IP v6 Connecting Tomorrow's Internet Today

An Internet Protocol Version 6 address (IPv6 address) is a numerical label that is used to identify a network interface of a computer or other network

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Team Work...

"a joint action by a group of people, in which each person subordinates his or her individual interests and opinions to the unity and efficiency of the group."

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

System fail situation in network server room

A system failure can occur because of a hardware failure or a severe software issue. Commonly, a system failure will cause the system to freeze, reboot, or stop functioning altogether.

Optimizing Servers, Data and Storagewith End-User Provision

A new server and storage system can keep your businesses current with technology and best practices, reduces cost, provide quickly Return On Investment on your business and help end users become more productive and collaborate

Windows Server 2008 Course details Syllabus | Windows Server 2008


Course Contents

Networking Essentials
• Networking concepts, History of server OS
• Introduction to windows server 2003 & 2008
• Features of Windows server 2008
• Installation of windows server 2008
• Installation of windows Vista
• Introduction and Creation of Users accounts
Active Directory - Domain Services
• IP Addressing
• Logical Topologies, Peer to peer & Domain Models
• Introduction to Directory Services
• Evolution of Directory services – LDAP Protocol
• Features of Active Directory
• Installing Active Directory – Domain Controller
Member Servers, Clients, User Configuration
• Configuring Member Servers and Clients.
• Creating Users in AD-DS
• User Logon policies
• Password policies
• Account Lockout policies
• User properties
Permissions/Access Control Lists
• File Systems
• Security and Sharing Permissions - Folders & Files
• Offline Folders
User Profiles
• Types of Profiles
• Local, Roaming and Mandatory Profiles
• Home Folder
• Disk Quotas
Logical Structure of AD - DS
• Configuring ADC
• TREE Structure - Child Domain
• FOREST Structure
FSMO Roles of AD - DS
• Roles of AD - DS
• Transferring of Roles
• Seizing of Roles
Group Policy / System Policies
• Organizational Unit, Delegation of Control
• User & Computer Policies
• Scope of Policies - OU, Domain, Sites
• Group policy modeling (RSOP)
• Software Deployment
• Scripts, Folder Redirection
Active Directory Trusts
• Introduction to Trust Relationship
• Categories, Directions & Types of Trusts
• Functional Levels
• Authentication Protocols
• Configuring Forest Trusts between 2008 Forests
RODC & Physical Structure of AD-DS
• Introduction & Configuration of Read-Only Domain
Controller
• SITES and Global Catalog
• Replication between the Domain Controllers
• AD-DS Partitions
Dynamic Host Configuration Protocol (DHCP)
• Introduction and Configuration of DHCP Server
• DHCP Client Configuration
• Reservations
• BOOTP Server
• DHCP Backup
Windows Deployment Services
• Introduction & Configuration of WDS Server
• Attended & Unattended Installation
Domain Name System (DNS)
• Internet Basics, Host & LM Host Files
• DNS Naming Hierarchy
• Lookup Zones - Forward and Reverse lookup Zones
• Types of Zones – Primary, Secondary & Stub Zone
• Resource Records, Integration with ADS, SRV Records
• Forwarders, Dynamic Updates
Internet Information Services
• IIS 7.0 Configuration
• Hosting Websites, Virtual Directories
• Backup & Restoring Sites
• FTP Server Configuration
Routing & Remote Access
• Routing Configuration - Static Routes
• ICS, NAT, DHCP Relay Agent
• Remote Access Server Configuration
• Dial-in & Dial-out
• VPN - PPTP, L2TP
Terminal Services
• Terminal Server Configuration
• Terminal Server Licensing Mode
• Remote Desktop
• T.S Web access administration and T.S Remote Apps.
• Overview of T.S Gateway service & T. S. session broker
Disk Management
• Basic & Dynamic Disks
• Types of Volumes
• RAID 0, 1, 5 Levels
• Remote Harddisk Partitioning
• Mounting Concept
Windows Server Core
• Installation of Windows Server Core 2008
• Basic Commands of Server Core
• Installation, Managing & Uninstalling Server Core
Features & roles
• Remote Management of Server Core
Advanced Topics
• Introduction to DFS & File server
• Configuring Namespace, Folders etc
• Introduction to Backup & Backup media
• Types of Backups & Strategies
• Recovery of Data from any backup media
• System state backup & restoration
• Overview of AD- FS, LDS, RMS, CS
• Upgrading windows server 2003 to 2008
• Groups, VSS, Paging File
Live Setup - Demo by Faculty Designing, Implementing & Maintaining a Corporate Network

Separate Course (Duration : 1 Week)
Microsoft Exchange Server 2007 (Mail Server)
• Introduction to Exchange Server Roles
(Mailbox Server, Client Access, Hub Transport, Unified
Messaging, Edge Transport)
• Creating Types of Mailbox (User, Room Equipment,
Linked) and Recipients (Mailbox User, Mail User, Mail
Contact, Distribution Group)
• Configuration of Clients (Outlook Web Access,
WindowsMail, Outlook)
• Managing Mailbox Permissions, Storage Groups,
Databases and Public Folders.
• Configuring Local Continuous Replication,
• Backup and Recovery of E-mails using Windows Mail,
Outlook.
• Controlling Message Flow using Transport Rules,
Message Tracking.
• Configuring Send and Receive Connectors, Address List.

Server Maintenance

Inside Banner

Your Servers Monthly Inspection CheckUp

You take your vehicle in for servicing every 5,000-8,000 km for an oil change, check the brakes, fill up the fluids etc... Your server is no different. We look for errors and warning signs that allow us to address them before they turn into big problems that may cause outages, downtime, loss of productivity and/or corruption of data.
Our server maintenance plans are specifically designed to keep your servers updated and working efficiently to produce the performance that your users have grown to expect. Our server maintenance plans are comprised of:
* Check hard drive redundancy
* Check hard drive for errors
* Check hard disks for available space
* Hard Drive fragmentation
* Check server log files
* Analyze Event logs
* Ensure Antivirus software is updated
* Applying necessary security updates
* Check server security
* Check core server services
* Recommending necessary software and hardware upgrades
* Check backups and more!

