Archive for the ‘Server 2008’ Category

Active Directory Intersite Replication

Posted: July 5, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
4

Intersite replication takes place between sites. Intersite replication can utilize either RPC over IP or SMTP to convey replication data. This type of replication has to be manually configured. Intersite replication occurs between two domain controllers that are called bridgeheads or bridgehead servers. The role of a bridgehead server (BS) is assigned to at least one domain controller in a site. A BS in one site deals with replicating changes with other BSs in different sites. You can configure multiple bridgehead servers in a site. It is only these BSs that replicate data with domain controllers in different domains by performing intersite replication with its BS partners. With intersite replication, packets are compressed to save bandwidth. This places additional CPU load on domain controllers assigned the BS role. BSs should therefore be machines that have enough speed and processors to perform replication. Intersite replication takes place over site links by a polling method which is every 180 minutes by default.

Support Files of Active Directory

Posted: July 5, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
1

The Active Directory support files are listed below. These are the files that you specify a location for when you promote a server to a domain controller:

  • Ntds.dit (NT Directory Services): Ntds.dit is the core Active Directory database. This file on a domain controller lists the naming contexts hosted by that particular domain controller.
  • Edb.log: The Edb.log file is a transaction log. When changes occur to Active Directory objects, the changes are initially saved to the transaction log before they are written to the Active Directory database.
  • Edbxxxxx.log: This is auxiliary transaction logs that can be used in cases where the primary Edb.log file fills up prior to it being written to the Ntds.dit Active Directory database.
  • Edb.chk: Edb.chk is a checkpoint file that is used by the transaction logging process.
  • Res log files: These are reserve log files whose space is used if insufficient space exists to create the Edbxxxxx.log file.
  • Temp.edb: Temp.edb contains information on the transactions that are being processed.

Schema.ini: The Schema.ini file is used to initialize the Ntds.dit Active Directory database when a domain controller is promoted.

Supported Upgrade Paths for Server 2008

Posted: June 30, 2011 in Server, Server 2008, System Information
Tags: ,
1

Before performing an upgrade, you should make sure the server’s installed software and hardware support Windows Server 2008. You can download tools for testing compatibility and documentation at the Windows Server Catalog Web site (http://www.windowsservercatalog.com/).

 

Microsoft Server operating systems from Windows 2000 and later can be upgraded to Windows Server 2008. In general, servers can be upgraded to a product with equal or greater capabilities, thus:

 

  • Windows Server 2003 Standard or Enterprise editions can be upgraded to Standard or Enterprise editions of Windows Server 2008.
  • Windows Server 2003, Datacenter Edition, can be upgraded to Windows Server 2008 Datacenter.
  • Windows Server 2003, Web Edition, can be upgraded Windows Web Server 2008.
  • Windows Server 2008 Standard can be upgraded to Enterprise or Datacenter editions of Windows Server 2008.
  • Windows Server 2008 Enterprise can be upgraded to Windows Server 2008 Datacenter.

Core Function of DHCP

Posted: June 29, 2011 in Active Directory, Internet Protocol, Server 2008, System Basics, System Information
Tags: , ,
0

The core function of DHCP is to assign addresses. DHCP functions at the Application Layer of the Open System Interconnection (OSI) reference model, as defined by the International Organization for Standardization (ISO) and the Telecommunication Standards Section of the International Telecommunications Union (ITU-T).

The OSI model is used for reference and teaching purposes; it divides computer networking functions into seven layers. From top to bottom, the seven layers are application, presentation,

session, transport, network, data-link, and physical

 

In brief, DHCP provides four key benefits to those managing and maintaining a TCP/IP network:

 

  • Centralized administration of IP configuration—DHCP IP configuration information can be stored in a single location and enables the administrator to centrally manage all IP configuration information. A DHCP server tracks all leased and reserved IP addresses and lists them in the DHCP console. You can use the DHCP console to determine the IP addresses of all DHCP-enabled devices on your network. Without DHCP, not only would you need to manually assign addresses, you would also need to devise a method of tracking and updating them.
  • Dynamic host configuration—DHCP automates the host configuration process for key configuration parameters. This eliminates the need to manually configure individual hosts when TCP/IP is first deployed or when IP infrastructure changes are required.
  • Seamless IP host configuration—the use of DHCP ensures that DHCP clients get accurate and timely IP configuration parameters, such as the IP address, subnet mask, default gateway, IP address of the DNS server, and so on, without user intervention. Because the configuration is automatic, troubleshooting of misconfigurations, such as mistyped numbers, is largely eliminated.
  • Flexibility and scalability—Using DHCP gives the administrator increased flexibility, allowing the administrator to more easily change IP configurations when the infrastructure changes. DHCP also scales from small to large networks. DHCP can service networks with ten clients as well as networks with thousands of clients. For very small, isolated networks, Automatic Private IP Addressing (APIPA) can be used.

Windows Server 2008 Auditing Overview

Posted: June 21, 2011 in Active Directory, Server, Server 2008, System Information
Tags: , ,
0

Windows Server 2008 provides several categories of events that you can audit, as described in the following list:

 

■ Account Logon Events:  Track user logon and logoff via a user account.

■ Account Management:  Track when a user account or group is created, changed, or

deleted; a user account is renamed, enabled, or disabled; or a password is set or changed.

