Active Directory Intersite Replication
July 5, 2011 2 Comments
What is ADSIEdit?
July 5, 2011 Leave a comment
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool:
ADSIEDIT.DLL
ADSIEDIT.MSC
Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary.
Determine the tombstone lifetime for the forest
July 5, 2011 Leave a comment
The tombstone lifetime is determined by the value of the tombstone Lifetime attribute on the Directory Service object in the configuration directory partition.
Administrative Credentials
To complete this procedure, you must be a member of the Domain Users group.
To determine the tombstone lifetime for the forest
1. On the Start menu, click Run, type adsiedit.msc, and then click OK.
2. In the console tree, double-click Configuration [DomainControllerName], CN=Configuration,DC=[ForestRootDomain], CN=Services, and CN=Windows NT.
3. Right-click CN=Directory Service, and then click Properties.
4. In the Attribute column, click tombstoneLifetime.
5. Note the value in the Value column. If the value is <not set>, the default value is in effect as follows:
• On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), the default value is 180 days.
• On a domain controller in a forest that was created on a domain controller running Windows 2000 Server or Windows Server 2003, the default value is 60 days.
Support Files of Active Directory
July 5, 2011 Leave a comment
The Active Directory support files are listed below. These are the files that you specify a location for when you promote a server to a domain controller:
- Ntds.dit (NT Directory Services): Ntds.dit is the core Active Directory database. This file on a domain controller lists the naming contexts hosted by that particular domain controller.
- Edb.log: The Edb.log file is a transaction log. When changes occur to Active Directory objects, the changes are initially saved to the transaction log before they are written to the Active Directory database.
- Edbxxxxx.log: This is auxiliary transaction logs that can be used in cases where the primary Edb.log file fills up prior to it being written to the Ntds.dit Active Directory database.
- Edb.chk: Edb.chk is a checkpoint file that is used by the transaction logging process.
- Res log files: These are reserve log files whose space is used if insufficient space exists to create the Edbxxxxx.log file.
- Temp.edb: Temp.edb contains information on the transactions that are being processed.
Schema.ini: The Schema.ini file is used to initialize the Ntds.dit Active Directory database when a domain controller is promoted.
Blade Servers
June 3, 2011 1 Comment
Blade computing introduces a new data center paradigm where various thin compute blades share centralized resources in a single chassis. Ablade server is a single circuit board populated with components such as memory, processors, I/O adapters, and network connections that are often found on multiple boards. Server blades are built to slide into existing servers. They are smaller, need less power, and are more cost-efficient than traditional box-based servers.
Managing these servers requires the following:
- A virtualized view of the servers and resources it uses (such as storage)
- A high level of security within the server and on the network devices
- Dynamic resource provisioning that is automated as much as possible
- A layout that is easy to scale to meet ever-increasing user demands
Data centers will realize a shift from box-based servers to densely packed racks of blade-based servers.
Smart Card Deployment Considerations
June 1, 2011 Leave a comment
Smart card logon is supported for Windows 2000 and Windows Server 2003. To implement smart cards, you must deploy an enterprise certification authority rather than a stand-alone or third-party certification authority to support smart card logon to Windows Server 2003 domains. Windows Server 2003 supports industry standard Personal Computer/Smart Card (PC/SC)–compliant smart cards and readers and provides drivers for commercially available plug and play smart card readers. Windows Server 2003 does not support non-PC/SC-compliant or non–plug and play smart card readers. Some manufacturers might provide drivers for non–plug and play smart card readers that work with Windows Server 2003; however, it is recommended that you purchase only plug and play PC/SC-compliant smart card readers.
The cost of administering a smart card program depends on several factors, including:
■ The number of users enrolled in the smart card program and their location.
■ Your organization’s practices for issuing smart cards to users, including the requirements for verifying user identities. For example, will you require users to simply present a valid personal identification card or will you require a back-ground investigation? Your policies affect the level of security provided as well as the actual cost.
■ Your organization’s practices for users who lose or misplace their smart cards. For example, will you issue temporary smart cards, authorize temporary alternate logon to the network, or make users go home to retrieve their smart cards? Your policies affect how much worker time is lost and how much help desk support is needed.
Your smart card authentication strategy must describe the network logon and authentication methods you use, including:
■ Identify network logon and authentication strategies you want to deploy.
■ Describe smart card deployment considerations and issues.
■ Describe PKI certificate services required to support smart cards.
