t1e %orest+wide in%or#ation'

B%ter runnin3 Bd/re/, insta)) R2 $, /er%or#in3 t1ese ste/sH 1' 2' .e'3', usin3 2' a C)i"7 Bt t1e t1e ZContinue ZWe)"o#e a vo)u#e+)i"ense see t1e version to Windows t1e re3u)ar 7e,, t1en s"reen ,ou w1i"1 "an6t Server 200& Server Windows use a t1e retai) a"tions or to 200& R2 R2 200& i"roso%t $e (eve)o/er Setu/V Setu/ )in7, Wi;ardV SP1 Networ7 Co/, . S(N0 %i)es0' as t1e s"reen, %i3ures1ows' ")i"7 Ne>t'

Windows

&' Fou6)) $e /ro#/ted to enter an R2 C( 7e, .t1is is di%%erent %ro# ,our e>istin3 Windows 200& 7e,s0 i% t1e under),in3 OS wasn6t insta))ed %ro# R2 #edia insta))ation0' R2 7e,' Ne>t' Enter t1e R2 7e, and ")i"7 Ne>t' NoteH !1e )i"ense 7e, entered %or R2 #ust #at"1 t1e under),in3 OS t,/e, w1i"1 #eans i% ,ou insta))ed Windows 200& Fou6)) setu/ su##ar, "on%ir#s /er%or#ed .e'3', C)i"7

4' B%ter t1e insta))ation is "o#/)ete, ,ou6)) see a "on%ir#ation dia)o3 $o>' C)i"7 ?inis1 JWhat is &A 2

Or3ani;ation Unit is a "ontainer o$De"t in w1i"1 ,ou "an 7ee/ o$De"ts su"1 as user a""ounts, 3rou/s, "o#/uter, /rinter ' a//)i"ations and ot1er .OU0' In or3ani;ation unit ,ou "an assi3n s/e"i%i" /er#ission to t1e user6s' or3ani;ation unit "an a)so $e used to "reate de/art#enta) )i#itation' J,a'e a//)i"ation o% 9rou/ Po)i",' !1e B//),in3 (e)e3atin3 usua)), don6t 3o #ore t1an & OU )eve)s JWhat One or is #ore sites 2 we))+"onne"ted What .1i31), are re)ia$)e they and %ast0 used !CP/IP for 2 su$nets' %o))owin3 9rou/ Po)i", OU Bn OU is desi3n t1e re"o##endations )owest+)eve) B"tive (ire"tor, address "ontainer to de)e3ation w1i"1 ,ou "an and assi3n s"o/e 9rou/ Po)i", issuesH settin3s' aut1orit, so'e &A desi3n considerations 2

OU desi3n requires $a)an"in3 require#ents %or de)e3atin3 ad#inistrative ri31ts @ inde/endent o% 9rou/ Po)i", needs @ and t1e need to s"o/e t1e

ad#inistrative

B site a))ows ad#inistrators to "on%i3ure B"tive (ire"tor, a""ess and re/)i"ation to/o)o3, to ta7e advanta3e o% t1e /1,si"a) networ7' B Site o$De"t in B"tive (ire"tor, re/resents a /1,si"a) 3eo3ra/1i" )o"ation t1at 1osts networ7s' Sites "ontain o$De"ts "a))ed Su$nets' Sites "an $e used to Bssi3n 9rou/ Po)i", O$De"ts, %a"i)itate t1e dis"over, o% resour"es, #ana3e a"tive dire"tor, re/)i"ation, and #ana3e networ7 )in7 tra%%i"' Sites "an $e )in7ed to ot1er Sites' Site+)in7ed o$De"ts #a, $e assi3ned a "ost va)ue t1at re/resents t1e s/eed, re)ia$i)it,, avai)a$i)it,, or ot1er rea) /ro/ert, o% a /1,si"a) resour"e' Site Cin7s #a, a)so $e assi3ned a s"1edu)e' J8ryin3 re3ister "HUwindowsUs,ste#&2Sre3svr&2 O/en na#e O/en ad#inistrative too) @S s"1e#a'#s" ##" @S add it sna/in @S add as B"tive dire"tor, to looat s"1##3#t'd)) the !che'a> usin3 how can t1is ; do that 2 "o##and s"1##3#t'd)) s"1e#a s"1e#a'#s"

