Professional Documents
Culture Documents
Windows Admin L2
Windows Admin L2
3. What is GPO?
It is a set of rules which is used to manage Domain Environment like User and Computer
configuration.
There are two types of policy Local computer policy and Domain policy.
Creation of policy- Local computers, Site, Domain, OU (LSDOU)
Applicable policy- OU, Domain, Site, Local computer (OUDSL)
4. What is SYSVOL?
SYSVOL folder contains Domain wide group policy that is shared between DCs. It
requires NTFS partition and it replicates with other DCs with the help of File Replication
service in windows 2003 server. In windows server 2008, DFSR is responsible to
replicate SYSVOL folder and SYSVOL folder is known as SYSVOL_DFSR.
Note: To specify a network path for the home folder, you must first create the network
share and set permissions that permit the user access. You can do this with Shared Folders
in Computer Management on the server computer.
1. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Users and Computers.
\\server\users\tester
You can substitute username for the last subfolder in the path, for example:
\\server\users\username
6. Note In these examples, server is the name of the file server housing the home
folders, and users is the shared folder.
2 Click OK.
https://support.microsoft.com/en-us/kb/816313#bookmark-3
9. What are different types of groups? What is Group scope and what are the different types
of group scopes?
There are two types of groups- Security Groups and Distribution Groups
Security Groups: Security groups are used to group domain users into a single
administrative unit. Security groups can be assigned permissions and can also be used as e-mail
distribution lists. Users placed into a group inherit the permissions assigned to the group for as
long as they remain members of that group. Windows itself uses only security groups.
Distribution groups: These are used to nonsecurity purposes by applications other than Windows.
One of the primary uses is within an e-mail.
As with user accounts, there are both local and domain-level groups. Local groups are stored in a
local computer’s security database and are intended to control resources access on that computer.
Domain groups are stored in Active Directory and let you gather users and control resources
access in a domain and on domain controllers.
Groups Scope: Group scopes determine where in the Active Directory forest a group is
accessible and what objects can be placed into the group.
There are three different group scopes; domain local, global and universal. The scope decides who
can be member of the group and where the group can be used. These are the three group scopes
and a "Can Contain Matrix" for each:
1. Domain Local Groups: These groups are only visible in their own domain. For that reason, domain
Local Security groups can be used to grant rights and permissions only on resources that reside in
the same domain where the domain local group is located. Domain local groups can contain domain
local groups only from the same domain, but users, computers and all other group-types from the
same domain and trusted domains (all domains in the forest). Use domain local groups for assigning
permissions to resources in their home domain.
CAN CONTAIN: Domain Local Groups from the own domain, Global Groups from trusted domains
and any domain in the forest, Universal groups from trusted domains and any domain in the forest.
2. Global Groups: These groups are visible through-out the forest, but can only contain accounts and
global groups from the same domain. The group itself can be a member of universal and domain
local groups in any domain, and global groups of its own domain. The groups should be used to
organize users who share the same job tasks or department etc. You should not assign permissions
directly to global groups – domain local groups are more appropriate for that.
3. Universal groups: These groups are visible through-out the forest and can contain accounts, global
groups and other universal groups from any domain in the forest (they cannot contain domain local
groups). Universal groups should be used to nest global groups. By doing that, the group can assign
permissions to resources in multiple domains.
CAN CONTAIN: Global Groups from any domain in the forest, Universal Groups from any domain in
the forest.
It is recommended that the cost value be defined on a site-wide basis. Cost is usually based not
only on the total bandwidth of the link but also on the availability, latency, and monetary cost of
the link. https://technet.microsoft.com/en-us/library/cc782827(v=ws.10).aspx
Repadmin /kcc - Forces the Knowledge Consistency Checker (KCC) on each targeted domain
controller to immediately recalculate the inbound replication topology.
Repadmin /prp - Lists and modifies the Password Replication Policy (PRP) for read-only domain
controllers (RODCs).