Windows Server 2008 Active Directory Interview Questions 2

1. What are the Important Windows port numbers:
 port no
RDP – 3389 – (windows rdp port number and remote desktop port number)
FTP – 21 – (file transfer protocol)
TFTP – 69 – ( tftp port number )
Telnet – 23 – ( telnet port number)
SMTP – 25 – ( SMTP port number)
DNS – 53 – ( dns port number and Domain Name System port number)
DHCP – 68 – (DHCP port number and Dynamic Host Configuration Protocol port number )
POP3 – 110 – ( post office Protocol 3 port )
HTTP – 80 – (http port number)
HTTPS – 443 – (https port number)
NNTP – 119 – ( Network News Transfer Protocol Port number )
NTP – 123 – (ntp port number and network Time Protocol and SNTP port number )
IMAP – 143 – (Internet Message Access Protocol port number)
SSMTP – 465 – ( SMTP Over SSl )
SIMAP – 993 – ( IMAP Over SSL )
SPOP3 – 995 – ( POP# Over SS L)
Time – 123 – ( ntp port number and network Time Protocol and SNTP port number )
NetBios – 137 – ( Name Service )
NetBios – 139 – ( Datagram Service )
DHCP Client – 546 – (DHCP Client port number)
DHCP Server – 547 – (DHCP Server port number)
Global Catalog – 3268 – (Global Catalog port number)
LDAP – 389 – ( LDAP port number and Lightweight Directory Access Protocol port number )
RPC – 135 – (remote procedure call Port number)
Kerberos – 88 – ( Kerberos Port Number)
SSH – 22 – ( ssh port number and Secure Shell port number)
2. How to check tombstone lifetime value in your Forest
Tombstone lifetime value different from OS to OS, for windows server 2000/2003 it’s 60 days, In Windows Server 2003 SP1, default tombstone lifetime (TSL) value has increased from 60 days to 180 days, again in Windows Server 2003 R2 TSL value has been decreased to 60 days, Windows Server 2003 R2 SP2 and windows server 2008 it’s 180 days

If you migrating windows 2003 environment to windows 2008 then its 60 day’s
you can use the below command to check/view the current tombstone lifetime value for your Domain/Forest
dsquery * “cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=” –scope base –attr tombstonelifetime
Replace forestDN with your domain partition DN, for domainname.com the DN would be dc=domainname, dc=com
Source:  http://technet.microsoft.com/en-us/library/cc784932(WS.10).aspx
3. How to find the domain controller that contains the lingering object
If we enable Strict Replication Consistency
Lingering objects are not present on domain controllers that log Event ID 1988. The source domain controller contains the lingering object
If we doesn’t enable Strict Replication Consistency
Lingering objects are not present on domain controllers that log Event ID 1388. Domain controller that doesn’t log Event ID 1388 and that domain controller contain the lingering object
You have a 100 Domain controllers which doesn’t enable Strict Replication Consistency, then you will get the Event ID 1388 on all the 99 Domain controllers except the one that contain the lingering object
Need to Remove Lingering Objects from the affected domain controller or decommission the domain controller
You can use Event Comb tool (Eventcombmt.exe) is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time.
You can download these tools from the following location:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en
4. What are Active Directory ports:
List of Active Directory Ports for Active Directory replication and Active Directory authentication, this ports can be used to configure the Firewall

Active Directory replication- There is no defined port for Active Directory replication, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through RPCSS (RPC Endpoint Mapper) by using port 135
File Replication Services (FRS)- There is no defined port for FRS, FRS replication over remote procedure calls (RPCs) occurs dynamically over an available port by using RPCSS (RPC Endpoint Mapper ) on port 135
Other required ports for Active Directory

TCP 53 – DSN (DNS Download)
UDP 53 – DSN (DNS Queries)
TCP 42- WINS
UDP 42- WINS
TCP 3389- RDP (Remote Desktop)
TCP 135 – MS-RPC
TCP 1025 & 1026 – AD Login & replication
TCP 389 – LDAP
TCP 639 – LDAP over SSL/TLS
TCP 3268 -Global Catalog
TCP 3268 – Global Catalog over SSL/TSL
UDP 137 & 138 – NetBIOS related
UDP 88 – Kerberos v5
TCP 445 – SMB , Microsoft-ds
TCP 139 – SMB
5. How to do active directory health checks?
As an administrator you have to check your active directory health daily to reduce the active directory related issues, if you are not monitoring the health of your active directory what will happen
Let’s say one of the Domain Controller failed to replicate, first day you will not have any issue. If this will continue then you will have login issue and you will not find the object change and new object, that’s created and changed in other Domain Controller this will lead to other issues
If the Domain Controller is not replicated more then 60 day’s then it will lead to Lingering issue
Command to check the replication to all the DC’s(through this we can check Active Directory Health)
Repadmin /replsum /bysrc /bydest /sort:delta
You can also save the command output to text file, by using the below command
Repadmin /replsum /bysrc /bydest /sort:delta >>c:\replication_report.txt
this will list the domain controllers that are failing to replicate with the delta value
You can daily run this to check your active directory health
6. GPRESULT falied with access denied error:
Unable to get the result from gpresult on windows 2003 server, gpresult return with the access denied errors, you can able to update the group policy without issue
Run the following commands to register the userenv.dll and recompile the rsop mof file
To resolve the access denied error while doing the gpresult.
1. Open a cmd
1. re-register the userenv.dll
Regsvr32 /n /I c:\winnt\system32\userenv.dll
2. CD c:\windows\system32\wbem
3. Mofcomp scersop.mof
4. Gpupdate /force
5. Gpresult
Now you able to run the gpresult without error and even server reboot not required for this procedure
7. What is the command to find out site name for given DC
dsquery server NYDC01 -site
domain controller name = NYDC01
8. Command to find all DCs in the given site
Command to find all the Domain Controllers in the “Default-First-Site-Name” site
dsquery server -o rdn -site Default-First-Site-Name
Site name = Default-First-Site-Name
9. How many types of  queries DNS does?
Iterative Query
Recursive Query

