Posts Tagged ‘Active Directory’

How to Restore the System State on a Domain Controller

Posted: July 11, 2011 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , , ,
0

1. To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode. To do so, restart the computer and press the F8 key when you see the Boot menu.

2. Choose Directory Services Restore Mode.

3. Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4. At the logon prompt, supply the Directory Services Restore mode credentials you supplied during the Dcpromo.exe process.

5. Click OK to acknowledge that you are using Safe mode.

6. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

7. Click the Restore tab.

8. Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore “junction points and data” is also selected prior to the restore. This ensures that sysvol junction points are re-created.

9. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

10. Click Start Restore.

11. After the restore process is finished, restart the computer.

Active Directory Intersite Replication

Posted: July 5, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
4

Intersite replication takes place between sites. Intersite replication can utilize either RPC over IP or SMTP to convey replication data. This type of replication has to be manually configured. Intersite replication occurs between two domain controllers that are called bridgeheads or bridgehead servers. The role of a bridgehead server (BS) is assigned to at least one domain controller in a site. A BS in one site deals with replicating changes with other BSs in different sites. You can configure multiple bridgehead servers in a site. It is only these BSs that replicate data with domain controllers in different domains by performing intersite replication with its BS partners. With intersite replication, packets are compressed to save bandwidth. This places additional CPU load on domain controllers assigned the BS role. BSs should therefore be machines that have enough speed and processors to perform replication. Intersite replication takes place over site links by a polling method which is every 180 minutes by default.

What is ADSIEdit?

Posted: July 5, 2011 in Active Directory, Server, Server 2003
Tags: , ,
0

ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool:

ADSIEDIT.DLL

ADSIEDIT.MSC

Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary.

Determine the tombstone lifetime for the forest

Posted: July 5, 2011 in Active Directory, Server, Server 2003
Tags: , ,
0

The tombstone lifetime is determined by the value of the tombstone Lifetime attribute on the Directory Service object in the configuration directory partition.

Administrative Credentials

To complete this procedure, you must be a member of the Domain Users group.

 

To determine the tombstone lifetime for the forest

1.            On the Start menu, click Run, type adsiedit.msc, and then click OK.

2.            In the console tree, double-click Configuration [DomainControllerName], CN=Configuration,DC=[ForestRootDomain], CN=Services, and CN=Windows NT.

3.            Right-click CN=Directory Service, and then click Properties.

4.            In the Attribute column, click tombstoneLifetime.

5.            Note the value in the Value column. If the value is <not set>, the default value is in effect as follows:

•             On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), the default value is 180 days.

•             On a domain controller in a forest that was created on a domain controller running Windows 2000 Server or Windows Server 2003, the default value is 60 days.

Support Files of Active Directory

Posted: July 5, 2011 in Active Directory, Server, Server 2003, Server 2008
Tags: , , ,
1

The Active Directory support files are listed below. These are the files that you specify a location for when you promote a server to a domain controller:

  • Ntds.dit (NT Directory Services): Ntds.dit is the core Active Directory database. This file on a domain controller lists the naming contexts hosted by that particular domain controller.
  • Edb.log: The Edb.log file is a transaction log. When changes occur to Active Directory objects, the changes are initially saved to the transaction log before they are written to the Active Directory database.
  • Edbxxxxx.log: This is auxiliary transaction logs that can be used in cases where the primary Edb.log file fills up prior to it being written to the Ntds.dit Active Directory database.
  • Edb.chk: Edb.chk is a checkpoint file that is used by the transaction logging process.
  • Res log files: These are reserve log files whose space is used if insufficient space exists to create the Edbxxxxx.log file.
  • Temp.edb: Temp.edb contains information on the transactions that are being processed.

Schema.ini: The Schema.ini file is used to initialize the Ntds.dit Active Directory database when a domain controller is promoted.

Windows Server 2008 Auditing Overview

Posted: June 21, 2011 in Active Directory, Server, Server 2008, System Information
Tags: , ,
0

Windows Server 2008 provides several categories of events that you can audit, as described in the following list:

 

■ Account Logon Events:  Track user logon and logoff via a user account.

■ Account Management:  Track when a user account or group is created, changed, or

deleted; a user account is renamed, enabled, or disabled; or a password is set or changed.

■ Directory Service Access:  Track access to Active Directory.

■ Logon Events:  Track nonlocal authentication events such as network use of a resource or a remote

service that is logging on by using the local system account.

■ Object Access:  Track when objects are accessed and the type of access performed—for example,

track use of a folder, file, or printer. Configure auditing of specific events through the object’s

properties (such as the Security tab for a folder or file).

■ Policy Change:  Track changes to user rights or audit policies.

■ Privilege Use:  Track when a user exercises a right other than those associated with logon and

logoff.

■ Process Tracking:  Track events related to process execution, such as program execution.

■ System Events:  Track system events such as restart, startup, shutdown, or events that affect

system security or the security log.

Data Source Name – DSNs

Posted: June 17, 2011 in Active Directory, Server 2008, System Information
Tags: , ,
0


You make data sources available to clients by creating a Data Source Name (DSN). Three types of DSNs exist:

 

> User.                    A user DSN is visible only to the user who is logged on when the DSN is created.

> System.              A system DSN is visible to all local services on a computer and all users who log on locally to the                                                       computer.

> File.                     A file DSN can be shared by all users who have the same drivers installed and who

have the necessary permissions to access the DSN. Unlike user and system DSNs, file

DSNs are stored in text files, rather than the registry.