Repadmin /queue - Displays inbound replication requests that the domain controller has to issue to
become consistent with its source replication partners.
Growth in the number of items in the queue of an online domain controller can be caused by any of the
following factors:
High change rates to objects in Active Directory Domain Services (AD DS)
Insufficient CPU or network bandwidth for the amount of data that the domain controller is
replicating
Repadmin /replicate - Triggers the immediate replication of the specified directory partition to a
destination domain controller from a source domain controller.
Repadmin /replsingleobj - Replicates a single object between any two domain controllers that
have common directory partitions.
The two domain controllers do not have a replication agreement. That is, neither domain controller has an
inbound connection object for the other domain controller.
You can use the repadmin /showrepl or the repadmin /showconn command to show replication
agreements.
Repadmin /replsummary - Identifies domain controllers that are failing inbound replication or
outbound replication, and summarizes the results in a report.
Repadmin /rodcpwdrepl - Triggers replication of passwords for the specified users from a writable
Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs).
For each destination RODC, the source domain controller enforces the Password Replication Policy (PRP)
before it performs the operation. If the PRP does not permit replicating the password to an RODC for a
specified user, the operation for that user and RODC combination fails.
Repadmin /showattr - Although the repadmin /showobjmeta command displays the number of
times that the attributes on an object have changed and which domain controller made those changes,
the repadmin /showattr command displays the actual values for an object. The repadmin
/showattr command can also display the values for objects that are returned by a command-line
Lightweight Directory Access Protocol (LDAP) query.
An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).
By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query
writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query
the read-only partitions of a global catalog server.
Repadmin /showobjmeta - Displays the replication metadata for a specified object stored in
Active Directory Domain Services (AD DS), such as the attribute ID, a version number, the originating and
local Update Sequence Numbers (USNs), the globally unique identifier (GUID) of the originating server,
and the date and time stamp. By comparing the replication metadata for the same object on different
domain controllers, you can determine whether replication has occurred or which domain controller
added, modified, or deleted an attribute or object. You can reference an object by its distinguished name
path, object GUID, or security identifier (SID). If the distinguished name path includes a space, enclose it in
quotation marks.
Repadmin /showrepl - Displays the replication status when the specified domain controller last
attempted to perform inbound replication of Active Directory partitions.
The repadmin /showrepl command helps you understand the replication topology and replication
failures. It reports status for each source domain controller from which the destination has an inbound
connection object. The status report is categorized by directory partition.
Repadmin /showutdvec - Displays the highest committed Update Sequence Number (USN) that
Active Directory Domain Services (AD DS) on the targeted domain controller shows as committed for itself
and its transitive partners.
The up-to-dateness vector (UTDVEC) shows the highest USN that the destination domain controller has
received by replication, in the form of changes it has received from its direct and transitive replication
partners for the specified partition.
Repadmin /syncall - Synchronizes a specified domain controller with all of its replication partners.
When network problems occur, they can interfere with communication between cluster nodes. A small set
of nodes might be able to communicate together across a functioning part of a network but not be able
to communicate with a different set of nodes in another part of the network. This can cause serious issues.
In this "split" situation, at least one of the sets of nodes must stop running as a cluster.
To prevent the issues that are caused by a split in the cluster, the cluster software requires that any set of
nodes running as a cluster must use a voting algorithm to determine whether, at a given time, that set has
quorum. Because a given cluster has a specific set of nodes and a specific quorum configuration, the
cluster will know how many "votes" constitutes a majority (that is, a quorum). If the number drops below
the majority, the cluster stops running. Nodes will still listen for the presence of other nodes, in case
another node appears again on the network, but the nodes will not begin to function as a cluster until the
quorum exists again.
Conditional forwarders are DNS servers that forward queries according to domain names. Rather than
having a DNS server forward all queries it cannot resolve locally to a forwarder, you can configure DNS
servers to forward queries to different forwarders according to the specific domain names that are
contained in the queries. Forwarding according to domain names improves conventional forwarding by
adding a name-based condition to the forwarding process.
