What is DNS?

Domain Name System (DNS) is a database system that translates a computer's fully qualified domain
name into an IP address.

Networked computers use IP addresses to locate and connect to each other, but IP addresses can be
difficult for people to remember. For example, on the web, it's much easier to remember the domain
name www.eukhost.com than it is to remember its corresponding IP address (213.175.192.12).

DNS allows you to connect to another networked computer or remote service by using its user-friendly
domain name rather than its numerical IP address. Conversely, Reverse DNS (rDNS) translates an IP
address into a domain name.

Types of DNS
Domain name system translate domain name to ip address. There are different types of dns server
available we can install any of them as per our requirement.

1) BIND -> BIND is the reference implementation of a DNS server and usually serves as the base for
experimentation with DNS protocol extensions. BIND is free and has been ported to many operating
systems; see the respective entries in the index. Most BIND servers run on some variant of Unix,
although BIND on Windows is also available.

Url:- http://www.bind9.net/download

2) djbdns:- The two main name server functions of caching and acting as an authoritative server are
sensibly split into two separate programs (dnscache and tinydns). The djbdns package is free, and comes
with a $500 security guarantee. http://http://www.djbdnsrocks.org/single/download.htm

3) ANS/CNS:- ANS/CNS full form is Authoritative Name Server/ Caching Name Server. ANS/CNS are
commercial DNS servers from Nominum, for enterprise applications that need maximum performance.
Url:- http://www.nominum.com/products.php?id=6

4) PowerDNS:- PowerDNS has developed a complete suite of technologies surrounding Internet Naming
and email. Internet Naming is at the core of all online activities and is involved in each and every
transaction on the net.

Url:- http://www.powerdns.com/

5) NSD:- NSD full form is Name Server Daemon. NSD is an authoritative only, high performance, simple
and open source name server. Url:- http://www.nlnetlabs.nl/

6) MaraDNS:- MaraDNS is a package that implements the Domain Name Service (DNS), an essential
internet service. MaraDNS is easy to use highly secure. Url:- http://www.maradns.org/

7) MyDNS:- MyDNS is a free DNS server for UNIX. MyDNS does not include recursive name service, nor a
resolver library. It is primarily designed for organizations with many zones and/or resource records who
desire the ability to perform real-time dynamic updates on their DNS data via MySQL. Url:-
http://mydns.bboy.net/

8) RBLDNSD :- Meaning is “DNS daemon suitable for running DNS-based blocklists”. rbldnsd is a small
DNS-protocol daemon which is designed to handle queries to DNS-based IP-listing or NAME-listing
services. Such services are a simple way to share/publish a list of IP addresses or (domain) names which
are “listed” for for some reason, for example in order to be able to refuse a service to a client which is
“listed” in some blocklist. Url:- http://www.corpit.ru/mjt/rbldnsd.html

9) Pdnsd:- pdnsd is a proxy DNS server that caches entries permanently to disk. pdnsd allows you to
configure one address as the DNS server for all your internet software. This can be localhost, but I
personally use a separate machine that I’ve configured as a gateway to the internet for my home LAN.
pdnsd can then be configured to contact your ISP’s DNS servers when you make a dial-up connection.
Url:- http://www.phys.uu.nl/~rombouts/pdnsd.html

10) Dents:- Dents is a from scratch implementation of the server side of the Domain Name System (DNS)
protocol and it shares no code with any other project. Among its several features are compatibility with
the named DNS daemon, a modular driver system and an extensible control facility which allows the
administrator to control the running server. Url:- http://sourceforge.net/projects/dents/ or
http://www.europe.redhat.com/documen....1-1.i386.php3

11) Microsoft’s DNS server :- The DNS server in Windows 2003 has seen increasing adoption since its
first release for Windows 2000 in 1999. It is regarded as stable and is well-integrated with Microsoft’s
server administration tools.

Url:- http://www.microsoft.com/downloads/d...displaylang=en

12) Simple DNS Plus:- Simple DNS Plus is commercial software for Windows (any version from Windows
95 to 2003). It seems fully functional and targeted to small sites and home users with permanent
Internet connections. It has some innovative features, but I have no first hand experience with it. Url:-
http://www.simpledns.com

Protocol and Ports of DNS

DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests.[5] DNS queries
consist of a single UDP request from the client followed by a single UDP reply from the server. The
Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks
such as zone transfers. Some resolver implementations use TCP for all queries.

Round robin DNS

Round robin DNS is a technique of load distribution, load balancing, or fault-tolerance provisioning
multiple, redundant Internet Protocol service hosts, e.g., Web servers, FTP servers, by managing the
Domain Name System's (DNS) responses to address requests from client computers according to an
appropriate statistical model.
 In its simplest implementation Round-robin DNS works by responding to DNS requests not only with a
single IP address, but a list of IP addresses of several servers that host identical services. The order in
which IP addresses from the list are returned is the basis for the term round robin. With each DNS
response, the IP address sequence in the list is permuted. Usually, basic IP clients attempt connections
with the first address returned from a DNS query so that on different connection attempts clients would
receive service from different providers, thus distributing the overall load among servers.

There is no standard procedure for deciding which address will be used by the requesting application - a
few resolvers attempt to re list to give priority to numerically "closer" networks. Some desktop clients
do try alternate addresses after a connection timeout of 30-45 seconds.

Round robin DNS is often used for balancing the load of geographically distributed Web servers. For
example, a company has one domain name and three identical web sites residing on three servers with
three different IP addresses. When one user accesses the home page it will be sent to the first IP
address. The second user who accesses the home page will be sent to the next IP address, and the third
user will be sent to the third IP address. In each case, once the IP address is given out, it goes to the end
of the list. The fourth user, therefore, will be sent to the first IP address, and so forth.

Drawbacks
Although easy to implement, round robin DNS has problematic drawbacks, such as those arising from
record caching in the DNS hierarchy itself, as well as client-side address caching and reuse, the
combination of which can be difficult to manage. Round robin DNS should not solely be relied upon for
service availability. If a service at one of the addresses in the list fails, the DNS will continue to hand out
that address and clients will still attempt to reach the inoperable service.

Also, it may not be the best choice for load balancing on its own since it merely alternates the order of
the address records each time a name server is queried. There is no consideration for matching the user
IP address and its geographical location, transaction time, server load, network congestion, etc. Round
robin DNS load balancing works best for services with a large number of uniformly distributed
connections to servers of equivalent capacity. Otherwise it just does load distribution.

Methods exist to overcome such limitations. For example, modified DNS servers (such as lbnamed[1])
can routinely poll mirrored servers for availability and load factor. If a server does not reply as required,
the server can be temporarily removed from the DNS pool, until it reports that it is once again operating
within specifications.

ICANN & Alternate DNS

The Internet uses the Domain Name System (DNS) to associate the names of computers with their
numeric IP addresses and with other information. The top level of the domain name hierarchy, the DNS
root, contains the top-level domains that appear as the suffixes of all Internet domain names. The
official DNS root is administered by the Internet Corporation for Assigned Names and Numbers (ICANN).
In addition, several organizations operate alternative DNS roots, often referred to as alt roots. These
alternative domain name systems operate their own root nameservers and administer their own specific
name spaces consisting of custom top-level domains.

DNS Servers
DNS servers are grouped into several categories of specialization of servicing domain name system
queries. The two principal roles, which may be implemented either uniquely or combined in a given
product are:

Authoritative server: authoritative name servers publish DNS mappings for domains under their
authoritative control. Typically, a company (e.g. "Acme Example Widgets") would provide its own
authority services to respond to address queries, or for other DNS information, for www.example.int.
These servers are listed as being at the top of the authority chain for their respective domains, and are
capable of providing a definitive answer. Authoritative name servers can be primary name servers, also
known as master servers, i.e. they contain the original set of data, or they can be secondary or slave
name servers, containing data copies usually obtained from synchronization directly with the master
server, either via a DNS mechanism, or by other data store synchronization mechanisms.

Recursive Servers: recursive servers (sometimes called "DNS caches", "caching-only name servers")
provide DNS name resolution for applications, by relaying the requests of the client application to the
chain of authoritative name servers to fully resolve a network name. They also (typically) cache the
result to answer potential future queries within a certain expiration (time-to-live) period. Most Internet
users access a recursive server provided by their internet service provider to locate sites such as
www.google.com.

BIND

BIND is the de facto standard DNS server.[1] It is a free software product and is distributed with most
Unix and Linux platforms, where it is most often also referred to as named (name daemon). It is the
most widely deployed DNS server.[2] Historically, BIND underwent three major revisions, each with
significantly different architectures: BIND4, BIND8, and BIND9. BIND4 and BIND8 are now technically
obsolete and not considered in this article. BIND9 is a ground-up rewrite of BIND featuring complete
DNSSEC support in addition to other features and enhancements.

Internet Systems Consortium has also started development of a new version, BIND 10. Its first release
was in April 2010, and is expected to be a five-year project to complete its feature set. It is not included
in this comparison at this time.

Microsoft DNS

Microsoft DNS is the DNS server provided with Windows Server.

Dnsmasq
Dnsmasq is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally
DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are
not in the global DNS.

Dnsmasq accepts DNS queries and either answers them from a small, local cache or forwards them to a
real, recursive DNS server. It loads the contents of /etc/hosts, so that local host names which do not
appear in the global DNS can be resolved.

djbdns

Djbdns is a collection of DNS applications, including tinydns, which was the second mostly used free
software DNS server in 2004.[2] It was designed by Daniel J. Bernstein, author of qmail, with an
emphasis on security considerations. In March 2009, Bernstein paid $1000 to the first person finding a
security hole in djbdns.[3] The Source code is not centrally maintained and was released into the public
domain in 2007. As of March 2009, there are three forks and more than a dozen patches to add
additional features to djbdns.

Simple DNS Plus

Simple DNS Plus is a commercial DNS server product that runs under Microsoft Windows with an
emphasis on a simple-to-use GUI.

NSD

NSD is a free software authoritative server provided by NLNet Labs. NSD is a test-bed server for
DNSSEC; new DNSSEC protocol features are often prototyped using the NSD code base. NSD hosts
several top-level domains, and operates three of the root nameservers.

PowerDNS

PowerDNS is a free software DNS server with a variety of data storage back-ends and load balancing
features. Authoritative and recursive server functions are implemented as separate applications.

MaraDNS

MaraDNS is a free software DNS server by Sam Trenholme that claims a good security history and ease
of use.[4] [5] In order to change any DNS records, MaraDNS needs to be restarted. Like DjbDNS
dnscache, the MaraDNS 2.0 stand-alone recursive resolver Deadwood does not use threads.[6]

Nominum ANS

ANS is a commercial authoritative server from Nominum, a company founded by Paul Mockapetris, the
inventor of the DNS. ANS was designed to meet the needs of top level domain servers, hosters and large
enterprises.
Nominum Vantio

Vantio is a commercial high-performance recursive caching server from Nominum, intended as a fast,
secure alternative to BIND for service providers, enterprises, and government agencies.

Posadis

Posadis is a free software DNS server, written in C++, featuring Dynamic DNS update support.

Unbound

Unbound is a validating, recursive and caching DNS server designed for high-performance. It was
released May 20, 2008 (version 1.0.0) in form of free software software licensed under the BSD license
by NLnet Labs, Verisign Inc., Nominet, and Kirei.

pdnsd

Pdnsd is a caching DNS proxy server that stores cached DNS records on disk for long term retention.
Pdnsd is designed to be highly adaptable to situations where net connectivity is slow, unreliable,
unavailable, or highly dynamic, with limited capability of acting as an authoritative nameserver. It is
licensed under the GPL.[7]

Cisco Network Registrar

CNR includes a commercial DNS server from Cisco Systems usually used in conjunction with the CNR
DHCP (Dynamic Host Configuration Protocol) server. It supports high rates of dynamic update.

Domain Name Relay Daemon (dnrd)

Domain Name Relay Daemon[2] is a caching, forwarding DNS proxy server. Most useful on vpn or dialup
firewalls but it is also a nice DNS cache for minor networks and workstations. Licensed under GPL.

Geographic DNS daemon (gdnsd)

Geographic DNS daemon (gdnsd)[3] is a GPL3-licensed Authoritative DNS server written in C using
libev[4] and pthreads with a focus on high performance, low latency service. It does not offer any form
of caching or recursive service, and does not support DNSSEC. The initial "g" stands for Geographic, as
gdnsd offers a plugin system for geographic (or other sorts of) balancing, redirection, and service-state-
conscious failover. If you don't care about that feature, you can ignore it and gdnsd still makes a great
authoritative DNS server.

Explanation of features

Authoritative

A major category of DNS server functionality, see above.

Recursive
A major category of DNS server functionality, see above.

Recursion Access Control

Servers with this feature provide control over which hosts are permitted DNS recursive lookups. This is
useful for load balancing and service protection.

Slave Mode

Authoritative servers can publish content that originates from primary data storage (such as zone files or
databases connected to business administration processes)--such servers are also called 'master'
servers--or can be slave or secondary servers, republishing content fetched from and synchronized with
such master servers. Servers with a "slave mode" feature have a built-in capability to retrieve and
republish content from other servers. This is typically, though not always, provided using the AXFR DNS
protocol.

Caching

Servers with this feature provide recursive services for applications, and cache the results so that future
requests for the same name can be answered quickly, without a full DNS lookup. This is an important
performance feature, as it significantly reduces the latency of DNS requests.

DNSSEC

Servers with this feature implement some variant of the DNSSEC protocols. They may publish names
with resource record signatures (providing a "secure authority service"), and may validate those
signatures during recursive lookups (providing a "secure resolver"). DNSSEC is becoming more
widespread as the deployment of a DNSSEC root key has been done by ICANN. Deployment to individual
sites is growing as top level domains start to deploy DNSSEC too. The presence of DNSSEC features is a
notable characteristic of a DNS server.

TSIG

Servers with this feature typically provide DNSSEC services. In addition, they support the TSIG protocol,
which allows DNS clients to establish a secure session with the server to publish Dynamic DNS records or
to request secure DNS lookups without incurring the cost and complexity of full DNSSEC support.

IPv6

Servers with this feature are capable of publishing or handling DNS records that refer to IPv6 addresses.
In addition to be fully IPv6 capable they must implement IPv6 transport protocol for queries and zone
transfers in slave/master relationships and forwarder functions.

Wildcard

Servers with this feature can publish information for wildcard records, which provide data about DNS
names in DNS zones that are not specifically listed in the zone.
Split horizon

Servers with the split-horizon DNS feature can give different answers depending on the source IP
address of the query.

DNS cache poisoning

DNS cache poisoning is a security or data integrity compromise in the Domain Name System
(DNS). The compromise occurs when data is introduced into a DNS name server's cache
database that did not originate from authoritative DNS sources. It may be a deliberate attempt of
a maliciously crafted attack on a name server. It may also be an unintended result of a
misconfiguration of a DNS cache or from improper software design of DNS applications.

When a DNS server has received such non-authentic data and caches it for performance
optimization, it is considered poisoned, supplying the non-authentic data to the clients of the
server.

A domain name server translates a domain name (such as example.com) into an IP address that
Internet hosts use to contact Internet resources. If a DNS server is poisoned, it may return an
incorrect IP address, diverting traffic to another computer.

What is the main purpose of a DNS server?

DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa.

What is the port no of dns ?

53.

What is a Forward Lookup?

Resolving Host Names to IP Addresses.

What is Reverse Lookup?

It?s a file contains host names to IP mapping information.

What is a Resource Record?

It is a record provides the information about the resources available in the N/W infrastructure.

What are the diff. DNS Roles?

Standard Primary, Standard Secondary, & AD Integrated.

What is a Zone?
Zone is a sub tree of DNS database.
Secure services in your network require reverse name resolution to make it more difficult to launch
successful attacks against the services. To set this up, you configure a reverse lookup zone and
proceed to add records. Which record types do you need to create?
PTR Records

SOA records must be included in every zone. What are they used for ?
SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain
the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the
current serial number of the zone, which is used in zone transfers.

By default, if the name is not found in the cache or local hosts file, what is the first step the client
takes to resolve the FQDN name into an IP address ?
Performs a recursive search through the primary DNS server based on the network interface
configuration .

What is primary, Secondary, stub & AD Integrated Zone?

Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a
read, write copy of zone database.

Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault
tolerance and load balancing by acting as backup server to primary server.

Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders.
Provides fault tolerance and load balancing.

How do you manually create SRV records in DNS?

This is on windows server go to run ---> dnsmgmt.msc rightclick on the zone you want to add srv record
to and choose "other new record" and choose service location(srv).

What is the main purpose of SRV records ?

SRV records are used in locating hosts that provide certain network services.

Before installing your first domain controller in the network, you installed a DNS server and created a
zone, naming it as you would name your AD domain. However, after the installation of the domain
controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the
most likely cause of this failure ?
The zone you created was not configured to allow dynamic updates. The local interface on the DNS
server was not configured to allow dynamic updates.

Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy
clients ?
The zone to be used for dynamic updates must be configured to allow dynamic updates. The DHCP
server must support, and be configured to allow, dynamic updates for legacy clients.
At some point during the name resolution process, the requesting party received authoritative reply.
Which further actions are likely to be taken after this reply ?
After receiving the authoritative reply, the resolution process is effectively over.

Name 3 benefits of using AD-integrated zones.

Active Directory integrated DNS enables Active Directory storage and replication of DNS zone databases.
Windows 2000 DNS server, the DNS server that is included with Windows 2000 Server, accommodates
storing zone data in Active Directory.

