Professional Documents
Culture Documents
Material For MCSE
Material For MCSE
Material For MCSE
DAY 1
NETWORK
Types of Networks
LAN
WAN
MAN
WAN: Wide area network. It spans over larger geographical area, either you can
go for full time or part time connectivity. It provides maximum of 2 Mbps.
MAN: This kind of network will work on DQDB (Distributed Queue Dual Bus). It
provides a Bandwidth of 55-150 Mbps. And it cannot span more than 30 Miles.
NETWORK DEVICES:
1. HUB
2. SWITCH
3. ROUTER
4. NIC
HUB: A Hub is a device into which you can connect all devices on a home
network so that they can communicate to each other.
SWITCH: A Switch is also a device into which you can connect all the devices on
a home network. So that they can communicate each other
Nic: It forms a Interface between the networked device (Computer) and the
LAN.
-1-
LOGICAL TOPOLOGIES
-2-
DAY 2
ACTIVE DIRECTORY
Organize
Manage RESOURCES
Control
Centralized Management
-3-
NEW FEATURES IN WIN 2003
Requirements:
1. For Active Directory it needs Windows 2000 & 2003 Server Operating
System.
2. Static IP
3. 250 MB of space and should be formatted with NTFS
4. LAN should be active.
Installation:
1. Start
2. Run
3. dcpromo
4. Welcome > Next
5. Next
6. Domain Controller > Next
7. Domain in a New Forest > Next
8. DNS Name ( With extension like .com or .net)
Active Directory is integrated with DNS. (DNS Server can be separate
server)
DNS follows with extension.
9. Domain Net Bios Name
Net Bios name is used for backward compatibility like win98 or win NT or
win95. And Net Bios uses Flat Names.
10. Storing the Database File
Database File is saved in NTDS folder.
NTDS: New Technology Directory Service
In NTDS Directory NTDS.DIT file is saved.
DIT= Directory Information Tree.
This NTDS Directory can be saved in any secondary drive but the drive
should be formatted with NTFS.
11. System volume
It is one of the default share folder responsible for replication between DC
to ADC or ADC to DC.
12. Install DNS & Configure
-4-
13. Permissions
First Option (Enables you to work with old Win OS like Win 98, 95, NT)
Second Option (Enables you to work with Win 2000 or Win 2003)
14. Directory Service Restore Mode Admin Password.
(Leave it Blank)
15. Summary
It shows all information of Active Directory Service.
16. Next > It Installs Active Directory Service in to the Computer.
1. NET BIOS: These are flat names which will not follow extensions. (For
Example: Prakash)
2. DNS NAME SPACE: Active Directory follows DNS name space with
which you can find names with Extensions ( For Example: .com,
Prakash.net or prakash.edu)
1. NET ACCOUNTS
2. GETTYPE
-5-
WHAT IS DC & ADC ?
DC = Domain Controller
ADC= Additional Domain Controller
DC: The system which is running Server Operating System and Active Directory
services is called Domain Controller.
ADC: It is used as backup server. The main purpose of configuring ADC is for
fault tolerance.
What is Domain?
1. Start
2. Run
3. dcpromo
4. Welcome > Next
5. Next
6. Additional Domain Controller > Next
7. Type Administrator Password of the Server System.
-6-
DIFFERENCE BETWEEN NT & 2003
FLEXIBILITY
-7-
DAY 3
DOMAINS
TREES
FOREST
DOMAINS
1. Run
2. DCPROMO
3. Next
4. Next
5. Domain Controller for a New domain > Next
6. Child Domain in an existing domain > Next
7. Administrator, Password & Domain (DC Credentials)
8. Parent Domain : Microsoft.com
Child Domain : mcse
9. NET BIOS: MCSE
-8-
10. Database folder (You can save this folder in any drive where NTFS
formatting is done)
11. SYSVOL
12. Summary It shows and confirms the settings.
TREE
Microsoft.com
Child.Microsoft.com
grandchild.Microsoft.com
-9-
NEW TREE IN EXISTING FOREST
FOREST:
Example:
FOREST
CISCO.COM MCSE.COM
CHILD.CISCO.COM
- 10 -
1. Run
2. DCPROMO
3. Next
4. Domain Controller for New forest > Next
5. Domain tree in Existing Forest > Next
6. Admin Credentials
7. DNS Name
8. Rest same as before.
- 11 -
DAY 4
They are 5 FSMO Roles. The exact difference between Domain Controller and
Additional Domain Controller is these 5 FSMO Roles.
In Windows NT Domain model Replication will always take place from PDC to
BDC. Because of which it is called Single Master Replication.
In Windows 2000 or 2003 Server Domain model Replication will take place from
Domain Controller to Additional Domain Controller. Here it is known as Multi
Master Replication.
RID Master
PDC Emulator DOMAIN WIDE ROLES
Infrastructure Master
DOMAIN NAMING MASTER: It is of the important role which will check the
unique of the domains, with the help of Domain Naming Master you can create
remove or rename the domains. It checks for the DNS conflicts, in the entire
forest Domain Naming Master is present on first domain controller or root
domain.
Domain Naming Master is common in the entire forest since it is known as Forest
Wide Role.
- 12 -
Schema is common for the entire forest, since it is known as Forest Wide Role.
RID MASTER:
First before knowing about RID Master we have to know about SID.
SID
RID DID
If the Objects are created in the same domain DID will be same.
Each and every object is assigned by one SID and security principle objects are
(Users, Groups & Computers) is also assigned by one SID.
SID is a collection of DID & RID. RID will check the uniqueness of the objects.
DID will give the information about domains and is common for all the domains
(Ex: 500).
RID is common for its individual domain. Since it is called Domain Wide Role.
WHOAMI /USER
Userna m e SID
DID RID
PDC EMULATOR
- 13 -
INFRA STRUCTURE MASTER:
TRANSFERRING ROLES
Transferring can be done in two modes one is in Command Mode and other one
in GUI Mode.
