DNS Record Keeping

January 25, 2012 Leave a Comment

DNS keeps track of Information in Zones. Essentially, a zone is a flat-file database for a particular domain, such as www.Google.com. The zone can contain different rexord types, all of which can be queried by clients:

> A : Which i a Host Address record – this resolves a single host name. suck as www, to an IP address.

> CNAME : or Alias – This resolves a name such as www to an actual host name, such as www1. think of it as a nickname for a computer -”www”, for example, is easier to remember and more standardized than a computer name like “w4salwin” which is what a Web Server’s real name might be.

> MX : or Mail Exchanger – This provides the name of the mail server for a Domain. Multiple MX records can be provided for fault tolerance or load balancing and a prioroty assigned to each. Clients, Such as sending mail servers, will attempt to contact the server in the MX record with the lowest-Numbered Priority.

> AAAA – This maps an IPv6 IP address to a host name.

> SRV: or Service – This provides the IP address of  one or more servers providing a particular service. AD uses SRV records to allow clients to locate Domain Controllers, among other things.

> SOA: or Start of Authority – This Special record indicates that the DNS Server hosting the zone is authoritative for the zone and is the primary source of name resolution for hosts within that domain.

Filed under Server, Active Directory, Server 2003, Server 2008 Tagged with , , , , ,

What is the SYSVOL folder?

January 23, 2012 1 Comment

All active directory data base security related information store in SYSVOL folder and it’s only created on NTFS partition.

In Microsoft Windows, the System Volume (Sysvol) is a shared directory that stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders.

The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest.

Filed under Server, Active Directory, Server 2003, Server 2008 Tagged with , , , , ,

ReplMon

January 23, 2012 Leave a Comment

ReplMon can do the following:

  • See when a replication partner fails.
  • Display changes that have not yet replicated from a given replication partner.
  • Trigger the Knowledge Consistency Checker (KCC) to recalculate the replication topology.
  • View the history of successful and failed replication changes for troubleshooting purposes.
  • Find all direct and transitive replication partners on the network.
  • View the properties of directory replication partners.
  • Display the metadata of an Active Directory object’s attributes.
  • Poll replication partners and generate individual histories of successful and failed replication events.
  • Create your own applications or scripts written in Microsoft Visual Basic Scripting Edition (VBScript) to extract specific data from Active Directory.
  • View a snapshot of the performance counters on the computer, and the registry configuration of the server.
  • Generate status reports that include direct and transitive replication partners, and detail a record of changes.
  • Display replication topology.
  • Force replication.
  • Display a list of the trust relationships maintained by the domain controller being monitored.

Filed under Server, Active Directory, Server 2003, Server 2008 Tagged with , , , ,

2011 in review

January 3, 2012 Leave a Comment

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

The concert hall at the Syndey Opera House holds 2,700 people. This blog was viewed about 10,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 4 sold-out performances for that many people to see it.

Click here to see the complete report.

Filed under System Information Tagged with , , , ,

Shutdown Event Tracker

November 29, 2011 Leave a Comment

You’ve probably noticed that Windows Server 2003 has a new feature that requests a shutdown reason each time you restart the server. This feature is called the Shutdown Event Tracker.

If you are working in a test environment, you might choose to disable this feature to avoid the hassle of typing in a reason each time you restart. To disable this feature, you can perform the following steps:

1. Click Start, click Run, and type gpedit.msc and press Enter.

2. Expand the Computer Configuration and then Administrative Templates objects. Click on the System object. In the right-hand pane you’ll see several settings appear.

3. Locate and double-click that Display Shutdown Event Tracker setting. The Display Shutdown Event Tracker Properties dialog box opens.

4. Click the Disabled radio button to disable the Shutdown Event Tracker. Click OK.

 

Close the Group Policy Editor console. Now when you shut down this server, you won’t be asked to enter a reason.