Windows Server 2008 Active Directory Interview Questions 1

Q. What is Active Directory?
Active Directory is the directory service used by Windows 2000. A directory service is a centralized, hierarchical database that contains information about users and resources on a network. In Windows 2000, this database is called the Active Directory data store. The Active Directory data store contains information about various types of network objects, including printers, shared folders, user accounts, groups, and computers. In a Windows 2000 domain, a read/write copy of the Active Directory data store is physically located on each domain controller in the domain.
Three primary purposes of Active Directory are:
    • · To provide user logon and authentication services
    • · To enable administrators to organize and manage user accounts groups, and network resources
    • · To enable authorized users to easily locate network resources, regardless of where they are located on the network
A directory service consists of two parts—a centralized, hierarchical database that contains information about users and resources on a network, and a service that manages the database and enables users of computers on the network to access the database. In Windows 2008, the database is called the Active Directory data store, or sometimes just the directory. The Active Directory data store contains information about various types of network objects, including printers, shared folders, user accounts, groups, and computers. Windows 2000 Server computers that have a copy of the Active Directory data store, and that run Active Directory are called domain controllers. In a Windows 2008 domain, a read/write copy of the Active Directory data store is physically located on each domain controller in the domain.
Q. What are the physical components of active directory?
Logical Components of Active Directory
In creating the hierarchical database structure of Active Directory, Microsoft facilitated locating resources such as folders and printers by name rather than by physical location. These logical building blocks include domains, trees, forests, and OUs. The physical location of objects within Active Directory is represented by including all objects in a given location in its own site. Because a domain is the basic unit on which Active Directory is built, the domain is introduced first; followed by trees and forests (in which domains are located); and then OUs, which are containers located within a domain.
Domain:
A domain is a logical grouping of networked computers in which one or more of the computers has one or more shared resources, such as a shared folder or a shared printer, and in which all of the computers share a common central domain directory database that contains user account security information. One distinct advantage of using a domain, particularly on a large network, is that administration of user account security for the entire network can be managed from a centralized location. In a domain, a user has only one user account, which is stored in the domain directory database. This user account enables the user to access shared resources (that the user has permissions to access) located on any computer in the domain
Active Directory domains can hold millions of objects, as opposed to the Windows NT domain structure, which was limited to approximately 40,000 objects. As in previous versions of Active Directory, the Active Directory database file (ntds.dit) defines the domain. Each domain has its own ntds.dit file, which is stored on (and replicated among) all domain controllers by a process called multimaster replication. The domain controllers manage the configuration of domain security and store the directory services database. This arrangement permits central administration of domain account privileges, security, and network resources. Networked devices and users belonging to a domain validate with a domain controller at startup. All computers that refer to a specific set of domain controllers make up the domain. In addition, group accounts such as global groups and domain local groups are defined on a domain-wide basis.
Trees
A tree is a group of domains that shares a contiguous namespace. In other words, a tree consists of a parent domain plus one or more sets of child domains whose name reflects that of a parent. For example, a parent domain named examcram.com can include child domains with names such as products.examcram.com, sales.examcram.com, and manufacturing.examcram.com. Furthermore, the tree structure can contain grandchild domains such as america.sales.examcram.com or europe.sales.examcram.com, and so on, as shown in Figure 1-2. A domain called que.com would not belong to the same tree. Following the inverted tree concept originated by X.500, the tree is structured with the parent domain at the top and child domains beneath it. All domains in a tree are linked with two-way, transitive trust relationships; in other words, accounts in any one domain can access resources in another domain and vice versa.
clip_image002[5]
Forests
A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees. As such, forests have the following characteristics:
    • All domains in a forest share a common schema.
    • All domains in a forest share a common global catalog.
    • All domains in a forest are linked by implicit two-way transitive trusts.
Trees in a forest have different naming structures, according to their domains. Domains in a forest operate independently, but the forest enables communication across the entire organization.
clip_image004
Organizational Unit:
An organizational unit (OU) is a container used to organize objects within one domain into logical administrative groups. An OU can contain objects such as user accounts, groups, computers, printers, applications, shared folders, and other OUs from the same domain. OUs are represented by a folder icon with a book inside. The Domain Controllers OU is created by default when Active Directory is installed to hold new Microsoft Windows Server 2003 domain controllers. OUs can be added to other OUs to form a hierarchical structure; this process is known as nesting OUs. Each domain has its own OU structure—the OU structure within a domain is independent of the OU structures of other domains.
There are three reasons for defining an OU:
  • To delegate administration – In the Windows Server 2003 operating system, you can delegate administration for the contents of an OU (all users, computers, or resource objects in the OU) by granting administrators specific permissions for an OU on the OU’s access control list.
  • To administer Group Policy
  • To hide object
Physical Components of Active Directory
There are two physical components of Active Directory:
    • Domain Controllers
    • Sites
Domain Controllers
Any server on which you have installed Active Directory is a domain controller. These servers authenticate all users logging on to the domain in which they are located, and they also serve as centers from which you can administer Active Directory in Windows Server 2008. A domain controller stores a complete copy of all objects contained within the domain, plus the schema and configuration information relevant to the forest in which the domain is located. Unlike Windows NT, there are no primary or backup domain controllers. Similar to Windows 2000 and Windows Server 2003, all domain controllers hold a master, editable copy of the Active Directory database.
Every domain must have at least one DC. A domain may have more than one DC; having more than one DC provides the following benefits:
    • Fault tolerance: If one domain controller goes down, another one is available to authenticate logon requests and locate resources through the directory.
    • Load balancing: All domain controllers within a site participate equally in domain activities, thus spreading out the load over several servers. This configuration optimizes the speed at which requests are serviced.
Sites
By contrast to the logical grouping of Active Directory into forests, trees, domains, and OUs, Microsoft includes the concept of sites to group together resources within a forest according to their physical location and/or subnet. A site is a set of one or more IP subnets, which are connected by a high-speed, always available local area network (LAN) link. Figure 1-5 shows an example with two sites, one located in Chicago and the other in New York. A site can contain objects from more than one tree or domain within a single forest, and individual trees and domains can encompass more than one site. The use of sites enables you to control the replication of data within the Active Directory database as well as to apply policies to all users and computers or delegate administrative control to these objects within a single physical location. In addition, sites enable users to be authenticated by domain controllers in the same physical location rather than a distant location as often as possible. You should configure a single site for all work locations connected within a high-speed, always available LAN link and designate additional sites for locations separated from each other by a slower wide area network (WAN) link. Using sites permits you to configure Active Directory replication to take advantage
of the high-speed connection. It also enables users to connect to a domain controller using a reliable, high-speed connection.
clip_image002[7]
Q. What are the components of Active Directory:
Object:
An object is any specific item that can be cataloged in Active Directory. Examples of objects include users, computers, printers, folders, and files. These items are classified by a distinct set of characteristics, known as attributes. For example, a user can be characterized by the username, full name, telephone number, email address, and so on. Note that, in general, objects in the same container have the same types of attributes but are characterized by different values of these attributes. The Active Directory schema defines the extent of attributes that can be specified for any object.
Classes
The Active Directory service, in turn, classifies objects into classes. These classes are logical groupings of similar objects, such as users. Each class is a series of attributes that define the characteristics of the object.
Schemas
The schema is a set of rules that define the classes of objects and their attributes that can be created in Active Directory. It defines what attributes can be held by objects of various types, which of the various classes can exist, and what object class can be a parent of the current object class. For example, the User class can contain user account objects and possess attributes such as password, group membership, home folder, and so on.