When you configure a computer as a DNS server, zones are usually stored as text files on name servers
that is, all of the zones required by DNS are stored in a text file on the server computer.

These text files must be synchronized among DNS name servers by using a system that requires a
separate replication topology and schedule called a zone transfer However, if you use Active Directory
integrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an
Active Directory object and is replicated as part of domain replication.

Your company uses ten domain controllers, three of which are also used as DNS servers. You have one
companywide AD-integrated zone, which contains several thousand resource records. This zone also
allows dynamic updates, and it is critical to keep this zone up-to-date. Replication between domain
controllers takes up a significant amount of bandwidth. You are looking to cut bandwidth usage for
the purpose of replication. What should you do?

Change the replication scope to all DNS servers in the domain.

You are administering a network connected to the Internet. Your users complain that everything is
slow. Preliminary research of the problem indicates that it takes a considerable amount of time to
resolve names of resources on the Internet. What is the most likely reason for this?

DNS servers are not caching replies.. Local client computers are not caching replies… The cache.dns file
may have been corrupted on the server.

What are the benefits of using Windows 2003 DNS when using AD-integrated zones?

If your DNS topology includes Active Directory, use Active Directory integrated zones. Active Directory
integrated zones enable you to store zone data in the Active Directory database.Zone information about
any primary DNS server within an Active Directory integrated zone is always replicated.

Because DNS replication is single-master, a primary DNS server in a standard primary DNS zone can be a
single point of failure. In an Active Directory integrated zone, a primary DNS server cannot be a single
point of failure because Active Directory uses multimaster replication.

Updates that are made to any domain controller are replicated to all domain controllers and the zone
information about any primary DNS server within an Active Directory integrated zone is always
replicated.
Active Directory integrated zones: Enable you to secure zones by using secure dynamic update.

Provide increased fault tolerance. Every Active Directory integrated zone can be replicated to all domain
controllers within the Active Directory domain or forest. All DNS servers running on these domain
controllers can act as primary servers for the zone and accept dynamic updates.

Enable replication that propagates changed data only, compresses replicated data, and reduces network
traffic. If you have an Active Directory infrastructure, you can only use Active Directory integrated zones
on Active Directory domain controllers.If you are using Active Directory integrated zones, you must
decide whether or not to store Active Directory integrated zones in the application directory partition.

You can combine Active Directory integrated zones and file-based zones in the same design. For
example, if the DNS server that is authoritative for the private root zone is running on an operating
system other than Windows Server 2003 or Windows 2000, it cannot act as an Active Directory domain
controller. Therefore, you must use file-based zones on that server. However, you can delegate this zone
to any domain controller running either Windows Server 2003 or Windows 2000.

You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS.
Name a few possible causes.

The machine cannot be configured with DNS client her own .

The DNS service cannot be run.

What are the benefits and scenarios of using Stub zones?

Understanding stub zones

A stub zone is a copy of a zone that contains only those resource records necessary to identify the
authoritative Domain Name System (DNS) servers for that zone.
A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be
necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces
resolve names for clients in both namespaces.

A stub zone consists of:

? The start of authority (SOA) resource record, name server (NS) resource records, and the glue A
resource records for the delegated zone. The IP address of one or more master servers that can be used
to update the stub zone. The master servers for a stub zone are one or more DNS servers authoritative
for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.

Use stub zones to:

? Keep delegated zone information current.
By updating a stub zone for one of its child zones regularly, the DNS server hosting both the parent zone
and the stub zone will maintain a current list of authoritative DNS servers for the child zone.
? Improve name resolution.
Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers without
needing to query the Internet or internal root server for the DNS namespace.

? Simplify DNS administration.

By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative
DNS servers for a zone without using secondary zones. However, stub zones do not serve the same
purpose as secondary zones and are not an alternative when considering redundancy and load sharing.

There are two lists of DNS servers involved in the loading and maintenance of a stub zone:

? The list of master servers from which the DNS server loads and updates a stub zone. A master server
may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the
DNS servers for the zone.

? The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name
server (NS) resource records. When a DNS server loads a stub zone, such as widgets.example.com, it
queries the master servers, which can be in different locations, for the necessary resource records of the
authoritative servers for the zone widgets.example.com. The list of master servers may contain a single
server or multiple servers and can be changed anytime.

What are the benefits and scenarios of using Conditional Forwarding?

Rather than having a DNS server forward all queries it cannot resolve to forwarders, the DNS server can
forward queries for different domain names to different DNS servers according to the specific domain
names that are contained in the queries. Forwarding according to these domain-name conditions
improves conventional forwarding by adding a second condition to the forwarding process.

A conditional forwarder setting consists of a domain name and the IP address of one or more DNS
servers. To configure a DNS server for conditional forwarding, a list of domain names is set up on the
Windows Server 2003-based DNS server along with the DNS server IP address. When a DNS client or
server performs a query operation against a Windows Server 2003- based DNS server that is configured
for forwarding, the DNS server looks to see if the query can be resolved by using its own zone data or
the zone data that is stored in its cache, and then, if the DNS server is configured to forward for the
domain name that is designated in the query (a match), the query is forwarded to the IP address of a
DNS Server that is associated with the domain name. If the DNS server has no domain name listed for
the name that is designated in the query, it attempts to resolve the query by using standard recursion.

What is the 224.0.1.24 address used for?

WINS server group address. Used to support auto discovery and dynamic configuration of replication for
WINS servers. For more information, see WINS replication overview WINS server group address. Used to
support auto discovery and dynamic configuration of replication for WINS servers.
Describe the importance of DNS to AD ?
When Microsoft began development on Active Directory, full compatibility with the domain name
system (DNS) was a critical priority. Active Directory was built from the ground up not just to be fully
compatible with DNS but to be so integrated with it that one cannot exist without the other. Microsoft's
direction in this case did not just happen by chance, but because of the central role that DNS plays in
Internet name resolution and Microsoft's desire to make its product lines embrace the Internet.

While fully conforming to the standards established for DNS, Active Directory can expand upon the
standard feature set of DNS and offer some new capabilities such as AD-Integrated DNS, which greatly
eases the administration required for DNS environments. In addition, Active Directory can easily adapt
to exist in a foreign DNS environment, such as Unix BIND, as long as the BIND version is 8.2.x or higher.
When Microsoft began development on Active Directory, full compatibility with the domain name
system (DNS) was a critical priority.

Active Directory was built from the ground up not just to be fully compatible with DNS but to be so
integrated with it that one cannot exist without the other. Microsoft's direction in this case did not just
happen by chance, but because of the central role that DNS plays in Internet name resolution and
Microsoft's desire to make its product lines embrace the Internet.

While fully conforming to the standards established for DNS, Active Directory can expand upon the
standard feature set of DNS and offer some new capabilities such as AD-Integrated DNS, which greatly
eases the administration required for DNS environments. In addition, Active Directory can easily adapt
to exist in a foreign DNS environment, such as Unix BIND, as long as the BIND version is 8.2.x or higher.

What is the "in-addr.arpa" zone used for?

In a Domain Name System (DNS) environment, it is common for a user or an application to request a
Reverse Lookup of a host name, given the IP address. This article explains this process. The following is
quoted from RFC 1035: "The Internet uses a special domain to support gateway location and Internet
address to host mapping. Other classes may employ a similar strategy in other domains. The intent of
this domain is to provide a guaranteed method to perform host address to host name mapping, and to
facilitate queries to locate all gateways on a particular network on the Internet.

"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing
structure. "Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition
to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as
a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case
of a zero octet which is represented by a single zero).

"Host addresses are represented by domain names that have all four labels specified." Reverse Lookup
files use the structure specified in RFC 1035.

For example, if you have a network which is 150.10.0.0, then the Reverse Lookup file for this network
would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 150.10.0.0 network will have a PTR
(or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN-
ADDR.ARPA file may contain entries for hosts in many domains. Consider the following scenario. There is
a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents: Exp : 1.20 IN PTR
WS1.ACME.COM.

What are the requirements from DNS to support AD?

When you install Active Directory on a member server, the member server is promoted to a domain
controller. Active Directory uses DNS as the location mechanism for domain controllers, enabling
computers on the network to obtain IP addresses of domain controllers. During the installation of Active
Directory, the service (SRV) and address (A) resource records are dynamically registered in DNS, which
are necessary for the successful functionality of the domain controller locator (Locator) mechanism.
To find domain controllers in a domain or forest, a client queries DNS for the SRV and A DNS resource
records of the domain controller, which provide the client with the names and IP addresses of the
domain controllers. In this context, the SRV and A resource records are referred to as Locator DNS
resource records.

When adding a domain controller to a forest, you are updating a DNS zone hosted on a DNS server with
the Locator DNS resource records and identifying the domain controller. For this reason, the DNS zone
must allow dynamic updates (RFC 2136) and the DNS server hosting that zone must support the SRV
resource records (RFC 2782) to advertise the Active Directory directory service. For more information
about RFCs, see DNS RFCs.

If the DNS server hosting the authoritative DNS zone is not a server running Windows 2000 or Windows
Server 2003, contact your DNS administrator to determine if the DNS server supports the required
standards. If the server does not support the required standards, or the authoritative DNS zone cannot
be configured to allow dynamic updates, then modification is required to your existing DNS
infrastructure.
For more information, see Checklist: Verifying DNS before installing Active Directory and Using the
Active Directory Installation Wizard.

Important
The DNS server used to support Active Directory must support SRV resource records for the Locator
mechanism to function. For more information, see Managing resource records. It is recommended that
the DNS infrastructure allows dynamic updates of Locator DNS resource records (SRV and A) before
installing Active Directory, but your DNS administrator may add these resource records manually after
installation. After installing Active Directory, these records can be found on the domain controller in the
following location: systemroot\System32\Config\Netlogon.dns .

What does a zone consist of & why do we require a zone?

Zone consists of resource records and we require zone for representing sites.

What is Caching Only Server?

When we install 2000 & 2003 server it is configured as caching only server where it maintains the
frequently accessed sites information and again when we access the same site for next time it is obtain
from cached information instead of going to the actual site.
What is forwarder?
When one DNS server can?t receive the query it can be forwarded to another DNS once configured as
forwarder.

What is secondary DNS Server?

It is backup for primary DNS where it maintains a read only copy of DNS database.

How to enable Dynamic updates in DNS?

Start>Program>Admin tools> DNS >Zone properties.

What are the properties of DNS server?

INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG
LOGGING.

Properties of a Zone ?
General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.

What is scavenging?
Finding and deleting unwanted records.

What are SRV records?

SRV are the service records, there are 6 service records. They are useful for locating the services.

What are the types of SRV records?

MSDCS:Contains DCs information.
TCP:Contains Global Catalog, Kerberos & LDAP information.
UDP:Contains Sites information.
Sites:Contains Sites information.
Domain DNS Zone:Conations domain?s DNS specific information.
Forest DNS zone:Contains Forest?s Specific Information.

Where does a Host File Reside?

c:\windows\system32\drivers\etc.

What is SOA?
Start of Authority: useful when a zone starts. Provides the zone startup information.

What is a query?
A request made by the DNS client to provide the name server information.

What are the diff. types of Queries?

Recursion, iteration.

Tools for troubleshooting DNS?

DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs.
What is WINS server? where we use WINS server? difference between DNS and WINS?
WINS is windows internet name service used to resolve the NetBIOS(computer name)name to IP
address.This is proprietary for Windows.You can use in LAN.DNS is a Domain Naming System, which
resolves Host names to IP addresses. It uses fully qualified domain names. DNS is an Internet standard
used to resolve host names.

What is new in Windows Server 2003 regarding the DNS management?

When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an
existing DC to update the directory and replicate from the DC the required portions of the directory.

If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to
fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS
records. The Active Directory Installation Wizard verifies a proper configuration of the DNS
infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory
Installation Wizard.

SOA records must be included in every zone. What are they used for?
SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain
the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the
current serial number of the zone, which is used in zone transfers.

By default, if the name is not found in the cache or local hosts file, what is the first step the client takes
to resolve the FQDN name into an IP address? Performs a recursive search through the primary DNS
server based on the network interface configuration.

How do I clear the DNS cache on the DNS server?

Go to cmd prompt and type ipconfig /flushdns .

What is the main purpose of SRV records?

SRV records are used in locating hosts that provide certain network services.

Before installing your first domain controller in the network, you installed a DNS server and created a
zone, naming it as you would name your AD domain. However, after the installation of the domain
controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the
most likely cause of this failure?
The zone you created was not configured to allow dynamic updates. The local interface on the DNS
server was not configured to allow dynamic updates

What is the "." zone in my forward lookup zone?

This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server
and is usually deleted. If you do not delete this setting, you may not be able to perform external name
resolution to the root hint servers on the Internet.

Do I need to configure forwarders in DNS?

No. By default, Windows 2000 DNS uses the root hint servers on the Internet; however, you can
configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. Most of
the time, when you configure forwarders, DNS performance and efficiency increases, but this
configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems.

The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on
your Internet connection. Windows Server 2003 DNS will query root hints servers if it cannot query the
forwarders.

Should I point the other Windows 2000-based and Windows Server 2003-based computers on my LAN
to my ISP's DNS servers?
No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the
domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A
Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to
the Windows 2000 or Windows Server 2003 domain controller running DNS.

If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for
your LAN.

Do I need to point computers that are running Windows NT 4.0 or Microsoft Windows 95, Microsoft
Windows 98, or Microsoft Windows 98 Second Edition to the Windows 2000 or Windows Server 2003
DNS server?
Legacy operating systems continue to use NetBIOS for name resolution to find a domain controller;
however it is recommended that you point all computers to the Windows 2000 or Windows Server 2003
DNS server for name resolution.

What if my Windows 2000 or Windows Server 2003 DNS server is behind a proxy server or firewall?
If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000
and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should
be open on the proxy server or firewall.

What should I do if the domain controller points to itself for DNS, but the SRV records still do not
appear in the zone?
Check for a disjointed namespace, and then run Netdiag.exe /fix.
You must install Support Tools from the Windows 2000 Server or Windows Server 2003 CD-ROM to run
Netdiag.exe.

How do I set up DNS for a child domain?

To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS
server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent
DNS server.

Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated
Active Directory zones, that may be a better fit for your environment. Set the child domain controller to
point to itself first. As soon as an additional domain controller is available, set the child domain
controller to point to this domain controller in the child domain as its secondary.

DHCP
What is dhcp ?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to
automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope)
configured for a given network.

What is the dhcp process for client machine?

1. A user turns on a computer with a DHCP client.
2. The client computer sends a broadcast request (called a DISCOVER or DHCPDISCOVER), looking for a
DHCP server to answer.
3. The router directs the DISCOVER packet to the correct DHCP server.
4. The server receives the DISCOVER packet. Based on availability and usage policies set on the server,
the server determines an appropriate address (if any) to give to the client. The server then temporarily
reserves that address for the client and sends back to the client an OFFER (or DHCPOFFER) packet, with
that address information. The server also configures the client's DNS servers, WINS servers, NTP servers,
and sometimes other services as well.
5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that it intends to use
the address.
6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a been given a lease on
the address for a server-specified period of time.

What is dhcp scope ?

DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses
to clients.

Types of scopes in windows dhcp ?

Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks,
exclusions and reservations. Each normal scope defined must exist within its own subnet.
Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have
subnet masks, reservation or other TCP/IP options.
Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the
number of routers a packet can pass through on the way to its destination).
Superscope - Essentially a collection of scopes grouped together such that they can be enabled and
disabled as a single entity.
What is Authorizing DHCP Servers in Active Directory ?
If a DHCP server is to operate within an Active Directory domain (and is not running on a domain
controller) it must first be authorized.
This can be achieved either as part of the DHCP Server role installation, or subsequently using either
DHCP console or at the command prompt using the netsh tool.
If the DHCP server was not authorized during installation, invoke the DHCP console (Start -> All Programs
-> Administrative Tools -> DHCP),
right click on the DHCP to be authorized and select Authorize. To achieve the same result from the
command prompt, enter the following command:
netsh dhcp server serverID initiate auth
In the above command syntax, serverID is replaced by the IP address or full UNC name of system on
which the DHCP server is installed.

What ports are used by DHCP and the DHCP clients ?

Requests are on UDP port 68, Server replies on UDP 67 .

Benefits of using DHCP

DHCP provides the following benefits for administering your TCP/IP-based network:
Safe and reliable configuration.DHCP avoids configuration errors caused by the need to manually type in
values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP
address being reused to configure a new computer on the network.
Reduces configuration management.

Using DHCP servers can greatly decrease time spent to configuring and reconfiguring computers on your
network. Servers can be configured to supply a full range of additional configuration values when
assigning address leases. These values are assigned using DHCP options. Also, the DHCP lease renewal
process helps assure that where client configurations need to be updated often (such as users with
mobile or portable computers who change locations frequently), these changes can be made efficiently
and automatically by clients communicating directly with DHCP servers.

The following section covers issues that affect the use of the DHCP Server service with other services or
network configurations. Using DNS servers with DHCP Using Routing and Remote Access servers with
DHCP Multihomed DHCP servers.

Describe the process of installing a DHCP server in an AD infrastructure ?

Open Windows Components Wizard. Under Components , scroll to and click Networking Services. Click
Details . Under Subcomponents of Networking Services , click Dynamic Host Configuration Protocol
(DHCP) and then click OK .

Click Next . If prompted, type the full path to the Windows Server 2003 distribution files, and then click
Next. Required files are copied to your hard disk

How to authorize a DHCP server in Active Directory Open DHCP ?.