The conditional forwarder setting for a DNS server consists of the following:
The domain names for which the DNS server will forward queries
One or more DNS server IP addresses for each domain name that is specified
15. How PDC emulator works with NT 4.0?
The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0
Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
This part of the PDC emulator role becomes unnecessary when all workstations,
member servers, and domain controllers that are running Windows NT 4.0 or earlier
are all upgraded to Windows 2000. The PDC emulator still performs the other
functions as described in a Windows 2000 environment.
Verify that all domain controllers are communicating with the central monitoring console or collector.
View and examine all new alerts on each domain controller, resolving them in a timely fashion.
Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV.
MOM reports these as Active Directory Essential Services.
Resolve alerts indicating that the domain controller is not advertising itself.
Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to
the event log, resolve alerts marked error first.
Importance
Communication failure between the domain controller and the monitoring infrastructure prevents you
from receiving alerts so you can examine and resolve them.
This precaution helps you avoid service outages.
Active Directory depends on these services. They must be running on every domain controller.
Domain controllers must register DNS records to be able to respond to LDAP and other service requests.
The Kerberos authentication protocol requires that time be synchronized between all domain controllers
and clients that use it.
The highest priority alerts indicate the most serious risk to your service level..
https://technet.microsoft.com/en-us/library/bb727046.aspx#ECAA
open the users profile in ADUC, you will see that there is a field called
"Home Folder". You can use the "Connect to" option to map a drive to the
share on the file and print server eg \\fileserver\users\%UserName%
On the fileserver, create a folder called users and share it. Change the
permissions as follows:
1) Turn off inheritance on the folder and copy the permissions. You do this
by:
c. On the Permissions Entry for users dialog box, drop down the Apply
onto and select This folder only.
d. Click OK twice.
Users frequently ask "how big should I make the pagefile?" There is no single
answer to this question because it depends on the amount of installed RAM and
on how much virtual memory that workload requires. If there is no other
information available, the typical recommendation of 1.5 times the installed RAM
is a good starting point. On server systems, you typically want to have sufficient
RAM so that there is never a shortage and so that the pagefile is basically not
used. On these systems, it may serve no useful purpose to maintain a really large
pagefile. On the other hand, if disk space is plentiful, maintaining a large pagefile
(for example, 1.5 times the installed RAM) does not cause a problem, and this
also eliminates the need to worry over how large to make it.
8. What is memory leakage and how will you check If memory leakage is happening or
not ?
Or,
Event ID 2019- The server was unable to allocate from the system non-paged pool
because the pool was empty.
Event ID 2020- The server was unable to allocate from the system paged pool
because the pool was empty.
Source- SRV
https://support.microsoft.com/en-us/kb/177415
We can check Server by using HP ILO remote tool by using web based console or
standalone remote tool
https://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx
Flexible Single Master Operation Roles (FSMO) Active Directory has five
special roles which are vital for the smooth running of AD as a multimaster
system. Some functions of AD require there is an authoritative master to which
all Domain Controllers can refer to.
All access to Active Directory is carried out through LDAP, and every object in
Active Directory has an LDAP distinguished name. An algorithm automatically
provides an LDAP distinguished name for each DNS domain name.
Or,
Each object in the directory has a distinguished name (DN) that is globally unique
and identifies not only the object itself, but also where the object resides in the
overall object hierarchy. We can think of the distinguished name as the relative
distinguished name of an object concatenated with the relative distinguished
names of all parent containers that make up the path to the object.
CN=wjglenn,CN=Users,DC=contoso,DC=com.
This distinguished name would indicate that the user object wjglenn is in the
Users container, which in turn is located in the contoso.com domain. If the
wjglenn object is moved to another container, its DN will change to reflect its new
position in the hierarchy. Distinguished names are guaranteed to be unique in the
forest, similar to the way that a fully qualified domain name uniquely identifies an
object’s placement in a DNS hierarchy. We cannot have two objects with the
same distinguished name.