JWhat is the ort no of Gerbrose 2 88 JWhat is the ort no of 1lobal catalo3 2 &258 JWhat is the ort no of 4D./ 2 &8M J*6 lain .ctive Directory !che'a 2 Windows 2000 and Windows Server 200& B"tive (ire"tor, uses a data$ase set o% ru)es "a))ed ZS"1e#aV' !1e S"1e#a is de%ines as t1e %or#a) de%inition o% a)) o$De"t ")asses, and t1e attri$utes t1at #a7e u/ t1ose o$De"t ")asses, t1at "an $e stored in t1e dire"tor,' Bs #entioned ear)ier, t1e B"tive (ire"tor, data$ase in")udes a de%au)t S"1e#a, w1i"1 de%ines #an, o$De"t ")asses, su"1 as users, 3rou/s, "o#/uters, do#ains, or3ani;ationa) units, and so on' !1ese o$De"ts are a)so 7nown as ZC)assesV' !1e B"tive (ire"tor, S"1e#a "an $e d,na#i"a)), e>tensi$)e, #eanin3 t1at ,ou "an #odi%, t1e s"1e#a $, de%inin3 new o$De"t t,/es and t1eir attri$utes and $, de%inin3 new attri$utes %or e>istin3 o$De"ts' Fou "an do t1is eit1er wit1 t1e S"1e#a in too) in")uded wit1 Windows 2000/200& Server, or /ro3ra##ati"a)),' JHow can you forcibly re'ove .D fro' a server> and what do you do later2 2 "an ; 3et user asswords fro' the .D database2 ("/ro#o /%or"ere#ova) , an ad#inistrator "an %or"i$), re#ove B"tive (ire"tor, and ro)) $a"7 t1e s,ste# wit1out 1avin3 to "onta"t or re/)i"ate an, )o"a)), 1e)d "1an3es to anot1er (C in t1e %orest' Re$oot t1e server t1en B%ter ,ou use t1e d"/ro#o /%or"ere#ova) "o##and, a)) t1e re#ainin3 #etadata %or t1e de#oted (C is not de)eted on t1e survivin3 do#ain "ontro))ers, and t1ere%ore ,ou #ust #anua)), re#ove it $, usin3 t1e N!(SU!IC "o##and' In t1e event t1at t1e N!(S Settin3s o$De"t is not re#oved "orre"t), ,ou "an use t1e Ntdsuti)'e>e uti)it, to #anua)), re#ove t1e N!(S Settin3s o$De"t' Fou wi)) need t1e %o))owin3 too)H Ntdsuti)'e>e, B"tive (ire"tor, Sites and Servi"es, B"tive (ire"tor, Users and Co#/uters JWhat are the <!=& roles2 Who has the' by default2 What ha ?)e>i$)e Sin3)e S"1e#a #aster (o#ain na#in3 #aster RI( #aster P(C e#u)ator In%rastru"ture #aster JWhat is do'ain tree 2 (o#ain !reesH B do#ain tree "o#/rises severa) do#ains t1at s1are a "o##on s"1e#a and "on%i3uration, %or#in3 a "onti3uous na#es/a"e' (o#ains in a tree are a)so )in7ed to3et1er $, trust re)ations1i/s' B"tive (ire"tor, is a set o% one or #ore trees' !rees "an $e viewed two wa,s' One view is t1e trust re)ations1i/s $etween do#ains' !1e ot1er view is t1e na#es/a"e o% t1e do#ain tree' JWhat is forests 2 B "o))e"tion o% one or #ore do#ain trees wit1 a "o##on s"1e#a and i#/)i"it trust re)ations1i/s $etween t1e#' !1is arran3e#ent wou)d $e used i% ,ou 1ave #u)ti/)e root (NS addresses' JHow to !elect the . ro riate $estore =ethod 2 ens when each one fails2 ana3er sna/+

