Archive for the ‘Server 2003’ Category

Shutdown Event Tracker

Posted: November 29, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
0

You’ve probably noticed that Windows Server 2003 has a new feature that requests a shutdown reason each time you restart the server. This feature is called the Shutdown Event Tracker.

If you are working in a test environment, you might choose to disable this feature to avoid the hassle of typing in a reason each time you restart. To disable this feature, you can perform the following steps:

1. Click Start, click Run, and type gpedit.msc and press Enter.

2. Expand the Computer Configuration and then Administrative Templates objects. Click on the System object. In the right-hand pane you’ll see several settings appear.

3. Locate and double-click that Display Shutdown Event Tracker setting. The Display Shutdown Event Tracker Properties dialog box opens.

4. Click the Disabled radio button to disable the Shutdown Event Tracker. Click OK.

 

Close the Group Policy Editor console. Now when you shut down this server, you won’t be asked to enter a reason.

Add Snap-in to MMC

Posted: November 29, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
0

To add a snap-in to an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, click Add.

4. In the Add Standalone Snap-In dialog box, select the snap-in you want to add to the existing MMC and click Add.

5. Enter additional details for the snap-in as described in the previous procedure.

6. When you are finished adding snap-ins, click Close in the Add Standalone Snap-In dialog box. The snap-ins you have added appear in the list in the Add/Remove Snap-In dialog box.

7. In the Add/Remove Snap-In dialog box, click OK. MMC displays the snap-ins you have added in the console tree below Console Root.

To remove a snap-in from an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, select the snap-in you want to delete and click Remove. Then click OK. The snap-in is removed from the console.

To add or remove an extension to a snap-in on an existing MMC, complete the following steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click the name of the custom MMC.

2. On the File menu, click Add/Remove Snap-In.

3. In the Standalone tab in the Add/Remove Snap-In dialog box, select the snap-in for which you want to

add or remove an extension. Then click the Extensions tab.

4. In the Extensions tab, indicate the extension(s) you want to add or delete, as follows:

❑ To add an extension, click the desired extension.

❑ To remove an extension, clear the Add All Extensions check box and then in the Available Extensions box, clear the check box for the desired extension.

5. Click OK.

6. Expand the snap-in to confirm that the desired extension has been added or removed.

 

How to Restore the System State on a Domain Controller

Posted: October 12, 2011 in Active Directory, Domain Controller, Server, Server 2003, Server 2008
Tags: , , , , ,
1

1. To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode. To do so, restart the computer and press the F8 key when you see the Boot menu.

2. Choose Directory Services Restore Mode.

3. Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4. At the logon prompt, supply the Directory Services Restore mode credentials you supplied during the Dcpromo.exe process.

5. Click OK to acknowledge that you are using Safe mode.

6. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

7. Click the Restore tab.

8. Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore “junction points and data” is also selected prior to the restore. This ensures that sysvol junction points are re-created.

9. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

10. Click Start Restore.

11. After the restore process is finished, restart the computer.

How many FSMO Roles?

Posted: October 12, 2011 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , , , ,
4

Flexible Single Master Operation Roles

1. Domain Naming Master —ForestWide Roles

2. Schema Master —ForestWide Roles

3. RID Master (Relative ID Master) — Domain Wide Roles

4. PDC Emulator — Domain Wide Roles

5. Infrastructure Master — Domain Wide Roles

 

Relative ID (RID) Master: — it assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects up to RID pools are available in DCs) else u can’t create any object one its down. The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object.

PDC emulator: It works as a PDC to any NT Bdcs in your environment

It works as Time Server (to maintain same time in your network)

It works to change the passwords, lockout etc. The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time

  • Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
  • Account lockout is processed on the PDC emulator.
  • Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.

At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

 

Infrastructure Master: This works when we are renaming any group member ship object this role takes care. When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

Domain Naming Master: Adding / changing / deleting any Domain in a forest it takes care,. This DC is the only one that can add or remove a domain from the directory. There can be only one domain naming master in the whole forest.

Schema Master: It maintains structure of the Active Directory in a forest. The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There can be only one schema master in the whole forest.

What is a backup?

Posted: August 19, 2011 in Active Directory, Backup, Server, Server 2003, Server 2008, System Information
Tags: , , , ,
2

A backup is an exact copy of a file (including documentation) that is kept on a storage medium (usually in a compressed state) in a safe place (usually at a remote location) for use in the event that the working copy is destroyed. Notice that we placed emphasis on “including documentation”, because every media holding backups must include a history or documentation of the files on the media. This is usually in the form of labels and identification data on the media itself, on the outside casing, and in spreadsheets, hard catalogs, or data ledgers in some form or another. Without history data, restore media cannot locate your files, and the backup is useless. This is why you can prepare a tape for overwriting by merely formatting the label so that the magnetic head thinks the media is blank.