In the console tree, click DHCP
. On the Action menu, click Manage authorized servers.
. The Manage Authorized Servers dialog box appears. Click Authorize.
. When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK.

What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access
clients do not use DHCP to obtain IP addresses for the remote access connection, Windows 2000 and
Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses,
WINS server IP addresses, and a DNS domain name.

The DHCPInform message is sent after the IPCP negotiation is concluded. The DHCPInform message
received by the remote access server is then forwarded to a DHCP server. The remote access server
forwards DHCPInform messages only if it has been configured with the DHCP Relay Agent.

Describe the integration between DHCP and DNS?

Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly,
changing authorization rights for a particular user on a group of devices has meant visiting each one and
making configuration changes.

DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's
network services to scale in step with the growth of network users, devices, and policies, while reducing
administrative operations and costs. This integration provides practical operational efficiencies that
lower total cost of ownership.

Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the
number of tasks required of network administrators. And integration of DNS and DHCP in the same
database instance provides unmatched consistency between service and management views of IP
address-centric network services data.

Active Directory
What is Active Directory ?
Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user
information, computer information and also other network object info. It has capabilities to manage and
administor the complite Network which connect with AD.

What is domain ?
Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so
forth) for a group of users. The user need only to log in to the domain to gain access to the resources,
which may be located on a number of different servers in the network. The 'domain' is simply your
computer address not to confused with an URL. A domain address might look something like
211.170.469.

What is domain controller ?

A Domain controller (DC) is a server that responds to security authentication requests (logging in,
checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in
Windows NT whereby a user may be granted access to a number of computer resources with the use of
a single username and password combination.

What is LDAP ?
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making
Active Directory widely accessible to management and query applications. Active Directory supports
LDAPv3 and LDAPv2.

What is KCC ?
KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication
and for intrasite replication.with in a site replication traffic is done via remote procedure calls over ip,
while between site it is done through either RPC or SMTP.

Where is the AD database held? What other folders are related to AD?
The AD data base is store in c:\windows\ntds\NTDS.DIT.

What is the SYSVOL folder?

The sysVOL folder stores the server's copy of the domain's public files. The contents such as group
policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

What are the Windows Server 2003 keyboard shortcuts ?

Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box.
Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the
focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area.
Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F
opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module
selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization.
Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.

Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC)
in Server 2003 ?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read
and write relationship that hosts copies of the Active Directory.

I am trying to create a new universal user group. Why can’t I ?

Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode
requires that all domain controllers be promoted to Windows Server 2003 Active Directory.

What is LSDOU ?
It’s group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and
Organizational Units.
Why doesn’t LSDOU work under Windows NT ?
If the NTConfig.pol file exist, it has the highest priority among the numerous policies.

What’s the number of permitted unsuccessful logons on Administrator account? Unlimited.

Remember, though, that it’s the Administrator account, not any account that’s part of the
Administrators group.

What’s the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.

How many passwords by default are remembered when you check "Enforce Password History
Remembered"?
User’s last 6 passwords.

Can GC Server and Infrastructure place in single server If not explain why ?
No, As Infrastructure master does the same job as the GC. It does not work together.

Which is service in your windows is responsible for replication of Domain controller to another
domain controller.
KCC generates the replication topology.
Use SMTP / RPC to replicate changes.

What Intrasite and Intersite Replication ?

Intrasite is the replication with in the same site & intersite the replication between sites.

What is lost & found folder in ADS ?

It’s the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the
OU then it will put that in Lost & Found Folder.

What is Garbage collection ?

Garbage collection is the process of the online defragmentation of active directory. It happens every 12
Hours.

What System State data contains ?

Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder
What is the difference between Windows 2000 Active Directory and Windows 2003 Active Directory?
Is there any difference in 2000 Group Polices and 2003 Group Polices? What is meant by ADS and ADS
services in Windows 2003?
Windows 2003 Active Directory introduced a number of new security features, as well as convenience
features such as the ability to rename a domain controller and even an entire domain
Windows Server 2003 also introduced numerous changes to the default settings that can be affected by
Group Policy - you can see a detailed list of each available setting and which OS is required to support it
by downloading the Group Policy Settings Reference.

ADS stands for Automated Deployment Services, and is used to quickly roll out identically-configured
servers in large-scale enterprise environments. You can get more information from the ADS homepage.

I want to setup a DNS server and Active Directory domain. What do I do first? If I install the DNS
service first and name the zone 'name.org' can I name the AD domain 'name.org' too?
Not only can you have a DNS zone and an Active Directory domain with the same name, it's actually the
preferred way to go if at all possible. You can install and configure DNS before installing Active Directory,
or you can allow the Active Directory Installation Wizard (dcpromo) itself install DNS on your server in
the background.

How do I determine if user accounts have local administrative access?

You can use the net localgroup administrators command on each workstation (probably in a login script
so that it records its information to a central file for later review). This command will enumerate the
members of the Administrators group on each machine you run it on. Alternately, you can use the
Restricted Groups feature of Group Policy to restrict the membership of Administrators to only those
users you want to belong.

Why am I having trouble printing with XP domain users?

In most cases, the inability to print or access resources in situations like this one will boil down to an
issue with name resolution, either DNS or WINS/NetBIOS. Be sure that your Windows XP clients' wireless
connections are configured with the correct DNS and WINS name servers, as well as with the
appropriate NetBIOS over TCP/IP settings. Compare your wireless settings to your wired LAN settings
and look for any discrepancies that may indicate where the functional difference may lie.

What is the ISTG? Who has that role by default?

Windows 2000 Domain controllers each create Active Directory Replication connection objects
representing inbound replication from intra-site replication partners. For inter-site replication, one
domain controller per site has the responsibility of evaluating the inter-site replication topology and
creating Active Directory Replication Connection objects for appropriate bridgehead servers within its
site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology
Generator (ISTG).

What is difference between Server 2003 vs 2008?

1. Virtualization. (Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit
versions. More and more companies are seeing this as a way of reducing hardware costs by running
several 'virtual' servers on one physical machine.)
2. Server Core (provides the minimum installation required to carry out a specific server role, such as for
a DHCP, DNS or print server)
3. Better security.
4. Role-based installation.
5. Read Only Domain Controllers (RODC).
6. Enhanced terminal services.
7. Network Access Protection - Microsoft's system for ensuring that clients connecting to Server 2008
are patched, running a firewall and in compliance with corporate security policies.
8. PowerShell - Microsoft's command line shell and scripting language has proved popular with some
server administrators.
9. IIS 7 .
10. Bitlocker - System drive encryption can be a sensible security measure for servers located in remote
branch offices. >br> The main difference between 2003 and 2008 is Virtualization, management. 2008
has more in-build components and updated third party drivers.
11. Windows Aero.

What are the requirements for installing AD on a new server?

1 The Domain structure.
2 The Domain Name .
3 storage location of the database and log file.
4 Location of the shared system volume folder.
5 DNS config Methode.
6 DNS configuration.

What is LDP?
LDP : Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is
not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for
establishing a full mesh of LSPs between all of the routers on the network.

What are the Groups types available in active directory ?

Security groups: Use Security groups for granting permissions to gain access to resources. Sending an e-
mail message to a group sends the message to all members of the group. Therefore security groups
share the capabilities of distribution groups.

Distribution groups: Distribution groups are used for sending e-main messages to groups of users. You
cannot grant permissions to security groups. Even though security groups have all the capabilities of
distribution groups, distribution groups still requires, because some applications can only read
distribution groups.

Explain about the groups scope in AD ?

Domain Local Group: Use this scope to grant permissions to domain resources that are located in the
same domain in which you created the domain local group. Domain local groups can exist in all mixed,
native and interim functional level of domains and forests. Domain local group memberships are not
limited as you can add members as user accounts, universal and global groups from any domain. Just to
remember, nesting cannot be done in domain local group. A domain local group will not be a member of
another Domain Local or any other groups in the same domain.

Global Group: Users with similar function can be grouped under global scope and can be given
permission to access a resource (like a printer or shared folder and files) available in local or another
domain in same forest. To say in simple words, Global groups can be use to grant permissions to gain
access to resources which are located in any domain but in a single forest as their memberships are
limited. User accounts and global groups can be added only from the domain in which global group is
created. Nesting is possible in Global groups within other groups as you can add a global group into
another global group from any domain. Finally to provide permission to domain specific resources (like
printers and published folder), they can be members of a Domain Local group. Global groups exist in all
mixed, native and interim functional level of domains and forests.

Universal Group Scope: These groups are precisely used for email distribution and can be granted access
to resources in all trusted domain as these groups can only be used as a security principal (security
group type) in a windows 2000 native or windows server 2003 domain functional level domain.
Universal group memberships are not limited like global groups. All domain user accounts and groups
can be a member of universal group. Universal groups can be nested under a global or Domain Local
group in any domain.

What is REPLMON ?
The Microsoft definition of the Replmon tool is as follows; This GUI tool enables administrators to view
the low-level status of Active Directory replication, force synchronization between domain controllers,
view the topology in a graphical format, and monitor the status and performance of domain controller
replication.

What is ADSIEDIT ?
ADSIEDIT :ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for
Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for
common administrative tasks such as adding, deleting, and moving objects with a directory service. The
attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application
programming interfaces (APIs) to access Active Directory. The following are the required files for using
this tool: ADSIEDIT.DLL ADSIEDIT.

What is NETDOM ?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships.
It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure
channels.

What is REPADMIN?
This command-line tool assists administrators in diagnosing replication problems between Windows
domain controllers.Administrators can use Repadmin to view the replication topology (sometimes
referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In
addition, Repadmin can be used to manually create the replication topology (although in normal
practice this should not be necessary), to force replication events between domain controllers, and to
view both the replication metadata and up-to-dateness vectors.

How to take backup of AD ?

For taking backup of active directory you have to do this : first go START -> PROGRAM ->ACCESORIES ->
SYSTEM TOOLS -> BACKUP OR Open run window and ntbackup and take systemstate backup when the
backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary
information about the syatem including AD backup , DNS ETC.

What are the DS* commands ?

The following DS commands: the DS family built in utility .
DSmod - modify Active Directory attributes.
DSrm - to delete Active Directory objects.
DSmove - to relocate objects
DSadd - create new accounts
DSquery - to find objects that match your query attributes.
DSget - list the properties of an object

What are the requirements for installing AD on a new server?

An NTFS partition with enough free space.
An Administrator's username and password.
The correct operating system version.
A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway).
A network connection (to a hub or to another computer via a crossover cable) .
An operational DNS server (which can be installed on the DC itself) .
A Domain name that you want to use .
The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder)

Explain about Trust in AD ?

To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a
forest are automatically created when domains are created.

The forest sets the default boundaries of trust, not the domain, and implicit, transitive trust is automatic
for all domains within a forest. As well as two-way transitive trust, AD trusts can be a shortcut (joins two
domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm
(transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to
connect to other forests or non-AD domains.

Trusts in Windows 2000 (native mode)

One-way trust – One domain allows access to users on another domain, but the other domain does not
allow access to users on the first domain.
Two-way trust – Two domains allow access to users on both domains.
Trusting domain – The domain that allows access to users from a trusted domain.
Trusted domain – The domain that is trusted; whose users have access to the trusting domain.
Transitive trust – A trust that can extend beyond two domains to other trusted domains in the forest.
Intransitive trust – A one way trust that does not extend beyond two domains.
Explicit trust – A trust that an admin creates. It is not transitive and is one way only.
Cross-link trust – An explicit trust between domains in different trees or in the same tree when a
descendant/ancestor (child/parent) relationship does not exist between the two domains.
Windows 2000 Server – supports the following types of trusts:
Two-way transitive trusts.
One-way intransitive trusts.
Additional trusts can be created by administrators. These trusts can be:
Shortcut
Windows Server 2003 offers a new trust type – the forest root trust. This type of trust can be used to
connect Windows Server 2003 forests if they are operating at the 2003 forest functional level.
Authentication across this type of trust is Kerberos based (as opposed to NTLM). Forest trusts are also
transitive for all the domains in the forests that are trusted. Forest trusts, however, are not transitive.

Difference between LDIFDE and CSVDE?

CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-
formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length
into this powerful command, but I will show you some basic samples of how to import a large number of
users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users.
Consult your help file for more info.

LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-
formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor,
however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE
(besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not
just users), while CSVDE can only import and export objects.

What is tombstone lifetime attribute ?

The number of days before a deleted object is removed from the directory services. This assists in
removing objects from replicated servers and preventing restores from reintroducing a deleted object.
This value is in the Directory Service object in the configuration NIC.

What are application partitions? When do I use them ?

AN application diretcory partition is a directory partition that is replicated only to specific domain
controller.Only domain controller running windows Server 2003 can host a replica of application
directory partition.
Using an application directory partition provides redundany,availability or fault tolerance by replicating
data to specific domain controller pr any set of domain controllers anywhere in the forest.
How do you create a new application partition ?
Use the DnsCmd command to create an application directory partition.
To do this, use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

How do you view all the GCs in the forest?

C:\>repadmin /showreps domain_controller where domain_controller is the DC you want to query to
determine whether it?s a GC.
The output will include the text DSA Options: IS_GC if the DC is a GC.

Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Yes, you can use dirXML or LDAP to connect to other directories.
In Novell you can use E-directory.

What is IPSec Policy

IPSec provides secure gateway-to-gateway connections across outsourced private wide area network
(WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode. IPSec Policy
can be deployed via Group policy to the Windows Domain controllers 7 Servers.

What are the different types of Terminal Services ?

User Mode & Application Mode.

What is RsOP
RsOP is the resultant set of policy applied on the object (Group Policy).

What is the System Startup process ?

Windows 2K boot process on a Intel architecture.

1. Power-On Self Tests (POST) are run.

2. The boot device is found, the Master Boot Record (MBR) is loaded into memory, and its program is
run.

3. The active partition is located, and the boot sector is loaded.

4. The Windows 2000 loader (NTLDR) is then loaded.

The boot sequence executes the following steps:

1. The Windows 2000 loader switches the processor to the 32-bit flat memory model.

2. The Windows 2000 loader starts a mini-file system.

3. The Windows 2000 loader reads the BOOT.INI file and displays the operating system selections (boot
loader menu).
4. The Windows 2000 loader loads the operating system selected by the user. If Windows 2000 is
selected, NTLDR runs NTDETECT.COM. For other operating systems, NTLDR loads BOOTSECT.DOS and
gives it control.

5. NTDETECT.COM scans the hardware installed in the computer, and reports the list to NTLDR for
inclusion in the Registry under the HKEY_LOCAL_MACHINE_HARDWARE hive.

6. NTLDR then loads the NTOSKRNL.EXE, and gives it the hardware information collected by
NTDETECT.COM. Windows NT enters the Windows load phases

How do you change the DS Restore admin password ?

In Windows 2000 Server, you used to have to boot the computer whose password you wanted to
change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local
User and Groups snap-in or the command net user administrator * to change the Administrator
password.
Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory
Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in
SP4 to improve the utility?s scripting options.)

In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode
Administrator password.

To do so, follow these steps:

1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).
2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the
argument ?set dsrm password? at the ntdsutil prompt: ntdsutil: set dsrm password.
3. Run the Reset Password command, passing the name of the server on which to change the password,
or use the null argument to specify the local machine.
For example, to reset the password on server testing, enter the following argument at the Reset DSRM
Administrator Password prompt: Reset DSRM Administrator Password: reset password on server testing

To reset the password on the local machine, specify null as the server name:
Reset DSRM Administrator Password: reset password on server null

4. You?ll be prompted twice to enter the new password. You?ll see the following messages:
5. Please type password for DS Restore Mode Administrator Account:
6. Please confirm new password:
Password has been set successfully.
7. Exit the password-reset utility by typing ?quit? at the following prompts:
8. Reset DSRM Administrator Password: quit
ntdsutil: quit
I am upgrading from NT to 2003. The only things that are NT are the PDC and BDCs; everything else is
2000 or 2003 member servers. My question is, when I upgrade my NT domain controllers to 2003, will
I need to do anything else to my Windows 2000/2003 member servers that were in the NT domain?
Your existing member servers, regardless of operating system, will simply become member servers in
your upgraded AD domain. If you will be using Organizational Units and Group Policy (and I hope you
are), you'll probably want to move them to a specific OU for administration and policy application, since
they'll be in the default "Computers" container immediately following the upgrade.

How do I use Registry keys to remove a user from a group?

In Windows Server 2003, you can use the dsmod command-line utility with the -delmbr switch to
remove a group member from the command line. You should also look into the freeware utilities
available from www.joeware.net . ADFind and ADMod are indispensable tools in my arsenal when it
comes to searching and modifying Active Directory.

Why are my NT4 clients failing to connect to the Windows 2000 domain?
Since NT4 relies on NetBIOS for name resolution, verify that your WINS server (you do have a WINS
server running, yes?) contains the records that you expect for the 2000 domain controller, and that your
clients have the correct address configured for the WINS server.

How to add your first Windows 2003 DC to an existing Windows 2000 domain ?

The first step is to install Windows 2003 on your new DC. This is a straighforward process, so we aren?t
going to discuss that here.

Because significant changes have been made to the Active Directory schema in Windows 2003, we need
to make our Windows 2000 Active Directory compatible with the new version. If you already have
Windows 2003 DCs running with Windows 2000 DCs, then you can skip down to the part about DNS.

Before you attempt this step, you should make sure that you have service pack 4 installed on your
Windows 2000 DC. Next, make sure that you are logged in as a user that is a member of the Schema
Admin and Enterprise Admin groups.