1. NTDSUTIL
2. ROLES
3. CONNECTIONS
4. CONNECT TO SERVER
5. Q = QUIT
6. ? = HELP
7. TRANSFER DOMAIN NAMING MASTER
8. TRANSFER SCHEMA MASTER
9. TRANSFER RID MASTER
10. TRANSFER PDC
11. TRANSFER INFRASTRUCTURE MASTER
12. Q
13. Q
14. NET ACCOUNTS (To check whether it is changed from Primary to
Backup)
- 14 -
Transferring Domain Naming Master:
1. Programs
2. Administrator Tools
3. Active Directory Domains & Trust
4. Active Directory Domains & Trust (Right Click)
5. Connect to DC
6. Select the sys2 (The ADC where you want to transfer the DC)
7. Check Domain Controller
8. Active Directory Domains & Trust (Right Click)
9. Select Operations Master
10. Click on Change
11. Ok
1. Administrative Tools
2. Active Directory User and Computers
3. Right click on the Domain (Like zoom.com)
4. Select Connect to Domain Controller
5. From the list select sys2 (The ADC where you want to transfer the DC)
even check current Domain Controller.
6. Right click on Domain Controller (Like zoom.com)
7. Operation Master
8. Continue Change for all the roles
- 15 -
17. Right Click on Active Directory Schema
18. Operation Master
19. Change
20. To confirm use NET ACCOUNTS Command in command prompt whether
it changed from Primary to Backup.
It is not a Role it is a Service and you can’t transfer Global Catalog Server.
Global Catalog Server it maintains the complete information about it domain and
partial information about other domains, which exist in the forest. It is also known
as Master Searchable Index. By default we can find Global Catalog Server in
domain controller or root domain. It is called as Forest Wide Role.
- 16 -
Day 5
FUNCTIONAL LEVELS
Windows
2003
2000 NT
- 17 -
b) Window 2000 Native Mode
Windows
2003
2000 2000
Windows
2003
2003 NT
Windows
2003
2003 2003
- 18 -
Forest Function Levels
Function Levels are important when you are planning to upgrade the operating
system or for establishing trust relationship.
TRUST RELATIONSHIP
CISCO.COM (Trusting)
CHILD.CISCO.COM (Trusted)
- 19 -
Other trusts are manually created
Forest – Forest transitive trust relationship can be created in windows
2003 forest only.
B C
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B
trusts Domain C but Domain C will not trust Domain A. It is known as Non
Transitive Trust Relationship.
B C
A1 Incoming
A2
A3 DatabaseServer
A4
Zoom.com Yahoo.com
- 20 -
Types of Trust:
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX
MIT Kerberos Realms.
Satyam.com SBI.com
2. To Raise the function levels domains as well as forest open the console
4. Right Click on the Domain ( for Example: select the domain SBI.com and
raise domain functional level from the list as Window Server 2003)
- 21 -
5. To raise forest functional level right click on Active Directory Domains &
trust Raise forest function Level
7. Follow the same in other domain even to raise the functional levels.
12. Assign the DNS name of other domain for example satyam.com
15. Check “Both this domain and specified Domain” > Next
19. Next
20. Next
21. Next
24. Finish.
- 22 -
3. Domain Controller security policy
4. Double Click Local Policies
5. User Right Assignment
6. Allow Logon Locally
7. Add user or group
8. Browse
9. Locations
10. Select the Other Domain
11. OK
12. Specify Administrator and Click on check names
13. OK
14. OK
15. OK
16. (To Update default policies) Start > Run > GPUPDATE
External Trust
REALM
- 23 -
DAY 6
PHYSICAL COMPONENTS
Physical Components:
Domain Controllers
Sites
Sites are areas of good connectivity it is one of the Physical component of the
Active Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP
Network.
A Site can span multiple domains. A domain can span multiple sites.
INDIA USA
Servers Servers
DC WAN LINK DC
Clients Clients
REPLICATION TOPOLOGY
- 24 -
Intra Site Replication: The replication which is taking place within a single site
between DC to ADC is called Intra Site Replication.
Inter Site Replication: The Replication which is taking place between 2 different
sites is called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information
from one Domain Controller. So that it can replicate to another Domain Controller
(ADC)
By Default DC & ADC serves will get updated in default first site name. In site by
default one site link also configured.
Configuring Sites:
- 25 -
TO SET THE REPLICATION SCHEDULE
1. Select IP Folder
2. Double click newly created site link
3. Click on change schedule
4. set the schedule
NTDS
NTDS.DIT
1. Schema Partition
2. Configuration Partition
3. Domain Partition
4. Application Partition
- 26 -
3. Domain Partition: Will maintain the information about domains specific
objects. It is a domain wide replication
4. Application Partition: It is configurable partition either it can be forest wide
replication or Domain wide replication. It maintains the information about
the DNS.
- 27 -
DAY -7
Client Operating Systems: Win 95, Win 98, Win2000 Professional, Win XP
MEMBER SERVER: Member server is a server which can host services like
DNS, DHCP, IIS, etc. The system which is running server operating system and
it is a part of the domain.
The Below given shortcuts are to access Active Directory Services from Domain
Controller:
- 28 -
LOCAL USERS:
Local users can login locally onto there respected systems. They cannot login
from the domain.
Login as domain user (Member Server) users doesn’t have some of the
privileges as given below:
- 29 -
TO ALLOW LOGON PERMISSIONS FOR DOMAIN USERS
PASSWORD POLICY
- 30 -
DAY8
PERMISSIONS
Types of permissions:
FAT: File Allocation Table onto this files systems you can apply only share level
permissions. It doesn’t support security level permissions.
DACL
ACCESS CONTROL
ENTRY
- 31 -
DACL = DISCREATIONARY ACCESS CONTROL LIST
You can apply different levels of permissions for the Network objects. The
windows where you can give different permissions for different domain users is
access control list. It will determine which object has a permission and at what
level they can access the object.
In the Access Control List individual entry is known as Access Control Entry
(ACE). Further ACL is classified into 2 types
1. DACL
2. SACL
2. Open MY COMPUTER
9. Select Advance
- 32 -
11. For Administrator set full control
MODIFY:
Permission will allow the user to create, delete, rename and modify the files and
folders but in Modify user cannot change the permissions or add the new users in
Access Control list where as in full permissions to edit the object as well as
change the existing permissions.
The Access control List if Administrator doesn’t have the permission or in the
Access Control List if the Administrator has been deleted then you need to take
ownership.
- 33 -
9. For Ex: Sys2 Login as Domain User
10. To Access the share folder open MY NETWORK PLACES
11. Windows Network
12. Double Click the domain
13. Open Sys1 and access the share folder
14. Security level permission will apply locally
- 34 -
DAY -9
PROFILES
-Profile is a Unique identity where user can perform all his task operations.