In addition to smart cards, third-party vendors offer a variety of security products to provide two-factor authentication, such as “security tokens” and biometric accessories. These accessories use extensible features of the Windows Server 2003 graphical logon user interface to provide alternate methods of user authentication.
Active Directory Naming and LDAP
March 4, 2011 Leave a comment
The LDAP is a standardized protocol used by clients to look up information in a directory. An LDAP-aware directory service (such as Active Directory) indexes all the attributes of all the objects stored in the directory and publishes them. LDAP-aware clients can query the server in a wide variety of ways.
Every object in Active Directory is an instance of a class defined in the Active Directory
schema. Each class has attributes that ensure unique identification of every object in
the directory. To accomplish this, Active Directory relies on a naming convention that
lets objects be stored logically and accessed by clients by a standardized method. Both
users and applications are affected by the naming conventions that a directory uses. To
locate a network resource, you’ll need to know its name or one of its properties. Active
Directory supports several types of names for the different formats that can access
Active Directory.
These names include:
■ Relative Distinguished Names
■ Distinguished Names
■ User Principal Names
■ Canonical Names
Dell Open Manage Installation Guide for ESX
March 4, 2011 Leave a comment
Installing Dell OpenManage 5.x on ESX 3.X
Note: ESX 3.5 systems, Patch ESX350-200802412-BG need to be installed prior to the OpenManage Installation. This patch addresses an issue related to event reporting in Dell OMSS. This patch may be downloaded from http://www.vmware.com/download/vi/vi3_patches_35.html. For further details, refer to http://kb.vmware.com/kb/1003459.
Dell OpenManage Package from support.dell.com
Use the following steps to download Dell OpenManage:
1. Go to http://support.dell.com
2. Select “Drivers and Downloads”
3. Select the appropriate server model (example: PowerEdge 2950) or enter the Service Tag of the server
4. For “Operating System,” select “Red Hat Enterprise Linux 4″
5. For “Category,” select “Systems Management”
6. Click on “Dell OpenManage Server Administrator Managed Node” to download a tar package for Server Administrator.
7. If the version of Dell OpenManage you require is not the latest release, click on “Other Versions” to find previous releases
The following are the steps to install OpenManage 5.x on ESX 3.x:
1. Log on with administrator privileges (root) to the Service Console.
2. Make sure there is at least 512MB of free disk space in the /root partition of ESX Server service console. This can be verified by running the df –lh command in the service console.
3. Use the following steps to install OpenManage Server Administrator:
Copy the file to ESX using WINSCP to
# /etc/tmp/update
Create an Update folder under /etc/tmp
Unzip the file
$ tar -zxvf OM_5.1_ManNode_LIN_A00.tar.gz
where OM_5.1_ManNode_LIN_A00.tar.gz is the file downloaded from http://support.dell.com
4. Install OpenManage by executing the installation script and following the onscreen instructions:
# ./setup.sh
a. If you are installing OpenManage on a Dell PowerEdge 1855, PowerEdge 1955, or on a system that does not have a Dell Remote Access Card (DRAC), use the following command:
$ ./srvadmin-install.sh –b –w -s
b. If you are installing Dell OpenManage on a PowerEdge M600, M605, or a server with DRAC, use the following command:
$ ./srvadmin-install.sh –b –w –r -s The options used in the OpenManage installation script expand as: b: Base install of OpenManage Server Administrator w: Web interface for OpenManage Server Administrator r: Dell Remote Access Controller (DRAC) services s: OpenManage Storage Management (OMSM)
5. To start the OpenManage services without rebooting the system, execute the following command:
$ srvadmin-services.sh start
6 To access the ESX server using an OpenManage Web Administrative console, open the ports used by OpenManage using the following commands:
$ esxcfg-firewall -o 1311,tcp,in,OpenManageRequest
To check the Dell Open manage
Cisco ASA5505 Firewall
March 4, 2011 Leave a comment
Cisco ASA5505 Firewall overview
Cisco ASA5505 firewall is a small box with the following layout:
It has eight Ethernet ports marked 0 to 7 and one Console port marked blue.
- Connect the Console port to the local server or any computer from which you will configure the box: the Console cable must be connected to Serial port of the computer. Note: it is needed for configuration only; later this connection can be removed.
- Port 0 of the ASA must be attached to Internet Provider’s equipment: connect it to the ISP modem.
- Port 2 of the ASA must be attached to the local Ethernet switch.
- Connect the Server and computers to the Ethernet switch.