 

Various types of backups are possible, depending on what you back up and how often you back it up, as the following list describes:

  • Archived backup: A backup that documents (in header files, labels, and backup records) the state of the archive bit at the time of copy. The state (on-off) of the bit indicates to the backup software that the file has been changed since the last backup. When Windows Server 2008 Backup does an archived backup, it sets the archive bit accordingly.

 

  • Copy backup: An ad hoc “raw” copy that ignores the archive bit state. It does not set the archive bit after the copy. A copy backup is useful for quick copies between DR processes and rotations or to pull an “annual” during the monthly rotation

 

  • Daily backup: This does not form part of any rotation scheme. It is just a backup of files that have been changed on the day of the backup. We question the usefulness of the daily backup in Backup, because mission-critical DR practice dictates the deployment of a manual or automated rotation scheme. In addition, Backup does not offer a summary or history of the files that have changed during the day

 

  • Normal backup: A complete backup of all files (that can be backed up), period. The term normal is more a Windows Server 2008 term, because this backup is more commonly called a full backup in DR circles. The full backup copies all files and then sets the archive bit to indicate (to Backup) that the files have been backed up. You would do a full backup at the start of any backup scheme. You would also need to do a full backup after making changes to any scheme. A full backup, and documentation or history drawn from it, is the only means of performing later incremental backups. Otherwise, the system would not know what has or has not changed since the last backup.

 

  • Incremental backup: A backup of all files that have changed since the last full or incremental backup. The backup software sets the archive bit, which thereby denotes that the files have been backed up. Under a rotation scheme, a full restore would require you to have all the incremental media used in the media pool, all the way back to the first media, which contains the full backup. You would then have the media containing all the files that have changed (and versions thereof) at the time of the last backup.

 

  • Differential backup: This works exactly like the incremental, except that it does not do anything to the archive bit. In other words, it does not mark the files as having been backed up. When the system comes around to do a differential backup, it compares the files to be backed up with the original catalog. Differential backups are best done on a weekly basis, along with a full, or normal, backup, to keep differentials comparing against recently backed up files.

Active Directory Roles

Posted: August 10, 2011 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , , , ,
2

Active Directory Certificate Services (AD CS)

 

AD CS provides functions necessary for issuing and revoking digital certificates for users, client computers, and servers. Includes these role services: Certification Authority, Certification Authority Web Enrollment, Online Certificate Status Protocol, and Microsoft Simple Certificate Enrollment Protocol (MSCEP).

 

Active Directory Domain Services (AD DS)

 

AD DS provides functions necessary for storing information about users, groups, computers, and other objects on the network and makes this information available to users and computers. Domain controllers give network users and computers access to permitted resources on the network.

 

Active Directory Federation Services (AD FS)

 

AD FS complements the authentication and access management features of AD DS by extending them to the World Wide Web. Includes these role services and subservices: Federation Service, Federation Service Proxy, AD FS Web Agents, Claims-Aware Agent, and Windows Token-Based Agent.

 

Active Directory Lightweight Directory Services (AD LDS)

 

AD LDS provides a data store for directory-enabled applications that do not require AD DS and do not need to be deployed on domain controllers. Does not include additional role services.

 

Active Directory Rights Management Services (AD RMS)

 

AD RMS provides controlled access to protected e-mail messages, documents, intranet Web pages, and other types of fi les. Includes these role services: Active Directory Rights Management Server and Identity Federation Support.

 

Application Server

 

Application Server allows a server to host distributed applications built using ASP.NET, Enterprise Services, and .NET Framework 3.0. Includes more than a dozen role services.

 

DHCP Server

 

DHCP provides centralized control over Internet Protocol (IP) addressing. DHCP servers can assign dynamic IP addresses and essential TCP/IP settings to other computers on a network. Does not include additional role services.

 

DNS Server

 

DNS is a name resolution system that resolves computer names to IP addresses. DNS servers are essential for name resolution in Active Directory domains. Does not include additional role services.

 

Fax Server

 

Fax Server provides centralized control over sending and receiving faxes in the enterprise. A fax server can act as a gateway for faxing and allows you to manage fax resources, such as jobs and reports, and fax devices on the server or on the network. Does not include additional role services.

 

File Services

 

File Services provide essential services for managing fi les and the way they are made available and replicated on the network. A number of server roles require some type of fi le service. Includes these role services and subservices: File Server, Distributed File System, DFS Namespace, DFS Replication, File Server Resource Manager, Services for Network File System (NFS), Windows Search Service, Windows Server 2003 File Services, File Replication Service (FRS), and Indexing Service.