Profile is a collection of Desktop Icons, Background, Start Menu, Task Bar, Etc.
DEFAULT USER:
It is one of the important folder which is responsible for providing new profiles. It
is even called as template.
NTUSER.DAT:
You can change the work environment by changing the position of Task Bar,
Desktop icons as well as screen savers.
1. Local Profile
2. Roaming Profile
3. Mandatory Profile
1. Local Profile: Local profiles will not travel along with the user, and it is
going to be stored in the Local machines. A local user profile is created to
a computer, Any changes made to local user profile are specific to the
computer on which we have made the changes.
1. In Domain Controller
2. Create a Domain User
3. In Member Server login as a domain user and change the profile
4. To confirm the type of profile
5. Right Click on My Computer
6. Properties
7. Select Tab Advanced
8. Click on user profile settings
- 35 -
2. Roaming Profile:
(//sys1/user/a1) is called as Universal Naming Convention (UNC)
Configure roaming profile to make the work environment common for the
particular user.
3. MANDATORY PROFILE:
In Mandatory Profile user object cannot change the work environment.
Convert from Roaming to Mandatory to Standard Desktop or Fixed
Environment.
- 36 -
10. Check ( REPLACE OWNER ON SUBCONTAINERS & OBJECTS)
11. Open user profile
12. Change NTUSER.DAT to NTUSER.MAN
13. To Apply the permissions to the parent folder (Shared Folder)
14. Right click on Properties
15. Select Security
16. Advanced
17. Check REPLACE PERMISSIONS
18. To confirm Mandatory profile Login as a user and change the
profile.
HOME FOLDER:
- 37 -
DAY 10
DFS
Distributed file system (DFS) allows Administrators to make it easier for users to
access and manage files that are physically distributed across the network.
With DFS you can make files distributed across multiple servers. It may appear
for user that files actually reside in one place (Computer) on the network.
DFS ROOT
DIRECTORY1 System1
DIRECTORY 2 System2
DIRECTORY3 System3
You can find DFS service in Workgroup Systems, Domain Controller and
Member server.
DFS ROOT:
DFS Root is the beginning of a hierarchy of DFS links that points to shared
folders.
DFS Link:
- 38 -
PROCEDURE TO CONFIGURE DFS ROOT
After configuring DFS Root to access the Root in system2. In Start Run specify
the Root name as given below example
Ex: 0
ROOT TARGET:
- 39 -
Procedure to Create Target:
For Example: In System2 create a shared folder by the name Root Target.
LINK TARGET:
For Example:
- 40 -
DAY11
GROUP POLICIES-1
Group Policy:
With Group policy Administrator can centrally manage the Computer and users.
1. Site Level
2. Domain Level
3. Organizational Unit Level (OU Level)
1. Site Level: Apply the policy on site level which is going to be common for
multiple Domains in a single forest.
3. OU Level: Apply the policy on OU Level which will be common for users
and computer objects.
- 41 -
3. To Create a OU
Right Click on the Domain
For Example: Zoom.com
4. Select New > Organizational Unit
5. Specify the Name > Ok
6. In OU create some Domain Users
7. To Apply the policy Right click on OU > Properties > Select Group Policy
8. Create a New Policy and Label it
9. Click EDIT
10. In User configuration expand Administrative templates
11. Select Desktop from the list applies any policy by making the option
enable.
TO ALLOW THE POLICY FOR ONE OF THE USER FROM THE GROUP
POLICY WINDOW
- 42 -
7. To Confirm login as a user and check the application or policy.
RESTRICTING DRIVES
DELEGATE CONTROL
With the help of Delegate control. Admin can give partial permissions for Domain
users to perform Administrative Task with out specifying Admin Credentials.
1. Right Click on OU
2. Select > Delegate Control
3. Add the User
4. Next
5. Check the option >Create Delete & Manage user Accounts
6. Next > Next > Finish
7. To Confirm Delegate Control
8. Login as a user
9. Open Active Directory Users and Computers
10. Right Click on OU & Create a user
- 43 -
DOMAIN POLICIES:
SITE LEVEL:
To apply the policy in Site Level:
1. Open the console Active Directory Sites & Services
2. Right Click on > Default First Site Name
3. Properties
4. Select Group Policy Tab and Apply any Policy.
This Policy is to prevent or to block the policies which are applied on to the
Domain level to the OU level.
1. Right Click on OU
2. Properties
3. Select > Group Policy
4. Check > Block Policy Inheritance.
NO OVERRIDE:
Use No Override to apply the policy of Site Level or Domain Level forcefully.
Comparing to Block Policy Inheritance No Override has the highest priority.
- 44 -
RESTRICTING ACCESS TO DRIVES FOR DOMAIN USERS
- 45 -
DAY 12
GROUP POLICY -2
Software Deployment
Folder Redirection
Scripts
Software Deployment: You can use Software Deployment to make the software
available for few groups of users, rather then installing normally on to individual
system use group policy 2 even you can restrict the users to user a particular
application.
Group policies will not support EXE Files in order to convert from .EXE to >MSI
the third party tool is used which is “WININSTALLLE”. It is not a Microsoft
product it is produced by Veritas.
Before Snap Shot: The only difference between Before Snap Shot and After
Snap Shot is newly installed application.
- 46 -
5. Next
6. Specify the Application with UNC Path
7. Click on Browse
8. My Network Places
9. Entire Network
10. Open the Share Folder from the system where you want to save
11. Specify the application name as “ Acrobat.MSI”
12. Open > Next > Next
13. Add all the drives
14. Next > Next > Next
15. Finish
To Apply policy and deploy the software create OU as well as new users.
- 47 -
14. Server
15. Double Click the Share folder
16. Select the application
17. Acrobat.msi
18. Give > Open
19. And Check Assigned
20. OK
21. Login as a user
22. And check the policy
Published: Select Publish to Advertise the software in Control Panel. The User
has to install the application normally from control panel.
Assigned: This option will Advertise the software in Start Menu Desktop and in
control panel. User can open the application directly.
FOLDER REDIRECTION
You can use folder redirection to redirect the user profile to the main server. With
folder redirection Administrator can update the information of the user profile.