When you first install Active Directory on a server, a default schema is created, containing definitions of commonly used objects and properties such as users, computers, and groups. This default schema also contains definitions of objects and properties needed for the functioning of Active Directory.
Global catalog
A global catalog server is a domain controller that has an additional duty—it maintains a global catalog. A global catalog is a master, searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.
    • A global catalog server performs two important functions:
    • Provides group membership information during logon and authentication
    • Helps users locate resources in Active Directory
Q. What are the protocols used by AD?
Because Active Directory is based on standard directory access protocols, such as Lightweight Directory Access Protocol (LDAP) version 3, and the Name Service Provider Interface (NSPI), it can interoperate with other directory services employing these protocols.
LDAP is the directory access protocol used to query and retrieve information from Active Directory. Because it is an industry-standard directory service protocol, programs can be developed using LDAP to share Active Directory information with other directory services that also support LDAP.
The NSPI protocol, which is used by Microsoft Exchange 4.0 and 5.x clients, is supported by Active Directory to provide compatibility with the Exchange directory.
Q. Minimum requirement to install Win 2008 AD?
  1. An NTFS partition with enough free space
  2. An Administrator’s username and password
  3. The correct operating system version
  4. A NIC
  5. Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway)
  6. A network connection (to a hub or to another computer via a crossover cable)
  7. An operational DNS server (which can be installed on the DC itself)
  8. A Domain name that you want to use
Q. How do you verify whether the AD installation is proper?
  1. Default containers: These are created automatically when the first domain is created. Open Active Directory Users and Computers, and then verify that the following containers are present: Computers, Users, and ForeignSecurityPrincipals.
  2. Default domain controllers organizational unit: Open Active Directory Users and Computers, and then verify this organizational unit.
  3. Default-First-Site-Name
  4. Active Directory database: The Active Directory database is your Ntds.dit file. Verify its existence in the %Systemroot%\Ntds folder.
  5. Global catalog server: The first domain controller becomes a global catalog server, by default. To verify this item:
  • a. Click Start, point to Programs, click Administrative Tools, and then click Active Directory Sites and Services.
  • b. Double-click Sites to expand it, expand Servers, and then select your domain controller.
  • c. Double-click the domain controller to expand the server contents.
  • d. Below the server, an NTDS Settings object is displayed. Right-click the object, and then click Properties.
  • e. On the General tab, you can observe a global catalog check box, which should be selected, by default.
Root domain: The forest root is created when the first domain controller is installed. Verify your computer network identification in My Computer. The Domain Name System (DNS) suffix of your computer should match the domain name that the domain controller belongs to. Also, ensure that your computer registers the proper computer role. To verify this role, use the net accounts command. The computer role should say “primary” or “backup” depending on whether it is the first domain controller in the domain.
Shared system volume: A Windows 2000 domain controller should have a shared system volume located in the %Systemroot%\Sysvol\Sysvol folder. To verify this item, use the net share command. The Active Directory also creates two standard policies during the installation process: The Default Domain policy and the Default Domain Controllers policy (located in the %Systemroot%\Sysvol\Domain\Policies folder). These policies are displayed as the following globally unique identifiers (GUIDs):
{31B2F340-016D-11D2-945F-00C04FB984F9} representing the Default Domain policy
{6AC1786C-016F-11D2-945F-00C04fB984F9} representing the Default Domain Controllers policy
SRV resource records: You must have a DNS server installed and configured for Active Directory and the associated client software to function correctly. Microsoft recommends that you use Microsoft DNS server, which is supplied with Windows 2000 Server as your DNS server. However, Microsoft DNS server is not required. The DNS server that you use must support the Service Resource Record (SRV RR) Requests for Comments (RFC) 2052, and the dynamic update protocol (RFC 2136). Use the DNS Manager Microsoft Management Console (MMC) snap-in to verify that the appropriate zones and resource records are created for each DNS zone. Active Directory creates its SRV RRs in the following folders:
    • _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
    • _Msdcs/Dc/_Tcp
In these locations, an SRV RR is displayed for the following services:
  • o _kerberos
  • o _ldap
Q. What is LDAP?
Short for Lightweight Directory Access Protocol, a set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it’s a simpler version of X.500, LDAP is sometimes called X.500-lite.
Q. What is FRS (File replication services)?
The File Replication Service (FRS) replicates specific files using the same multi-master model that Active Directory uses. It is used by the Distributed File System for replication of DFS trees that are designated as domain root replicas. It is also used by Active Directory to synchronize content of the SYSVOL volume automatically across domain controllers. The reason the FRS service replicates contents of the SYSVOL folder is so clients will always get a consistent logon environment when logging on to the domain, no matter which domain controller actually handles the request. When a client submits a logon request, he or she submits that request for authentication to the SYSVOL directory. A subfolder of this directory, called \scripts, is shared on the network as the netlogon share. Any logon scripts contained in the netlogon share are processed at logon time. Therefore, the FRS is responsible for all domain controllers providing the same logon directory structure to clients throughout the domain.
Q. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )
you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell).
Q. Where is the AD database held? What other folders are related to AD?
AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure
    • ntds.dit
    • edb.log
    • res1.log
    • res2.log
    • edb.chk
When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t present, AD will use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we’ve discussed.
Q. What is the SYSVOL folder?
The SYSVOL folder is critical because it contains the domain’s public files. This directory is shared out (as SYSVOL), and any files kept in the SYSVOL folder are replicated to all other domain controllers in the domain using the File Replication Service (FRS)—and yes, that’s important to know on the exam.
The SYSVOL folder also contains the following items:
    • The NETLOGON share, which is the location where domain logon requests are submitted for processing, and where logon scripts can be stored for client processing at logon time.
    • Windows Group Policies
    • FRS folders and files that must be available and synchronized between domain controllers if the FRS is in use. Distributed File System (DFS), for example, uses the FRS to keep shared data consistent between replicas.
You can go to SYSVOL folder by typing : %systemroot%/sysvol on DC.
Q. Name the AD NCs and replication issues for each NC
*Schema NC, *Configuration NC, * Domain NC
Schema NC: This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn defines the different object classes and attributes within Active Directory.
Configuration NC: Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas.
Domain NC: This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain.
Q. What are application partitions? When do I use them?
A1) Application Directory Partition is a partition space in Active Directory which an application can use to store that application specific data. This partition is then replicated only to some specific domain controllers.
The application directory partition can contain any type of data except security principles (users, computers, groups).
**A2) These are specific to Windows Server 2003 domains.
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.
Q. How do you create a new application partition?
The DnsCmd command is used to create a new application directory partition. Ex. to create a partition named “NewPartition” on the domain controller DC1.contoso.com, log on to the domain controller and type following command.
DnsCmd DC1/createdirectorypartition NewPartition.contoso.com
Q. How do you view replication properties for AD partitions and DCs?
By using replication monitor
go to start > run > type replmon
Q. What is the Global Catalog?
The global catalog is the central repository of information about objects in a tree or forest. By default, a global catalog is created automatically on the initial domain controller in the first domain in the forest. A domain controller that holds a copy of the global catalog is called a global catalog server. You can designate any domain controller in the forest as a global catalog server. Active Directory uses multimaster replication to replicate the global catalog information between global catalog servers in other domains. It stores a full replica of all object attributes in the directory for its host domain and a partial replica of all object attributes contained in the directory for every domain in the forest. The partial replica stores attributes most frequently used in search operations (such as a user’s first and last names, logon name, and so on). Attributes are marked or unmarked for replication in the global catalog when they are defined in the Active Directory schema. Object attributes replicated to the global catalog inherit the same permissions as in source domains, ensuring that data in the global catalog is secure.
Another Definition of Global Catalog:
Global Catalog Server
A global catalog server is a domain controller that has an additional duty—it maintains a global catalog. A global catalog is a master, searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.
  • A global catalog server performs two important functions:
  • Provides group membership information during logon and authentication
  • Helps users locate resources in Active Directory
Q. What is schema?