When the system encounters a hardware problem, data inconsistency, or similar error, it may
display a blue screen containing information that can be used to determine the cause of the error.
This information includes the STOP code and whether a crash dump file was created. It may also
include a list of loaded drivers and a stack trace.
There are 3 registry values for each memory dump which should be correct
otherwise no memory dump logs will be collected.
Crashdumpenabled
http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-
screen-crashes-for-beginners.aspx
(a) Make sure that all servers that you want to add as cluster nodes are running the same
version of Windows Server.
(b) Review the hardware requirements to make sure that your configuration is supported.
(c) If you want to add clustered storage during cluster creation, make sure that all servers
can access the storage. (You can also add clustered storage after you create the cluster.)
(d) Make sure that all servers that you want to add as cluster nodes are joined to the same
Active Directory domain.
(e) (Optional) Create an organizational unit (OU) and move the computer accounts for the
servers that you want to add as cluster nodes into the OU. As a best practice, we
recommend that you place failover clusters in their own OU in AD DS. This can help you
better control which Group Policy settings or security template settings affect the cluster
nodes. By isolating clusters in their own OU, it also helps prevent against accidental
deletion of cluster computer objects.
(f) Make sure that the account you want to use to create the cluster is a domain user who
has administrator rights on all servers that you want to add as cluster nodes.
https://technet.microsoft.com/en-us/library/dn505754.aspx#BKMK_ClusPrereq
A cluster quorum disk is the storage medium on which the configuration database is
stored for a cluster computing network. The cluster configuration database, also called
the quorum, tells the cluster which physical server(s) should be active at any given time.
The quorum disk comprises a shared block device that allows concurrent read/write
access by all nodes in a cluster.
Can sustain failures of half the nodes (rounding up) minus one. For example, a seven node cluster
can sustain three node failures.
Node and Disk Majority (recommended for clusters with an even number of nodes)
Can sustain failures of half the nodes (rounding up) if the disk witness remains online. For
example, a six node cluster in which the disk witness is online could sustain three node failures.
Can sustain failures of half the nodes (rounding up) minus one if the disk witness goes offline or
fails. For example, a six node cluster with a failed disk witness could sustain two (3-1=2) node
failures.
Node and File Share Majority (for clusters with special configurations)
Works in a similar way to Node and Disk Majority, but instead of a disk witness, this cluster uses a
file share witness.
Note that if you use Node and File Share Majority, at least one of the available cluster nodes must
contain a current copy of the cluster configuration before you can start the cluster. Otherwise, you
must force the starting of the cluster through a particular node. For more information, see
"Additional considerations" in Start or Stop the Cluster Service on a Cluster Node.
No Majority: Disk Only (not recommended)
Can sustain failures of all nodes except one (if the disk is online). However, this configuration is
not recommended because the disk might be a single point of failure.
6. What is Replication and How Inter site replication works?
Except for very small networks, directory data must reside in more than one place on the network to be
equally useful to all users. Through replication, the Active Directory® directory service maintains replicas
of directory data on multiple domain controllers, ensuring directory availability and performance for all
users. Active Directory uses a multimaster replication model, allowing you to make directory changes at
any domain controller, not just at a designated primary domain controller. Active Directory relies on the
concept of sites to help keep replication efficient, and on the Knowledge Consistency Checker (KCC) to
automatically determine the best replication topology for the network.
Intersite Replication- Active Directory Domain Services (AD DS) handles replication between
sites, or intersite replication, differently than replication within sites because bandwidth between
sites is usually limited. The Active Directory Knowledge Consistency Checker (KCC) builds the
intersite replication topology using a least-cost spanning tree design. Intersite replication is
optimized for bandwidth efficiency. Directory updates between sites occur automatically based on
a configurable schedule. Directory updates that are replicated between sites are compressed to
preserve bandwidth.