 

The DSN identifies the data source, the driver associated with a data source, and other properties that define the interaction between the client and the data source, such as timeout, read-only mode, and so on. You use the same process to create a DSN for most database types. The exception is SQL Server, which provides a wizard for setting up a data source.

 

Defining a data source

To create a data source, you first open the ODBC Data Source Administrator. To do so, click Start _ All Programs _ Administrative Tools _ Data Sources (ODBC). In the ODBC Data Source Administrator, click the tab for the DSN type you want to create and then click Add. Select the desired data source type and click Finish. Except in the case of the SQL Server driver, ODBC prompts you for information, which varies according to the driver selected. Define settings as desired and click OK to create the DSN.

Smart Card Deployment Considerations

Posted: June 1, 2011 in Active Directory, Server, Server 2003, System Information
Tags: , ,
0

Smart card logon is supported for Windows 2000 and Windows Server 2003. To implement smart cards, you must deploy an enterprise certification authority rather than a stand-alone or third-party certification authority to support smart card logon to Windows Server 2003 domains. Windows Server 2003 supports industry standard Personal Computer/Smart Card (PC/SC)–compliant smart cards and readers and provides drivers for commercially available plug and play smart card readers. Windows Server 2003 does not support non-PC/SC-compliant or non–plug and play smart card readers. Some manufacturers might provide drivers for non–plug and play smart card readers that work with Windows Server 2003; however, it is recommended that you purchase only plug and play PC/SC-compliant smart card readers.

The cost of administering a smart card program depends on several factors, including:

■ The number of users enrolled in the smart card program and their location.

■ Your organization’s practices for issuing smart cards to users, including the requirements for verifying user identities. For example, will you require users to simply present a valid personal identification card or will you require a back-ground investigation? Your policies affect the level of security provided as well as the actual cost.

■ Your organization’s practices for users who lose or misplace their smart cards. For example, will you issue temporary smart cards, authorize temporary alternate logon to the network, or make users go home to retrieve their smart cards? Your policies affect how much worker time is lost and how much help desk support is needed.

Your smart card authentication strategy must describe the network logon and authentication methods you use, including:

■ Identify network logon and authentication strategies you want to deploy.

■ Describe smart card deployment considerations and issues.

■ Describe PKI certificate services required to support smart cards.

In addition to smart cards, third-party vendors offer a variety of security products to provide two-factor authentication, such as “security tokens” and biometric accessories. These accessories use extensible features of the Windows Server 2003 graphical logon user interface to provide alternate methods of user authentication.

Education First, Bangalore [EF]

Posted: April 12, 2011 in EF, Uncategorized
Tags: , , , , , , , , , ,
13

EF stands for “Education First”. Founded in 1965 by entrepreneur Bertil Hult, EF is a privately-held company with 16 divisions that offer a range of educational programs from language training, educational travel, and academic degrees to cultural exchanges. With a mission to break down barriers in language, culture and geography, EF has helped people of all ages and nationalities become citizens of the world.

From Berlin to Beijing, Moscow to Mexico City, Dubai to Denver, EF operates 400 schools and offices in over 50 countries. EF’s global network includes 9,000 staff and 25,000 teachers and guides. To date, EF has helped over 15 million people to learn a new language, discover the world, or earn an academic degree.

“Education First” is more than our company name. It is our corporate passion.

EF’s mission is to break down the barriers of language, culture and geography that divide us.

The Official Website

 

About EF Bangalore

It all started with the idea that rather than outsourcing our systems development and maintenance, we could do it smarter and better ourselves – with our own people!

Just over a year and a half ago, a team of people therefore came to Bangalore, the Santa Barbara of India, interviewing hundreds and hundreds of people to find the most remarkable talent the market could offer. We started small, hiring only the best of the best, and began the journey from a very tiny temporary office.

 

As the number of highly skilled people grew, we also initiated the hunt for a bigger and more suitable workplace. After months of negotiations with landlords and architects, innumerous approval stamps, vanished construction workers and delayed furniture, we finally got everything in place and moved in to our new EF office on Cambridge Road on February 1st.

The office was built on the notion that you should feel at home, even when you are in the office; it should be a place where creativity and ideas spire, where you can feel the energy and power to achieve the impossible, and where your friends and colleagues inspire you to walk the extra mile.

We in Bangalore are very proud of our new office and would love for you to come and visit, maybe have a chai in our coffee lounge or enjoy the views from our roof terrace. And, we would of course take the opportunity to show you what we can and will achieve with technology!

Get IT right! Own IT!

Shutdown Event Tracker

Posted: March 29, 2011 in Active Directory, System Information, System Modifications, System Tricks
Tags: , ,
0

You have probably noticed that Windows Server 2003 has a new feature that requests a shutdown reason each time you restart the server. This feature is called the Shutdown Event Tracker.

You might choose to disable this feature to avoid the hassle of typing in a reason each time you restart.

To disable this feature, you can perform the following steps:

1. Click Start, click Run, and type gpedit.msc and press Enter.

2. Expand the Computer Configuration and then Administrative Templates objects. Click on the System object. In the right-hand pane you’ll see several settings appear.

3. Locate and double-click that Display Shutdown Event Tracker setting. The Display Shutdown Event Tracker Properties dialog box opens.

4. Click the Disabled radio button to disable the Shutdown Event Tracker. Click OK. Close the Group Policy Editor console. Now when you shut down this server, you won’t be asked to enter a reason.

 

← Back

Thank you for your response. ✨

Older Entries
Newer Entries