Next, insert the Windows 2003 Server installation CD into the Windows 2000 Server.
Bring up a command line and change directories to the I386 directory on the installation CD. At the
command prompt, type: Code :
adprep /forestprep After running this command, make sure that the updates have been replicated to all
existing Windows 2000 DCs in the forest. Next, we need to run the following command: Code :
adprep /domainprep

The above command must be run on the Infrastructure Master of the domain by someone who is a
member of the Domain Admins group.
Once this is complete, we move back to the Windows 2003 Server. Click ?start? then ?run? - type in
dcpromo and click OK. During the ensuing wizard, make sure that you select that you are adding this DC
to an existing domain.
After this process is complete, the server will reboot. When it comes back online, check and make sure
that the AD database has been replicated to your new server.
Next, you will want to check and make sure that DNS was installed on your new server.

If not, go to the control panel,

click on ?Add or Remove Programs?, and click the ?Add/Remove Windows Components? button.
In the Windows Components screen, click on ?Networking Services? and click the details button.

In the new window check ?Domain Name System (DNS)? and then click the OK button. Click ?Next? in
the Windows Components screen.
This will install DNS and the server will reboot. After reboot, pull up the DNS Management window and
make sure that your DNS settings have replicated from the Windows 2000 Server. You will need to re-
enter any forwarders or other properties you had set up, but the DNS records should replicate on their
own.

The next 2 items, global catalog and FSMO roles, are important if you plan on decomissioning your
Windows 2000 server(s). If this is the case, you need to tansfer the global catalog from the old server to
the new one.

First, let?s create a global catalog on our new server. Here are the steps:

1. On the domain controller where you want the new global catalog, start the Active Directory Sites and
Services snap-in.
To start the snap-in, click ?Start?, point to ?Programs?, point to ?Administrative Tools?, and then click ?
Active Directory Sites and Services?.
2. In the console tree, double-click ?Sites?, and then double-click ?sitename?.

3. Double-click ?Servers?, click your domain controller, right-click ?NTDS Settings?, and then click ?
Properties?.
4. On the General tab, click to select the Global catalog check box to assign the role of global catalog to
this server.
5. Restart the domain controller.

Make sure you allow sufficient time for the account and the schema information to replicate to the new
global catalog server before you remove the global catalog from the original DC or take the DC offline.

After this is complete, you will want to transfer or seize the FSMO roles for your new server.
For instructions, read Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller.
After this step is complete, we can now run DCPROMO on the Windows 2000 Servers in order to demote
them.

Once this is complete, copy over any files you need to your new server and you should have successfully
replaced your Windows 2000 server(s) with a new Windows 2003 server.
How do you view replication properties for AD partitions and DCs?
By using replication monitor
go to start > run > type repadmin
go to start > run > type replmon

Why can't you restore a DC that was backed up 4 months ago?

Because of the tombstone life which is set to only 60 days.

Different modes of AD restore ?

A nonauthoritative restore is the default method for restoring Active Directory. To perform a
nonauthoritative restore, you must be able to start the domain controller in Directory Services Restore
Mode. After you restore the domain controller from backup, replication partners use the standard
replication protocols to update Active Directory and associated information on the restored domain
controller.

An authoritative restore brings a domain or a container back to the state it was in at the time of backup
and overwrites all changes made since the backup. If you do not want to replicate the changes that have
been made subsequent to the last backup operation, you must perform an authoritative restore. In this
one needs to stop the inbound replication first before performing the An authoritative restore.

How do you configure a stand-by operation master for any of the roles?
# Open Active Directory Sites and Services.
# Expand the site name in which the standby operations master is located to display the Servers folder.
# Expand the Servers folder to see a list of the servers in that site.
# Expand the name of the server that you want to be the standby operations master to display its NTDS
Settings.
# Right-click NTDS Settings, click New, and then click Connection.
# In the Find Domain Controllers dialog box, select the name of the current role holder, and then click
OK.
# In the New Object-Connection dialog box, enter an appropriate name for the Connection object or
accept the default name, and click OK.

What's the difference between transferring a FSMO role and seizing ?

Seizing an FSMO can be a destructive process and should only be attempted if the existing server with
the FSMO is no longer available.

If you perform a seizure of the FSMO roles from a DC, you need to ensure two things:
the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If
you do an FSMO role Seize and then bring the previous holder back online, you'll have a problem.

An FSMO role TRANSFER is the graceful movement of the roles from a live, working DC to another live
DC During the process, the current DC holding the role(s) is updated, so it becomes aware it is no longer
the role holder
I want to look at the RID allocation table for a DC. What do I do?
dcdiag /test:ridmanager /s:servername /v (servername is the name of our DC)

What is BridgeHead Server in AD ?

A bridgehead server is a domain controller in each site, which is used as a contact point to receive and
replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a
bridgehead server. In case the server is down, KCC designates another one from the domain controller.
When a bridgehead server receives replication updates from another site, it replicates the data to the
other domain controllers within its site.

What is the default size of ntds.dit ?

10 MB in Server 2000 and 12 MB in Server 2003 .

Where is the AD database held and What are other folders related to AD ?
AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the
main files controlling the AD structure.

ntds.dit
edb.log
res1.log
res2.log
edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the
transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD
database. System performance determines how fast the system writes the data to the AD database from
the log file. Any time the system is shut down, all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is
10MB. These files are used to ensure that changes can be written to disk should the system run out of
free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database
(ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file.

Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to
the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown
statement isn't present, AD will use the edb.log file to update the AD database. The last file in our list of
files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the
other files we've discussed

What FSMO placement considerations do you know of ?

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO
(Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or
actually, on the same DC) as has been configured by the Active Directory installation process.
However, there are scenarios where an administrator would want to move one or more of the FSMO
roles from the default holder DC to a different DC.
Windows Server 2003 Active Directory is a bit different than the Windows 2000 version when dealing
with FSMO placement.

In this article I will only deal with Windows Server 2003 Active Directory, but you should bear in mind
that most considerations are also true when planning Windows 2000 AD FSMO roles

What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?

If you're installing Windows 2003 R2 on an existing Windows 2003 server with SP1 installed, you require
only the second R2 CD-ROM.

Insert the second CD and the r2auto.exe will display the Windows 2003 R2 Continue Setup screen. If
you're installing R2 on a domain controller (DC), you must first upgrade the schema to the R2 version
(this is a minor change and mostly related to the new Dfs replication engine).

To update the schema, run the Adprep utility, which you'll find in the Components\r2\adprep folder on
the second CD-ROM.
Before running this command, ensure all DCs are running Windows 2003 or Windows 2000 with SP2 (or
later).

Here's a sample execution of the Adprep /forestprep

command:
D:\CMPNENTS\R2\ADPREP>adprep /forestprep
ADPREP WARNING:
Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to
Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later).

QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent potential domain controller
corruption.
[User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and
then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit.
C Opened Connection to SAV

DALDC01 SSPI Bind succeeded Current Schema Version is 30 Upgrading schema to version 31 Connecting
to "SAVDALDC01" Logging in as current user using SSPI Importing directory from file "C:\WINDOWS\
system32\sch31.ldf" Loading entries... 139 entries modified successfully.

The command has completed successfully Adprep successfully updated the forest-wide information.
After running Adprep, install R2 by performing these steps:

1. Click the "Continue Windows Server 2003 R2 Setup" link, as the figureshows.
2. At the "Welcome to the Windows Server 2003 R2 Setup Wizard" screen, click Next.
3. You'll be prompted to enter an R2 CD key (this is different from your existing Windows 2003 keys) if
the underlying OS wasn't installed from R2 media (e.g., a regular Windows 2003 SP1 installation).
Enter the R2 key and click Next. Note: The license key entered for R2 must match the underlying OS
type, which means if you installed Windows 2003 using a volume-license version key, then you can't use
a retail or Microsoft Developer Network (MSDN) R2 key.
4. You'll see the setup summary screen which confirms the actions to be performed (e.g., Copy files).
Click Next.
5. After the installation is complete, you'll see a confirmation dialog box. Click Finish

What is OU ?
Organization Unit is a container object in which you can keep objects such as user accounts, groups,
computer, printer . applications and other (OU).
In organization unit you can assign specific permission to the user's. organization unit can also be used
to create departmental limitation.

Name some OU design considerations ?

OU design requires balancing requirements for delegating administrative rights - independent of Group
Policy needs - and the need to scope the application of Group Policy.

The following OU design recommendations address delegation and scope issues:

Applying Group Policy An OU is the lowest-level Active Directory container to which you can assign
Group Policy settings.
Delegating administrative authority
usually don't go more than 3 OU levels

What is sites ? What are they used for ?

One or more well-connected (highly reliable and fast) TCP/IP subnets.
A site allows administrators to configure Active Directory access and replication topology to take
advantage of the physical network.

A Site object in Active Directory represents a physical geographic location that hosts networks. Sites
contain objects called Subnets.

Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active
directory replication, and manage network link traffic.
Sites can be linked to other Sites. Site-linked objects may be assigned a cost value that represents the
speed, reliability, availability, or other real property of a physical resource. Site Links may also be
assigned a schedule.

Trying to look at the Schema, how can I do that ?

register schmmgmt.dll using this command
c:\windows\system32>regsvr32 schmmgmt.dll
Open mmc --> add snapin --> add Active directory schema
name it as schema.msc
Open administrative tool --> schema.msc
What is the port no of Kerbrose ?
88

What is the port no of Global catalog ?

3268

What is the port no of LDAP ?

389

Explain Active Directory Schema ?

Windows 2000 and Windows Server 2003 Active Directory uses a database set of rules called "Schema".
The Schema is defines as the formal definition of all object classes, and the attributes that make up
those object classes, that can be stored in the directory. As mentioned earlier, the Active Directory
database includes a default Schema, which defines many object classes, such as users, groups,
computers, domains, organizational units, and so on.

These objects are also known as "Classes". The Active Directory Schema can be dynamically extensible,
meaning that you can modify the schema by defining new object types and their attributes and by
defining new attributes for existing objects. You can do this either with the Schema Manager snap-in
tool included with Windows 2000/2003 Server, or programmatically.

How can you forcibly remove AD from a server, and what do you do later? ? Can I get user passwords
from the AD database?
Dcpromo /forceremoval , an administrator can forcibly remove Active Directory and roll back the system
without having to contact or replicate any locally held changes to another DC in the forest. Reboot the
server then After you use the dcpromo /forceremoval command, all the remaining metadata for the
demoted DC is not deleted on the surviving domain controllers, and therefore you must manually
remove it by using the NTDSUTIL command.

In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to
manually remove the NTDS Settings object. You will need the following tool: Ntdsutil.exe, Active
Directory Sites and Services, Active Directory Users and Computers

What are the FSMO roles? Who has them by default? What happens when each one fails?
Flexible Single Master Operation (FSMO) role. Currently there are five FSMO roles:
Schema master
Domain naming master
RID master
PDC emulator
Infrastructure master

What is domain tree ?

Domain Trees: A domain tree comprises several domains that share a common schema and
configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust
relationships. Active Directory is a set of one or more trees.
Trees can be viewed two ways. One view is the trust relationships between domains. The other view is
the namespace of the domain tree.

What is forests ?
A collection of one or more domain trees with a common schema and implicit trust relationships
between them. This arrangement would be used if you have multiple root DNS addresses.

How to Select the Appropriate Restore Method ?

You select the appropriate restore method by considering:
Circumstances and characteristics of the failure. The two major categories of failure, From an Active
Directory perspective, are Active Directory data corruption and hardware failure.

Active Directory data corruption occurs when the directory contains corrupt data that has been
replicated to all domain controllers or when a large portion of the Active Directory hierarchy has been
changed accidentally (such as deletion of an OU) and this change has replicated to other domain
controllers.

Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC)
in Server 2003?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read
and write relationship that hosts copies of the Active Directory.

What is Global Catalog?

The Global Catalog authenticates network user logons and fields inquiries about objects across a forest
or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there
was typically one GC on every site in order to prevent user logon failures across the network.

How long does it take for security changes to be replicated among the domain controllers?
Security-related modifications are replicated within a site immediately. These changes include account
and individual user lockout policies, changes to password policies, changes to computer account
passwords, and modifications to the Local Security Authority (LSA).

When should you create a forest?

Organizations that operate on radically different bases may require separate trees with distinct
namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations
merge or are acquired and naming continuity is desired. Organizations form partnerships and joint
ventures. While access to common resources is desired, a separately defined tree can enforce more
direct administrative and security restrictions.
Describe the process of working with an external domain name ?
If it is not possible for you to configure your internal domain as a subdomain of your external domain,
use a stand-alone internal domain. This way, your internal and external domain names are unrelated.
For example, an organization that uses the domain name contoso.com for their external namespace
uses the name corp.internal for their internal namespace.

The advantage to this approach is that it provides you with a unique internal domain name. The
disadvantage is that this configuration requires you to manage two separate namespaces. Also, using a
stand-alone internal domain that is unrelated to your external domain might create confusion for users
because the namespaces do not reflect a relationship between resources within and outside of your
network.

In addition, you might have to register two DNS names with an Internet name authority if you want to
make the internal domain publicly accessible.

Networking
Q:What is Networking?

Inter connection between the two or more computers is called the networking. Using three types of
network are Intranet, Internet and Extranet (Eg. LAN, WAN & MAN)

Q:What is Bandwidth?

Every line has an upper limit and a lower limit on the frequency of signals it can carry. This limited range
is called the bandwidth. Every line has a capacity of transmission of data, The maximum amount of data
that can be transferred in a single line is called Bandwidth.

Q:What is VLAN?

VLAN Stand for Virtual Local Area Network. It is a logical grouping of network users and resources
connected to administratively defined ports on a switch.
Uses of VLAN are as follows:-

1. It is securied connection.

2. It increases flexibility.

3. It creates separate broadcast domain.

Q:What is CIDR?

CIDR Stands for classless inter domain routing. It helps in preventing the wasting of IP address and
nowadays we are facing the shortage of the IP address.So this CIDR helps to prevent the waste of IP
address.Shortly IPV6 will come into exist.

Q:What is VLSM?
VLSM stands for Variable length subnet mask, when try to separate a major subnet into minor ones,
then that process is called VLSM. We can subnet in various lengths.
Eg: 1.1.1.0-/24 can be separated into 1.1.1.0-/30 and 1.1.1.4-/28

Q:What is unicast?

Unicast is one type of transmission in which information is sent from one host to another host (i.e
Source to Destination). In another words, Unicast transmission is between one-to-one nodes

Unicast ---> A transmission to a single interface card.

Q:What is Multicast?

Multicast is such differ from Unicast. It is another type of transmission or communication in which there
may be more than host and the information sent is meant for a set of host.(i.e one source to group of
destination

Multicast ---> A transmission to a group of interface cards on the network.

Q:What is Broadcast?

Broadcast is one type of transmission in which information is transfer from just one host but is received
by all the host connected to the network. (i.e one source to all destination)

Broadcast ---> A transmission to all interface cards on the network.

Q:What is ACL?

ACL stands of Access Control List, It is packet filtering method, which filter the IP packets based on
source and destination address. It is set of rules or condition that permit or deny the ip packets.

Cisco ACLs are divided into types.

1. Standard ACL &
2. Extended ACL.

Standard ACL - Standard IP Access Lists ranging in number from 1 to 99. Standard ACL control the traffic
based on the source IP address only.

Extended ACL - Extended IP Access Lists ranging in number from 100 to 199. Extended ACL control the
traffic based on the source IP address, destination IP address, source port number and destination port
number.

Q:What is CEF?
Cisco Express Forwarding (CEF) is an advanced layer 3 switching technology used mainly in large core
networks or the Internet to enhance the overall network performance.

CEF is mainly used to increase packet switching speed by reducing the overhead and delays introduced
by other routing techniques. CEF consists of two key components: The Forwarding Information Base
(FIB) and adjacencies. The FIB is similar to the routing table generated by multiple routing protocols,
maintaining only the next-hop address for a particular IP-route.

The adjacency maintains layer 2 or switching information linked to a particular FIB entry, avoiding the
need for an ARP request for each table lookup. There are five types of adjacencies:

1. Null adjacency.

2. Punt adjacency.

3. Glean adjacency.

4. Discard adjacency.

5. Drop adjacency.

Q:What is CDP?

CDP Stand for Cisco Discovery Protocol, It's a Layer 2 protocol and used to check the availability of
neighbouring Cisco devices. It can give you all the details of the neighbours. CDP provides network
device inventory, connectivity information, and IP next hop information. CDP Version-2 (CDPv2) is the
most recent release of the protocol and provides more intelligent device tracking features.

Sending CDP packets every 60 seconds and

Hold time is 180 seconds.

Q:What is SNMP?

The Simple Network Management Protocol (SNMP) is an application layer protocol (Layer 1) that
facilitates the exchange of management information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network
administrators to manage network performance, find and solve network problems, and plan for network
growth.

What is RIP and difference between Rip V1 & Rip V2?

RIP Stands for Routing information protocol. It is also called distance vector routing protocol. It is open
standard for any vendor use. It uses metric as hop count (max hop count 15) AD 120. It sends periodic
update for every 30 sec. It is used for small network.
Rip V1 Rip V2

1. It is a Class full Protocol. 1. It is a Classless Protocol.

2.Classful Protocol: - Supports networks with same 2.Classless Protocol: - Supports subnetted networks; It carries
Subnet Mask information of subnet mask
3.RIPV1 uses Broadcast Address 3.RIP V2 uses Multicast Address
4.RIPV1 Universal Broadcast (255.255.255.255) 4. RIPV2 uses Multicast (224.0.0.9).
5. RIPV1 does not VLSM. 5.RIPV2 supports VLSM

What is EIGRP?