- 48 -
BACKUP & RECOVERY
Backup is a utility or tool which will protect the data from accidental loss. Either it
can be systems Hardware problem or storage media with the help of Backup we
can create a duplicate copy of the same data and retrieve it back. You can take a
Backup of User Data and System State Data.
User Data: User generated files or folders are called User Data.
System State Data: System Generated Data like Operating System files, Boot
files, Registry files as well as Active Directory database.
ARCHIVE BIT: It is one of the file Attribute which determine the status of the files
or folders with the help of this property you can confirm whether backup is
created or not. In 2000 and 2003 NTBACKUP Tool is used. In Win NT you can
take backup only in Tape Drives.
USER DATA: In User Data is once again classified into five different types of
backups:
1. Normal
2. Incremental
3. Differential
4. Copy
5. Daily
Normal: In Normal Backup you can take the backup of all files. It will not check
for Archive Bit, Normal Backup is Irrespective or Irrelevant of Archive Bit. After
taking the Backup it will uncheck Archive status or Bit.
Practical:
- 49 -
After taking the Backup open the folder and check Archive Bit.
Incremental: This type of Backup will check for Archive status and it will take the
Backup of only those files where ever it is finding Archive Bit on. Even in
Incremental. After taking backup Archive Bit will be unchecked. Prefer
Incremental Backup in the existing folder if files are modified or added newly.
Practical:
DIFFERENTIAL:
RESTORING
Practical
- 50 -
4. Next
5. Check > Restore Files
6. Next > From the list Select the Backup Type
7. Expand
8. And Check the drive letter
9. Next > Finish
These two different backups will not check for Archive Status, either before
taking the backup or after. You can use copy backup to maintain the same copy
of data. Daily Backup is used to maintain the information up to date.
Each and every object is assigned by one USN value this value will gradually
increase when the object is modified or while changing password.
If objects are removed or deleted from the database, for these deleted objects
one ID is assigned which is nothing but Ghost ID. It will be a period of sixty days
even this duration is known as Tomb Stone Period.
- 51 -
TO RESTORE SYSTEM STATE BACKUP
Note: You cannot Restore System State Backup in Active Mode (Normal Mode).
Restoring is possible only in DSRM Mode.
AUTHORITATIVE RESTORE
1. Command Prompt
2. NTDSUTIL
3. Authoritative Restore
4. Restore Database
1. NTDSUTIL
2. Authoritative Restore
3. Restore Subtree CN=u1 (Username), OU=OU1 (Organizational Unit
Name), Dc=Zoom (Domain Controller first name), DC= Com
(Cn=Canonical Name)
- 52 -
DAY 14
DHCP
DHCP users a Client /Server Model where the DHCP Server will maintain
centralized management of IP Address that is used on the network.
DHCP PROCESS
DHCP DISCOVER
DHCP REQUEST
DHCP ACKNOWLEDGEMENT
DHCP DISCOVER: The Client system request DHCP Server to release one IP
Address. This request is known as DHCP Discover.
DHCP OFFER: The DHCP server check the respond from the client system and
offer pool of IP Address. This process is known as DHCP OFFER.
DHCP Request: The Client System once again request the DHCP server from
the pool of IP’s to provide one IP to the Client System.
Practical:
- 53 -
You can configure DHCP in DC, Member Server or Work Group Systems.
TO CREATE A SCOPE:
In System 2
- 54 -
SCOPE: It’s a Range of IP address which is assigned to computers requesting
for a Dynamic IP Address.
Practical:
1. Expand Scope
2. To know the Mac address of the current system in command prompt type
“GET MAC”
3. To know the Mac Address of other system first make a communication
between both the system by giving ping command to the IP address of
other system when it responds type the command “ARP –A” (Address
Resolution Protocol)
4. To copy the Mac Address Right Click on Physical address select Mac and
mark the physical address and give Enter.
To Create Reservations
- 55 -
TO CREATE A SUPER SCOPE
To group more then one scope in the DHCP Server create Super Scope. Super
Scope is a collection of Multiple Scopes.
Practical:
In absence of DHCP server APIPA will provide IP address for the Client
Systems. If the DHCP is not authorized then it can’t provide IP address to the
Client Systems.
- 56 -
TO CHECK APIPA
- 57 -
DAY 15
DNS
separated by “.”
Provides resolution of names to IP Address and resolution of IP Address
to names.
NETBIOS
BROADCAST:
LM HOST FILES:
WINS
Microsoft came up with one more Dynamic service which is nothing but WINS.
WINS Server will register client systems NETBIOS with corresponding IP
- 58 -
Address Automatically because of this reason it is known as Dynamic service.
But it doesn’t follow naming hierarchy in Windows NT Win Server is configured to
map names to IP or IP to names. In 2000 or 2003 DNS is a Dynamic Service
which is used. It maintains standard Internet naming conventions.
- 59 -
DAY-16
1= Root Server
2= Top Level Domain
3= Second Level Domain
4= Sub Level Domain
Root server will maintain the information about Top Level Domains.
. .
Top Level Domains like “ Com “ or “ Org” will maintain the information about
second level domains and second level domains will maintain the information
about Sub-Level Domains.
1. Asia
2. Japan
3. And the most of root servers are located in USA.
Yahoo.com 203.54.92.64
Google.com 204.66.54.89
Rediff.com 17.34.68.2 Yahoo.com
203.54.92.64
1
3
Google.com
2 204.66.54.89
Client typed
www.yahoo.com
Rediff.com
17.34.68.2
- 60 -
1. Client request ISP DNS for resolving www.yahoo.com
2. DNS Server gives the IP address of yahoo.com to the client
3. In the third point client get the IP address of yahoo.com and
communicates directly with yahoo server.
QUERY TYPES:
Iterative Query: The DNS server returns an answer to the query or a pointer to
other DNS servers.
Recursive Query: The DNS returns a complete answer to the query not a pointer
to another DNS Server.
ITERATIVE QUERY
Top Level Domain
RECURSIVE QUERY
LOOKUP TYPES:
- 61 -
Forward Lookup
Reverse Lookup
IP ADDRESS
Client DNS
USER FRIENDLY NAME
FQDN
SYS1 . MCSE . COM
- 62 -
DNS TAKING PLACE IN LOCAL LAN
DC1
Mcse.com
DC2
Zoom.com
IP: 10.0.0.26
PDNS: 10.0.0.40
Note: (To remove the cache files use this command in cmd prompt :
IPCONFIG /FLUSHDNS )
ZONES
1. Primary Zone
2. Secondary Zone
3. Stub Zone
4. Primary Zone Integrated with Active Directory
Zone is a storage database which maintains the information about its domain or
Multiple domains. It maintains the file by default in the local system. In a single
zone you can find collection of records which is going to map IP’s to Names or
Names to IP’s.
