Friday, 19 October 2012

Scavenge.exe tool to delete cached content from secondary cache drive

73 comments

Prerequisites

This article assumes that you are familiar with the overall functionality of ARR and know how to deploy and configure ARR with disk cache. If you have not done so already, it is strongly recommended that you review the following walkthrough before proceeding:
  • Configure and enable disk cache in Application Request Routing
If Application Request Routing Version 2 has not been installed, you can download it at:
  • Microsoft Application Request Routing Version 2 for IIS 7 (x86) here.
  • Microsoft Application Request Routing Version 2 for IIS 7 (x64) here.
Follow the steps outlined in this document to install ARR Version 2.
This walkthrough also assumes that secondary cache drive has been added to ARR for caching. If not, please follow the Configure and Enable Disk Cache in Application Request Routing walkthrough.

Scavenge.exe tool in ARR

Scavenge.exe is a command line tool that can be used for managing the secondary drive by the administrators. The exe is installed with ARR and can be found in “%ProgramFiles%\IIS\Application Request Routing” folder.
Usage: scavenge.exe <share> dd:[hh[:mm[:ss]]]
  • <share> is the path to the share that ARR is using as secondary cache drive.
  • dd:[hh[:mm[:ss]]] - Duration – cached files older than this duration will be deleted by the tool. Note that hh, mm, ss are optional.
Example: scavenge.exe \\ARR\SecondaryCache 04:11:30:15
This will delete all files located in \\ARR\SecondaryCache that are older than 4 days, 11 hours, 30 minutes and 15 seconds. Note that the tool must be run as a user with permissions to delete content on the specified share.
Windows Task Scheduler can be used to run this tool at specified internval to delete old cached content from the secondary cache drive.

Connect to the iSCSI array

0 comments


Now that you have the initiator software installed, you need to tell it where to look for mountable volumes. Start the initiator configuration by going to the Control Panel and choosing the iSCSI Initiator option. From the initiator, choose the Discovery tab, shown in Figure B.

Figure B

The iSCSI initiator’s Discovery tab.

On the Discovery tab, click the Add button under the Target Portals box. This will open the Add Target Portal dialog box, shown in Figure C.

Figure C

The Add Target Portal dialog box.

In the Add Target Portal dialog box, provide the name or IP address of your iSCSI array. The default communication port for iSCSI traffic is 3260. Unless you have changed your port, leave this as is. If you have configured CHAP security or are using IPSec for communication between your client and the array, click on the Advanced button and make necessary configuration changes. The Advanced Settings dialog box is shown in Figure D.

Figure D

Advanced options for connecting to your iSCSI array.

Back on the Add Target Portal, click the OK button to make the initial connection to the iSCSI array. Note that, at this point, you’re not connecting to an actual volume, but only to the array in general. (Figure E)

Figure E


The target portal has been added to the initiator.

Linux Configuration

0 comments


The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical
bonded interface.The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services.

Additionally, link integrity monitoring may be performed.

You have to install ifenslave, it is a tool to attach and detach slave network interfaces to a bonding device.

    sudo apt-get install ifenslave

Configuring your network interfaces and modules

You need to edit /etc/network/interfaces file and make it looks like

    sudo nano /etc/network/interfaces

Add the following (This is just example enter you ip details)

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static
    address 10.0.0.254
    netmask 255.255.255.0
    gateway 10.0.0.1

    iface eth1 inet manual

    iface eth2 inet manual

    auto bond0
    iface bond0 inet static
    bond_miimon  100
    bond_mode balance-rr
    address  10.0.0.3
    netmask  255.255.255.0
    gateway  10.0.0.1
    up /sbin/ifenslave bond0 eth1 eth2
    down /sbin/ifenslave -d bond0 eth1 eth2

Save and exit the file

Now you need to edit /etc/modprobe.d/aliases.conf file

    sudo nano /etc/modprobe.d/aliases.conf

Add the following lines

    alias bond0 bonding
    options mode=0 miimon=100 downdelay=200 updelay=200

Save and exit the file

If you want more details about modes

mode=0 (balance-rr) Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup) Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor) XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast) Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad) IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

* Pre-requisites:
* Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
* A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

mode=5 (balance-tlb) Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

* Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.

mode=6 (balance-alb) Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

Restart network services using the following command

    sudo /etc/init.d/networking restart

New white paper: Windows Storage Server 2008 R2 Architecture and Deployment

8 comments



A new white paper about Windows Storage Server 2008 R2 Architecture and Deployment (including the Microsoft iSCSI Software Target 3.3) has just been published.
Here's an outline of this content:

    Introduction

    Windows Storage Server 2008 R2 Overview

        Comparing Windows Server Operating System Storage Offerings

            Comparing Windows Storage Server with Windows Server

            Identifying Windows Storage Server Features

            What’s New in Windows Storage Server 2008 R2

        Comparing Windows Storage Server 2008 R2 with Windows Server 2008 R2

        Windows Storage Server 2008 R2 Editions

        Identifying Storage Challenges

            Identify Scalability Storage Challenges

            Identify Availability Storage Challenges

            Identify Security Storage Challenges

            Identify Manageability Storage Challenges

            Identify Data Recovery Storage Challenges

        Identifying Windows Storage Server Solution Benefits

            Identifying Scalability Benefits 

            Identifying Availability Benefits 

            Identifying Security Benefits

            Identifying Manageability Benefits

            Identifying Data Recovery Benefits

    Exploring Windows Storage Server Features and Capabilities

        Providing Access to File Services Workloads

            Supporting File Services Workloads Using CIFS, SMB, or SMB2

            Supporting File Services Workloads Using NFS

            Supporting File Services Workloads Using WebDAV

            Supporting File Services Workloads Using Windows SharePoint Services

        Providing Access to iSCSI Block I/O Workloads

            Supporting iSCSI Block I/O Workloads Using Microsoft iSCSI Software Target

            Supporting iSCSI Boot

        Providing Access to Web Services Workloads

        Providing Access to FTP Services Workloads

        Providing Access to Print Services Workloads

        Providing Reduction in Power Consumption

            Improve the Power Efficiency of Individual Servers

            Processor Power Management

            Storage Power Management

            Additional Power Saving Features

        Performing Highly Automated Installations

    Managing Windows Storage Server

        Management Tools for All Workloads

        Managing Power Consumption for All Workloads

            Remote Manageability of Power Policy

            In-Band Power Metering and Budgeting

        Managing File Services Workloads

            Managing File Services Using File Server Resource Manager

            Managing File Services Using Share and Storage Management

            Managing DFS Namespaces and DFS Replication

            Managing Single Instance Storage

        Managing iSCSI Block I/O Workloads

            Managing the Microsoft iSCSI Software Target for iSCSI Block I/O Workloads

            Managing the Microsoft iSCSI Software Initiator for iSCSI Block I/O Workloads

            Managing iSCSI Block I/O Workloads Using Windows PowerShell

        Managing Web Services Workloads

        Managing Print Services Workloads

    Protecting Windows Storage Server Workload Data

        Using Windows Server Backup to Protect Data

        Using Shadow Copies of Shared Folders to Protect Data

        Using the Volume Shadow Copy Service to Protect Data

        Using LUN Resynchronization to Protect Data

            Comparison of LUN Resynchronization and Traditional Volume Shadow Copy Service

            Comparison of LUN Resynchronization and LUN Swap

            Benefits of Performing Full Volume Recovery Using LUN Resynchronization

            Process for Performing Full Volume Recovery Using LUN Resynchronization

        Using DFS Replication to Protect Data

        Using Automated System Recovery to Protect Data

        Using System Center Data Protection Manager 2007 to Protect Data

        Using Virtual Disk Snapshots to Protect Data

        Using the Appcmd.exe Tool to Backup IIS Configuration

        Using the PrintBRM.exe Tool to Backup Printer Information

    Securing Windows Storage Server Workloads

        Securing Windows Storage Server for All Workloads

        Securing File Services Workloads

        Securing iSCSI Block I/O Workloads

        Securing Web Services Workloads

        Securing Print Services Workloads

    Improving Availability of Windows Storage Server Workloads

        Improving Availability of File Services Workloads

        Improving Availability of iSCSI Block I/O Workloads

            Creating Highly-Available iSCSI Targets

            Creating Highly-Available iSCSI Initiators

        Improving Availability of Web Services Workloads

        Improving Availability of Print Services Workloads

    Improving Performance and Scalability for Windows Storage Server Solutions

        Improving Performance and Scalability for All Workloads

            Improvements in Processor and Memory Capacity

            Improvements in the Next Generation TCP/IP Protocol

            Improvements in Network Adapter Performance

            Reduction in Processor Utilization for I/O Operations

        Improving Performance and Scalability for File Services Workloads

            Review Improvements in the SMB2 Protocol

            Review SMB-based File Services Workload Test Results

            Reviewing Performance Improvements in SMB Version 2.1 in Windows Server 2008 R2

            Improving Performance for Branch Offices Using BranchCache 

            Improving Performance for Folder Redirection and Offline Files

        Improving Performance and Scalability for iSCSI Block I/O Workloads

            Identify Methods for Improving iSCSI Block I/O Workload Performance and Scalability