CONFIGURATION
In order to configure the firewall, you will need a configuration template (not included in this document, supplied as a separate file). Follow the instructions inside the configuration template in order to adjust it to the profile of your site and use the following configuration sequence:
- Log in to the server or a computer that was connected to ASA box;
- Open up the HyperTerminal program (Start à Programs à Accessories à Communications). Set up a new connection to COM1 port.
- Clear any existing configuration from the firewall using the following set of commands:
Devicename> enable ↵
Devicename# config terminal ↵
Devicename(config)# clear configure all ↵
Devicename(config)# write memory ↵
- While in configuration mode, copy-paste the configuration file that you prepared earlier.
- Save the configuration of the firewall:
Devicename(config)# write memory ↵
Having this done, your firewall is set up for operation. Verify if your internet are working.
Net Use Command to Add Drives
March 4, 2011 Leave a comment
Net Use Command:
To Add a Drive
net use (drive-name): \\Servername\Foldername :persistent
To Delete a Mapped Drive
net use (Drivename): /del or net use (Drivename): /delete
In case if you get any error while running the Net use command like : NET NOT RECOGNIZED AS A COMMAND
Then Follow the Below Steps:
Open Command Prompt> Go To “C” Drive> “Windows” Folder> “System 32″ Folder”
and then run the Net Use Command mentioned above.
Also check the below Value:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\Path
I suspect it is a Reg_SZ value. It should be a Reg_Expand_SZ value
Logo
Authors
ignitedsoulIgnitedSoul
Ignited RSS
- Tips of User accounts and Groups in Server 2008Three types of user accounts exist in Windows Server 2008: local user accounts, domain user accounts, and built-in user accounts. Local user accounts reside on a local computer and are not replicated to other computers by Active Directory. Domain user accounts are created and stored in Active Directory and replicated to all domain controllers within [...]
- Server 2008 hangs at “Applying Computer Settings”The problems described in the symptoms section occur because of a lock on the Service Control Manager (SCM) database. As a result of the lock, none of the services can access the SCM database to initialize their service start requests. To verify that a Windows computer is affected by the problem discussed in this article, run the [...]
- Server 2008 Hangs at “Applying User Settings”Issue: We had a System running Server 2008 and when it would boot it would hang with “Applying User Settings”. When it would finally load, many of the services were not started. Diagnosis: http://support.microsoft.com/kb/2004121 – This Microsoft Article explains the issue associated with the SCM database being locked: sc querylock The outp […]
- How to troubleshoot user logon issues?User logon problems are sometimes hard to troubleshoot. Have you checked the Application log on the machine in question? There might be (most likely) some errors in there from source Userenv (ID’s 1053, 1054). Turning on Userenv debug logging will also help in troubleshooting user logon problems. You can do this by adding a Registry [...]
- DNS Record KeepingDNS keeps track of Information in Zones. Essentially, a zone is a flat-file database for a particular domain, such as www.Google.com. The zone can contain different rexord types, all of which can be queried by clients: > A : Which i a Host Address record – this resolves a single host name. suck as www, [...]
- What is the SYSVOL folder?All active directory data base security related information store in SYSVOL folder and it’s only created on NTFS partition. In Microsoft Windows, the System Volume (Sysvol) is a shared directory that stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain. The term SYSVOL refers to a […]
- ReplMonReplMon can do the following: See when a replication partner fails. Display changes that have not yet replicated from a given replication partner. Trigger the Knowledge Consistency Checker (KCC) to recalculate the replication topology. View the history of successful and failed replication changes for troubleshooting purposes. Find all direct and transitive r […]
- Recreating Service Console networking from the command line in ESXIssue The Service Console loses connectivity Due to misconfiguration of service console, the network connection fails An additional NIC is added to ESX host Solution To delete and recreate a virtual switch and Service Console from the command line: Run the following command to list the name of the vswif adapter: esxcfg-vswif -l Run [...]
- 2011 in reviewThe WordPress.com stats helper monkeys prepared a 2011 annual report for this blog. Here’s an excerpt: The concert hall at the Syndey Opera House holds 2,700 people. This blog was viewed about 10,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 4 sold-out performances for that many [...]
- VM Backup – Win Server 2008 R2 & Hyper-VVM Backup – Backing up Virtual Machines with Windows Server 2008 R2 & Hyper-V Overview Virtual machines are basically made of files. They contain configuration files, virtual hard disks, snapshot files and saved state files. While running computers are virtual machines can benefit from virtualization, a lot of thought needs to be taken in order [...]
Visits
Recent Comments