- 63 -
There are 4 types of Resource Records:
1. Start of Authority (SOA)
2. Name Server (NS)
3. Host Records
4. Alias Records
Primary Zone: is a master copy where you can modify or edit records.
Practical:
TO CREATE ALIAS
- 64 -
SECONDARY ZONE: is a read only copy where you cannot modify the records.
And always it replicates from Primary to Secondary to maintain one more DNS
server for fault tolerance or for load balancing.
1. In DNS 1
2. Right Click on Primary Zone
3. Properties
4. Zone Transfer
5. Check allow zone transfer (Only to the following service)
6. Add IP address of Second DNS Server
7. OK
8. In DNS2 Right Click on the Secondary Zone Select Transfer from Master
9. Continue with Finish
- 65 -
DAY 17
In this DNS by default a zone is configured by the domain name. And only in this
zone you can find Six Service Records for example: The Zone name is
zoom.com
1. MSDCS
2. SITES
3. TCP
4. UDP = User Datagram Protocol
5. Domain DNS Zone
6. Front DNS Zone
SITES: It contains the information about sites which is configured in the forest.
Domain DNS Zone: It maintains the information about Domain wide replications.
Forest DNS Zone: It maintains the information about forest wide replications.
With the help of 6 Service Records DNS Server is able to identify Domain
Controller.
- 66 -
TO CREATE A PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY
To get all six service records open services console and restart 2 services that is
DNS Server & Netlogon.
The Zone which is integrated with Active Directory will store in Application
Partition.
DYNAMIC UPDATES:
This option will support the zone which is created or Integrated with Active
Directory.
Practicals:
In DHCP Server:
- 67 -
STUB ZONE
Practical:
Before creating a stub zone check the IP address of DNS 2 and also check the
resolution in the command prompt.
RESOURCE RECORDS
SOA: Start of Authority serial number will get updated based upon the
modifications done in the existing zone. In a Individual Zone you can add the
Records as well as delete them.
NA: Name Server will give the information about Authoritative DNS Server or the
DNS Server which maintains different mappings of Records.
- 68 -
REVERSE LOOKUP ZONE
Practical:
Create a Forward Lookup Zone with Resource Records
TO CREATE A POINTER
To check the resolution from IP to names in Command prompt use the command
“NSLOOKUP”
- 69 -
Create few more zones with different extensions like “OU.EDU, HP.ORG, and
USA.NET etc”
- 70 -
DAY -18
1. In DNS 1
2. Check the Zone (Which is created by the Domain name) with 6 SRV
Records
3. In DNS 2
4. Create a Primary Zone with same Domain Name
5. To Display all Six Service Records
Start > Run > Specify the UNC Path
\\sys1\c$
6. Double click windows Folder
7. System 32
8. Config
9. Right Click on “NETLOGON.DNS”
10. Open with Notepad
11. Copy the Content in that
12. In Sys2 open
C:\windows\system32\dns
13. Open the zone file for ex: Zoom.com.dns
14. And paste the content below the matter
15. From services Restart the DNS Server & Net Logon
16. And Check the result in DNS2 Server
- 71 -
8. From the same registry window once again expand
HKEY LOCAL MACHINE>
SYSTEM>
CURRENT CONTROL SET>
SERVICES
9. Right Click on DNS and Select Export
10. And save the second registry in the same Backup Directory
11. Copy even the files from local system which is belonging to the zones
C:\windows\system32\dns
12. And copy zone files and paste in the directory where registry files are
stored.
CONDITIONAL FORWARDERS:
Configure Forwarders to forward the Query from One DNS to Multiple DNS
servers. In 2003 forwarders are known as Conditional Forwarders.
Practical:
In DNS one
In DNS two
2. Change the Preferred DNS to the same system IP Address
3. Open the DNS Console
4. Right Click on the Server
5. Properties
6. Forwarders
7. And Assign the IP Address of DNS One
To check the naming resolution.
- 72 -
ROUND ROBIN:
Is a one of the best feature in the DNS Server. Configure Round Robin for Load
Balancing Mechanism which is used in DNS Server. For Sharing and Distributing
Network Resources.
IN DNS1
To check the Resolution in cmd prompt ping with the zone name.
To Clear the History files or cache use the command “IPCONFIG \FLUSH DNS”
And once again check with Ping Command the Zone name and check the IP
Address.
- 73 -
DAY-19
IIS
IIS VERSIONS
WINDOWS NT 2.0
2000 SERVER 5.0
2003 SERVER 6.0
WINDOWS 98 Personal Web Manager
1. HTTP
2. FTP
3. NNTP
4. SMTP
It is one of the windows components used for hosting websites with the help of
this service you can publish the data over internet world. IIS is introduced in Win
NT Version 2.0 in Windows 2000 Server Ver 5.0 and 2003 Server Ver 6.0. The
Basic difference between 2000 & 2003 is in 2000 Server O.S. IIS is by installed
by default where as in 2003 Server OS it is not configured with O.S. But in 2003
it provides additional features like:
When you configure IIS it will install with additional services or protocols:
Note: Port Numbers are logical services from 1 to 1024 numbers are
allotted only for port numbers.
- 74 -
3. NNTP: NETWORK NEWS TRANSFER PROTOCOL
This is used to publish the data over news groups or news agencies. It
uses default port as 119.
REQUIREMENT OF IIS
TO INSTALL IIS:
1. Control Panel
2. Add / Remove Programs
3. Add Remove Windows Components
4. Check Application Services
5. Click on Details
6. Check IIS
7. Ok
8. Next > Finish
TO HOST WEBSITES:
1. Open IIS
2. Expand the server & Websites folder
3. Right Click on websites folder
4. New websites
5. Next
6. Specify the description of any website name
7. Next
8. Assign the IP from the List (All Unassigned: Giving a choice of assigning
multiple Ip addresses)
9. In the Host Header “SPECIFY THE FORMAT THE WAY YOU ACCESS
THE WEBSITES” for ex: www.google.com
10. Next
- 75 -
11. Assign the path of the web pages folder by clicking on browse
12. Next
13. Check Browse
14. Next & Finish
Open DNS Create a primary zone by the website name with Host Records and
Alias.