Filed under Active Directory, Server, Server 2003, Server 2008 Tagged with , , ,

Add Snap-in to MMC

November 29, 2011 Leave a Comment

To add a snap-in to an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, click Add.

4. In the Add Standalone Snap-In dialog box, select the snap-in you want to add to the existing MMC and click Add.

5. Enter additional details for the snap-in as described in the previous procedure.

6. When you are finished adding snap-ins, click Close in the Add Standalone Snap-In dialog box. The snap-ins you have added appear in the list in the Add/Remove Snap-In dialog box.

7. In the Add/Remove Snap-In dialog box, click OK. MMC displays the snap-ins you have added in the console tree below Console Root.

To remove a snap-in from an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, select the snap-in you want to delete and click Remove. Then click OK. The snap-in is removed from the console.

To add or remove an extension to a snap-in on an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, select the snap-in for which you want to

add or remove an extension. Then click the Extensions tab.

4. In the Extensions tab, indicate the extension(s) you want to add or delete, as follows:

❑ To add an extension, click the desired extension.

❑ To remove an extension, clear the Add All Extensions check box and then in the Available Extensions box, clear the check box for the desired extension.

5. Click OK.

6. Expand the snap-in to confirm that the desired extension has been added or removed.

 

Filed under Active Directory, Server, Server 2003, Server 2008 Tagged with , , ,

How to Restore the System State on a Domain Controller

October 12, 2011 Leave a Comment

1. To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode. To do so, restart the computer and press the F8 key when you see the Boot menu.

2. Choose Directory Services Restore Mode.

3. Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4. At the logon prompt, supply the Directory Services Restore mode credentials you supplied during the Dcpromo.exe process.

5. Click OK to acknowledge that you are using Safe mode.

6. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

7. Click the Restore tab.

8. Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore “junction points and data” is also selected prior to the restore. This ensures that sysvol junction points are re-created.

9. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

10. Click Start Restore.

11. After the restore process is finished, restart the computer.

Filed under Active Directory, Domain Controller, Server, Server 2003, Server 2008 Tagged with , , , , ,

How many FSMO Roles?

October 12, 2011 Leave a Comment

Flexible Single Master Operation Roles

1. Domain Naming Master —ForestWide Roles

2. Schema Master —ForestWide Roles

3. RID Master (Relative ID Master) — Domain Wide Roles

4. PDC Emulator — Domain Wide Roles

5. Infrastructure Master — Domain Wide Roles

 

Relative ID (RID) Master: — it assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects up to RID pools are available in DCs) else u can’t create any object one its down. The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object.

PDC emulator: It works as a PDC to any NT Bdcs in your environment

It works as Time Server (to maintain same time in your network)

It works to change the passwords, lockout etc. The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time

  • Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
  • Account lockout is processed on the PDC emulator.
  • Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.

At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

 

Infrastructure Master: This works when we are renaming any group member ship object this role takes care. When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

Domain Naming Master: Adding / changing / deleting any Domain in a forest it takes care,. This DC is the only one that can add or remove a domain from the directory. There can be only one domain naming master in the whole forest.

Schema Master: It maintains structure of the Active Directory in a forest. The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There can be only one schema master in the whole forest.

Filed under Active Directory, Server, Server 2003, Server 2008, System Information Tagged with , , , ,

What is a backup?

August 19, 2011 Leave a Comment

A backup is an exact copy of a file (including documentation) that is kept on a storage medium (usually in a compressed state) in a safe place (usually at a remote location) for use in the event that the working copy is destroyed. Notice that we placed emphasis on “including documentation”, because every media holding backups must include a history or documentation of the files on the media. This is usually in the form of labels and identification data on the media itself, on the outside casing, and in spreadsheets, hard catalogs, or data ledgers in some form or another. Without history data, restore media cannot locate your files, and the backup is useless. This is why you can prepare a tape for overwriting by merely formatting the label so that the magnetic head thinks the media is blank.