The Active Directory schema defines objects that can be stored in Active Directory. The schema is a list of definitions that determines the kinds of objects and the types of information about those objects that can be stored in Active Directory. Because the schema definitions themselves are stored as objects, they can be administered in the same manner as the rest of the objects in Active Directory. The schema is defined by two types of objects: schema class objects (also referred to as schema classes) and schema attribute objects (also referred to as schema attributes).
Q. GC and infrastructure master should not be on same server, why?
Unless your domain consists of only one domain controller, the infrastructure master should not be assigned to a domain controller that’s also a Global Catalog server. If the infrastructure master and Global Catalog are stored on the same domain controller, the infrastructure master will not function because it will never find data that is out of date. It therefore won’t ever replicate changes to the other domain controllers in the domain. There are two exceptions:
    • If all your domain controllers are Global Catalog servers, it won’t matter because all servers will have the latest changes to the Global Catalog.
    • If you are implementing a single Active Directory domain, no other domains exist in the forest to keep track of, so in effect, the infrastructure master is out of a job
Q. Why not make all DCs in a large forest as GCs?
When all the DC become a GC replication traffic will get increased and we could not keep the Infrastructure master and GC on the same domain ,so atlease one dc should be act without holding the GC role .
Q. Trying to look at the Schema, how can I do that?
Register the schmmgmt.dll with the command regsvr32
Q. What are the Support Tools? Why do I need them?
Support Tools are the tools that are used for performing the complicated tasks easily. These can also be the third party tools. Some of the Support tools include DebugViewer, DependencyViewer, RegistryMonitor, etc.
Q. What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
LDP – Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.
Replmon – Replmon displays information about Active Directory Replication.
ADSIEDIT – ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSC
NETDOM - NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
REPADMIN – REPADMIN is a built-in Windows diagnostic command-line utility that works at the Active Directory level. Although specific to Windows, it is also useful for diagnosing some Exchange replication problems, since Exchange Server is Active Directory based. REPADMIN doesn’t actually fix replication problems for you. But, you can use it to help determine the source of a malfunction.
Q. What are the Naming Conventions used in AD?
Within Active Directory, each object has a name. When you create an object in Active Directory, such as a user or a computer, you assign the object a name. This name must be unique within the domain—you can’t assign an object the same name as any other object (regardless of its type) in that domain.
At the same time that you create an object, not only do you assign a name to the object, but Active Directory also assigns identifiers to the object. Active Directory assigns every object a globally unique identifier (GUID), and assigns many objects a security identifier (SID). A GUID is typically a 32-digit hexadecimal number that uniquely identifies an object within Active Directory. A SID is a unique number created by the Windows 2000 Security subsystem that is assigned only to security principal objects (users, groups, and computers) when they are created.Windows 2000 uses SIDs to grant or deny a security principal object access to other objects and network resources.
Active Directory uses a hierarchical naming convention that is based on Lightweight Directory Access Protocol (LDAP) and DNS standards.
Objects in Active Directory can be referenced by using one of three Active Directory name types:
    • Relative distinguished name (RDN)
    • Distinguished name (DN)
    • User principal name (UPN)
A relative distinguished name (RDN) is the name that is assigned to the object by the administrator when the object is created. For example, when
I create a user named AlanC, the RDN of that user is AlanC. The RDN only identifies an object—it doesn’t identify the object’s location within Active Directory. The RDN is the simplest of the three Active Directory name types, and is sometimes called the common name of the object.
A distinguished name (DN) consists of an object’s RDN, plus the object’s location in Active Directory. The DN supplies the complete path to the object. An object’s DN includes its RDN, the name of the organizational unit(s) that contains the object (if any), and the FQDN of the domain. For example, suppose that I create a user named AlanC in an organizational unit called US in a domain named Exportsinc.com. The DN of this user would be: psrjadhav@gmail.com
A user principal name (UPN) is a shortened version of the DN that is typically used for logon and e-mail purposes. A UPN consists of the RDN plus the FQDN of the domain. Using my previous example, the UPN for the user named AlanC would be: AlanC@Exportsinc.com
Another way you can think of a UPN is as a DN stripped of all organizational unit references.
Q. What are sites? What are they used for?
A site consists of one or more TCP/IP subnets, which are specified by an administrator. Additionally, if a site contains more than one subnet, the subnets should be connected by high-speed, reliable links. Sites do not correspond to domains:You can have two or more sites within a single domain, or you can have multiple domains in a single site.A site is solely a grouping based on IP addresses. Figure 2-7 shows two sites connected by a slow WAN link.
clip_image002
The purpose of sites is to enable servers that regularly copy data to other servers (such as Active Directory replication data) to distinguish between servers in their own site (which are connected by high-speed links) and servers in another site (which are connected by slower-speed WAN links). Replication between domain controllers in the same site is fast, and typically administrators can permit Windows 2000 to automatically perform this task. Replication between a domain controller in one site and domain controllers in other sites is slower (because it takes place over a slow WAN link) and often should be scheduled by the administrator so that use of network bandwidth for replication is minimized during the network’s peak-activity hours.
Sites and Active Directory replication can be configured by using Active Directory Sites and Services.
Uses of site:
Sites are primarily used to control replication traffic. Domain controllers within a site are pretty much free to replicate changes to the Active Directory database whenever changes are made. Domain controllers in different sites compress the replication traffic and operate based on a defined schedule, both of which are intended to cut down on network traffic.
More specifically, sites are used to control the following:
    • Workstation logon traffic
    • Replication traffic
    • Distributed File System (DFS)
What’s the difference between a site link’s schedule and interval?
Site Link is a physical connection object on which the replication transport mechanism depends on. Basically to speak it is the type of communication mechanism used to transfer the data between different sites. Site Link Schedule is nothing but when the replication process has to be takes place and the interval is nothing but how many times the replication has to be takes place in a give time period i.e Site Link Schedule.
Q. What is replication? How it occurs in AD? What is KCC and ISTG
Each domain controller stores a complete copy of all Active domain controllers in the same domain. Domain controllers in a domain automatically replicate directory information for all objects in the domain to each other. When you perform an action that causes an update to Active Directory, you are actually making the change at one of the domain controllers. That domain controller then replicates the change to all other domain controllers within the domain. You can control replication of traffic between domain controllers in the network by specifying how often replication occurs and the amount of data that each domain controller replicates at one time. Domain controllers immediately replicate certain important updates, such as the disabling of a user account.
Active Directory uses multimaster replication, in which no one domain controller is the master domain controller. Instead, all domain controllers within a domain are peers, and each domain controller contains a copy of the directory database that can be written to. Domain controllers can hold different information for short periods of time until all domain controllers have synchronized changes to Active Directory.
Although Active Directory supports multimaster replication, some changes are impractical to perform in multimaster fashion. One or more domain controllers can be assigned to perform single-master replication (operations not permitted to occur at different places in a network at the same time). Operations master roles are special roles assigned to one or more domain controllers in a domain to perform single-master replication.
Domain controllers detect collisions, which can occur when an attribute is modified on a domain controller before a change to the same attribute on another domain controller is completely propagated. Collisions are detected by comparing each attribute’s property version number, a number specific to an attribute that is initialized upon creation of the attribute. Active Directory resolves the collision by replicating the changed attribute with the higher property version number.
Q. What can you do to promote a server to DC if you’re in a remote location with slow WAN link?
Install from Media In Windows Server 2003 a new feature has been added, and this time it’s one that will actually make our lives easier… You can promote a domain controller using files backed up from a source domain controller!!!
This feature is called “Install from Media” and it’s available by running DCPROMO with the /adv switch. It’s not a replacement for network replication, we still need network connectivity, but now we can use an old System State copy from another Windows Server 2003, copy it to our future DC, and have the first and basic replication take place from the media, instead of across the network, this saving valuable time and network resources.
What you basically have to do is to back up the systems data of an existing domain controller, restore that backup to your replica candidate, use DCPromo /Adv to tell it to source from local media, rather than a network source.
This also works for global catalogs. If we perform a backup of a global catalog server, then we can create a new global catalog server by performing DCPromo from that restored media.