7. How will you schedule Replication between two Sites, if you have 5000 Employees in
each site and slower WAN links?
We can schedule replication during non-business hours or the specific time when
network/bandwidth utilization is very less.
8. What is KDC?
The Kerberos Key Distribution Center (KDC) is a network service that supplies
session tickets and temporary session keys to users and computers within
an Active Directory domain. The KDC runs on each domain controller as part
of Active Directory Domain Services (ADDS).
Or,
9. What is KCC?
The KCC (Knowledge Consistency Checker) is a built-in process that runs on all domain
controllers. It is a dynamic-link library that modifies data in the local directory in response to
system wide changes, which are made known to the KCC by changes to the data within Active
Directory. The KCC generates and maintains the replication topology for replication within sites
and between sites..
2. In the console tree, click the domain controller you want to use to check replication topology.
Where?
o Active Directory Sites and Services/Sites/site that contains the domain controller whose
replication topology you want to check/Servers/server you want to use to check replication
topology
3. In the details pane, right-click NTDS Settings, point to All Tasks, and then click Check
Replication Topology.
The repadmin /showrepl command helps you understand the replication topology and
replication failures.
13. An administrator changed something in group policy and you have to find out, what was
changes and who made it, How will you approach for this?
We can monitor each and every changes made in Group policy by using Advanced Group
policy Management tool.
We can check event viewer for event ID 1704 source SceCli if group policy has been
applied or not.
https://technet.microsoft.com/en-us/windows/hh826067.aspx
User account is used to access files and folders perform day to day task as per end user
requirements however service account is used to start/run specific service and while
creating service account User password never expired and user cannot change password
should be checked, so that service can run without any interruption.
Copy backup
A copy backup copies all the files you select, but does not mark each file as having been backed up (in
other words, the archive attribute is not cleared). Copying is useful if you want to back up files between
normal and incremental backups because copying does not affect these other backup operations.
Daily backup
A daily backup copies all the files that you select that have been modified on the day the daily backup is
performed. The backed-up files are not marked as having been backed up (in other words, the archive
attribute is not cleared).
Differential backup
A differential backup copies files that have been created or changed since the last normal or incremental
backup. It does not mark files as having been backed up (in other words, the archive attribute is not
cleared). If you are performing a combination of normal and differential backups, restoring files and
folders requires that you have the last normal as well as the last differential backup.
Incremental backup
An incremental backup backs up only those files that have been created or changed since the last normal
or incremental backup. It marks files as having been backed up (in other words, the archive attribute is
cleared). If you use a combination of normal and incremental backups, you will need to have the last
normal backup set as well as all incremental backup sets to restore your data.
Normal backup
A normal backup copies all the files you select and marks each file as having been backed up (in other
words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the
backup file or tape to restore all of the files. You usually perform a normal backup the first time you create
a backup set.
Backing up your data using a combination of normal backups and incremental backups requires the least
amount of storage space and is the quickest backup method. However, recovering files can be time-
consuming and difficult because the backup set might be stored on several disks or tapes.
Backing up your data using a combination of normal backups and differential backups is more time-
consuming, especially if your data changes frequently, but it is easier to restore the data because the
backup set is usually stored on only a few disks or tapes.
https://technet.microsoft.com/en-us/library/cc770266(v=ws.10).aspx
16. We have two group scope Domain Local and Global. We have three domain controllers.
We have created both group on one DC and wanted to have access files stored from all
three DCs, do we need to change anything or how you will assign security or group
nesting accordingly?
17. Somehow an OU got deleted and we want to restore it how will you approach?
18. What is difference between Windows Server 2003 & 2008 BSOD troubleshooting?
20. What is LDAP and how it works with Active Directory & Port number for LDAP,
SLDAP?
https://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx
21. A user is trying to login on a machine and getting server cannot be found what is the
cause behind this error?
DNS, Role and replication check.
22. A user want to configure both his LAN and WI-FI to connect with Internet but he wants
to configure it like one get connected then second connection would be
disabled/disconnected automatically, how will you approach for this?