            Review I/O Storage Test Results

        Improving Performance and Scalability for Web Services Workloads

            Identify Methods for Improving Web Services Workload Performance and Scalability

            Review Web Services Workload Test Results

        Improving Performance and Scalability for Print Workloads

    Windows Storage Server Deployment Scenarios

        Overview of Windows Storage Server Configurations

            Using Windows Storage Server in a Stand-Alone NAS Configuration

            Using Windows Storage Server in a Highly-Available NAS Configuration

            Using Windows Storage Server in a NAS Gateway Configuration

            Using Windows Storage Server in iSCSI Block I/O Configuration

        Creating Branch Office Solutions

        Creating Highly-Available Solutions

        Creating Solutions for Storage Consolidation

        Creating Small to Medium Business Solutions

        Creating Solutions for Heterogeneous Environments

        Creating Application Consolidation Solutions

        Creating Unified Storage Solutions

        Creating Virtualization Solutions

            Connecting Virtual Machines to iSCSI LUNs

            Running Virtual Machines on Windows Storage Server

        Creating iSCSI Boot Solutions

    Conclusion

Getting WINS-like computer name resolution over VPN in SBS 2008

10 comments


One of these was something that I used for my convenience over a VPN connection from home. You see, the internal order processing application that I wrote uses some shared folders to store some temporary data, such as e-mails that are generated but not yet released to Exchange, or a local copy of images that are available on the Web site. This software–and our users–are used to referring to Windows file shares as \\COMPUTER-NAME\SHARE-NAME; for example, \\CYRUS\Pickup Holding, because for some reason some of the older servers are named after my boss’s dead cats.
When connecting through VPN to SBS 2008, however, that “suffix-less” name resolution was not working. So when \\CYRUS\Pickup Holding failed to resolve to anything,\\cyrus.skiviez.com\Pickup Holding would work fine. This was super annoying.
The reason this worked previously with our SBS 2003 installation is that it was acting as a WINS server, which provided this type of computer name resolution for us. SBS 2008 finally retires this ancient technology by default, however, so I had two choices: I could either install the WINS server role on SBS 2008, or I could just figure out how to get the 015 DNS Domain Name option from DHCP to relay through the VPN connection.
I chose the latter option, since it’s certainly less confusing to be able to say to someone in the future “we don’t use WINS, DNS does everything.” So here’s how to do it:
  1. On the SBS 2008 server, click Start > Administrative Tools > Routing and Remote Access.
  2. In the tree view, drill down past the server name to IPV4 > General. Right-click the General option and choose “New Routing Protocol” and choose DHCP Relay Agent.
  3. Now right-click the newly appended “DHCP Relay Agent” node and choose Properties. Add the IP address of your DHCP server (which is probably your SBS server itself), and click OK. Then click it again and choose “New Interface” and add the “Internal” interface.
  4. Now if you connect through VPN, an ipconfig /all should show your domain name as a “Connection-specific DNS suffix” and pinging machines by their suffix-less computer names should work. (If it doesn’t, make sure your DHCP server is using that 015 DNS Domain Name option, which the SBS 2008 wizards set up by default.)

Virtual Server 2005: How To Configure the Virtual DHCP Server

0 comments


Instead of configuring a virtual machine as a DHCP server, you can use the virtual DHCP server for your virtual network.

To configure the virtual DHCP server:
1. Open the Virtual Server Administration Website.
2. Under Virtual Networks, selectConfigure and then click the virtual network.
3. In Virtual Network Properties, click DHCP server.
4. Check the Enabled checkbox, then configure the necessary DHCP server options.
5. Click OK.