 

Various types of backups are possible, depending on what you back up and how often you back it up, as the following list describes:

  • Archived backup: A backup that documents (in header files, labels, and backup records) the state of the archive bit at the time of copy. The state (on-off) of the bit indicates to the backup software that the file has been changed since the last backup. When Windows Server 2008 Backup does an archived backup, it sets the archive bit accordingly.

 

  • Copy backup: An ad hoc “raw” copy that ignores the archive bit state. It does not set the archive bit after the copy. A copy backup is useful for quick copies between DR processes and rotations or to pull an “annual” during the monthly rotation

 

  • Daily backup: This does not form part of any rotation scheme. It is just a backup of files that have been changed on the day of the backup. We question the usefulness of the daily backup in Backup, because mission-critical DR practice dictates the deployment of a manual or automated rotation scheme. In addition, Backup does not offer a summary or history of the files that have changed during the day

 

  • Normal backup: A complete backup of all files (that can be backed up), period. The term normal is more a Windows Server 2008 term, because this backup is more commonly called a full backup in DR circles. The full backup copies all files and then sets the archive bit to indicate (to Backup) that the files have been backed up. You would do a full backup at the start of any backup scheme. You would also need to do a full backup after making changes to any scheme. A full backup, and documentation or history drawn from it, is the only means of performing later incremental backups. Otherwise, the system would not know what has or has not changed since the last backup.

 

  • Incremental backup: A backup of all files that have changed since the last full or incremental backup. The backup software sets the archive bit, which thereby denotes that the files have been backed up. Under a rotation scheme, a full restore would require you to have all the incremental media used in the media pool, all the way back to the first media, which contains the full backup. You would then have the media containing all the files that have changed (and versions thereof) at the time of the last backup.

 

  • Differential backup: This works exactly like the incremental, except that it does not do anything to the archive bit. In other words, it does not mark the files as having been backed up. When the system comes around to do a differential backup, it compares the files to be backed up with the original catalog. Differential backups are best done on a weekly basis, along with a full, or normal, backup, to keep differentials comparing against recently backed up files.

Filed under Active Directory, Backup, Server, Server 2003, Server 2008, System Information Tagged with , , , ,

Primary Features of Windows Server 2008

August 10, 2011 3 Comments

.NET Framework 3.0

 

Provides .NET Framework 3.0 APIs for application development. Additional sub features include .NET Framework 3.0 Features, XPS Viewer, and Windows Communication Foundation (WCF) Activation Components.

 

Bit Locker Drive Encryption

 

Provides hardware-based security to protect data through full-volume encryption that prevents disk tampering while the operating system is offline. Computers that have Trusted Platform Module (TPM) can use BitLocker Drive Encryption in Startup Key or TPM-only mode. Both modes provide early integrity validation.

 

Background Intelligent Transfer Service (BITS) Server Extensions

 

Provides intelligent background transfers. When this feature is installed, the server can act as a BITS server that can receive file uploads by clients. This feature isn’t necessary for downloads to clients using BITS.

 

Connection Manager Administration Kit (CMAK)

 

Provides functionality for generating Connection Manager Profiles.

 

Desktop Experience

 

Provides additional Windows Vista desktop functionality on the server. Windows Vista features added include Windows Media Player, desktop themes, and Windows Photo Gallery. Although these features allow a server to be used like a desktop computer, they can reduce the server’s overall performance.

 

Failover Clustering

 

Provides clustering functionality that allows multiple servers to work together to provide high availability for services and applications. Many types of services can be clustered, including file and print services. Messaging and database servers are ideal candidates for clustering.

 

Group Policy Management

 

Installs the Group Policy Management Console (GPMC), which provides centralized administration of Group Policy.

 

Internet Printing Client

 

Provides functionality that allows clients to use HTTP to connect to printers on Web print servers.