aster O/eration .?S O0 ro)e' Current), t1ere are %ive ?S O ro)esH

Fou se)e"t t1e a//ro/riate restore #et1od $, "onsiderin3H Cir"u#stan"es and "1ara"teristi"s o% t1e %ai)ure' !1e two #aDor "ate3ories o% %ai)ure, ?ro# an B"tive (ire"tor, /ers/e"tive, are B"tive (ire"tor, data "orru/tion and 1ardware %ai)ure' B"tive (ire"tor, data "orru/tion o""urs w1en t1e dire"tor, "ontains "orru/t data t1at 1as $een re/)i"ated to a)) do#ain "ontro))ers or w1en a )ar3e /ortion o% t1e B"tive (ire"tor, 1ierar"1, 1as $een "1an3ed a""identa)), .su"1 as de)etion o% an OU0 and t1is "1an3e 1as re/)i"ated to ot1er do#ain "ontro))ers' Where are the Windows ,8 /ri'ary Do'ain "ontroller (/D") and its :ac-u B"tive (ire"tor,' JWhat is 1lobal "atalo32 Do'ain "ontroller (:D") in !erver 20032

!1e B"tive (ire"tor, re/)a"es t1e#' Now a)) do#ain "ontro))ers s1are a #u)ti#aster /eer+to+/eer read and write re)ations1i/ t1at 1osts "o/ies o% t1e

!1e 9)o$a) Cata)o3 aut1enti"ates networ7 user )o3ons and %ie)ds inquiries a$out o$De"ts a"ross a %orest or tree' Ever, do#ain 1as at )east one 9C t1at is 1osted on a do#ain "ontro))er' In Windows 2000, t1ere was t,/i"a)), one 9C on ever, site in order to /revent user )o3on %ai)ures a"ross t1e networ7'

JHow

lon3

does

it

ta-e

for

security

chan3es

to

be

re licated

a'on3

the

do'ain

controllers2

Se"urit,+re)ated #odi%i"ations are re/)i"ated wit1in a site i##ediate),' !1ese "1an3es in")ude a""ount and individua) user )o"7out /o)i"ies, "1an3es to /assword /o)i"ies, "1an3es to "o#/uter a""ount /asswords, and #odi%i"ations to t1e Co"a) Se"urit, But1orit, .CSB0' JWhen should you create a forest2

Or3ani;ations t1at o/erate on radi"a)), di%%erent $ases #a, require se/arate trees wit1 distin"t na#es/a"es' Unique trade or $rand na#es o%ten 3ive rise to se/arate (NS identities' Or3ani;ations #er3e or are a"quired and na#in3 "ontinuit, is desired' Or3ani;ations %or# /artners1i/s and Doint ventures' W1i)e a""ess to "o##on resour"es is desired, a se/arate), de%ined tree "an en%or"e #ore dire"t ad#inistrative and se"urit, restri"tions' JDescribe the rocess of wor-in3 with an e6ternal do'ain na'e 2

I% it is not /ossi$)e %or ,ou to "on%i3ure ,our interna) do#ain as a su$do#ain o% ,our e>terna) do#ain, use a stand+a)one interna) do#ain' !1is wa,, ,our interna) and e>terna) do#ain na#es are unre)ated' ?or e>a#/)e, an or3ani;ation t1at uses t1e do#ain na#e "ontoso'"o# %or t1eir e>terna) na#es/a"e uses t1e na#e "or/'interna) %or t1eir interna) na#es/a"e' !1e advanta3e to t1is a//roa"1 is t1at it /rovides ,ou wit1 a unique interna) do#ain na#e' !1e disadvanta3e is t1at t1is "on%i3uration requires ,ou to #ana3e two se/arate na#es/a"es' B)so, usin3 a stand+a)one interna) do#ain t1at is unre)ated to ,our e>terna) do#ain #i31t "reate "on%usion %or users $e"ause t1e na#es/a"es do not re%)e"t a re)ations1i/ $etween resour"es wit1in and outside o% ,our networ7' In addition, ,ou #i31t 1ave to re3ister two (NS na#es wit1 an Internet na#e aut1orit, i% ,ou want to #a7e t1e interna) do#ain /u$)i"), a""essi$)e' JHow do you view all the 1"s in the forest2 CHUSre/ad#in do#ainQ"ontro))er OR Fou OR B( Sites and Servi"es and ns)oo7u/ 3"'Q#sd"s' !o dsquer, %ind t1e server in 9C +is3" %ro# to t1e "o##and %ind )ine a)) ,ou t1e "an tr, 9C6s usin3 in (SXUERF t1e "o##and' %orest "an use Re/)#on'e>e %or t1e sa#e /ur/ose' /s1owre/s