EIGRP stands for Enhanced Interior Gateway Routing Protocol, it is also called balanced hybrid routing
protocol or advanced distance vector routing protocol. Hello packets for every 5 sec, hold time 15 sec. It
support for VLSM, the multicast address is 224.0.0.10. It maintain neighbour table, topology table &
routing table

1. Neighbour – directly connected neighbour (feasible successor)

2. Topology – all path reach to destination (feasible successor)

3. Routing – best path (successor)

DUAL: Diffusion update algorithm

1. Successor is available in routing table

2. If successor failed means it will take the feasible successor

DUAL Parameter

1. A.D = Advertised distance (Reported Distance)

2. F.D = Feasible distance

Reported Distance: The metric for a route advertised by a neighbour

Feasible distance: The distance advertised by a neighbour plus the cost to get to that neighbour

What is OSPF?

Open Shortest Path First (OSPF) is a dynamic routing protocol for use in Internet Protocol (IP) networks.
OSPF is designated by the Internet Engineering Task Force (IETF). Specifically, it is a link-state routing
protocol and falls into the group of interior gateway protocols, operating within an autonomous system
(AS). Unlimited router can be used. CPU usage will be high, to reduce the CPU Usage using area.

What are the areas in OSPF?

• The backbone area, which is also referred to as Area 0. All other areas must connect to the backbone
area. Hence, this area is obligatory.

• An ordinary or standard area, which is an area that connects to the backbone (Area 0) and is treated
as a separate entity. All routers in a standard area have the same topological database, but their routing
tables will be based on the routers position in the standard area and will thus be unique to the router.

• A stub area, which is an area that does not accept external summary routes. A router within a stub
area can only see outside the autonomous system if a default route has been configuration for it.

• A totally stubby area, which is similar to a stub area. In this area, the default route must be configured
as 0.0.0.0. This type of area is useful for remote sites that have few networks and limited connectivity
with the rest of the network and is a Cisco proprietary solution.

• A not so stubby area (NSSA), which is a stub area that can receive external routes but will not
propagate those external routes into the backbone area.

What are the network types in OSPF?

1. Non broadcast - This is the default on frame relay networks has a DR/BDR election. Neighbor
command needed to establish adjacency.

2. Broadcast - This is the default on Ethernet/broadcast networks. Does have DR/BDR election.

3. Point-to-point - No DR/BDR election. This one is pretty self explanatory.

4. Point-to-multipoint - Does not have a DR/BDR election. Solves some design issues with the next hop
processing for NONBROADCAST. Treats as a collection of P2P links.

5. Point-to-multipoint non broadcast - Same as P2M but does not use pseudo broadcast. Must statically
define neighbors.

6. Loopback - OSPF treats these as stub hosts. (/32)

What are BGP and their attributes?

The Border Gateway Protocol (BGP) is an inter autonomous system routing protocol. An autonomous
system is a network or group of networks under a common administration and with common routing
policies. BGP is used to exchange routing information for the Internet and is the protocol used between
Internet service providers (ISP). Customer networks, such as universities and corporations, usually
employ an Interior Gateway Protocol (IGP) such as RIP or OSPF for the exchange of routing information
within their networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP
routes. When BGP is used between autonomous systems (AS), the protocol is referred to as External
BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is
referred to as Interior BGP (IBGP).

BGP Attributes are

1. Weight 5. AS_path

2. Local preference 6. Next hop

3. Multi-exit discriminator 7. Community

4.Origin

What is PPPoE?

Point to Point Protocol over Ethernet (PPPoE) is network protocols that allow data communication
between two network entities or points, which supports network layer protocols including IPv4 and
IPv6. PPP supports three types of user authentication protocols that provide varying levels of security.

1. PAP 2. CHAP 3. EAP

PAP CHAP

1. Clear text 1. Encrypted

2. Less secure 2. High secure

3. Two way handshake method 3. Three way handshake method

Auth. Request Challenge

Auth. Acknowledgment Response

Success

4. No periodic Check up 4. Periodical Check up

Extensible Authentication Protocol (EAP) is most commonly used for authentication on wireless
networks

What are the timers for dynamic routing protocol?

Rip IGRP EIGRP OSPF

Hello None None 60 sec 10 sec

Update timers 30 sec 90 sec

Dead timers 180 sec 3*hello 3*hello 4*hello

What is the AD Value for Dynamic routing protocols?

Rip IGRP EIGRP OSPF BGP

AD 120 100 90 110 20

Group Policy
What is group policy in active directory ? What are Group Policy objects (GPOs)?
Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting
information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy
template.

The Group Policy container is an Active Directory container that stores GPO properties, including
information on version, GPO status, and a list of components that have settings in the GPO.

The Group Policy template is a folder structure within the file system that stores Administrative
Template-based policies, security settings, script files, and information regarding applications that are
available for Group Policy Software Installation.
The Group Policy template is located in the system volume folder (Sysvol) in the \Policies subfolder for
its domain.

What is the order in which GPOs are applied ?

Group Policy settings are processed in the following order:
1.Local Group Policy object : Each computer has exactly one Group Policy object that is stored locally.
This processes for both computer and user Group Policy processing.

2.Site : Any GPOs that have been linked to the site that the computer belongs to are processed next.
Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab
for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is
processed last, and therefore has the highest precedence.

3.Domain: Processing of multiple domain-linked GPOs is in the order specified by the administrator, on
the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is
processed last, and therefore has the highest precedence.

4.Organizational units : GPOs that are linked to the organizational unit that is highest in the Active
Directory hierarchy are processed first, then POs that are linked to its child organizational unit, and so
on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are
processed.

At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be
linked. If several GPOs are linked to an organizational unit, their processing is in the order that is
specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in
GPMC.

The GPO with the lowest link order is processed last, and therefore has the highest precedence.
This order means that the local GPO is processed first, and GPOs that are linked to the organizational
unit of which the computer or user is a direct member are processed last, which overwrites settings in
the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are
merely aggregated.)

How to backup/restore Group Policy objects ?

Begin the process by logging on to a Windows Server 2008 domain controller, and opening the Group
Policy Management console. Now, navigate through the console tree to Group Policy Management |
Forest: | Domains | | Group Policy Objects.

When you do, the details pane should display all of the group policy objects that are associated with the
domain. In Figure A there are only two group policy objects, but in a production environment you may
have many more. The Group Policy Objects container stores all of the group policy objects for the
domain.

Now, right-click on the Group Policy Objects container, and choose the Back Up All command from the
shortcut menu. When you do, Windows will open the Back Up Group Policy Object dialog box.

As you can see in Figure B, this dialog box requires you to provide the path to which you want to store
the backup files. You can either store the backups in a dedicated folder on a local drive, or you can place
them in a folder on a mapped network drive. The dialog box also contains a Description field that you
can use to provide a description of the backup that you are creating.

You must provide the path to which you want to store your backup of the group policy objects.
To initiate the backup process, just click the Back Up button. When the backup process completes, you
should see a dialog box that tells you how many group policy objects were successfully backed up. Click
OK to close the dialog box, and you're all done.

When it comes to restoring a backup of any Group Policy Object, you have two options. The first option
is to right-click on the Group Policy Object, and choose the Restore From Backup command from the
shortcut menu. When you do this, Windows will remove all of the individual settings from the Group
Policy Object, and then implement the settings found in the backup.

Your other option is to right-click on the Group Policy Object you want to restore, and choose the Import
Settings option. This option works more like a merge than a restore.
Any settings that presently reside within the Group Policy Object are retained unless there is a
contradictory settings within the file that is being imported.
You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers
etc.) on the computers in one department. How would you do that?
go to Start->programs->Administrative tools->Active Directory Users and Computers
Right Click on Domain->click on preoperties
On New windows Click on Group Policy
Select Default Policy->click on Edit
on group Policy console
go to User Configuration->Administrative Template->Start menu and Taskbar
Select each property you want to modify and do the same

What?s the difference between software publishing and assigning?

Assign Users :The software application is advertised when the user logs on. It is installed when the user
clicks on the software application icon via the start menu, or accesses a file that has been associated
with the software application.

Assign Computers :The software application is advertised and installed when it is safe to do so, such as
when the computer is next restarted.

Publish to users : The software application does not appear on the start menu or desktop. This means
the user may not know that the software is available. The software application is made available via the
Add/Remove Programs option in control panel, or by clicking on a file that has been associated with the
application. Published applications do not reinstall themselves in the event of accidental deletion, and it
is not possible to publish to computers.

What are administrative templates?

Administrative Templates are a feature of Group Policy, a Microsoft technology for centralised
management of machines and users in an Active Directory environment. Administrative Templates
facilitate the management of registry-based policy. An ADM file is used to describe both the user
interface presented to the Group Policy administrator and the registry keys that should be updated on
the target machines.

An ADM file is a text file with a specific syntax which describes both the interface and the registry values
which will be changed if the policy is enabled or disabled.

ADM files are consumed by the Group Policy Object Editor (GPEdit). Windows XP Service Pack 2 shipped
with five ADM files (system.adm, inetres.adm, wmplayer.adm, conf.adm and wuau.adm). These are
merged into a unified "namespace" in GPEdit and presented to the administrator under the
Administrative Templates node (for both machine and user policy).

Can I deploy non-MSI software with GPO?

create the fiile in .zap extension.
Name some GPO settings in the computer and user parts ?
Group Policy Object (GPO) computer=Computer Configuration, User=User ConfigurationName some
GPO settings in the computer and user parts.

A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and
everyone else there gets the GPO. What will you look for?
make sure user not be member of loopback policy as in loopback policy it doesn't effect user settings
only computer policy will applicable. if he is member of gpo filter grp or not?
You may also want to check the computers event logs. If you find event ID 1085 then you may want to
download the patch to fix this and reboot the computer.

How can I override blocking of inheritance ?

What can I do to prevent inheritance from above?

Name a few benefits of using GPMC.

How frequently is the client policy refreshed ?

90 minutes give or take.

Where is secedit ?
It’s now gpupdate.

What can be restricted on Windows Server 2003 that wasn’t there in previous products ?
Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP
properties. Users may be selectively restricted from modifying their IP address and other network
configuration parameters.

You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritance among the options when creating the policy.

How does the Group Policy 'No Override' and 'Block Inheritance' work ?

Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and multiple GP's
for each level. Obviously it may be that some policy settings conflict hence the application order of Site -
Domain - Organization Unit and within each layer you set order for all defined policies but you may want
to force some polices to never be overridden (No Override) and you may want some containers to not
inherit settings from a parent container (Block Inheritance).

A good definition of each is as follows:

No Override - This prevents child containers from overriding policies set at higher levels

Block Inheritance - Stops containers inheriting policies from parent containers

No Override takes precedence over Block Inheritance so if a child container has Block Inheritance set but
on the parent a group policy has No Override set then it will get applied.

Also the highest No Override takes precedence over lower No Override's set.

To block inheritance perform the following:

1. Start the Active Directory Users and Computer snap-in (Start - Programs - Administrative Tools -
Active Directory Users and Computers)

2. Right click on the container you wish to stop inheriting settings from its parent and select

3. Select the 'Group Policy' tab

4. Check the 'Block Policy inheritance' option

5. Click Apply then OK

To set a policy to never be overridden perform the following:

1. Start the Active Directory Users and Computer snap-in (Start - - Administrative Tools - Active
Directory Users and Computers)

2. Right click on the container you wish to set a Group Policy to not be overridden and select
Properties

3. Select the 'Group Policy' tab

4. Click Options

5. Check the 'No Override' option

6. Click OK

7. Click Apply then OK

RODCs
What new attributes support the RODC Password Replication Policy?
Password Replication Policy is the mechanism for determining whether a user or computer’s credentials
are allowed to replicate from a writable domain controller to an RODC. The Password Replication Policy
is always set on a writable domain controller running SERVER 2008.
The following attributes have been added to the Active Directory schema to expedite the functionality
that is required for RODC caching operations:

 msDS-Reveal-OnDemandGroup. This attribute points to the distinguished name (DN) of the

Allowed List. The credentials of the members of the Allowed List are permitted to replicate to
the RODC.

 msDS-NeverRevealGroup. This attribute points to the distinguished names of security principals

whose credentials are denied replication to the RODC. This has no impact on the ability of these
security principals to authenticate using the RODC. The RODC never caches the credentials of
the members of the Denied List. A default list of security principals whose credentials are denied
replication to the RODC is provided. This improves the security of RODCs that are deployed with
default settings.

 msDS-RevealedList. This attribute is a list of security principals whose current passwords have
been replicated to the RODC.

 msDS-AuthenticatedToAccountList. This attribute contains a list of security principals in the

local domain that have authenticated to the RODC. The purpose of the attribute is to help an
administrator determine which computers and users are using the RODC for logon. This enables
the administrator to refine the Password Replication Policy for the RODC.

How can you clear a password that is cached on an RODC?

There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a
password that is stored on an RODC, an administrator should reset the password in the hub site. This
way, the password that is cached in the branch will no longer be valid for accessing any resources in the
hub site or other branches.

In the branch that contains the RODC on which the password may have been compromised, the
password will still be valid for authentication purposes until the next replication cycle, at which time its
value that is stored on the RODC will be changed to Null. The new password will be cached only after the
user authenticates with it—or the new password is prepopulated on the RODC—and if the PRP has not
been changed.In the event that an RODC is compromised, you should reset the passwords for all
accounts that have cached passwords and then rebuild the RODC.

Can an RODC replicate to other RODCs?

No, an RODC can only replicate from a writable Windows Server 2008 domain controller. In addition,
two RODCs for the same domain in the same site do not share cached credentials. You can deploy
multiple RODCs for the same domain in the same site, but it can lead to inconsistent logon experiences
for users if the WAN to the writeable domain controller in a hub site is offline.

This is because the credentials for a user might be cached on one RODC but not the other. If the WAN to
a writable domain controller is offline and the user tries to authenticate with an RODC that does not
have the user’s credentials cached, then the logon attempt will fail.

What operations fail if the WAN is offline, but the RODC is online in the branch office?
If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub,
the following branch office operations fail:

 Password changes

 Attempts to join a computer to a domain

 Computer rename

 Authentication attempts for accounts whose credentials are not cached on the RODC

 Group Policy updates that an administrator might attempt by running the gpupdate /force
command.

What operations succeed if the WAN is offline, but the RODC is online in the branch office?
If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub,
the following branch office operations succeed:

 Authentication and logon attempts, if the credentials for the resource and the requester are
already cached.

 Local RODC server administration performed by a delegated RODC server administrator.

Will RODC support my Active Directory–integrated application?

Yes, RODC supports an Active Directory–integrated application if the application conforms to the
following rules:

 If the application performs write operations, it must support referrals (enabled by default on
clients).

 The application must tolerate Write outages when the hub is offline.

Does an RODC contain all of the objects and attributes that a writable domain controller contains?
Yes, an RODC contains all the objects that a writable domain controller contains. If you compare the
LDAP store on a writable domain controller to the LDAP store of an RODC, they are identical, except that
the RODC does not contain all of the credentials or attributes that are defined in the RODC filtered
attribute set.
Why does the RODC not have a relative ID (RID) pool?
All writable domain controllers can allocate RIDs from their respective RID pools to create security
principals as needed. Because an RODC cannot create security principals, it cannot provide any RIDs, and
it is never allocated a RIDpool.

Can I list the krbtgt account that is used by each RODC in the domain?
Yes. To list the krbtgt account that is used by each RODC in the domain, type the following command at
a command line, and then press ENTER:
Repadmin /showattr <WritableDcName> <distinguished name of the domain partition> /subtree
/filter:”(&(objectclass=computer)(msDS-Krbtgtlink=*))” /atts:msDS-krbtgtlink

How does the client DNS update referral mechanism work?

Because the DNS server that runs on an RODC cannot directly register client updates, it has to refer the
client to a DNS server that hosts a primary or Active Directory-integrated copy of the zone file. This
server is sometimes referred to as a “writable DNS server.” When a client presents a Find Authoritative
Query, which is the precursor to an update request, the DNS server on the RODC uses the domain
controller Locator to find domain controllers in the closest site.
The RODC then compares the list of domain controllers that is returned with the list of name server (NS)
resource records that it has. The RODC returns to the client the NS resource record of a writable DNS
server that the client can use to perform the update. The client can then perform its update.
If no domain controller in the closest site matches an entry in the list of NS records for the zone, the
RODC attempts to discover any domain controller in the forest that matches an entry in the list.
Suppose that a new client is introduced to a site that has a DNS server running only on an RODC. In this
case, the RODC DNS server tries to replicate the DNS record that the client has tried to update on the
writable DNS server. This occurs approximately five minutes after the RODC provides a response to the
original Find Authoritative Query.
If the DNS client on the RODC attempts a DNS update, a writable domain controller running Windows
Server 2008 is returned so that the RODC can perform the update.

Why doesn’t the KCC on writable domain controllers try to build connections from an RODC?
To build the replication topology, the Knowledge Consistency Checker (KCC) examines the following:

 All the sites that contain domain controllers

 The directory partitions that each domain controller holds

 The cost that is associated with the site links to build a least-cost spanning tree

The KCC determines if there is a domain controller in a site by querying AD DS for objects of the NTDS-
DSA category—the objectcategory attribute value of the NTDS Settings object. The NTDS Settings
objects for RODCs do not have this object category. Instead, they support a new objectcategory value
named NTDS-DSA-RO.
As a result, the KCCs on writable domain controllers never consider an RODC as part of the replication
topology. This is because the NTDS Settings objects are not returned in the query.
However, the KCC on an RODC also needs to consider the local domain controller (itself) to be part of
the replication topology to build inbound connection objects. This is achieved by a minor logic change to
the algorithm that the KCC uses on all domain controllers running Windows Server 2008 that forces it to
add the NTDS Settings object of the local domain controller to the list of potential domain controllers in
the topology. This makes it possible for the KCC on an RODC to add itself to the topology. However, the
KCC on an RODC does not add any other RODCs to the list of domain controllers that it generates.