Microsoft Hyper-V will not boot virtual SCSI devices

1 comments
“Each IDE controller can have two devices. You can not boot from a SCSI controller. This means an IDE disk will be required. The boot disk will be IDE controller 0 Device 0. If you want a CDROM it will consume an IDE device slot.” Source: MSDN Blog
The hypervisor that runs the virtual BIOS does not support booting from a SCSI controller, today, but it does support the following boot devices:
CD
IDE
Legacy Network Adapter
Floppy
The root reason is SCSI in a synthetic device and there is no VMBUS until after boot.
One might think that this shouldn’t be a problem, after all, the virtual machines can still boot from regular IDE-based virtual disks. So where’s the catch?
The main problem is related to the fact that in Virtual Server, virtual SCSI controllers have major performance benefits over virtual IDE controllers. In Virtual Server, it is recommended to attach the Virtual Disks to one or more SCSI controllers to improve disk input/output (I/O) performance. IDE is limited to one transaction at a time, regardless of whether the bus is physical or virtual. This means that a virtual machine with two virtual hard disks attached to the IDE adapter is limited to a single transaction for both disks. By contrast, a SCSI controllers allows for multiple simultaneous transactions, which provides better performance than disks attached to the IDE controllers.
This performance bottleneck of virtual IDE and technical limitations of virtual SCSI will oblige customers to have two virtual disks for each VM. A configuration hard to setup in P2V migration scenarios, and hard to manage on large scale deployments.
Note that since Hyper-V is still in Beta phase, all numbers are subject to change as are the behaviors. So there might be hope, after all…
Note: Under Virtual Server 2005, contrary to common sense, the performance of emulated SCSI controllers is slower than that of emulated IDE controllers. The reason for this is that the SCSI controller is a lot more complicated to emulate than the IDE controller. However, this changes once you have Virtual Machine Additions installed, because the Virtual Machine Additions install an accelerated SCSI driver. Once this driver is installed the performance of the emulated SCSI controllers is significantly faster than emulated IDE controllers.