,ou "an tr, dsquer, server +%orest +is3"' J What are the hysical co' onents of .ctive Directory2 (o#ain "ontro))ers and Sites' (o#ain "ontro))ers are /1,si"a) "o#/uters w1i"1 are runnin3 Windows Server o/eratin3 s,ste# and B"tive (ire"tor, data $ase' Sites are a networ7 se3#ent $ased on 3eo3ra/1i"a) )o"ation and w1i"1 "ontains #u)ti/)e do#ain "ontro))ers in ea"1 site' J What are the lo3ical co' onents of .ctive Directory2 (o#ains, Or3ani;ationa) Units, trees and %orests are )o3i"a) "o#/onents o% B"tive (ire"tor,' S What are the .ctive Directory /artitions2 B"tive (ire"tor, data$ase is divided into di%%erent /artitions su"1 as S"1e#a /artition, (o#ain /artition, and Con%i3uration /artition' B/art %ro# t1ese /artitions, we "an "reate B//)i"ation /artition $ased on t1e require#ent' J What is 3rou nestin32 Bddin3 one 3rou/ as a #e#$er o% anot1er 3rou/ is "a))ed =3rou/ nestin36' !1is wi)) 1e)/ %or eas, ad#inistration and redu"ed re/)i"ation tra%%i"' J What is the feature of Do'ain 4ocal 1rou 2 (o#ain )o"a) 3rou/s are #ain), used %or 3rantin3 a""ess to networ7 resour"es'B (o#ain )o"a) 3rou/ "an "ontain a""ounts %ro# an, do#ain, 3)o$a) 3rou/s %ro# an, do#ain and universa) 3rou/s %ro# an, do#ain' ?or e>a#/)e, i% ,ou want to 3rant /er#ission to a /rinter )o"ated at (o#ain B, to 10 users %ro# (o#ain G, t1en "reate a 9)o$a) 3rou/ in (o#ain G and add a)) 10 users into t1at 9)o$a) 3rou/' !1en, "reate a (o#ain )o"a) 3rou/ at (o#ain B, and add 9)o$a) 3rou/ o% (o#ain G to (o#ain )o"a) 3rou/ o% (o#ain B, t1en, add (o#ain )o"a) 3rou/ o% (o#ain B to t1e /rinter.o% (o#ain B0 se"urit, BCC How will you ta-e .ctive Directory bac-u 2 B"tive (ire"tor, is $a"7ed u/ a)on3 wit1 S,ste# State data' S,ste# state data in")udes Co"a) re3istr,, CO W, Goot %i)es, N!(S'(I! and SFS:OC %o)der' S,ste# state "an $e $a"7ed u/ eit1er usin3 ana3er et"' i"roso%t6s de%au)t N!GBCPUP too) or t1ird /art, too)s su"1 as S,#ante"1 NetGa"7u/, IG !ivo)i Stora3e