How does the KCC build inbound connections locally on an RODC when the RODC is supposed to be
read-only?
An RODC is completely read-only from the perspective of external clients, but it can internally originate
changes for a limited set of objects. It permits replicated write operations and a limited set of originating
write operations.

Both the KCC and the replication engine are special “writers” on an RODC. The replication engine
performs replicated write operations on an RODC in exactly the same way as it does on the read-only
partitions of a global catalog server that runs Windows Server 2003. The KCC is permitted to perform
originating write operations of the objects that are required to perform Active Directory replication,
such as connection objects.

Why does an RODC have two inbound connection objects?

This is because File Replication Service (FRS) requires its own pair of connection objects in order to
function correctly. In previous versions of Windows Server, FRS was able to utilize the existing
connection objects between two domain controllers to support its replication of SYSVOL content.

However, because an RODC only performs inbound replication of Active Directory data, a reciprocal
connection object on the writable replication partner is not needed.
Consequently, the Active Directory Domain Services Installation Wizard generates a special pair of
connection objects to support FRS replication of SYSVOL when you install an RODC. The FRS connection
objects are not required by DFS Replication.

How does RODC connection failover work?

If the bridgehead replication partner of an RODC becomes unavailable, the KCC on the RODC builds a
connection to another partner. By default, this happens after about two hours, which is the same for a
writable domain controller. However, the FRS connection object on an RODC must use the same target
as the connection object that the KCC generates on the RODC for Active Directory replication. To achieve
this, the fromServer value on the two connections is synchronized.

However, the trigger for changing the fromServer value on the FRS connection object is not the creation
of the new connection; instead, it is the removal of the old connection. The removal step happens some
hours after the new connection object is created. Consequently, the fromServer value continues to
reference the original partner until the old connection is removed by the KCC.
A side effect of this is that while Active Directory replication works successfully against the new partner,
FRS replication fails during this period. The additional delay is by design—it avoids causing FRS to
perform an expensive VVJoin operation against the new partner, which is unnecessary if the outage of
the original partner is only temporary.

How can an administrator delete a connection object locally on an RODC?

The KCC on an RODC will build inbound connection objects for Active Directory replication. These
objects cannot be seen on other writeable domain controllers because they are not replicated from the
RODC.

You cannot use the Active Directory Sites and Services snap-in to remove these connection objects, but
you can use Ldp.exe or Adsiedit.msc. The KCC on the RODC will then rebuild a connection. This way, you
can trigger redistribution of connection objects across a set of RODCs that have site links to a single hub
site that has multiple bridgehead servers.

How can an administrator trigger replication to an RODC?

You can use the following methods:

1. By running the repadmin /replicate or repadmin /syncall operations.

2. By using the Active Directory Sites and Services snap-in. In this case, you can right-click the
connection object and click Replicate Now.

3. You can use Active Directory Sites and Services on a writable domain controller to create an
inbound replication connection object on any domain controller, including an RODC, even if no
inbound connection exists on the domain controller.This is similar to running a repadmin /add
operation.

How are writable directory partitions differentiated from read-only directory partitions?
This comes from an attribute on the directory partition head called instancetype. This is a bit mask. If bit
3 (0×4) is set, the directory partition is writable. If the bit is not set, the directory partition is read only.

Why can an RODC only replicate the domain directory partition from a domain controller running
Windows Server 2008 in the same domain?
This is how the filtering of secrets is enforced during inbound replication to an RODC. A domain
controller running Windows Server 2008 is programmed not to send secret material to an RODC during
replication, unless the Password Replication Policy permits it. Because a domain controller running
Windows Server 2003 has no concept of the Password Replication Policy, it sends all secrets, regardless
of whether they are permitted.
How does the KCC differentiate between domain controllers running Windows Server 2003 and
domain controllers running Windows Server 2008?
The NTDS-DSA object has an msDS-Behavior-Version attribute. A value of 2 indicates that the domain
controller is running Windows Server 2003. A value of 3 indicates that it is running Windows Server
2008.

Why are built-in groups such as Account Operators and Server Operators specified separately in the
Denied List attribute, but not in the Denied RODC Password Replication Group?
The Allowed RODC Password Replication Group and the Denied RODC Password Replication Group are
domain local groups. Domain local groups cannot contain built-in groups.

What actually happens when you add a user to an Administrator Role Separation role?
The configuration adds entries to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\control\lsa\rodcroles

 Name: 544

 Data type: REG_MULTI_SZ

 Value: S-1-5-21-760266474-1386482297-4237089879-1107

The role is denoted by the entry name—544, for example, is the well known RID for the builtin\
administrators group. Then, each value represents the security identifier (SID) of a user who has been
assigned to the role.

How can an administrator determine the closest site for any given site?

 Look at the site link costs that appear in Active Directory Sites and Services.-or-

 After an RODC is installed successfully in an Active Directory site, run the nltest command
against the RODC.

The following example shows the command and the results:

C:\>nltest /dsgetdc:rodc /server:rodc-dc-02 /try_next_closest_site /avoidself
DC: \\HUB-DC-01
Address: \\2001:4898:28:4:5e1:903a:7987:eea5
Dom Guid: 00e80237-c5ce-4143-b0b8-cfa5c83a5654
Dom Name: RODC
Forest Name: rodc.nttest.contoso.com
Dc Site Name: Hub
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET
The command completed successfully.

Why does %logonserver% have the name of a domain controller in my hub site rather than the RODC
in my site?
If your user account password cannot be replicated to the RODC in your site or if the RODC does not
currently have your password, the Kerberos AS_REQ is forwarded to a hub domain controller that
provides your TGT.
The process that updates the environment variables uses the hub domain controller as the logon server
for the environment variable. The %logonserver% environment variable is not updated for the duration
of that logon session, even though the user is forced to reauthenticate against the RODC.

Password changes are not always “chained” by an RODC. Why?

Some password-change operations, such as a user initiating a password-change request by pressing
Ctrl+Alt+Del, specifically require a writable domain controller. When the client computer detects that
the RODC is not writable, it locates a writable domain controller instead. Other password-change
operations, such as a user’s password expiring and when the user is prompted to change it at logon, do
not specifically require a writable domain controller.

How does a hub domain controller recognize that a request to replicate a password is coming from an
RODC?
The RODC does a bind and calls the “replicate single object” application programming interface (API).
The binding handle shows that it is an RODC account.

Why does an RODC replicate in a cached password both by RSO operation and normal replication?
When a single object is replicated to the RODC in the branch site, the update sequence number (USN)
and the high-water mark are not updated. As a result, the object is replicated to the branch site again at
a later time.

Does an RODC perform password validation forwarding even when it has a password for a user?
Yes, in the case where a user presents a password that does not match what the RODC has stored
locally, the RODC will forward the authentication request. The RODC forwards the request to the
writable Windows Server 2008 domain controller that is its replication partner, which in turn forwards
the request to the PDC emulator if required. If the authentication is validated at the writable Windows
Server 2008 domain controller or the PDC emulator, the RODC will purge the currently stored password
and replicate the new password by RSO operation.

Can you remove the last domain controller in a domain if there are unoccupied (or disabled) RODC
accounts in the domain?
As for all previous versions of Windows Server, it is a requirement that all other domain controllers have
been removed from the domain before you can remove the last domain controller. For Windows Server
2008, this requirement includes the removal of all RODCs and the removal of any precreated but unused
RODC accounts.

What relevant RODC event log entries are there?

If an RODC attempts a Replicate Single Object (RSO) operation to cache a password that the Password
Replication Policy prevents from replicating to the RODC, the hub domain controller that the RODC
contacts logs event ID 1699.
The details for event ID 1699 include:
Log Name: Directory Service
Source: NTDS Replication
Date: 5/2/2006 2:37:39 PM
Event ID: 1699
Task Category: Replication
Level: Error
Keywords: Classic
User: RODC\RODC-DC-02$
Computer: HUB-DC-01
Description:
This directory service failed to retrieve the changes requested for the following directory partition. As a
result, it was unable to send change requests to the directory service at the following network address.
Directory partition:
CN=test10,OU=Branch1,OU=Branches,DC=rodc,DC=nttest,DC=contoso,DC=com
Network address:
c6ef8d14-f015-4cd0-94cc-c7f5c9c834ba._msdcs.rodc.nttest.contoso.com
Extended request code:
7
Additional Data
Error value:
8453 Replication access was denied.
A successful logon logs event ID 4768 on the hub domain controller and on the RODC.
The details of event ID 4768 on the hub domain controller include the following:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/2/2006 3:58:05 PM
Event ID: 4768
Task Category: Kerberos Ticket Events
Level: Information
Keywords: Audit Success
User: N/A
Computer: hub-dc-01.rodc.nttest.contoso.com
Description:
Authentication Ticket Request:
Account Name: test10
Supplied Realm Name: RODC
User ID: S-1-5-21-3503915162-2421288034-2003080229-1128
Service Name: krbtgt
Service ID: S-1-5-21-3503915162-2421288034-2003080229-502
Ticket Options: 0×40810010
Result Code: 0×0
Ticket Encryption Type: 0×17
Pre-Authentication Type: 2
Client Address: 2001:4898:28:4:6182:4acd:65c9:283a
Client Port: 55763
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
At the default Event log settings, no replication event shows that the password has replicated to the
RODC.

Windows Desktop Interview Questions!

How to Enable or Disable the Firewall in Windows XP ?

Enabling the Windows XP firewall

1. Click Start, Settings, Control Panel and open Network Connections.

2. Within the Network Connections window, right-click the Local Area Connection and select
properties.

3. Within the Local Area Connection Properties window, click the Advanced tab.

4. Finally, check the Protect my computer and network by limiting or preventing access to this
computer from the Internet option.

Disabling the Windows XP firewall

1. Click Start, Settings, Control Paneland open Network Connections.

2. Within the Network Connections window, right-click the Local Area Connection and select
Properties.

3. Within the Local Area Connection Properties window, click the Advanced tab.
 4. Finally, uncheck the Protect my computer and network by limiting or preventing access to this
computer from the Internet option.

How would you Start or Stop a Windows Service ?

Logon to Windows with Administrator rights.

Click Start > Control Panel.
Double-click Administrative Tools.
Double-click the Services icon.
Double-click the service that you want to stop or start.
When the Service Properties window appears, do one of the following:

* If the service is running, click Stop the service.

* If the service is not running, click Start the service.

Click OK.

How can you check the IP address of your computer ?

IPCONFIG /ALL

How to access the Windows System Registry ?

Follow the steps to access registry on XP computer.

* Click Start
* Click Run
* Type REGEDIT
* Click OK
* The Registry Editor will now open .

Where are the Temp files located and how would you remove them ?

There are three different places that you can find temporary files on your computer. They are located in
different place in Windows Vista and Windows Xp. In Windows Vista there are three file paths below to
follow to view the temporary files.

C:\Users\Username\AppData\Local\Temp (%temp)

C:\Windows\Temp (temp)

C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files

Name some difference between Windows XP and Windows Vista. What are their System
Requirements ?

The major Differences between Windows Xp & Vista are :

Windows Vista & Windows XP

1. Bitlocker Option available Windows XP has . No Bitlocker option

- Bitlocker drive encryption, Bitlocker on volume Prevents hard drive from hackers.

2. Windows Vista has Windows Defender tool Windows XP has No Windows Defender tool available -
prevents from spyware & unwanted S/W installing on computer.

3. Windows Vista has Parental control Feature Windows XP has No Parental control Feature - This option
enables parents to restrict Children’s which sites, games .software to use & not .

What is Safe Mode ?

Safe mode is an alternate boot method for Windows operating systems that makes it easier to diagnose
problems. The only startup programs loaded are the operating systemand drivers for the mouse,
keyboard, and display modes display. It is often possible to get a system to start in safe mode when it
won't start normally. To start in safe mode, press the F8 key while the system is booting and select "safe
mode" (or the safe mode option you want) from the menu that appears.

What is a MODEM ?
A modem is a Modulator and Demodulator. It's like a bridge between computer and ordinary telephone
lines. Telephone lines only accept analog signals but computers only accept digital (binary) signals so
modems help link them. Routers then emit the digital signal.

a modem is a device that modulates an analog carrier signal to incode digital information.

Note: There are comments associated with this question. See the discussion page to add to the
conversation.

What is SMPS ?
Switch Mode Power Supplies are the current state of the art in high efficiency power supplies.
Conventional series-regulated linear power supplies maintain a constant voltage by varying their
resistance to cope with input voltage changes or load current demand changes. The linear regulator can,
therefore, tend to be very inefficient. The switch mode power supply, however, uses a high frequency
switch (in practice a transistor) with varying duty cycle to maintain the output voltage. The output
voltage variations caused by the switching are filtered out by an LC filter.
What is SDRAM ?
Short for Synchronous DRAM, a type of DRAM that can run at much higher clock speeds than
conventional memory. SDRAM actually synchronizes itself with the CPU's bus and is capable of running
at 133 MHz, about three times faster than conventional FPM RAM, and about twice as fast EDO DRAM
and BEDO DRAM. SDRAM is replacing EDO DRAM in many newer computers.

What is an Operating System?

An operating system is a program that controls the normal functions of your computer. There are two
mainstream operating systems today - Windows and MacOS.

There are different versions of both operating systems, and it is important to determine which one you
have before we can assist you.

If you have a Macintosh, go to the Finder (or click on the desktop in OS X). Select the Apple Menu, and
choose About This Macintosh or About This Computer. The operating system version your computer is
running will be displayed on the window that pops up. Mac OS X versions include 10.0, 10.1, 10.2, 10.3,
10.4 and 10.5.

If you have a PC, chances are you are running some form of Windows. If your computer starts up with a
splash screen that says "Windows Vista" and have a round Start Button, then you are running Windows
Vista. Other versions of Windows, identified by their splash screens, include Windows 98, Windows NT,
Windows 2000, Windows Me, Windows XP, Windows Vista and Windows 7.

Name a few ports in your computer ?

USB, IEEE 1394 ps/2 PS/2 ethernet port lpti vga line in microphone gamejack.

What is Last Known Good Configuration ?

The Last Known Good configuration" is one of the methods which are used to repair our computer
system. In this method a restore of data from the backup is not required. This "last known good
configuration" is a backup replica of the existing configuration which is stored on the registry key
"HKLM\System\CurrentControlSet". This registry key is always updated whenever the system is shut
down by the user after successfully and effectively logging on. Our system can be repaired by restoring
information from this updated registry key. For instance in case when we install some driver which
causes our operating system not to be loaded, this type of repair is helpful and useful.
So it is a very good practice to repair our system without any loss. So whenever we see our operating
systemfails to load, simply press F8 and when the message "please select the operating system to start"
appears, just select the Last Known Good Configuration. This option can be seen under the "Windows
Advanced Options Menu". The Last Known Good Configuration is only useful in the case if we have not
logged on yet. Whenever we logon and then shut down or even restart, all of the current configurations
always become the "Last Known Good Configuration".
What is windows Device Manager ?
Device Manager is an extension of the Microsoft Management Console that provides a central and
organized view of all the Microsoft Windows recognized hardware installed in a computer.

Device Manager is used to manage the hardware devices installed in a computer like hard disk drives,
keyboards, sound cards, USB devices, and more.

What is MSConfig ?
msconfig.exe is a file which helps to edit and administer text configuration files such as win.ini and
autoexec.bat.

Msconfig is used to control what programs and services start with your computer. Its very helpful in
troubleshooting startup problems as well as poor performance and getting rid of spyware and viruses.

What is the Blue Screen of Death and what could be it's causes ?
Sometimes bad or flaky memory (RAM memory, not your hard drive) can cause seemingly random
system crashes. If you have just the right combination of programs open and system memory in use, and
your computer tries to access a "bad spot" on a RAM chip, the results can be unpredictable. Or they can
be the Blue Screen of Death. You can try replacing your RAM sticks one at a time to see if the problem
goes away. This involves opening up the system unit and looking at scary wires and stuff, so for some
people just living with the problem may be a workable option.

More likely, you have a software problem. Some programs just don't get along... they trample on each
other's memory spaces and confusion (or the BSOD) results. And it seems that Windows just gets old
and cranky the longer you have it installed. You may solve the problem by using the System File Checker,
or if all else fails, by
re-installing the Windows operating system and/or your software packages. If the problem seems to be
limited to one particular program, try re-installing just that one first.

Spyware or a computer virus can also make strange things happen.

What is Cold Boot and Warm Boot ?

A cold boot means turning it on from a powered-down state. A warm boot is pressing the restart button
when the computer is already on.

What does X mean in the term 16X on the CD/DVD ROM ?

"x" = speed; i.e. 48 speed CD-ROM. Refers to how quickly the drive will read the disk. same deal for
writing to disks. Speed increased incrementally from single speed (1X) CD-ROM. On a burner, it'll say for
example 4X4X8, which would be 4 speed write, 4 speed rewrite, 8 speed read (I may have write &
rewrite backwards). Those are always max speeds, doesn't necessarily mean the rated speed is constant.

What are PCI Slots?