- 76 -
VIRTUAL DIRECTORY
1. Open IIS
2. Right Click on the existing website
3. New
4. Virtual Directory
5. Next
6. Specify the alias name for example: Mail or Messenger
7. Next
8. Assign the path of WebPages
9. Next
10. Check Browse
11. Next and Finish
- 77 -
DAY 20
REDIRECTING WEBSITE
In IIS configure redirection either to block or to restrict websites for client systems
with the help of redirection you can block a single website.
Practical:
1. Open IIS
2. Host to Websites
3. And Create the zones in DNS Server
4. Access both the websites in Internet Explorer
TO PERFORM REDIRECTION
5. Right click on one of the website
6. Properties
7. Select the tab HOME DIRECTORY
8. Check “REDIRECTION TO A URL”
9. And specify the format of another website
10. Give Apply > OK
11. To confirm Redirection
12. Open Web Browser (IE) for ex: Specify wwww.zoom.com Automatically it
will redirect to Yahoo.com
DOCUMENT FOOTER
Configure Document Footer to enable Licensing mode for the existing website.
To Publish or to advertise “DISCLAIMER PERMISSION” use Document Footer.
- 78 -
TO RESTRICT WEBSITE TO INDIVIDUAL CLIENT SYSTEMS
1. In WEB SERVER
2. Right click on existing website
3. Properties
4. Select the tab DIRECTORY SECURITY
5. Select EDIT (IP Address and Domain Name)
6. Check Granted Access and Add the IP Address of the client system you
want to Deny.
7. OK > Apply > OK
8. In system2 Open IE and Access the website.
FTP:
1. Create a Folder
2. Arrange HTML and other files
3. To Create a FTP Site open IIS
4. Right click on FTP site folder
5. New FTP site
6. Next
7. Description : “NAME”
8. Next
9. Assign the IP
10. Next
11. Do not Isolate Users
12. Give the path of the newly created directory
13. Check Read / Write
Read = Downloading
Write = Uploading
14. Next and Finish
Open Internet Explorer and specify IP address (FTP://11.0.0.1)
- 79 -
TO COPY THE CONTENT
In Command Prompt
1. FTP
2. Open
3. TO “IP ADDRESS”
4. User : anonymous
5. Password: Press Enter
6. LS to list the files
PUT
To confirm in Internet Explorer access FTP site and check the new modification.
Isolate Users:
Create Isolate users for local users or Domain users which will provide security.
More over you can allow permissions for specific users to download and upload
the files.
- 80 -
Practical:
ROOT
DOMAIN USER1
NAME
FOLDER
USER2
For Isolate users you will get a Logon screen to specify the Username and
Password for downloading or uploading files.
1. Open Explorer
2. And Access FTP
- 81 -
ISOLATE USERS FOR ACTIVE DIRECTORY
It will provide more security comparing to isolate users. You can configure Isolate
Users with Active Directory only for Domain Users.
Practical
1. In one of the Drive
2. Create a folder
3. By the Domain name and sub folders for the users.
4. Arrange documents in each sub directory
5. Create Domain users with password
6. Create a FTP site by selecting Isolate users with Active Directory.
7. In command prompt for setting the Database for Individual users.
TYPE
- 82 -
DAY 21
ROUTING
SOFTWARE ROUTING
Router: It is a device for enabling the communication between the two different
networks.
1. Software Router
2. Hardware Router
PHYSICAL CONNECTION
NIC1 NIC2
IP:10.0.0.1 IP:11.0.0.1
PRACTICALS:
1. Assign the IP address for 10.0.0.2 network with default gateway 10.0.0.1
follow the same for the 11.0.0.2 network and default gateway 11.0.0.1.
2. In the Software Router Assign the IP address for the both interfaces as
10.0.0.1 and in another one 11.0.0.1.
3. In the software router in Administrator Tools Open the Console Routing
and Remote Access.
4. Right Click on the Server
5. Select Configure and Enable Routing
- 83 -
6. Next
7. Check > Custom Configuration
8. Check > Lan Routing
9. Next > Finish
After configuring Software Router check the communication between 10.0.0.2
to 11.0.0.2.
- 84 -
NAT
NAT is a basic firewall used for tanslating the Private IP to Public IP, thus
providin the security using NAT, one way communication is possible i.e., Private
can access the Public but Public cannot access the Private Network.
By Configuring NAT you can even differentiate Public Network and Private
Network
NIC
Practicals:
TO CONFIGURE NAT
1. Open Routing & Remote Access
2. Expand IP Routing
3. Select NAT Basic Firewall
4. Right Click on it
5. New Interface
6. Select 10.1
7. OK
8. And Check Private Interface
9. OK
10. Right Click on NAT
11. Select New Interface
12. Select 11.1 Network
13. OK
14. Check “PUBLIC INTERFACE” and Enable NAT
15. Check the Result by pinging in command prompt
- 85 -
DAY22
RAS
Remote Access is a feature that enables Client Computer to use Dial-Up and
VPN connection to connect to a Remote Access Server. A Remote Access
Server is a windows server computer that runs the routing and remote access
service and is configured to provide remote access. There is no difference in
Network functionality for the remote access client execpt the speed of the link is
often much slower then a client connection to Lan.
WAN LINKS
RAS REMOTE
SERVER CLEINT
Pracs:
1. In RAS Server
2. Install the Modem
3. From Control Panle
4. Phone and Modem Options
5. Select the Tab Modem
6. Click on Add
7. Check “Don’t Detect”
8. Next
9. Select “Standard 56kbps Modem”
10. Next
11. Select the Port
12. Next and Finish
- 86 -
TO CONFIGURE REMOTE ACCESS SERVER
1. Open Routing & RAS
2. Right Click on the Server
3. Select Configure - Enable Routing & RAS
4. Next
5. Check Remote Access
6. Next
7. Check Dail Up
8. Next
9. Next
10. Check from specified Range of Address
11. Click on New
12. Add the range of IP address
13. OK
14. Next
15. Check NO
16. Next & Finish
Open Active Directory Users & Computers Console and Create a User
REMOTE CLIENT
1. Install the Modem from the control Panel
- 87 -
ONCE AFTER ESTABLISHING THE CONNECTION. TO KNOW THE SERVER
AND CLIENT IP
2. Select Status
VPN
VPN NETWORK
- 88 -
6. Specify the Company Name
7. Check Automatically
8. Specify the Host name or IP address for example: sys1
9. Next
10. My Use Only
11. Next & Finish
- 89 -
DAY 23
TERMINAL SERVICES
Terminal Services
In 2000 Terminal Services works in Relax Mode and Application Server Mode.