■ Directory Service Access:  Track access to Active Directory.

■ Logon Events:  Track nonlocal authentication events such as network use of a resource or a remote

service that is logging on by using the local system account.

■ Object Access:  Track when objects are accessed and the type of access performed—for example,

track use of a folder, file, or printer. Configure auditing of specific events through the object’s

properties (such as the Security tab for a folder or file).

■ Policy Change:  Track changes to user rights or audit policies.

■ Privilege Use:  Track when a user exercises a right other than those associated with logon and

logoff.

■ Process Tracking:  Track events related to process execution, such as program execution.

■ System Events:  Track system events such as restart, startup, shutdown, or events that affect

system security or the security log.

Securing remote registry access

Posted: June 21, 2011 in Bios, Registry, Server, Server 2008, System Information
Tags: ,
0

A good security step to take to prevent hackers and others from making unauthorized changes to a system’s registry is to prevent remote access to a system’s registry. When a user attempts to connect to a registry remotely, Windows Server 2008 checks the ACL for the following registry key:

 

HKLM\System\ControlSet001\Control\SecurePipeServers\winreg

 

If this key is missing, all users can access the registry subject to the permissions assigned to individual keys. If the key exists, Windows Server 2008 checks the permissions on the key to determine whether or not the remote user can gain access to the registry (and levels of access). Individual keys then determine what these remote users can do with a given key. Therefore, winreg is the first line of defense, and individual key ACLs are the second line of defense. If you want to prevent all remote access to the registry, make sure you set the permissions on the winreg key accordingly.

Data Source Name – DSNs

Posted: June 17, 2011 in Active Directory, Server 2008, System Information
Tags: , ,
0


You make data sources available to clients by creating a Data Source Name (DSN). Three types of DSNs exist:

 

> User.                    A user DSN is visible only to the user who is logged on when the DSN is created.

> System.              A system DSN is visible to all local services on a computer and all users who log on locally to the                                                       computer.

> File.                     A file DSN can be shared by all users who have the same drivers installed and who

have the necessary permissions to access the DSN. Unlike user and system DSNs, file

DSNs are stored in text files, rather than the registry.

 

The DSN identifies the data source, the driver associated with a data source, and other properties that define the interaction between the client and the data source, such as timeout, read-only mode, and so on. You use the same process to create a DSN for most database types. The exception is SQL Server, which provides a wizard for setting up a data source.

 

Defining a data source

To create a data source, you first open the ODBC Data Source Administrator. To do so, click Start _ All Programs _ Administrative Tools _ Data Sources (ODBC). In the ODBC Data Source Administrator, click the tab for the DSN type you want to create and then click Add. Select the desired data source type and click Finish. Except in the case of the SQL Server driver, ODBC prompts you for information, which varies according to the driver selected. Define settings as desired and click OK to create the DSN.

Blade Servers

Posted: June 3, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: ,
1

Blade computing introduces a new data center paradigm where various thin compute blades share centralized resources in a single chassis. Ablade server is a single circuit board populated with components such as memory, processors, I/O adapters, and network connections that are often found on multiple boards. Server blades are built to slide into existing servers. They are smaller, need less power, and are more cost-efficient than traditional box-based servers.

 

Managing these servers requires the following:

  • A virtualized view of the servers and resources it uses (such as storage)
  • A high level of security within the server and on the network devices
  • Dynamic resource provisioning that is automated as much as possible
  • A layout that is easy to scale to meet ever-increasing user demands

Data centers will realize a shift from box-based servers to densely packed racks of blade-based servers.

Active Directory Naming and LDAP

Posted: March 4, 2011 in Active Directory, Exchange Server, Server 2003, Server 2008, System Information
Tags: , ,
1

 

The LDAP is a standardized protocol used by clients to look up information in a directory. An LDAP-aware directory service (such as Active Directory) indexes all the attributes of all the objects stored in the directory and publishes them. LDAP-aware clients can query the server in a wide variety of ways.

 

Every object in Active Directory is an instance of a class defined in the Active Directory

schema. Each class has attributes that ensure unique identification of every object in

the directory. To accomplish this, Active Directory relies on a naming convention that

lets objects be stored logically and accessed by clients by a standardized method. Both

users and applications are affected by the naming conventions that a directory uses. To

locate a network resource, you’ll need to know its name or one of its properties. Active

Directory supports several types of names for the different formats that can access

Active Directory.

 

These names include:

■ Relative Distinguished Names

■ Distinguished Names

■ User Principal Names

■ Canonical Names

 

Virtual Private Networking (VPN)

Posted: March 4, 2011 in Networking, Server, Server 2008, System Information
Tags:
0

Virtual private networking (VPN) provides a way of making a secured, private connection from the client to the server over a public network such as the Internet. Unlike dial-up networking, in which a connection is made directly between client and server, a VPN connection is logical and tunneled through another type of connection. Typically, a remote user would connect to an Internet service provider (ISP) using a form of dial-up networking (particularly good for users with high-speed connections).

The Routing And Remote Access server would also be connected to the Internet (probably via a persistent, or permanent, connection) and would be configured to accept VPN connections. Once the client is connected to the Internet, it then establishes a VPN connection over that dial-up connection to the Routing and Remote Access server.

 

Older Entries
Newer Entries