Windows

CERTIFICATION
MCITP Microsoft Certified IT Professional

MCSA: Microsoft Certifies Solutions Associate -Windows Server 2012
1. 410 - Installing and Configuring Windows Server 2012
2. 411 - Administering Windows Server 2012
3. 412 - Configuring Advanced Windows Server 2012 Services
After successfully completing steps 1-3, you'll earn a Microsoft Certified Solutions Associate (MCSA): Windows Server 2012 certification.
Microsoft Certified Solutions Expert (MCSE): Windows Server 2012 certification.
4. 413 - Designing and Implementing a Server Infrastructure
5. 414 - Implementing an Advanced Server Infrastructure
MCSA Windows Server 2008 - 3 exams: 640, 642, and 646.
1. 70-640 Windows Server 2008 Active Directory, Configuring
2. 70- 642 Windows Server 2008 Network Infrastructure, Configuring
3. 70-646 Windows Server 2008, Server Administrator
669-v11
If you are to upgrade the MCSA Windows Server 2008 to 2012, just need one exam to complete and that is 70-417
Windows Server 2012 We have the Microsoft Certified Specialist of Hyper-V with one exam 74-409.
Exam 74-409: Server Virtualization with Windows Server Hyper-V and System Center
WINDOWS Page 1
WINDOWS FEATUES
Windows 2003 vs Windows 2008

RODC / WDS instead of RIS /Services have been changed as roles - server manager /Introduction of hyper V- only on 64 bit versions /Enhanced event viewer /Bitlocker
feature /Server core installation without GUI /MMC 3.0, with three pane view /Key management services(KMS) to activate Windows OS without connecting to
Microsoft site /Performance enhancement using technologies like Windows SuperFetch,ReadyBoost and Readydrive /Windows Aero user interface /Instant search
/Support for IPv6 in DNS
2003 2008 migra/on
Can be done only by logging in to Windows 2003 server
Min of Windows 2003 SP1 required
Can be migrated only to same version, except for Windows server 2003 standard which can be migrated to either standard or enterprise
Extra space of 30 GB required prior migration
Cannot upgrade to server core
Perform forestprep and domainprep to 2008 using 2008 cd before migrating. (Copy sources/adprep folder for this)
RODC
New feature in Windows 2008
Only have the read only copy of directory database
RODC will have all the objects of a normal DC in read only mode. But this doesnt include passwords. RODC does not store password of accounts.
Updates are replicated to RODC by writable DC
Password caching : A feature which enables RODC to cache password of the logged in users.
Password Replication Policy: Determines whether the password can be cached or not.
DNS can be integrated with RODC but will not directly register client updates. For any DNS change, the RODC refers the client to DNS server that hosts a primary or AD
integrated zone
What is new in Windows server 2012
Server core improvements: no need of fresh installation, you can add/remove GUI from server manager
Remotely manage servers , add/remove roles etc using Server manager-manage 2008 and 2008 R2 with WMF 3.0 installation, installed by default in Server 2012
Remote server administration tools available for windows 8 to manage Windows server 2012 infrastructure
Powershell v3
Hyper-V 3.0
1. supports upto 64 processors and 1 TB RAM per virtual machine
2. upto 320 logical hardware processors and 4 TB RAM per host
3. Shared nothing live migration, move around VMs without shared storage
ReFS(Resilient file system), upgraded version of NTFS- supports larger file and directory sizes. Removes the 255 character limitation on long file names and paths, the
limit on the path/filename size is now 32K characters!
Improved CHKDSK utility that will fix disk corruptions in the background without disruption
What is the major difference between Windows server 2008 and windows server 2012 in terms of AD promotion?
In Win 2012, dcpromo has been depreciated. In order to make a Windows server 2012 to a domain controller, the ADDS service has to be installed from the server
manager. After installation, run the post-deployment configuration wizard from server manager to promote the server as AD
What is IPAM server in Windows server 2012?
IPAM is IP Address Management server in Windows Server 2012. It enables central management of both DHCP and DNS servers. It can also be used to discover,
monitor, and audit DHCP and DNS servers.
How to promote a server to domain controller in Windows server 2012?
DCPROMO was the conventional tool used to promote a normal server to DC. This is now deprecated in Server 2012.
In Server 2012, you can convert a server into DC using the server manager console. Under Server Manager, add a new role "Active Directory Domain Services"
Remote Tools: RDP, Symantec PC anywhere, Net support, VNC, Dame waver, CA unicenter, Team Viewer
Backup Tools: NT backup, Symantec Backup Exec, Veritas Net Backup, Tivoli,
Patching Tools:WSUS, Bladelogic, Opsware, CA unicenter, VSA (Virtual System Administrator)IBM tool,
Monitoring Tools:BMC, HP open view,Nimbus
AntiVirus: Symantec, Mcafee, Kasparkey, Sopho,
Windows Tools: Process Explorer, Windbg, Autoruns for Windows v11.42, Process Monitor, PsTools, PageDefrag, RootkitRevealer, TcpView, BgInfo, BlueScreen,
Desktops
Windows Server 2008 Boot process.
System is powered on /The CMOS loads the BIOS and then runs POST /Looks for the MBR on the bootable device
Through the MBR the boot sector is located and the BOOTMGR is loaded /BOOTMGR looks for active partition
BOOTMGR reads the BCD file from the \boot directory on the active partition /The BCD (boot configuration database) contains various configuration parameters( this
information was previously stored in the boot.ini)
BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the system was hibernated.
Winloader loads drivers that are set to start at boot and then transfers the control to the windows kernel
Windows Server 2003:
>Power-on self test (POST) phase
>Initial startup phase
WINDOWS Page 2
Windows Server 2003:

>Power-on self test (POST) phase
>Initial startup phase
>Boot loader phase
>Detect and configure hardware phase
>Kernel loading phase
>Logon phase
WINDOWS Page 3
WINDOWS-CORE
COMMAND
TOOLS
notmyfault
driver verifier
LiveKd
ERD Command
autoruns
Filemon
Regmon
Pageing non paging file

Process Explorer super Task manager shows open files, loaded Dll,s, security info, etc
Filemon monitors file I/O
Regmon monitors registry I/O
debugging information can be written to different file formats (also known as memory dump files) when your computer stops unexpectedly because of a Stop error (also
known as a "blue screen," system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file.
Enable dumps in System properties -> startup and recovery
What we can choose:
Complete memory dump full contest of memory written to <systemroot>\memory.dmp
Kernel memory dump system memory written to file
Small memory dump 64KB of summary written to file
Types debugging memory 1) Kernal 2)Small 3) Complete Memory dump
Crash dump analysis >System Properties>Advanced>Kernal memory dump
%SystemRoot%\MEMORY.DMP
Windows Debugging tool and Run Symbol File path
Windbg> File>Symboile file path>
DMP File> C:\Windows|Minidump
Windbg> File>Crash dump>Selcect localtion
! analyze -v
Check for below error
Default_Bucket_ID
PROCESS_NAME
MODULE-NAME
IMAGE_NAME
Start WinDbg load crash dump file
Type !analyze -v it shows you details about crash
Type !process it shows you current process
Others useful commands:
!process 0 0 list of all processes
!thread <thread address or ID> - look at a thread
lm kv list loaded drivers
!irp <irp address> - look at an I/O request packet
u <address or function name> - disassemble code
What is the requirement to configure Full memory Dump in windows?
1. Click Start > right-click Computer and select Properties in the menu.
2. Click Advanced > Settings > Startup and Recovery > Settings > Write debugging information > Complete memory dump.
3. Click OK twice.
Tools to analyze Memory Dump?
"Windows Debugger (WinDbg.exe) tool
Dumpchk,exe
"
".reload
lm kv"
Complete memory dump
"A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes
that were running when the memory dump was collected.
If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB).
If a second problem occurs and another complete memory dump (or kernel memory dump) file is created, the previous file is overwritten.
Notes:-In Windows Vista, in Windows 7, in Windows Server 2008, and in Windows Server 2008 R2, the paging file can be on a partition that differs from the partition on which
the operating system is installed.
WINDOWS Page 4
the operating system is installed.