 

Network Policy And Access Services (NPAS)

 

NPAS provides essential services for managing routing and remote access to networks. Includes these role services: Network Policy Server (NPS), Routing And Remote Access Services (RRAS), Remote Access Service, Routing, Health Registration Authority, and Host Credential Authorization Protocol (HCAP).

 

Print Services

 

Print Services provide essential services for managing network printers and print drivers. Includes these role services: Print Server, LPD Service, and Internet Printing.

 

Terminal Services

 

Terminal Services provide services that allow users to run Windows-based applications that are installed on a remote server. When users run an application on a terminal server, the execution and processing occur on the server, and only the data from the application is transmitted over the network. Includes these role services: Terminal Server, TS Licensing, TS Session Broker, TS Gateway, and TS Web Access.

 

Universal Description Discovery Integration (UDDI) Services

 

UDDI provides capabilities for sharing information about Web services both within an organization and between organizations. Includes these role services

 

Web Server (IIS)

 

Web Server (IIS) is used to host Web sites and Web-based applications. Web sites hosted on a Web server can have both static content and dynamic content. You can build Web applications hosted on a Web server using ASP.NET and .NET Framework 3.0. When you deploy a Web server, you can manage the server configuration using IIS 7.0 modules and administration tools.

 

Windows Deployment Services (WDS)

 

WDS provides services for deploying Windows computers in the enterprise. Includes these role services: Deployment Server and Transport Server.

 

Windows SharePoint Services

 

Windows SharePoint Services enable team collaboration by connecting people and information. A SharePoint server is essentially a Web server running a full installation of IIS and using managed applications that provide the necessary collaboration functionality.

 

Windows Server Update Services

 

Microsoft Windows Server Update Services (WSUS) allows you to distribute updates that are released through Microsoft Update to computers in your organization using centralized servers rather than individual updates.

 

 

How to Restore the System State on a Domain Controller

Posted: July 11, 2011 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , , ,
0

1. To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode. To do so, restart the computer and press the F8 key when you see the Boot menu.

2. Choose Directory Services Restore Mode.

3. Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4. At the logon prompt, supply the Directory Services Restore mode credentials you supplied during the Dcpromo.exe process.

5. Click OK to acknowledge that you are using Safe mode.

6. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

7. Click the Restore tab.

8. Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore “junction points and data” is also selected prior to the restore. This ensures that sysvol junction points are re-created.

9. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

10. Click Start Restore.

11. After the restore process is finished, restart the computer.

Active Directory Intersite Replication

Posted: July 5, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
4

Intersite replication takes place between sites. Intersite replication can utilize either RPC over IP or SMTP to convey replication data. This type of replication has to be manually configured. Intersite replication occurs between two domain controllers that are called bridgeheads or bridgehead servers. The role of a bridgehead server (BS) is assigned to at least one domain controller in a site. A BS in one site deals with replicating changes with other BSs in different sites. You can configure multiple bridgehead servers in a site. It is only these BSs that replicate data with domain controllers in different domains by performing intersite replication with its BS partners. With intersite replication, packets are compressed to save bandwidth. This places additional CPU load on domain controllers assigned the BS role. BSs should therefore be machines that have enough speed and processors to perform replication. Intersite replication takes place over site links by a polling method which is every 180 minutes by default.

What is ADSIEdit?

Posted: July 5, 2011 in Active Directory, Server, Server 2003
Tags: , ,
0

ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool:

ADSIEDIT.DLL

ADSIEDIT.MSC

Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary.

Determine the tombstone lifetime for the forest

Posted: July 5, 2011 in Active Directory, Server, Server 2003
Tags: , ,
0

The tombstone lifetime is determined by the value of the tombstone Lifetime attribute on the Directory Service object in the configuration directory partition.

Administrative Credentials

To complete this procedure, you must be a member of the Domain Users group.

 

To determine the tombstone lifetime for the forest

1.            On the Start menu, click Run, type adsiedit.msc, and then click OK.

2.            In the console tree, double-click Configuration [DomainControllerName], CN=Configuration,DC=[ForestRootDomain], CN=Services, and CN=Windows NT.

3.            Right-click CN=Directory Service, and then click Properties.

4.            In the Attribute column, click tombstoneLifetime.

5.            Note the value in the Value column. If the value is <not set>, the default value is in effect as follows:

•             On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), the default value is 180 days.

•             On a domain controller in a forest that was created on a domain controller running Windows 2000 Server or Windows Server 2003, the default value is 60 days.

Older Entries
Newer Entries