IFM Limitations

It only works for the same domain, so you cannot back up a domain controller in domain A and create a new domain B using that media.
It’s only useful up to the tombstone lifetime with a default of 60 days. So if you have an old backup, then you cannot create a new domain controller using that, because you’ll run into the problem of reanimating deleted objects.
Q. How can you forcibly remove AD from a server, and what do you do later?
Demoting Windows Server 2003 DCs: DCPROMO (Active Directory Installation Wizard) is a toggle switch, which allows you to either install or remove Active Directory DCs. To forcibly demote a Windows Server 2003 DC, run the following command either at the Start, Run, or at the command prompt:
dcpromo /forceremoval
Note: If you’re running Certificate Services on the DC, you must first remove Certificate Services before continuing. If you specify the /forceremoval switch on a server that doesn’t have Active Directory installed, the switch is ignored and the wizard pretends that you want to install Active Directory on that server.
Once the wizard starts, you will be prompted for the Administrator password that you want to assign to the local administrator in the SAM database. If you have Windows Server 2003 Service Pack 1 installed on the DC, you’ll benefit from a few enhancements. The wizard will automatically run certain checks and will prompt you to take appropriate actions. For example, if the DC is a Global Catalog server or a DNS server, you will be prompted. You will also be prompted to take an action if your DC is hosting any of the operations master roles.
Demoting Windows 2000 DCs: On a Windows 2000 domain controller, forced demotion is supported with Service Pack 2 and later. The rest of the procedure is similar to the procedure I described for Windows Server 2003. Just make sure that while running the wizard, you clear the “This server is the last domain controller in the domain” check box. On Windows 2000 Servers you won’t benefit from the enhancements in Windows Server 2003 SP1, so if the DC you are demoting is a Global Catalog server, you may have to manually promote some other DC to a Global Catalog server.
Cleaning the Metadata on a Surviving DC : Once you’ve successfully demoted the DC, your job is not quite done yet. Now you must clean up the Active Directory metadata. You may be wondering why I need to clean the metadata manually. The metadata for the demoted DC is not deleted from the surviving DCs because you forced the demotion. When you force a demotion, Active Directory basically ignores other DCs and does its own thing. Because the other DCs are not aware that you removed the demoted DC from the domain, the references to the demoted DC need to be removed from the domain.
Although Active Directory has made numerous improvements over the years, one of the biggest criticisms of Active Directory is that it doesn’t clean up the mess very well. This is obvious in most cases but, in other cases, you won’t know it unless you start digging deep into Active Directory database.
To clean up the metadata you use NTDSUTIL. The following procedure describes how to clean up metadata on a Windows Server 2003 SP1. According to Microsoft, the version of NTDSUTIL in SP1 has been enhanced considerably and does a much better job of clean-up, which obviously means that the earlier versions didn’t do a very good job. For Windows 2000 DCs, you might want to check out Microsoft Knowledge Base article 216498, “How to remove data in Active Directory after an unsuccessful domain controller demotion.”
Here’s the step-by-step procedure for cleaning metadata on Windows Server 2003 DCs:
  1. Logon to the DC as a Domain Administrator.
  2. At the command prompt, type ntdsutil.
  3. Type metadata cleanup.
  4. Type connections.
  5. Type connect to server servername, where servername is the name of the server you want to connect to.
  6. Type quit or q to go one level up. You should be at the Metadata Cleanup prompt.
  7. Type select operation target.
  8. Type list domains. You will see a list of domains in the forest, each with a different number.
  9. Type select domain number, where number is the number associated with the domain of your server
  10. Type list sites.
  11. Type select site number, where number is the number associated with the site of your server.
  12. Type list servers in site.
  13. Type select server number, where number is the number associated with the server you want to remove.
  14. Type quit to go to Metadata Cleanup prompt.
  15. Type remove selected server. You should see a confirmation that the removal completed successfully.
  16. Type quit to exit ntdsutil.
    You might also want to cleanup DNS database by deleting all DNS records related to the server.
In general, you will have better luck using forced promotion on Windows Server 2003, because the naming contexts and other objects don’t get cleaned as quickly on Windows 2000 Global Catalog servers, especially servers running Windows 2000 SP3 or earlier. Due to the nature of forced demotion and the fact that it’s meant to be used only as a last resort, there are additional things that you should know about forced demotion.
Even after you’ve used NTDSUTIL to clean the metadata, you may still need to do additional cleaning manually using ADSIEdit or other such tools
Q. Can I get user passwords from the AD database?
As of my Knowledge there is no way to extract the password from AD Database. By the way there is a tool called cache dump. Using it we can extract the cached passwords from Windows XP machine which is joined to a Domain.
Q. Name some OU design considerations.
    • Design OU structure based on Active Directory business requirements
    • NT Resource domains may fold up into OUs
    • Create nested OUs to hide objects
    • Objects easily moved between OUs
    • Departments , Geographic Region, Job Function, Object Type
Q. What is tombstone lifetime attribute?
The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NC.
Q. How would you find all users that have not logged on since last month?
If you are using windows 2003 domain environment, then goto Active Directory Users and Computers, select the Saved Queries, right click it and select new query, then using the custom common queries and define query there is one which shows days since last logon
Q. What are the DS* commands?
    • DSmod – modifyActiveDirectoryattributes
    • DSrm – to delete Active Directory objects
    • DSmove - to relocate objects
    • DSadd – createnewaccounts
    • DSquery- tofindobjectsthatmatchyourqueryattributes
    • DSget- listthepropertiesofanobject
What’s the difference between LDIFDE and CSVDE? Usage considerations?
CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info. Like CSVDE, LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor; however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects
What is DFS?
The Distributed File System is used to build a hierarchical view of multiple file servers and shares on the network. Instead of having to think of a specific machine name for each set of files, the user will only have to remember one name; which will be the ‘key’ to a list of shares found on multiple servers on the network. Think of it as the home of all file shares with links that point to one or more servers that actually host those shares.
DFS has the capability of routing a client to the closest available file server by using Active Directory site metrics. It can also be installed on a cluster for even better performance and reliability.
It is important to understand the new concepts that are part of DFS. Below is an definition of each of them.
Dfs root: You can think of this as a share that is visible on the network, and in this share you can have additional files and folders.
Dfs link: A link is another share somewhere on the network that goes under the root. When a user opens this link they will be redirected to a shared folder.
Dfs target (or replica): This can be referred to as either a root or a link. If you have two identical shares, normally stored on different servers, you can group them together as Dfs Targets under the same link.
The image below shows the actual folder structure of what the user sees when using DFS and load balancing.
clip_image001
The actual folder structure of DFS and load balancing
Q. What are the types of replication in DFS?
There are two types of replication:
    • Automatic – which is only available for Domain DFS
    • Manual – which is available for stand alone, DFS and requires all files to be replicated manually.
Q. Which service is responsible for replicating files in SYSVOL folder?
File Replication Service (FRS)

RAID 2, RAID 3, RAID 4, RAID 6 Explanation

In most critical production servers, you will be using either RAID 5 or RAID 10.
However there are several non-standard raids, which are not used except in some rare situations. It is good to know what they are.
This article explains with a simple diagram how RAID 2, RAID 3, RAID 4, and RAID 6 works.