Answers to Microsoft Active Directory Interview Questions-2008

3 comments
  1.  Active Directory enables single sign on to access resources on the network such as desktops, shared files, printers etc. Active Directory provides advanced security for the entire network and network resources.  Active Directory is more scalable and flexible for administration.
  2. Functional levels help the coexistence of Active Directory versions such as, Windows NT, Windows 2000 Server, Windows Server 2003 and Windows Server 2008. The functional level of a domain or forest controls which advanced features are available in the domain or forest. Although lowest functional levels help to coexist with legacy Active Directory, it will disable some of the new features of Active Directory. But if you are setting up a new Active Directory environment with latest version of Windows Server and AD, you can set to the highest functional level, thus all the new AD functionality will be enabled.
  3. Windows Server 2003 Domain Functional Levels: Windows 2000 mixed (Default), Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003.
    Forest Functional Levels: Windows 2000 (default), Windows Server 2003 interim, Windows Server.
  4. Windows Server 2008 Domain Functional Levels: Windows 2000 Native, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2.
    Forest Functional Levels: Windows 2000, Windows Server 2008, Windows Server 2008 R2.
  5.  It is possible to take a backup copy of existing Domain Controller, and restore it in Windows Server machine in the remote locations with slower WAN link.
  6.  Active Directory is designed for Server Operating System, and it cannot be installed on Windows 7.
  7. Windows Server Operating System. Free hard disk space with NTFS partition. Administrator’s privilege on the computer. Network connection with IP address, Subnet Mask, Gateway and DNS address. A DNS server, that can be installed along with first Domain Controller. Windows Server intallation CD or i386 folder.
  8. Flexible Single-Master Operation (FSMO) roles,manage an aspect of the domain or forest, to prevent conflicts, which are handled by Single domain controllers in domain or forest. The tasks which are not suited to multi-master replication, There are 5 FSMO roles, and Schema Master and Domain naming master roles are handled by a single domain controller in a forest, and PDC, RID master and Infrastructure master roles are handled by a single domain controller in each domain.
  9. Infrastrcture master role is a domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly.Intrastrcuture master does not have any functions to do in a single domain environment.If the Domain controller with Infrastructure master role goes down in a single domain environemt, there will be no impact at all. Where as, in a complex environment with multiple domains, it may imact creation and modification of groups and group authentication.
  10. Schema Master role and Domain Naming Master role.
  11. PDC Emulator
  12. You should be a member of Enterprise Admins group or the Domain Admins group. Also you should be member of local Administrators group of the member server which you are going to promote as additional Domain Controller.
  13. Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role handling domain controllers.
  14. No, there should be only one Domain Controller handling RID master role in a Domain.
  15. There should be only one Domain Controller handling Infrastructure master role in a domain. Hence if you have two domains in a forest, you can configure two Infrastructure masters, one in each domain.
  16. If PDC emulator crashes, there will be immediate impact on the environment. User authentication will fail as password changes wont get effected, and there will be frequent account lock out issues. Network time synchronization will be impacted. It will also impact DFS consistency and Group policy replication as well.
  17. Domain controllers and Sites. Domain controllers are physical computers which is running Windows Server operating system and Active Directory data base. Sites are a network segment based on geographical location and which contains multiple domain controllers in each site.
  18. Domains, Organizational Units, trees and forests are logical components of Active Directory.
  19. Active Directory database is divided into different partitions such as Schema partition, Domain partition, and Configuration partition. Apart from these partitions, we can create Application partition based on the requirement.
  20. Adding one group as a member of another group is called ‘group nesting’. This will help for easy administration and reduced replication traffic.
  21. Group types are categorized based on its nature. There are two group types: Security Groups and Distribution Groups. Security groups are used to apply permissions to resources where as distribution groups are used to create Exchange server email communication groups. Group scopes are categorized based on the usage. There are three group types: Domain Local Group, Global Group and Universal Group.
  22. Domain local groups are mainly used for granting access to network resources.A Domain local group can contain accounts from any domain, global groups from any domain and universal groups from any domain. For example, if you want to grant permission to a printer located at Domain A, to 10 users from Domain B, then create a Global group in Domain B and add all 10 users into that Global group. Then, create a Domain local group at Domain A, and add Global group of Domain B to Domain local group of Domain A, then, add Domain local group of Domain A to the printer(of Domain A) security ACL.
  23. Active Directory is backed up along with System State data. System state data includes Local registry, COM+, Boot files, NTDS.DIT and SYSVOL folder. System state can be backed up either using Microsoft’s default NTBACKUP tool or third party tools such as Symantech NetBackup, IBM Tivoli Storage Manager etc.
  24. There are two types of Active Directory restores, Authoritative restore and Non-Authoritative restore.
  25. Non-Authoritative means, a normal restore of a single Domain controller in case that particular domain controller OS or hardware crashed. After non-authoritative restoration completed, compares its data base with peer domain controllers in the network and accepts all the directory changes that have been made since the backup. This is done through multi master replication.
    Where as, in Authoritative restore, a restored data base of a Domain controller forcefully replicated to all the other domain controllers. Authoritative restore is performed to recover an active directory resource or object(eg. an Organizational Unit) which accidentally deleted and it needs to be restored.
  26. We can use NTDSUTIL command line to perform Authoritative restore of Active Directory. First, start a domain controller in ‘Directory Service Restore Mode’. Then, restore the System State data of Domain controller using NTBACKUP tool. This is non-authoritative restore. Once non-authoritative restore is completed, we have to perform authoritative restore immediately before restarting the Domain Controller.
    Open command prompt and type NTDSUTIL and enter, then type authoritative restore and press enter, then type restore database and press enter, click OK and then click Yes. This will restore all the data in authoritative restore mode. If you want to restore only a specific object or sub-tree, you can type below command instead of ‘restore database’.
    restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
  27. Authoritative restore, Configurable settings, Partition management, Set DSRM Password etc.
  28. A tombstone is a container object for deleted items from Active Directory database, even if objects are deleted, it will be kept hidden in the active directory data base for a specific period. This period is known as tombstone lifetime. Tombstone lifetime is 180 days on Windows Server 2003 SP1 and later versions of Windows Server.
  29. Garbage collection is a process of Active Directory. This process starts by removing the remains of previously deleted objects from the database. These objects are known as tombstones. Then, the garbage collection process deletes unnecessary log files. And the process starts a defragmentation thread to claim additional free space. The garbage collection process is running on all the domain controllers in an interval of 12 hours.
  30. In multimaster replication method, replication conflicts can happen. Objects with replication conflicts will be stored in a container called ‘Lost and Found’ container. This container also used to store orphaned user accounts and other objects.
  31. Lost and Found container can be viewed by enabling advanced features from View menu of Active Directory User and Computers MMC.
  32. Yes, it is included.
  33. [Never say no] We had set up an additional domain for a new subsidiary of the firm, and I was a member of the team who handled installation and configuration of domain controllers for the sub domain.[or] I was supporting an existing Active Directory network environment of the company, but I have installed and configured Active Directory in test environment several occasions.
  34. No one installs Active Directory in a cluster. There is no need of clustering a domain controller. Because Active Directory provides total redundancy with two or more servers.
  35. Active Directory Recycle bin is  a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services.
  36. Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office.
  37. To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.
  38. KCC can be expanded as Knowledge Consistency Checker. It is a protocol procecss running on all domain controllers, and it generates and maintains the replication topology for replication within sites and between sites.
  39. We can use command line tools such as repadmin and dcdiag. GUI tool REPLMON can also be used for replication monitoring and troubleshooting.
  40. SYSVOL is a folder exits on each domain controller, which contains Actvie Directory related files and folders. SYSVOL mainly stores important elements of Group Policy Objects and scripts, and it is being replicated among domain controllers using File Replication Service (FRS).
  41. Kerberos is a network authentication protocol. Active Directory uses Kerberos for user and resource authentication and trust relationship functionality. Kerberos uses port number 88.
  42. All versions of Windows Server Active Directory use Kerberos 5.
  43. Kerberos 88, LDAP 389, DNS 53, SMB 445.
  44. FQDN can be expanded as Fully Qualified Domain Name.It is a hierarchy of a domain name system which points to a device in the domain at its left most end. For example in system.
  45. Dsadd – to add an object to the directory, Dsget – displays requested properties of an object in AD, Dsmove – Used to move one object from one location to another in the directory, DSquery – To query specific objects.
  46. A tree in Active Directory is a collection of one or more domains which are interconnected and sharing global resources each other. If a tree has more than one domain, it will have contiguous namespace. When we add a new domain in an existing tree, it will be called a child domain.
    A forest is a collection of one or more trees which trust each other and sharing a common schema.It also shares common configuration and global catalog. When a forest contains more than one tree, the trees will not form a contiguous namespace.
  47. Replication between domain controllers inside a single site is called Intrasite replication, where as replication between domain controllers located in different sites is called Intersite replication. Intrasite replication will be very frequent, where as Intersite replication will be with specific interval and in a controlled fashion just to preserve network bandwidth.
  48. Shortcut trust is a manually created transitive trust which is configured to enable fast and optimized authentication process.For example, If we create short cut trust between two domains of different trees, they can quickly authenticate each other without traveling through the entire parent domains. short cut trust can be either one-way or two-way.
  49. Selective authentication is generally used in forest trust and external trusts. Selective authentication is a security setting which allows administrators to grant access to shared resources in their organization’s forest to a limited set of users in another organization’s forest. Selective authentication method can decide which groups of users in a trusted forest can access shared resources in the trusting forest.
  50. Trusts can be categorized by its nature. There can be two-way trust or one-way trust,implicit or explicit trust, transitive or non transitive trust. Trust can be categorized by types, such as parent and child, tree root trust, external trust, realm trust forest trust and shortcut trust.
  51. ADAC- Active Directory Administrative Center is a new GUI tool came with Windows Server 2008 R2, which provides enhanced data management experience to the admin. ADAC helps administrators to perform common Active Directory object management task across multiple domains with the same ADAC instance.
  52. ADSIEDIT- Active Directory Service Interfaces Editor is a GUI tool which is used to perform advanced AD object and attribute management. This Active Directory tool helps us to view objects and attributes that are not visible through normal  Active Directory Management Consoles. ADSIEDIT can be downloaded and installed along with Windows Server 2003 Support Tools.
  53. This is due to domain functional level. If domain functional level of Windows Server 2003 AD is Windows 2000 Mixed, Universal Group option will be greyed out. You need to raise domain functional level to Windows 2000 native or above.
  54. ADMT – Active Directory Migration Tool, is a tool which is used for migrating Active Directory objects from one domain to another. ADMT is an effective tool that simplifies the process of migrating users, computers, and groups to new domains.
  55. When a domain controller is disconnected for a period that is longer than the tombstone life time, one or more objects that are deleted from Active Directory on all other domain controllers may remain on the disconnected domain controller. Such objects are called lingering objects. Lingering objects can be removed from Windows Server 2003 or 2008 using REPADMIN utility.
  56. The Global catalog is a container which contains a searchable partial replica of all objects from all domains of the forest, and full replica of all objects from the domain where it is situated. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Global catalogs are mostly used in multidomain, multisite and complex forest environment, where as Global catalog does not function in a single domain forest.