J Do we use clusterin3 in .ctive Directory 2 Why 2 No one insta))s B"tive (ire"tor, in a ")uster' !1ere is no need o% ")usterin3 a do#ain "ontro))er' Ge"ause B"tive (ire"tor, /rovides tota) redundan", wit1 two or #ore servers' J What is .ctive Directory $ecycle :in 2 B"tive (ire"tor, Re",")e $in is a %eature o% Windows Server 2008 B(' It 1e)/s to restore a""identa)), de)eted B"tive (ire"tor, o$De"ts wit1out usin3 a $a"7ed u/ B( data$ase, re$ootin3 do#ain "ontro))er or restartin3 an, servi"es' J How do you chec- currently forest and do'ain functional levels2 !ay both 1A; and "o''and line. !o %ind out %orest and do#ain %un"tiona) )eve)s in 9UI #ode, o/en B(UC, ri31t ")i"7 on t1e do#ain na#e and ta7e /ro/erties' Got1 do#ain and %orest %un"tiona) )eve)s wi)) $e )isted t1ere' !O %ind out %orest and do#ain %un"tiona) )eve)s, ,ou "an use (SXUERF "o##and' J Which version of Gerberos is used for Windows 200092003 and 2008 .ctive Directory 2 B)) versions o% Windows Server B"tive (ire"tor, use Per$eros 4' J ,a'e few ort nu'bers related to .ctive Directory 2 Per$eros 88, C(BP &8M, (NS 4&, S G 224 J What is an <FD, 2 ?X(N "an $e e>/anded as ?u)), Xua)i%ied (o#ain Na#e'It is a 1ierar"1, o% a do#ain na#e s,ste# w1i"1 /oints to a devi"e in t1e do#ain at its )e%t #ost end' ?or e>a#/)e in s,ste#' J Have you heard of .D." 2 B(BC+ B"tive (ire"tor, Bd#inistrative Center is a new 9UI too) "a#e wit1 Windows Server 2008 R2, w1i"1 /rovides en1an"ed data #ana3e#ent e>/erien"e to t1e ad#in' B(BC 1e)/s ad#inistrators to /er%or# "o##on B"tive (ire"tor, o$De"t #ana3e#ent tas7 a"ross #u)ti/)e do#ains wit1 t1e sa#e B(BC instan"e' J How 'any ob?ects can be created in .ctive Directory2 (both 2003 and 2008) Bs /er i"roso%t, a sin3)e B( do#ain "ontro))er "an "reate around 2'14 $i))ion o$De"ts durin3 its )i%eti#e'

J *6 lain the rocess between a user rovidin3 his Do'ain credential to his wor-station and the des-to bein3 loaded2 &r how the .D authentication wor-s 2 W1en a user enters a user na#e and /assword, t1e "o#/uter sends t1e user na#e to t1e P(C' !1e P(C "ontains a #aster data$ase o% unique )on3 ter# 7e,s %or ever, /rin"i/a) in its rea)#' !1e P(C )oo7s u/ t1e user6s #aster 7e, .PB0, w1i"1 is $ased on t1e user6s /assword' !1e P(C t1en "reates two ite#sH a session 7e, .SB0 to s1are wit1 t1e user and a !i"7et+9rantin3 !i"7et .!9!0' !1e !9! in")udes a se"ond "o/, o% t1e SB, t1e user na#e, and an e>/iration ti#e' !1e P(C en"r,/ts t1is ti"7et $, usin3 its own #aster 7e, .PP(C0, w1i"1 on), t1e P(C 7nows' !1e ")ient "o#/uter re"eives t1e in%or#ation %ro# t1e P(C and runs t1e user6s /assword t1rou31 a one+wa, 1as1in3 %un"tion, w1i"1 "onverts t1e /assword into t1e user6s PB' !1e ")ient "o#/uter now 1as a session 7e, and a !9! so t1at it "an se"ure), "o##uni"ate wit1 t1e P(C' !1e ")ient is now aut1enti"ated to t1e do#ain and is read, to a""ess ot1er resour"es in t1e do#ain $, usin3 t1e Per$eros /roto"o)

Restoring FRS replicas

,he glo&al B'r1lags registry key contains #E?_D7!#D val'es@ and is located in the follo%ing location in the registry: 34E2_L!(AL_5A(3I E.S2S,E5.('rrent(ontrolSet.Services. t1rs.$arameters.Back'p/#estore.$rocess at Start'p ,he most common val'es for the B'r1lags registry key are: D9@ also kno%n as a nona'thoritative mode restore D;@ also kno%n as an a'thoritative mode restor