RAID 2


  • This uses bit level striping. i.e Instead of striping the blocks across the disks, it stripes the bits across the disks.
  • In the above diagram b1, b2, b3 are bits. E1, E2, E3 are error correction codes.
  • You need two groups of disks. One group of disks are used to write the data, another group is used to write the error correction codes.
  • This uses Hamming error correction code (ECC), and stores this information in the redundancy disks.
  • When data is written to the disks, it calculates the ECC code for the data on the fly, and stripes the data bits to the data-disks, and writes the ECC code to the redundancy disks.
  • When data is read from the disks, it also reads the corresponding ECC code from the redundancy disks, and checks whether the data is consistent. If required, it makes appropriate corrections on the fly.
  • This uses lot of disks and can be configured in different disk configuration. Some valid configurations are 1) 10 disks for data and 4 disks for ECC 2) 4 disks for data and 3 disks for ECC
  • This is not used anymore. This is expensive and implementing it in a RAID controller is complex, and ECC is redundant now-a-days, as the hard disk themselves can do this.

RAID 3


  • This uses byte level striping. i.e Instead of striping the blocks across the disks, it stripes the bits across the disks.
  • In the above diagram B1, B2, B3 are bytes. p1, p2, p3 are parities.
  • Uses multiple data disks, and a dedicated disk to store parity.
  • The disks have to spin in sync to get to the data.
  • Sequential read and write will have good performance.
  • Random read and write will have worst performance.
  • This is not commonly used.

RAID 4


  • This uses block level striping.
  • In the above diagram B1, B2, B3 are blocks. p1, p2, p3 are parities.
  • Uses multiple data disks, and a dedicated disk to store parity.
  • Minimum of 3 disks (2 disks for data and 1 for parity)
  • Good random reads, as the data blocks are striped.
  • Bad random writes, as for every write, it has to write to the single parity disk.
  • It is somewhat similar to RAID 3 and 5, but little different.
  • This is just like RAID 3 in having the dedicated parity disk, but this stripes blocks.
  • This is just like RAID 5 in striping the blocks across the data disks, but this has only one parity disk.
  • This is not commonly used.

RAID 6

RAID 0, RAID 1, RAID 5, RAID 10 Explanation

RAID stands for Redundant Array of Inexpensive (Independent) Disks.
On most situations you will be using one of the following four levels of RAIDs.
  • RAID 0
  • RAID 1
  • RAID 5
  • RAID 10 (also known as RAID 1+0)
This article explains the main difference between these raid levels along with an easy to understand diagram.

In all the diagrams mentioned below:
  • A, B, C, D, E and F – represents blocks
  • p1, p2, and p3 – represents parity

RAID LEVEL 0


Following are the key points to remember for RAID level 0.
  • Minimum 2 disks.
  • Excellent performance ( as blocks are striped ).
  • No redundancy ( no mirror, no parity ).
  • Don’t use this for any critical system.

RAID LEVEL 1

Following are the key points to remember for RAID level 1.
  • Minimum 2 disks.
  • Good performance ( no striping. no parity ).
  • Excellent redundancy ( as blocks are mirrored ).

RAID LEVEL 5


Following are the key points to remember for RAID level 5.
  • Minimum 3 disks.
  • Good performance ( as blocks are striped ).
  • Good redundancy ( distributed parity ).
  • Best cost effective option providing both performance and redundancy. Use this for DB that is heavily read oriented. Write operations will be slow.

RAID LEVEL 10

Windows Deployment Services Configure in Windows Server 2008 r2

How to use Windows Deployment Service 

1.1 Introduction:

Windows Deployment Service (WDS) is an enhanced and redesigned version of Remote Installation service (RIS) which was the native deployment tool available in Windows 2000 Server and early versions of Windows Server 2003. WDS is networks based OS deployment mechanism that helps organizations rapidly and remotely deploy Windows operating systems and is also useful for OS installations on systems that do not support boot from CD/DVD. Using Windows Deployment Services, you can deploy Windows operating systems over a network, without having to be physically present at the destination computer and without using installation media.

1.2. Requirements:
The following list describes the requirements for installing and using Windows Deployment Services:

1.2.1. Active Directory service: A Windows Deployment Services server must be either a member of an Active Directory domain or a domain controller (DC) for an Active Directory domain.

1.2.2. Dynamic Host Configuration Protocol (DHCP). You must have a working DHCP server with an active scope on the network because Windows Deployment Services uses PXE, which in turn uses DHCP.

1.2.3. Domain Name System (DNS): A working DNS server on the network is required to run Windows DS.

1.2.4. Installation media: A Windows Longhorn DVD or a network location that contains the contents of the DVD is required to install Windows Deployment Services.

1.2.5. A partition on the Windows Deployment Services server of NTFS file system: Microsoft recommends using a NTFS partition apart from the system partition, for the image repository for the Windows Deployment Service.

1.2.6. NIC: A NIC capable of PXE boot to deploy the OS on the system.

1.2.7. WAIK: Windows Automated Installation Kit is required for additional tools like Imagex and peimg under special circumstances like capturing image, adding non-native drivers. WAIK can be downloaded from the following link http://www.microsoft.com/downloads/details.aspx?FamilyID=c7d4bc6d-15f3-4284-9123-679830d629f2&DisplayLang=en

1.2.8. WinPE disk: WinPE is required to serve as an environment if we have to capture images.

Note: MS recommends WDS server to be on a separate server other than Domain Controller and DHCP server.

2.1. Configuring WDS Server:

WDS server can only recognize images which are in .wim format. There are two types of images that need to be added in order to deploy any Operating System; they are boot.wim and install.wim.

The Boot.wim is used to enable the WDS server as PXE server and provides a boot environment (unique to an architecture type) to kick off an OS install. The Install.wim is the actual Operating System image.

Microsoft ships Boot.wim and Install.wim with its Longhorn DVDs; these files can be found in the /sources directory of the installation media. The first step towards configuring WDS is to install the “Windows Deployment Services” Role from the Server Manager.

Make sure that the WDS server, the system where the OS has to be deployed, DHCP and Active Directory are in the same network. Join the WDS server to the Domain Controller.
2.1. Configuring WDS Server:

WDS server can only recognize images which are in .wim format. There are two types of images that need to be added in order to deploy any Operating System; they are boot.wim and install.wim.

The Boot.wim is used to enable the WDS server as PXE server and provides a boot environment (unique to an architecture type) to kick off an OS install. The Install.wim is the actual Operating System image.

Microsoft ships Boot.wim and Install.wim with its Longhorn DVDs; these files can be found in the /sources directory of the installation media. The first step towards configuring WDS is to install the “Windows Deployment Services” Role from the Server Manager.

Make sure that the WDS server, the system where the OS has to be deployed, DHCP and Active Directory are in the same network. Join the WDS server to the Domain Controller.