A PCI slot is used to add extension cards to a machine. The PCI world is somewhat of a mess right now.
There are at least TEN different types of PCI sockets in use!

* Original PCI.
* Wide PCI.
* Fast/wide PCI.
* Fast/wide 3.3-volt PCI.
* PCI-X.
* Narrow PCI-X.
* PCI-Express x1.
* PCI-Express x4.
* PCI-Express x8.
* PCI-Express x16.

Today, mainly the x16 is used for Graphic cards, and PIC is used to connect network cards.

What are the types of Printers?

Dot matrix printers, Characters printer, Ink jet printers, Laser printers .

What is the difference between DDR1, DDR2 and DDR3 memories ?

# DDR stands for Double Data Rate. Like SDRAM, it operates at the rate of the computer's clock cycle.
However, unlike SDRAM, it can transfer data twice per clock cycle. It does this by using the rising and
falling edges of the clock signal, also known as "double pumping" and employing a prefetch buffer
capable of accessing two datawords at a time. This means that it can store and move a value in the same
amount of time it takes SDRAM to do one or the other, effectively doubling the memory's speed.

# DDR2 also utilizes the same double pumping technique as DDR. It achieves performance gains by using
a prefetch buffer that retrieves four datawords per memory access. This allows it to transfer data four
times per clock cycle (compared to twice in the case of DDR). According to Bit-Tech.com, its improved
efficiency allows it to consume less power than DDR.

# Like all other forms of DDR, DDR3 transfers data twice per clock cycle. However, its prefetch buffer can
access eight datawords at a time, according to Benchmark Reviews. Thus, it can transfer data eight times
per clock cycle, giving it a maximum data transfer rate twice that of DDR2 while using less power.

What are the types of Hard-disk drives ?

Disk drive technologies have advanced quickly over recent years, making terabytes of storage available
at reasonable cost. When researching the type of hard disk storage system appropriate for your needs,
keep in mind the format and data rate of the video you’re capturing. Depending on whether you work as
an independent video editor or collaborate with others, the amount of storage you require and the bit
rate of data transfer will be important factors to match up with your storage needs. Outlining all of the
hard disk storage technologies is beyond the scope of this documentation, but four common choices
include:
* ATA
* FireWire
* SCSI
* RAID and Fibre Channel

What is Disk Cleanup?

Disk Cleanup is a feature of Windows that enables a user to delete system / junk files safely.
For example, by using the disk cleanup feature, you can free up a considerable amount of space on your
pc, like getting rid of TIF (Temporary Internet Files) and other 'useless', and not required, files.

What is Disk Defragmentation?

Disk defragmentation describes the process of consolidating fragmented files on your computer's hard
disk.

Fragmentation happens to a hard disk over time as you save, change, or delete files. The changes that
you save to a file are often stored at a location on the hard disk that's different from the original file.
Additional changes are saved to even more locations. Over time, both the file and the hard disk itself
become fragmented, and your computer slows down as it has to look in many different places to open a
file.

Disk Defragmenter is a tool that rearranges the data on your hard disk and reunites fragmented files so
your computer can run more efficiently. In this version of Windows, Disk Defragmenter runs on a
schedule so you don't have to remember to run it, although you can still run it manually or change the
schedule it uses.

What would you do if a PC is not turning on ?

First Check the Power cables and power supply.

What is the latest Operating System ?

Windows 7.

What is a Heat Sink ?

A component designed to lower the temperature of an electronic device by dissipating heat into the
surrounding air. All modern CPUs require a heat sink. Some also require a fan. A heat sink without a fan
is called a passive heat sink; a heat sink with a fan is called an active heat sink. Heat sinks are generally
made of an aluminum alloy and often have fins.

What is the difference between SATA and PATA Hard-Disk Drives?

Serial ATA and Parallel ATA are both specialized interface and data transfer devices, that are used in
computers to connect peripheral storage devices. Both serve the same purpose of data transfer but
differ in their basic technology, speed of performance and therefore their niche applications these days.

What would you do if your system is running slow ?

1.Empty Recycle Bin.
2.Empty Windows Temp folder.
3.Run Scandisk.
4.Run Defragmenter.
5.Full System Virus scan.

What are Plug & Play devices ?

They are peices of computer hardware that already have the software for them in you system. simply
put, you just have to plug it in and you computer does the rest.

What are Device Drivers?

Device drivers are small files that act like “liaisons” between hardware in a computer system and the
operating system (OS). Hardware requires device drivers so that the OS can “see” the devices and
handle them effectively and efficiently.

Difference between IE6 & IE7 ?

ie 6-security issuse are less
ie 7-security issuse are more.

ie 6-tabbed browsing is not there

ie 7-tabbed browsing is available.

ie 6-no advanced printing.

ie 7- advanced printing.

ie 6-no phishing filter.

ie 7-phishing filter available.

ie 6-no tool bar search box.

ie 7- tool bar search box.

ie 6-no advanced delete history.

ie 7-advanced delete browing history option.

ie 6-no page zoom.

ie 7-page zoom.

ie 6-no add-ons disable mode

ie 7-add-ons disable mode.

What is the difference between a Serial and a Parallel Port ?

Basically a serial port sends and receives data 1 'bit' at a time over a single wire, while a parallel port
sends the data a 'byte' at a time over several wires simultaneously.

Explain the Windows XP Boot Process ?

1.First is the POST, this stands for Power On Self Test, for the computer. This process tests memory as
well as a number of other subsystems. You can usually monitor this as it runs each test. After that is
complete the system will run POST for any device that has a BIOS (Basic Input-Output System). An AGP
has its own BIOS, as do some network cards and various other devices.

2.Once the POST is complete and the BIOS is sure that everything is working properly, the BIOS will then
attempt to read the MBR (Master Boot Record). This is the first sector of the first hard drive (called the
Master or HD0). When the MBR takes over it means that Windows is now in control.

3.The MBR looks at the BOOT SECTOR (the first sector of the active partition). That is where NTLDR is
located, NTLDR is the BOOT LOADER for Windows XP. NTLDR will allow memory addressing, initiate the
file system, read the boot.ini and load the boot menu. NTLDR has to be in the root of the active partition
as do NTDETECT.COM, BOOT.INI, BOOTSECT.DOS (for multi-OS booting) and NTBOOTDD.SYS (if you have
SCSI adapters)

4.Once XP is selected from the Boot Menu, NTLDR will run NTDETECT.COM, BOOT.INI and
BOOTSECT.DOS to get the proper OS selected and loaded. The system starts in 16-bit real mode and
then moves into 32-bit protected mode.

5.NTLDR will then load NTOSKRNL.EXE and HAL.DLL. Effectively, these two files are windows XP. They
must be located in %SystemRoot%System32.

6.NTLDR reads the registry, chooses a hardware profile and authorizes device drivers, in that exact
order.

7.At this point NTOSKRNL.EXE takes over. It starts WINLOGON.EXE that in turn starts LSASS.EXE, this is
the program that display the Logon screen so that you can logon.

What do you know about the PING Command ?

Pinging is a command which tells you if the connection between your computer and a particular domain
is working correctly.

Eg : C:\Administrator\>Ping 192.168.1.100 or Ping techiebird.com

What are the different types of RAMs ?

There are main types of RAM: SDRAM, DDR and Rambus DRAM.
SDRAM (Synchronous DRAM)
Almost all systems used to ship with 3.3 volt, 168-pin SDRAM DIMMs. SDRAM is not an extension of
older EDO DRAM but a new type of DRAM altogether. SDRAM started out running at 66 MHz, while
older fast page mode DRAM and EDO max out at 50 MHz. SDRAM is able to scale to 133 MHz (PC133)
officially, and unofficially up to 180MHz or higher. As processors get faster, new generations of memory
such as DDR and RDRAM are required to get proper performance.

DDR (Double Data Rate SDRAM)

DDR basically doubles the rate of data transfer of standard SDRAM by transferring data on the up and
down tick of a clock cycle. DDR memory operating at 333MHz actually operates at 166MHz * 2 (aka
PC333 / PC2700) or 133MHz*2 (PC266 / PC2100). DDR is a 2.5 volt technology that uses 184 pins in its
DIMMs. It is incompatible with SDRAM physically, but uses a similar parallel bus, making it easier to
implement than RDRAM, which is a different technology.

Rambus DRAM (RDRAM)

Despite it's higher price, Intel has given RDRAM it's blessing for the consumer market, and it will be the
sole choice of memory for Intel's Pentium 4. RDRAM is a serial memory technology that arrived in three
flavors, PC600, PC700, and PC800. PC800 RDRAM has double the maximum throughput of old PC100
SDRAM, but a higher latency. RDRAM designs with multiple channels, such as those in Pentium 4
motherboards, are currently at the top of the heap in memory throughput, especially when paired with
PC1066 RDRAM memory.

DIMMs vs. RIMMs

DRAM comes in two major form factors: DIMMs and RIMMS.

DIMMs are 64-bit components, but if used in a motherboard with a dual-channel configuration (like with
an Nvidia nForce chipset) you must pair them to get maximum performance. So far there aren't many
DDR chipset that use dual-channels. Typically, if you want to add 512 MB of DIMM memory to your
machine, you just pop in a 512 MB DIMM if you've got an available slot. DIMMs for SDRAM and DDR are
different, and not physically compatible. SDRAM DIMMs have 168-pins and run at 3.3 volts, while DDR
DIMMs have 184-pins and run at 2.5 volts.

RIMMs use only a 16-bit interface but run at higher speeds than DDR. To get maximum performance,
Intel RDRAM chipsets require the use of RIMMs in pairs over a dual-channel 32-bit interface. You have
to plan more when upgrading and purchasing RDRAM.

What are the important port numbers in Windows ?

HTTP ———- 80

FTP ———— 20,21

TelNet ———- 23

SMTP ———- 25

DNS ———– 53

TFTP ———– 69

SNMP ———- 161

RIP ————- 520

IMAP 4——— 143

IMAP 3 ——— 220

RPC ———— 135

LDAP ———- 389

Net Stat ——– 15

WINS ———- 42

BootP ———- 67

DHCP ———- 68

POP2 ———- 109

POP3 ———- 110

Net BIOS —— 139

SSL(HTTPS) — 443

SQL Server —- 1433

NFS ———— 2049

SSH ———— 22

RAP ———– 38

BGP ———– 179

Windows Vista Interview Questions !

How to close UAC ?

Control Panel—User account—Open or close user account control—Cancel using User Account Control
(UAC) to help protect your computer.

How to cancel CTRL+ALT+DEL combination login when start up machine ?

Control Panel—Management tools—Local security policies—Security options—Interactive login: start
without pressing CTRL+ALT+DEL

How to cancel the shutdown reason option when turn off machine ?
Start—Run pgedit.msc—Computer Configuration—Administrative Template—System—Display “Close
Event Track program”—Disabled.

How to realize auto login ?

Start—Run—Enter command “rundll32 netplwiz.dll,UsersRunDll” to open account window, first choose
the account to auto login, and choose the checkbox “to use the computer, user must enter password”,
and then keyed the password for this account (precondition is to turn off UAC).

How to cancel the default sharing each time when machine starts up ?
import the content below into the registry, and then restart the computer (precondition is to close
UAC):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Lanmanserver\Parameters]
"AutoShareServer"=dword:00000000

How to cancel the advanced IE security configuration ?

Server manager—Security information—Configure IE ESC—Choose to disable the administrator and user
on the prompt window.

How to start Vista theme ?

1) Server manager—Function Abstract—Add functions—Choose to install dekstop experience.
2) Start Themes service, and set up auto start type.
3) Right click on desktop—Individuation—Themes—Choose related Vista theme.

How to start vidicon, camera or scanner or other devices ?

Start Windows Image Acquisition (WIA) serivce and set auto start type.

How to start the hardware acceleration of the graphic card ?

A: right click on desktop—individuation—Display setup—Advanced setup—Difficulty Explanation—
Modify settings—Hardware accelerate—Full. Then run dxdiag, open display option card and you will find
DirectX function has already been started all.

After starting ICF, how to visit each other in LAN ?

A: start from the next points:
Local connecton—right-click property—cancel Internet protocol version 6, shorten validation time.
Check up if the workgroup name of each machine accord.
Check up if machine’s IP is at the same network segment, such as 192.168.1.X.
Network and share center—network connection—customize—set the position type as special to lower
protection.
Network and share center—share and discover—network discover starts, file share starts, passwork
protection share closes.

How to set IE browser proxy ?

Open IE toolbar Internet option—connection—choose the dial connection in “dial and virtual special
network setup” to connect—setup, on the page of “Setup”, choose “Use proxy server for this
connection” and then fill the “Address” column the proxy server address and port, then click OK.

“Computer” icon on desktop disappear, how to recover it ?

Right click on desktop—Individuation—modify desktop icon.
How to quick copy file, folder path ?
A: press Shift key, right click the path of the file, folder or shortcut you want to copy, and on the prompt
menu there’s an item , copy it as path (A), then you could copy the paths of the file and folder.

What is the shortcut of reverse select ?

Alt+E, on the prompt menu press I.

How to change the size of the icon on dekstop ?

Ctrl+mouse trolley or right click desktop—view—classic icons

How to check system admission information ?

run slmgr.vbs –dlv.

Some application couldn’t run, what to do ?

Try to modify data and execute protection setup, control panel—system—advanced system setup—
advanced-performance—setup—data executive protection—start DEP fro all programs and services
except the programs selected, and add the applications.

How to modify default storage positon of user document ?

Start menu—Document—right click properties—position option card, modify to user-defined path.

How to turn off hibernation function ?

A: right click on desktop—individuation—screen saver—modify power setup—modify computer’s sleep
time—set never to let computer enter sleep state.

How to delete hibernation file completely ?

Right click system drive—properties—general—defragment—choose hibernate file cleaner—OK.

The power button in start menu is set to “shut down” by default, how to change to “Hibernate”?
Control panel—power options—choose “Preferred plan”—modify plan setup—modify advanced power
setup, on the prompt setup window, find “Power button and cover”—“Start” menu power button—
Setup—hibernate, press OK.

How to use 3D to switch programs ?

With Aero appearance started, Win+Tab combination could use 3D way to switch programs,
Win+Ctrl+Tab could let program 3D window stay on desktop temporarily.

How to clear the history of recent opened documents when exit system ?
Start—Run gpedit.msc—User configuration—Administrative Template—[Start] menu and taskbar—clear
the history of recent opened documents when exit system, set it enabled.

With sound card driver installed, why the sound card is still disabled ?
Start Windows Audio service, and set auto start type.
Hardware RAID Levels
RAID Minimum Description Strengths Weaknesses
Level Number
of Drives

RAID 0 2 Data striping Highest performance No data protection; One

without drive fails, all data is lost
redundancy

RAID 1 2 Disk mirroring Very high performance; High redundancy cost

Very high data overhead; Because all data is
protection; Very minimal duplicated, twice the storage
penalty on write capacity is required
performance

RAID 2 Not used in No practical use Previously used for RAM No practical use; Same
LAN error environments performance can be
correction (known as achieved by RAID 3 at lower
Hamming Code ) and in cost
disk drives before the use
of embedded error
correction

RAID 3 3 Byte-level data Excellent performance Not well-suited for

striping with for large, sequential data transaction-oriented
dedicated parity requests network applications; Single
drive parity drive does not support
multiple, simultaneous read
and write requests

RAID 4 3 (Not Block-level data Data striping supports Write requests suffer from
widely used) striping with multiple simultaneous same single parity-drive
dedicated parity read requests bottleneck as RAID 3; RAID 5
drive offers equal data protection
and better performance at
same cost

RAID 5 3 Block-level data Best cost/performance Write performance is slower

striping with for transaction-oriented than RAID 0 or RAID 1
distributed parity networks; Very high
performance, very high
data protection; Supports
multiple simultaneous
 reads and writes; Can
also be optimized for
large, sequential requests

RAID 0/1 4 Combination of Highest performance, High redundancy cost

RAID 0 (data highest data protection overhead; Because all data is
striping) and RAID (can tolerate multiple duplicated, twice the storage
1 (mirroring) drive failures) capacity is required;
Requires minimum of four
drives

Shares the same fault

High redundancy cost
tolerance as RAID 1 (the
Combination of overhead; Because all data is
basic mirror), but
RAID 1 (mirroring) duplicated, twice the storage
RAID 1/0 4 compliments said fault
and RAID 0 (data capacity is required;
tolerance with a striping
striping) Requires minimum of four
mechanism that can yield
drives
very high read rates

RAID 0

RAID 1

RAID 5
Windows Server 2008 Editions, Features and System Requirements
Before embarking on the installation of Windows Server 2008, it is important to first gain an
understanding of the different editions available and the corresponding hardware requirements. It is
also important to be aware of the upgrade options available with each edition. With this objective in
mind, this chapter will focus on providing an overview of both the different Windows Server 2008
editions and the recommended hardware requirements.

1. Windows Server 2008 Standard Edition.

2. Windows Server 2008 Enterprise Edition.
3. Windows Server 2008 Datacenter Edition.
4. Windows Web Server 2008.
5. Windows Server 2008 for Itanium Based Systems.

Windows Server 2008 Standard Edition

Windows Server 2008 Standard is one of Microsoft's entry level server offerings (alongside Windows
Web Server 2008) and is one of the least expensive of the various editions available. Both 32-bit and 64-
bit versions are available, and in terms of hardware Standard Edition supports up to 4GB of RAM and 4
processors.