If a large number of stale resource records remain in zones, they can eventually take up server
disk space and cause unnecessarily long zone transfers.
Domain Name System (DNS) servers that load zones that contain stale resource records might
use outdated information to answer client queries, potentially causing the clients to experience
name resolution problems on the network.
The accumulation of stale resource records at the DNS server can degrade its performance and
responsiveness.
In some cases, the presence of a stale resource record in a zone can prevent a DNS domain name
from being used by another computer or host device.
If any object is not is use by default 7 days then it will be considered as stale record.
24. How Active directory database stored Objects, explain its Hierarchy?
Four interfaces:
https://technet.microsoft.com/en-us/library/cc759186(v=ws.10).aspx
27. What process works in background when a newly created domain user logged into the
system? Explain step by step.
MSGINA, LDAP, KDC, Kerberos
With a recursive name query , the DNS client requires that the DNS server respond to the
client with either the requested resource record or an error message stating that the record
or domain name does not exist. The DNS server cannot just refer the DNS client to a
different DNS server.
Thus, if a DNS server does not have the requested information when it receives a
recursive query, it queries other servers until it gets the information, or until the name
query fails.
Recursive name queries are generally made by a DNS client to a DNS server, or by a
DNS server that is configured to pass unresolved name queries to another DNS server, in
the case of a DNS server configured to use a forwarder.
An iterative name query is one in which a DNS client allows the DNS server to return the
best answer it can give based on its cache or zone data. If the queried DNS server does
not have an exact match for the queried name, the best possible information it can return
is a referral (that is, a pointer to a DNS server authoritative for a lower level of the
domain namespace). The DNS client can then query the DNS server for which it obtained
a referral. It continues this process until it locates a DNS server that is authoritative for
the queried name, or until an error or time-out condition is met.
This process is sometimes referred to as "walking the tree," and this type of query is
typically initiated by a DNS server that attempts to resolve a recursive name query for a
DNS client.
• It is highly automated and claims to manage seamlessly no matter where or what time.
• It optimizes system performance with the help of the Intel xenon Processors 5600 or
5500. These processors have enables it to give higher performance and better power
efficiency.
• It claims to give up to 92% of efficiency. It has got power capping system to reduce the
wastage of power.
• Generation 7 has been optimized taking into consideration the large amount of
memory needed for all the expansion (Input or Output –I/O expansion)
• Hard drives with either 2 large form factors or four factors of small form.
Following are some of the features where G7 differences and equalizes G6 and proves
Power discovery.
• Thus combining all it gives a state of automation with energy saving which claims to
• It has got the ability to spare memory in the virtual machine to repair it even without
37. A user have 2TB space assigned on file server and he wants one more TB space and there
is Storage disk, so do we need to change anything on file Server?
38. How will troubleshoot performance issue in Servers?
39. What is windows backup, explain?
40. RAID 5
41. What is lingerie object in AD?
42. What is Tombstone?
43. What is Bridgehead Server?
44. We have 100 server in an OU and there is policy applied on that OU. You want to block
that policy on specific five server, you don’t have to use Block Policy Inheritance option.
How will you approach?
45. What is Clustering?
46. What is Fine grained password policy?
47. What is page file?
48. What is PERFMON and how to set counter for RAM usage?
49.
DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
Task list
*********************************************
Microsoft Free tools for AD:
1. Active Directory Best Practices Analyzer
2. MPS Reports
3. Repadmin and Replsum
4. DCDiag /Test:DNS
5. DNSCMD Command-Line Tool
FRS 13508, 13509, 13512, 13522, 13567, 13568 See "Troubleshooting FRS."
Netlogon 5774, 5775, 5781, 5783, 5805 See "Troubleshooting Active DirectoryR
Active Directory Domains and Windows 2000 Administrative Tools Pack Administer domain trusts, add user principal na
Trusts snap-in
Active Directory Sites and Windows 2000 Administrative Tools Pack Administer the replication of directory data.