 

Internet Storage Name Server (iSNS)

 

Provides management and server functions for Internet SCSI (iSCSI) devices, allowing the server to process registration requests, de-registration requests, and queries from iSCSI devices.

 

Line Printer Remote (LPR) Port Monitor

 

Installs the LPR Port Monitor, which allows printing to devices attached to UNIX-based computers.

 

Message Queuing

 

Provides management and server functions for distributed message queuing. A group of related sub features is available as well.

 

Multipath I/O (MPIO)

 

Provides functionality necessary for using multiple data paths to a storage device.

 

Network Load Balancing (NLB)

 

NLB provides failover support and load balancing for IP-based applications and services by distributing incoming application requests among a group of participating servers. Web servers are ideal candidates for load balancing.

 

Peer Name Resolution Protocol (PNRP)

 

Provides Link-Local Multicast Name Resolution (LLMNR) functionality that allows peer-to-peer name-resolution services. When you install this feature, applications running on the server can register and resolve names using LLMNR.

 

Remote Assistance

 

Allows a remote user to connect to the server to provide or receive Remote Assistance.

 

Remote Server Administration Tools (RSAT)

 

Installs role- and feature-management tools that can be used for remote administration of other Windows Server 2008 systems. Options for individual tools are provided or you can install tools by top-level category or subcategory.

 

Removable Storage Manager (RSM)

 

Installs the Removable Storage Manager tool, which you can use to manage removable media and removable media devices.

 

Remote Procedure Call (RPC) over HTTP Proxy

 

Installs a proxy for relaying RPC messages from client applications over HTTP to the server. RPC over HTTP is an alternative to having clients access the server over a VPN connection.

 

Simple TCP/IP Services

 

Installs additional TCP/IP services, including Character Generator, Daytime, Discard, Echo, and Quote of the Day.

 

Simple Mail Transfer Protocol (SMTP) Server

 

SMTP is a network protocol for controlling the transfer and routing of e-mail messages. When this feature is installed, the server can act as a basic SMTP server. For a full-featured solution, you’ll need to install a messaging server such as Microsoft Exchange Server 2007.

 

Simple Network Management Protocol (SNMP) Services

 

SNMP is a protocol used to simplify management of TCP/IP networks. You can use SNMP for centralized network management if your network has SNMP-compliant devices. You can also use SNMP for network monitoring via network management software.

 

Storage Manager For SANs

 

Installs the Storage Manager for SANs console. This console provides a central management interface for storage area network (SAN) devices. You can view storage subsystems, create and manage logical unit numbers (LUNs), and manage iSCSI target devices. The SAN device must support Visual Disk Services (VDS).

 

Subsystem for UNIX based Applications (SUA)

 

Provides functionality for running UNIX-based programs. You can download additional management utilities from the Microsoft Web site.

 

Windows Internal Database

 

Installs SQL Server 2005 Embedded Edition. This allows the server to use relational databases with Windows roles and features that require an internal database, such as AD RMS, UDDI Services, Windows Server Update Services (WSUS), Windows SharePoint Services, and Windows System Resource Manager.

 

Windows PowerShell

 

Installs Windows PowerShell, which provides an enhanced command-line environment for managing Windows systems.

 

Windows Process Activation Service

 

Provides support for distributed Web-based applications that use HTTP and non-HTTP protocols.

 

Windows Recovery Environment

 

You can use the recovery environment to restore a server using recovery options if you cannot access recovery options provided by the server manufacturer.

 

Windows Server Backup

 

Allows you to back up and restore the operating system, system state, and any data stored on a server.

 

Windows System Resource Manager (WSRM)

 

Allows you to manage resource usage on a per-processor basis.

 

WINS Server

 

WINS is a name-resolution service that resolves computer names to IP addresses. Installing this feature allows the computer to act as a WINS server.

 

Wireless Networking

 

Allows the server to use wireless networking connections and profiles.

Filed under Active Directory, Server, Server 2008 Tagged with , , , , , , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 56 other followers