Windows Server 2008 is primarily targeted and small and mid-sized businesses (SMBs) and is ideal for
providing domain, web, DNS, remote access, print, file and application services. Support for clustering,
however, is notably absent from this edition.An upgrade path to Windows Server 2008 Standard is
available from Windows 2000 Server and Windows Server 2003 Standard Edition.

Windows Server 2008 Enterprise Edition

Windows Server 2008 Enterprise Edition provides greater functionality and scalability than the Standard
Edition. As with Standard Edition both 32-bit and 64-bit versions are available. Enhancements include
support for as many as 8 processors and up to 64GB of RAM on 32-bit systems and 2TB of RAM on 64-bit
systems.

Additional features of the Enterprise edition include support for clusters of up to 8 nodes and Active
Directory Federated Services (AD FS).
Windows Server 2000, Windows 2000 Advanced Server, Windows Server 2003 Standard Edition and
Windows Server 2003 Enterprise Edition may all be upgraded to Windows Server 2008 Enterprise
Edition.

Windows Server 2008 Datacenter Edition

The Datacenter edition represents the top end of the Windows Server 2008 product range and is
targeted at mission critical enterprises requiring stability and high uptime levels. Windows Server 2008
Datacenter edition is tied closely to the underlying hardware through the implementation of custom
Hardware Abstraction Layers (HAL). As such, it is currently only possible to obtain Datacenter edition as
part of a hardware purchase.

As with other versions, the Datacenter edition is available in 32-bit and 64-bit versions and supports
64GB of RAM on 32-bit systems and up to 2TB of RAM on 64-bit systems. In addition, this edition
supports a minimum of 8 processors up to a maximum of 64.
Upgrade paths to Windows Server 2008 Datacenter Edition are available from the Datacenter editions of
Windows 2000 and 2003.

Windows Web Server 2008

Windows Web Server 2008 is essentially a version of Windows Server 2008 designed primarily for the
purpose of providing web services. It includes Internet Information Services (IIS) 7.0 along with
associated services such as Simple Mail Transfer Protocol (SMTP) and Telnet. It is available in 32-bit and
64-bit versions and supports up to 4 processors. RAM is limited to 4GB and 32GB on 32-bit and 64-bit
systems respectively.

Windows Web Server 2008 lacks many of the features present in other editions such as clustering,
BitLocker drive encryption, multipath I/O, Windows Internet Naming Service (WINS), Removable Storage
Management and SAN Management.

Features
Now that we have covered in general terms the various different editions of Windows Server 2008 we
can now look in a little more detail at a feature by feature comparison of the four different editions. This
is outlined in the following feature matrix:

Enterpris Datacente Standar We Itaniu

Feature e r d b m

ADFS Web Agent Yes Yes Yes No No

Directory uIDM Yes Yes Yes No No

Desktop Experience Yes Yes Yes Yes No

Windows Clustering Yes Yes No No Yes

Windows Server Backup Yes Yes Yes Yes Yes

Windows Network Load Balancing (WNLB) Yes Yes Yes Yes Yes

Simple TCP/IP Services Yes Yes Yes No Yes

SMTP Yes Yes Yes Yes No

Subsystem for Unix-Based Applications (SUA) Yes Yes Yes No Yes

Telnet Client Yes Yes Yes Yes Yes

Telnet Server Yes Yes Yes Yes Yes

Microsoft Message Queuing (MSMQ) Yes Yes Yes No Yes

RPC Over HTTP Proxy Yes Yes Yes No Yes

Windows Internet Naming Service (WINS) Yes Yes Yes No No

Wireless Client Yes Yes Yes No No

Windows System Resource Manager (WSRM) Yes Yes Yes Yes Yes

Simple SAN Management Yes Yes Yes No No

LPR Port Monitor Yes Yes Yes No No

The Windows Foundation Components for

Yes Yes Yes Yes Yes
WinFX

BITS Server Extensions Yes Yes Yes No Yes

iSNS Server Service Yes Yes Yes Yes No

BitLocker Drive Encryption Yes Yes Yes No Yes

Multipath IO Yes Yes Yes No Yes

Removable Storage Management Yes Yes Yes No Yes

TFTP Yes Yes Yes No Yes

SNMP Yes Yes Yes Yes Yes

Server Admin Pack Yes Yes Yes Yes No

RDC Yes Yes Yes No Yes

Peer-to-Peer Name Resolution Protocol Yes Yes Yes Yes Yes

Recovery Disk Yes Yes Yes Yes Yes

Windows PowerShell Yes Yes Yes Yes Yes

System Requirements
Before investing time and resources into downloading and installing Windows Server 2008, the first step
is to gain an appreciation of the hardware requirements necessary to effectively run the operating
system. The following table provides an overview of Microsoft's recommended minimum hardware:

Minimum / Recommended Requirements

Category

Processor • Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)

• Recommended: 2GHz or faster
Note: For Itanium based systems an Intel Itanium 2 processor is required.

Memory • Minimum: 512MB RAM

• Recommended: 2GB RAM or greater
• Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter)
• Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and
Itanium-Based Systems)

Available Disk • Minimum: 10GB

Space • Recommended: 40GB or greater
Note: Systems with RAM in excess of 16GB will require greater amounts of disk space
to accommodate paging, hibernation, and dump files

Drive DVD-ROM drive

Display and • Super VGA or greater-resolution monitor (800x600)

Peripherals • Keyboard
• Microsoft Mouse or compatible pointing device

As with the specified system requirements for all Windows systems it is best to aim for the
Recommended values rather than the Minimumvalues to ensure acceptable levels of performance. For
example, whilst it is possible to run Windows Server 2008 in 512Mb of RAM it is unlikely that
performance levels will be optimal with such a configuration.

Hardware requirements for installing Windows Server 2008:

Component Requirement

Processor • Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor) • Recommended: 2GHz or
 faster Note: An Intel Itanium 2 processor is required for Windows Server 2008 for
Itanium-based Systems

Memory • Minimum: 512MB RAM • Recommended: 2GB RAM or greater • Maximum (32-bit
systems): 4GB (Standard) or 64GB (Enterprise and Datacenter) • Maximum (64-bit
systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-based Systems)

Available Disk • Minimum: 10GB • Recommended: 40GB or greater Note: Computers with more than
Space 16GB of RAM will require more disk space for paging, hibernation, and dump files

Drive DVD-ROM drive

Understanding Windows Server 2008 Server Core

A Server Core installation provides a minimal environment for running specific server roles, which
reduces the maintenance and management requirements and the attack surface for those server roles.
A server running a Server Core installation supports the following server roles:

 Active Directory Domain Services (AD DS)

 Active Directory Lightweight Directory Services (AD LDS)

 DHCP Server

 DNS Server

 File Services

 Print Services

 Streaming Media Services

 Internet Information Services (IIS)

 Windows Virtualization

In Windows Server 2008, Server Core installation does not include the traditional full graphical user
interface (GUI). You can read more about how to locally and remotely manage Server Core machines by
reading the list of articles available below.

This is, in a way, revolutionizing the way Microsoft is looking at GUI-based administration, a step
enforced by other means such as Windows PowerShell and Microsoft Exchange Server 2007, all allowing
strong command line management capabilities.
There are, alas, some GUI tools you might want to use in Server Core. Some of these include:
Task Manager:

Notepad (stripped down):

Time, Date, and Time Zone Control Panel applet:

Regional Settings Control Panel applet:

What's new in the Server Core installation option?

The Server Core installation option of Windows Server 2008 requires initial configuration at a command
prompt. A Server Core installation does not include the traditional full graphical user interface. Once you
have configured the server, you can manage it locally at a command prompt or remotely using a
Terminal Server connection. You can also manage the server remotely using the Microsoft Management
Console (MMC) or command-line tools that support remote use.

Benefits of a Server Core installation

The Server Core installation option of Windows Server 2008 provides the following benefits:

 Reduced maintenance - Because the Server Core installation option installs only what is
required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File
Services, Print Services, and Streaming Media Services roles, less maintenance is required than
on a full installation of Windows Server 2008.

 Reduced attack surface - Because Server Core installations are minimal, there are fewer
applications running on the server, which decreases the attack surface.

 Reduced management - Because fewer applications and services are installed on a server
running the Server Core installation, there is less to manage.
  Less disk space required - A Server Core installation requires only about 1 gigabyte (GB) of disk
space to install and approximately 2 GB for operations after the installation.

 Lower risk of bugs - Reducing the amount of code can help reduce the amount of bugs.

Issues with Server Core installation and upgrading from previous versions

Since Server Core is a special installation of Windows Server 2008, the following limitations are present:

 There is no way to upgrade from a previous version of the Windows Server operating system to
a Server Core installation. Only a clean installation is supported.

 There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core
installation. Only a clean installation is supported.

 There is no way to upgrade from a Server Core installation to a full installation of Windows
Server 2008. If you need the Windows user interface or a server role that is not supported in a
Server Core installation, you will need to install a full installation of Windows Server 2008.

Server Core versions

Server Core comes in Standard, Enterprise and Datacenter editions for i386 and x64 platforms. Most
companies will probably go for the Standard edition because most of the differences found in the
Enterprise and Datacenter editions of Windows Server 2008 won't be present in Server Core. The
Enterprise Server Core will, however, allow you to utilize more processor and memory support, as well
as clustering. Datacenter adds the whole Datacenter hardware program and 99.999 percent reliability

Windows Server Core Installation

Server Core Prerequisites

Before installing Server Core you will need the following:

 The original Windows Server 2008 or 2008 R2 installation media.

 If you are using Windows Server 2008 you will need a valid product key (installation can be
completed on Windows Server 2008 R2 without a product key).

 A machine for the clean Server Core installation (note that there is currently no upgrade option
for Server Core – only a new clean installation is available).

 There is no way to upgrade from a . Only a clean installation is supported.

 There is no way to upgrade from a Server Core installation to a full installation of Windows
Server 2008. If you need the Windows® user interface or a server role that is not supported in a
Server Core installation, you will need to install a full installation of Windows Server 2008.
Note that the only option for installing Server Core is a new clean installation, it is not possible to
upgrade from a full installation of Windows Server 2008 to a Server Core installation nor is it possible to
upgrade from any previous version of Windows Server to Server Core.

Installation Method 1 – Manually Install Server Core.

Follow the below procedure to install Server Core:

1. Insert the Windows Server 2008 installation media in the DVD drive.

2. The auto-run dialog will appear, click Install Now.

3. Follow the stepped instructions to complete the Server Core Setup.

4. When Setup has completed, hit CTRL+ALT+DELETE, click Other User, then type Administrator
with a blank password, and hit ENTER. You will then be prompted to create a password for the
Administrator account, and the installation will then be complete.

In Windows Server 2008 R2the setup procedure no longer prompts you for a product key. You should
enter a product key using slmgr.vbs prior to activating the installation.

Installation Method 2 - Use a Unattend File for Installing Server Core.

The manual install is a simple process, but using an unattend file for the Server Core installation allows
you to do a lot of the initial configuration tasks during the setup. An unattended Server Core installation
has the following benefits:

 No need to perform the initial configuration by subsequently using command-line tools.

 The settings to enable remote administration can be included in the unattend file in the
unattend file.

 Settings which cannot be easily changed such as the display resolution can be set.

Follow the below procedure to install Server Core using an unattend file:

1. Create an .xml file named Unattend.xml using a simple text editor or Windows System Image
Manager.

2. Copy your Unattend.xml file to a local drive or a shared network drive.

3. Boot the machine to Windows Preinstallation Environment (Windows PE), Windows Server
2003, or Windows XP.

4. Insert the disk with the Server Core installation of Windows Server 2008 or 2008 R2 into the
drive. (just hit Cancel is the auto-run Setup window opens).

5. In the command prompt, change to the drive containing the installation disk.
 6. Enter the below command at the command prompt:
setup /unattend:<path>\unattend.xml
where path is the path to theUnattend.xml file.

7. Allow the Setup process to complete.

Windows Server 2008 Command Line Tools

Windows Server 2008 provides the user with the option to execute commands from a command-prompt
window. This chapter of Windows Server 2008 Essentials is intended to provide an overview of the
different commands currently provided in the command-prompt.

Command Line Tools Summary

Command Description

Display and modify the IP to physical address translation tables used by the Address
Arp
Resolution Protocol (ARP).

Assoc Display and modify file extension associations.

Attrib Display and change file attributes.

Break Configure extended Ctrl-C checking.

Bcdedit Configure properties in name database to control boot loading.

Cacls Display or modify access control lists of files.

Call Call a script or script label as a procedure.

CD/Chdir Display the name of or changes the current directory.

Chcp Display or set the active code page number.

Chkdsk Check a disk for errors and display a report.

Display the status of volumes. Set or exclude volumes from automatic system checking
Chkntfs
during system boot.

Choice Create a selection list from which users can select a choice in batch scripts.

Cls Clear the console window.

Cmd Start a new instance of the Windows command shell.

Color Set the colors of the command-shell window.

Comp Compare the contents of two files or sets of files.

Compact Display or modify the compression of files or sets of files.

Convert Convert FAT volumes to NTFS.

Copy Copy or combine files.

Date Display or set the system date.

Del Delete one or more files.

Dir Display a list of files and subdirectories within a directory.

Diskcomp Compare the contents of two floppy disks.

Diskcopy Copy the contents of one floppy disk to another.

Invoke a text-mode command interpreter so that you can manage disks, partitions,
Diskpart and volumes using a separate command prompt and commands that are internal to
Diskpart.

Doskey Edit command lines, recall Windows commands, and create macros.

Driverquery Display the current device driver properties and status.

Echo Display messages, or turns command echoing on or off.

Endlocal End localization of environment changes in a batch file.

Erase See Del.

Exit Exit the command interpreter.

Expand Uncompress files.

FC Compare two files and display the differences between them.

Find/Findstr Search for a text string in files.

For Run a specified command for each file in a set of files.

Format Format a floppy disk or hard drive.

Fsutil File system utility - displays and configures file system properties.
Ftp Transfer files.

Ftype Display or modify file types used in file extension associations

Goto Direct the Windows command interpreter to a labeled line in a script.

Gpresult Display Group Policy information for a machine or user.

Graftabl Enable Windows to display extended character sets in graphics mode.

Help Display Help information for Windows commands.

Hostname Display the computer name.

ICACLS Display, modify, backup, and restore ACLs for files and directories.

IF Perform conditional processing in batch programs.

Ipconfig Display TCP/IP configuration.

Label Create, change, or delete the volume label of a disk.

Md/Mkdir Create a directory or subdirectory.

Mklink Create symbolic and hard links.

Mode Configure a system device.

More Display output one screen at a time.

Mountvol Manage a volume mount point.

Move Move files from one directory to another directory on the same drive.

Openfiles Display files opened by remote users for a file share.

Nbtstat Display status of NetBIOS.

Net Accounts Manage user account and password policies.

Net Computer Add or remove computers from a domain.

Net ConfigServer Display or modify configuration of Server service.

Net Config Display or modify configuration of Workstation service.

Workstation

Net Continue Resume a paused service.

Net File Display or manage open files on a server.

Net Group Display or manage global groups.

Net Localgroup Display or manage local group accounts.

Net Pause Suspend a service.

Net Print Display or manage print jobs and shared queues.

Net Session List or disconnect sessions.

Net Share Display or manage shared printers and directories.

Net Start List or start network services.

Net Statistics Display workstation and server statistics.

Net Stop Stop services.

Net Time Display or synchronize network time.

Net Use Display or manage remote connections.

Net User Display or manage local user accounts.

Net View Display network resources or computers.

Invoke a separate command prompt that allows you to manage the configuration of
Netsh
various network services on local and remote computers.

Netstat Display status of network connections.

Path Display or set a search path for executable files in the current command window.

Pathping Trace routes and provides packet loss information.

Pause Suspend processing of a script and wait for keyboard input.

Ping Determine if a network connection can be established.

Popd Change to the directory stored by Pushd.

Print Print a text file.

Prompt Change the Windows command prompt.

Pushd Save the current directory then changes to a new directory.

Rd/Rmdir Remove a directory.

Recover Recover readable information from a bad or defective disk.

Reg Add Add a new subkey or entry to the Registry.

Reg Compare Compare Registry subkeys or entries.

Reg Copy Copy a Registry entry to a specified key path on a local or remote system.

Reg Delete Delete a subkey or entries from the Registry.

Reg Query List the entries under a key and the names of subkeys (if any).

Reg Restore Write saved subkeys and entries back to the Registry.

Reg Save Save a copy of specified subkeys, entries, and values to a file.

Regsvr32 Register and unregister DLLs.

Rem Add comments to scripts.

Ren Rename a file.

Replace Replace a file.

Route Manage network routing tables.

Rmdir Remove a directory.

Display or modify Windows environment variables. Also used to evaluate numeric

Set
expressions at the command line.

Setlocal Begin localization of environment changes in a batch file.

Sc Display and configure background processes (services).

Schtasks Schedule commands and programs to run on a system.

Sfc Scans and verifies protected operating system files.

Shift Shifts the position of replaceable parameters in scripts.

Shutdown Perform system shutdown.

Sort Sort input.

Start Start a new command-shell window to run a specified program or command.

Subst Maps a path to a drive letter.

Systeminfo Display machine properties and configuration.

Tasklist Display currently running tasks and services.

Taskkill Kill or stop a running process or application.

Time Display or sets the system time.

Title Sets the title for the command-shell window.

Tracert Display the path between computers.

Tree Graphically displays the directory structure of a drive or path.

Type Display the contents of a text file.

Ver Display the Windows version.

Verify Tells Windows whether to verify that your files are written correctly to a disk.

Vol Display a disk volume label and serial number.

Xcopy Copy files and directories.

WMI Display WMI information.