Services snap-in
Active Directory Users and Windows 2000 Administrative Tools Pack Administer and publish information in the direc
Computers snap-in
ADSI Edit, MMC snap-in Windows 2000 Support Tools View, modify, and set access control lists (ACLs)
Backup Wizard Windows 2000 operating system tool Back up and restore data.
Control Panel Windows 2000 View and modify computer, application, and ne
Dcdiag.exe Windows 2000 Support Tools andWindows Analyze the state of domain controllers in a for
2000 Server Resource Kit reporting any problems.
Dsastat.exe Windows 2000 Support Tools Compare directory information on domain cont
Event viewer Windows 2000 Administrative Tools Pack Monitor events recorded in event logs.
Ipconfig.exe Windows 2000 operating system tool View and manage network configuration.
Ldp.exe Windows 2000 Support Tools Perform Lightweight Directory Access Protocol
Linkd.exe Windows 2000 Server Resource Kit Create, delete, update, and view the links that a
MMC Windows 2000 Create, save, and open administrative tools (cal
software, and network components.
Netdiag.exe Windows 2000 Server Resource Kit and Check end-to-end network connectivity and dis
Windows 2000 Support Tools
Netdom.exe Windows 2000 Support Tools Allow batch management of trusts, joining com
secure channels.
Net use, start, stop, del, copy, Windows 2000 operating system tool Perform common tasks on network services, inc
time network resources.
Nltest.exe Windows 2000 Support Tools Verify that the locator and secure channel are fu
Ntdsutil.exe Windows 2000 operating system tool Manage Active Directory, manage single maste
Ntfrsutl.exe Windows 2000 Server Resource Kit View and manage FRS configuration.
Performance Monitor Windows 2000 operating system tool View system performance data, performance lo
Pathping.exe Windows 2000 operating system tool Trace a route from a source to a destination on
packet loss.
Regedit.exe Windows 2000 operating system tool View and modify registry settings.
Repadmin.exe Windows 2000 Support Tools Verify replication consistency between replicati
replication metadata, and force replication even
Replmon.exe Windows 2000 Support Tools Display replication topology, monitor replicatio
topology recalculation.
Secedit.exe Windows 2000 operating system tool Manage Group Policy settings.
Services snap-in Windows 2000 Administrative Tools Pack Start, stop, pause, or resume system services on
startup and recovery options for each service.
Setspn.exe Windows 2000 Support Tools Manage security principal names (SPNs).
W32tm Windows 2000 operating system tool Manage Windows Time Service.
Windows Explorer Windows 2000 Access files, Web pages, and network locations
The operations common to basic and dynamic disks are the following:
Support both MBR and GPT partition styles.
Check disk properties, such as capacity, available free space, and current status.
View partition properties, such as offset, length, type, and if the partition can be used as the
system volume at boot.
View volume properties, such as size, drive-letter assignment, label, type, Win32 path name,
partition type, and file system.
Establish drive-letter assignments for disk volumes or partitions, and for CD-ROM devices.
Convert a basic disk to a dynamic disk, or a dynamic disk to a basic disk.
A basic disk uses primary partitions, extended partitions, and logical drives to organize data. A
formatted partition is also called a volume (the terms volume and partition are often used
interchangeably). In this version of Windows, basic disks can have either four primary partitions or
three primary and one extended partition. The extended partition can contain multiple logical
drives (up to 128 logical drives are supported). The partitions on a basic disk cannot share or split
data with other partitions. Each partition on a basic disk is a separate entity on the disk.
Dynamic disks can contain a large number of dynamic volumes (approximately 2000) that
function like the primary partitions used on basic disks. In some versions of Windows, you can
combine separate dynamic hard disks into a single dynamic volume (called spanning), split data
among several hard disks (called striping) for increased performance, or duplicate data among
several hard disks (called mirroring) for increased reliability.