In 2003 Terminal Services works in Relax Mode and Full Security Mode.
SYS1 SYS2
In Remote Administration Mode only two users can establish the session in order
to access server desktop. In this mode they cannot access any applications from
server.
Pracs:
- 90 -
TO ALLOW THE PERMISSION FOR THE USER
IN SYSTEM 2
1. Login as a User
2. Right Click MY COMPUTER
3. Click on Properties
4. Remote
5. Check Allow Users
- 91 -
INTERACT WITH THE SESSION
1. In system1
2. Establish a session by specifying System1
3. Logon as a Administrator
4. Open Terminal Services Manager
5. Select Remote Control
6. Once after establishing the connection
7. In System2
8. Open MY COMPUTER and respected drives
9. In System1
10. Try to open or close the folder windows.
SERVER
RUNNING A
DATABASE
APPLICATION
CLIENT CLIENT CLIENT
1 2 3
Thin Clients are the computers with low hardware configuration, OS is not
installed and they boot from the network.
Thick Clients are the computers which work on OS and have good configuration.
- 92 -
In Remote Application Mode more then two users can establish the session to
get Server Environment on their own Thin Client PC’s. And even they can access
application from the server.
Practicals:
In System1
1. Open MY COMPUTER
2. One of Drive
3. Create a Text Document
4. And Specify some applications like WINWORD.EXE, NOTEPAD.EXT,
CALULATOR.EXE
5. And save the file with extension as “BAT”
To assign the path
6. Open Terminal Services Configuration
7. Right Click on RDP
8. Properties
9. Select the tab Environment
Ex: C:\GROUP.BAT
Login as a User Automatically you can find different application one after one
- 93 -
DAY 24
ISA
ISA Server
ISA Server is a upgraded version of Microsoft Proxy 2.0 with built-in Firewall
PROXY FIREWALL
FIREWALL: Firewall is a device which will secure and protect network resources
it forms network between the gateway and ensures only authorized users to
access valuable data. ISA is a software Firewall.
Proxy Server: Proxy server will emulate like a web server. The benefit is for
speed up the respond time and also for faster internet access.
192.168.1.2 192.168.1.1
Hacking: Taking over your resources or attempt to bring down your server.
Types of Attack:
1. Foot Printing: The way to know the Operating System and IP of the Server
- 94 -
4. Exploits: Writing scripts to bring down server
1 2 3 4
Practicals:
In System 3
- 95 -
In System2
1. Install ISA by opening one of the Drive ISA2K Standard > ISA > Setup.exe
2. Click on continue twice
3. And Provide the CD Key as all one’s
4. Select on “I Agree”
5. Full Installation
6. Integrated Mode
7. Continue
8. Select the Drive and Give OK
9. Add the IP Address of the Private Network.
10. Add in the list
11. Give OK for twice
Practicals:
IN SYSTEM2
- 96 -
TO CREATE CLIENT ADDRESS SET
4. Expand Policy Elements
5. Right Click on Client Address Set
6. New Set
7. Specify the Name
8. Click on Add and Add the Range of IP Address of Private Network for Ex:
10.0.0.1
1. In ISA management
2. Express Policy Elements
3. Right Click on Destination Set
4. New Set
- 97 -
5. Give Name
6. Click on Add
7. Check Destination
8. And Specify the website name
9. Expand Access Policy
10. Right Click on the Site and Content Rule
11. New Rule
12. Specify the Name
13. Next
14. Check Deny Access based on Destination
15. Next
16. From the list select “SPECIFIED DESTINATION SET”
17. And select it from the name list
18. Next & Finish
In system1 open internet explorer and try to access the website which you have
blocked.
REDIRECTING WEBSITE:
In System1 try to open internet explorer and try to access yahoo website and
it will redirect you to another website.
- 98 -
DAY 25
RIS
TO CREATE A IMAGE
To take the Image, from Admin Tools select RIS Services Setup
2. Next
3. Assign the CD Drive Path
4. Next
- 99 -
5. Next (WINDOWS)
6. Next (USER FRIENDLY DESCRIPTION)
7. It shows you summary
8. Next & Finish
RIS PROCESS
REQUESTING FOR IP
DHCP
SERVER GIVING DYNAMIC IP WITH P.DNS CLIENT
This whole process is known as BINL, this one of the service of RIS Server they
are three RIS services.
BINL
TFTP
SIS
It manages the overall RIS Process. It makes the client to boot through the
network sequential order as above given diagram.
It transfers Image files from RIS Server to Client. TFTP basically transfers Client
Installation Wizard. It also saves time to resume the installation during power
failure.
- 100 -
SIS: Single Instance Storage
This is responsible to monitor the partition where the image has been stored.
Whenever a duplicate file or existing file is copying it is going to create a pointer
and this saves disk space.
Either open newly created drive with sub folders or open Active Directory Users
& Computers from DC Administrator Console.
Prestaging
By prestaging the client, the administrator can define a specific computer
name, and optionally, the RIS server that can service the client:
1. Locate the container in the Active Directory service in which
you want your client accounts to be created.
In the next dialog box, you are prompted for either the
4.
globally unique identifier (GUID) or universally unique
identifier (UUID) of the computer itself and whether you
intend to use this computer as a managed (Remote OS
Installation-enabled) client. Enter either the GUID or UUID,
- 101 -
and then click to select the This is a managed computer
check box.
The GUID or UUID is a unique 32-character number that is supplied by the
manufacturer of the computer, if it is a assembled PC add 20 zero’s in front
of the MAC address of your NIC card, and is stored in the system basic
input/output system (BIOS) of the computer. This number is written on the
case of the computer, or on the outside of the box that the computer had
been shipped in. If you cannot locate this number, run the system BIOS
configuration utility. The GUID is stored as part of the system BIOS. Contact
your OEM for a VBScript (created with Visual Basic Scripting Edition) that can
be used to prestage newly purchased clients in Active Directory for use with
Remote OS Installation.