Following are the steps to add images to the WDS server:

2.1.1. Steps to add the images to the WDS server:
  1. Open WdsMgmt from StartàProgramsà Administrative ToolsàWindows Deployment Services.
  2. In the left pane, Right Click on the servers and ‘Add server’. Choose if you want to add the ‘Local computer’ or a ‘Remote computer’ as the WDS server.
  3. After the addition, Select ‘Configure Server’.
  4. In the Welcome page, Click ‘Next’ and select a location other than System Partition to store the images. (Example E :\).
  5. In the next window Select “Respond to all (known and unknown) Client Computers” and Click Finish.
Note: The other two options do not work till the recent builds of LH.

  1. Uncheck the check box for adding images and click Finish.
  2. Insert the Longhorn DVD in the DVD ROM.
  3. From the WDS snap-in, Right click on the Install Images and select Add Install Image. (For adding the boot images, click on Boot Images and select “Add Boot Image”).
  4. In the Image Group window, give a group name of your choice and click Next.
  5. In the Next Window, browse to the location of Install.wim (DVD drive: \sources).
  6. Next, Select the SKU’s which you want to add to the WDS server and ‘Finish’.

Points to remember:


  • If you would like to deploy an x64 image on a client from a WDS server run a following command:
WDSUTIL /set-server /architecturediscovery:yes

  • Without this command, the client will not see any of the x64 images on the WDS server.
  • You cannot deploy the x64 install image using the x86 boot.wim and vice-versa. Each architecture type requires its own boot.wim

3.1. Capturing an image:

Capturing image can be useful when an organization requires deploying the Operating System with a standard set of applications installed on the entire network. Organizations can use the default install.wim image and deploy only the Operating System. System administrators have to go to each and every machine to install applications which is a tedious job.

To reduce the complexity of this, we can capture the image of a machine with the Operating System and all the necessary applications installed and then deploy this image to the machines on the network.

You can capture the operating system images from Windows PE, Windows Vista operating system, Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1 (SP1), or a customized Windows PE provided by Microsoft Systems Management Server (SMS) Operating System Deployment Feature Pack, or Windows Deployment Services (WDS).

Note: Throughout this document we will concentrate on Windows PE and Windows Deployment Service as the platform for capturing the images.

Before you capture an image on a system, the operating system should be sysprepped in order to be able to deploy on different platforms. You can find sysprep.exe in the following location: c:\windows\system32\sysprep. Use the command:

Sysprep /generalize /oobe /reboot


3.1.1 Capturing Image Using “Create Capture Image” option in WdsMgmt

1. Open WdsMgmt and Select Boot Images folder in the left pane. On the Right side, Right Click the image that is already added and select Create Capture Image option.

Note: You can use the “create Image Option” if you at least one boot image added, and also you should use x64 boot image in case you want to capture x64 installation.

2. In the Capture Image windows, give the path where the new image should be stored.

3. After it is finished, Add the newly captured image to the Boot Image folder.

4. Disable the first boot image which was added.

5. Now on the server where you want to capture the image, PXE boot the server using the F12 option.

6. After the WinPE is loaded, you will be taken to WDS image capture wizard. Click Next.

7. From the drop down select the drive to image and give the image name and its description and select next.

8. In the next window, select the location where you want to store the image. There are two options, one to store on any drive using the Browse option or you can select to check box to store it on the WDS server directly.

After the image capture is done, add the image to the WDS server as mention in the previous sections.


4.1 Deploying an Image using PXE:

  1. Boot the target client computer through PXE.
  2. If there are multiple boot images, choose the desired image to continue.
  3. After the WinPE is loaded, in the window click Next accepting the default locale and keyboard layout.
  4. In the Authentication dialog box, enter the domain/username and password.
Note: You have to use the domain username and password
  1. In the next screen, all the available OS images will be displayed. Select the image to deploy and click Next.
  2. After this phase, the installation is same as the manual DVD install.

Here two Videos for WDS Installation and Configuration..

1. Windows Deployment Services Installing in Windows Server 2008 r2

2 WDS Install on Windows Server 2008 R2 


Windows Deployment Services Installing in Windows Server 2008 r2 



               WDS Install on Windows Server 2008 R2

 



List of Windows Snap-ins (.msc) and Applets (.cpl)



.msc List
ADFS.msc
AD Federation Services
CERTMGR.msc
Certificate Management –Current User
CERTSRV.msc
Certification Authority
CERTTMPL.msc
Certificate Templates
COMPMGMT.msc
Computer Management
COMEXP.msc
Component Services  C:windowssystem32com
DCOMCNFG 
Component Services
DSA.msc 
ADUC (AD Users and Computers)
DFSGUI.msc
DFS Management
DFSMGMT.msc
DFS Management R2
DNSMGMT.msc 
DNS Management
DOMAIN.msc
Domains and Trusts
DSSITE.msc
Sites and Services
EVENTVWR.msc
Event Viewer
GPEDIT.msc
Local Policy
GPMC.msc 
Group Policy Management Console
PKIVIEW.msc
PKI management
RSOP.msc
Resultant set of Policy
SECPOL.msc
Local Security Policy
SERVICES.msc
Services
SCHMMGMT.msc  
Schema Management
TASKMGR
Task Manager
TSCC.msc 
TS Configuration
exe list
TSADMIN
TS Administrator
LICMGR
TS Licensing
The commands below are available on the Windows Server 2003 Administration Tools Pack (adminpak.msi) or on the Windows Server 2003 Installation CD.
ADMGMT.msc
AD Management –Domains, Sites, DNS and ADUC
PKMGMT.msc
PKI Management – Authorities, Templates
IPADDRMGMT.msc
WINS,DNS and DHCP in one console
Windows Server 2008
SERVERMANAGER.msc
Server Manager
NAPCLCFG.msc
Network Access Protection Client Configuration
STOREXPL.msc
Storage Manager
TSCONFIG
TS Configuration
WBADMIN
Windows Server Backup
WF.msc
Windows Firewall + Advanced Security
Applets for Windows management
NCPA.CPL 
Network Properties
APPWIZ.CPL
Add remove programs
DEVMGMT.msc
Device Manager
FSMGMT.msc
File Share Management
SYSDM.CPL
System Properties
FIREWALL.CPL
Firewall applet
DESK.CPL
Display Properties
CONTROL
Control Panel
SYSDM.CPL
System Properties       
ACCESS.CPL 
Accessibility Options         
APPWIZ.CPL
Add/Remove Programs           
TIMEDATE.CPL
Date/Time Properties
DESK.CPL         
Display Properties 
FINDFAST.CPL          
FindFast                      
FONTS 
Fonts Folder     
INETCPL.CPL 
Internet Properties           
JOY.CPL 
Joystick Properties
LUSRMGR.MSC
Local Users and Groups           
MAIN.CPL Keyboard 
Keyboard Properties    
MLCFG32.CPL 
Microsoft Exchange  
WGPOCPL.CPL 
Microsoft Mail Post Office       
MAIN.CPL 
Mouse Properties              
MMSYS.CPL 
Multimedia Properties         
PASWORD.CPL
Password Properties           
MAIN.CPL PC CARD (pcmcia)                       
 PC Card 
PRINTERS 
Printers Folder               
INTL.CPL 
Regional Settings             
STICPL.CPL 
Scanners and Cameras          
MMSYS.CPL sounds
Sound Properties