The next screen prompts you to indicate the RIS server that this computer is
serviced by. This option can be left blank to indicate that any available RIS
server can answer and service this client. If you know the physical location of
the specific RIS server and where this computer can be delivered, you can
use this option to manually load clients in the RIS servers in your
organization as well as segment the network traffic. For example, if a RIS
server had been located on the fifth floor of your building, and you are
delivering these computers to users on that floor, you can assign this
computer to the RIS server on the fifth floor.
1. DHCP SERVICE
2. DNS SERVICE
3. RIS SERVICE
4. SIS
5. TFTP
- 102 -
4. Select the Tab Remote Install
5. Properties
6. Select the Tab Remote Install
7. Click on Verify server
8. Next > Next & Finish
[USER DATA]
[REMOTE INSTALL]
REPARTITION = NO
USEWHOLE DISK = NO
1. Insert the OS CD
2. Open the CD Drive where the image is created
3. Follow the path
Support\tools\Deploy. cab
4. Right Click
5. Select “Extract”
6. While extracting give the path either Desktop or My Documents
7. On Desktop you can find the file SETUPMGR.EXE
8. From the Menu Create a New Answer file
9. And follow the steps according to the questions
10. Finally save the file in the below given path.
Remoteinstall\Setup\English\Images\Windows\i386\Templates
- 103 -
- 104 -
DAY-26
DISK MANAGEMENT
Disk Management: it is a tool or utility which will help to manage the hard disk
more efficiently.
The new hard disk is called RAW HARD DISK or PRE FORMATTED HARD
DISK.
You cannot store the data directly on the Raw Hard Disk.
Partitioning is dividing the Hard Disk and Formatting is creating file systems on
the Hard Disk which is identified by the Operating System.
EFS is not a file system it is one of the feature of NTFS file system
TYPES OF DISK
BASIC: Basic Disk is a disk which will follow industrial standards while
partitioning and formatting it. The storage unit in the basic disk is called partition.
And it supports all types of file system.
In 2000 and 2003 you can create 4 Partitions, either 3 Primary and 1 Extended.
DISK PART
To extend the size or to allocate extra space for the existing partitions use
Diskpart.
- 105 -
PROCEDURE FOR DOING DISKPART
CONVERT D:/FS:NTFS
Drive Letter File System Format
MOUNTING
Create Mounting in the Basic Disk, in case if all the Drive letters are assigned
you can use Mounting.
To confirm open My Computer and open the drive where you have created
the folder you will find the directory changed as Drive.
- 106 -
REMOTE HARD DISK
You can use Remote Hard Disk to connect remotely to another system either to
create partition or logical drive.
Procedure
DYNAMIC DISK
DYNAMIC: Dynamic Disk is a disk which will not follow industrial standards while
formatting or partitioning it. The Storage unit in Dynamic Disk is called Volume.
And it supports only NTFS file system.
On to the Dynamic Disk you cannot install Operating System. You can convert
from Basic to Dynamic without loss of Data, but you cannot convert from
Dynamic to Basic if done there will be loss of data.
TYPES OF VOLUMES
1. Simple Volume
2. Spanned Volume No Fault Tolerance
3. Stripped Volume
4. Mirror Volume
5. Raid -05 Volume Fault Tolerance is Available
SIMPLE VOLUME: You can create simple volume on to the Dynamic Disk. It
cannot span or utilize the space onto one more Dynamic Disk.
- 107 -
Fault Tolerance : NO
Simple volumes can be mirrored and even extend the size or space.
SPANNED VOLUME
Fault Tolerance : NO
Strip Volume is a volume which will occupy equal amount of disk space. And the
Data Methodology is known as Stripping. In Strip Volume the Read Write Speed
is fast. Because the data which is written onto the Strip Volume will be
simultaneously on another disk.
Requirements : Disk 2
Disk 32
Fault Tolerance : NO
- 108 -
MIRROR VOLUME OR RAID-01
In Mirror Volume you can find fault tolerance because the data which is writtern
onto the 1st Dynamic Disk, It will synchronies onto another Dynamic Disk.
RAID-05
A A CD
B AB C
AD B D
- 109 -
6. Allocate the space
7. Next
8. Check Perform Quick Format
9. Next & Finish
- 110 -
Day-27
Advanced Topics
RSOP
(For More Console which are not shown normally in Admin Tools type this
command: ADMINPAK.MSI)
To view the list of policies which is applied on any individual level, either Domain
Level or OU Level, with the help of RSOP you can find the list of policies which is
applied on any container, but you cannot edit or modify the policies.
Procedure:
In RSOP window expand Administrative Templates and Select the list of Policies.
GPMC:
GPMC comparing to RSOP it has all additional features like creating New
Policies, Modify the existing Policies, etc.
Procedure:
Before installing GPMC apply the policy on Site Level, Domain Level and on OU
Level.
- 111 -
To Install GPMC
- 112 -
SEIZING THE ROLES
With the help of Seizing you can copy the Roles forcefully onto Additional
Domain Controller.
If you have only ADC which is the Backup Server then opt for seizing.
Procedure:
1. In Command Prompt
2. NTDSUTIL
3. Roles
4. Connections
5. Connect to Server Sys1
6. Quit
7. Seize Domain Naming Master
8. Seize Schema Master
9. Seize RID Master
10. Seize PDC
11. Seize Infrastructure Master
12. Quit
13. Quit
14. Net accounts
- 113 -
SCRIPTS
Scripts are used to give messages or intimation to the users within the Domain.
Procedure:
- 114 -
VSC
Create volume shadow copy to maintain the backup of share folders or even to
update day to day information in Volume Shadow Copy. It is one of the new
features in 2003.
Procedure:
After adding the contents to the existing share folder to update even this
information, from Shadow Copy Window select CREATE NOW.
- 115 -
DISK QUOTA
You can give disk quotas on drives formatted with NTFS file system to monitor
and limit the amount of disk space available to individual users.
Procedure:
- 116 -
MBSA
It is used to scan the entire system or even another system in the network
To scan the information of any system which is in the Network, the minimum
requirements is Computer Name or IP Address.
MBSA will scan all the Lope Poles of the Current System or another System
Procedure:
***********************
- 117 -