In Windows Vista and in Windows Server 2008, to put a paging file on another partition, you must create a new registry entry that is named DedicatedDumpFile. You can
define the size of the paging file by using a new registry entry that is named DumpFileSize.
For more information about how to do this, visit the following Microsoft Web site:
969028 How to generate a kernel or a complete memory dump file in Windows Server 2008
In Windows 7 and in Windows Server 2008 R2, you do not have to use the Dedicated Dump File registry entry to put a paging file onto another partition.
The Complete memory dump option is not available on computers that are running a 32-bit operating system and that have 2 gigabytes (GB) or more of RAM. For more
information, see the ""Specify what happens when the system stops unexpectedly"" topic on the following Microsoft TechNet Web site:
http://technet.microsoft.com/en-us/library/cc778968(WS.10).aspx"
Kernel memory dump
"A kernel memory dump records only the kernel memory. This speeds up the process of recording information in a log when your computer stops unexpectedly. You must have
a pagefile large enough to accommodate your kernel memory. For 32-bit systems, kernel memory is usually between150MB and 2GB. Additionally, on Windows 2003 and
Windows XP, the page file must be on the boot volume. Otherwise, a memory dump cannot be created.
This dump file does not include unallocated memory or any memory that is allocated to User-mode programs. It includes only memory that is allocated to the kernel and
hardware abstraction layer (HAL) in Windows 2000 and later, and memory allocated to Kernel-mode drivers and other Kernel-mode programs. For most purposes, this dump
file is the most useful. It is significantly smaller than the complete memory dump file, but it omits only those parts of memory that are unlikely to have been involved in the
problem.
If a second problem occurs and another kernel memory dump file (or a complete memory dump file) is created, the previous file is overwritten when the 'Overwrite any
existing file' setting is checked."
Small memory dump
"A small memory dump records the smallest set of useful information that may help identify why your computer stopped unexpectedly. This option requires a paging file of at
least 2 MB on the boot volume and specifies that Windows 2000 and later create a new file every time your computer stops unexpectedly. A history of these files is stored in a
folder.
This dump file type includes the following information:
The Stop message and its parameters and other data
A list of loaded drivers
The processor context (PRCB) for the processor that stopped
The process information and kernel context (EPROCESS) for the process that stopped
The process information and kernel context (ETHREAD) for the thread that stopped
The Kernel-mode call stack for the thread that stopped
This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that were not directly caused by the thread that was
running at the time of the problem may not be discovered by an analysis of this file.
If a second problem occurs and a second small memory dump file is created, the previous file is preserved. Each additional file is given a distinct name. The date is encoded in
the file name. For example, Mini022900-01.dmp is the first memory dump generated on February 29, 2000. A list of all small memory dump files is kept in the %SystemRoot%
\Minidump folder. "
Windows Memory Dump
http://winadministration.com/?p=213
->What is BSOD ?
->The Blue Screen of Death , displayed by the Microsoft Windows family of operating systems upon encountering a critical error,of a non-recoverable nature, that causes the
system to crash. Stop errors are hardware or driver related, causing the computer to stop responding in order to prevent damage to the hardware or data.
->Type of memory dump ?
->There are three type of dumps created
1. Complete Memory Dump
2. Kernal Memory Dump
3. Small Memory Dump
1. Complete Memory Dump:-A Complete Memory Dump is the largest kernel-mode dump file. This file contains all the physical and virtual memory for the machine at the time
of the fault.If you select the complete memory dump option, you must have a paging file on the boot volume The Complete Memory Dump file is written to %SystemRoot%
\Memory.dmp by default.The Complete memory dump option is not available on computers that are running a 32-bit operating system and that having 2 gigabytes (GB) or
more of RAM (by default).
2. Kernal Memory Dump: A Kernel Memory Dump contains all the memory in use by the kernel at the time of the crash.The dump file will be around one-third the size of the
physical memory on the system. This dump will not include unallocated memory or any memory allocated to applications. It only includes memory allocated to Windows
kernel.The Kernel Memory Dump file is written to %SystemRoot%\Memory.dmp by (default)
3. Small Memory Dump:- A Small Memory Dump is much smaller than the other two crash dump files. It is exactly 64 KB in size (128KB on 64-bit systems) .This kind of dump
file can be useful when space is greatly limited. However, it contains very less information for the reason of the crash.
Same you can configure from the registery as well from the location as mentioned below
How to enable memory dump on a windows server
Here i am going to configure the memory dump on Win-7/server 2008
1. Right click on my computer and click on properties then click on 2. Advance system setting option on left side ,then click on 3. Advance tab, Now click on 4. setting under
Startup and recovery.Below are the screenshot
HKLM\System\CurrentControlSet\Control\CrashControl
All the things that you can configure via GUI can be configured via registery as well.
Write an event to the System Log checkbox = LogEvent
Automatically Restart checkbox = AutoReboot
WINDOWS Page 5
Automatically Restart checkbox = AutoReboot

Write Debugging Information drop-down = CrashDumpEnabled
Dump File text box = DumpFile
Overwrite any existing file checkbox = Overwrite
How to Crash the server manually using keyboard
Now you have configured the memory dump on the server and now you can check as well if it is creating the memory dump file on the server or not. Also when you need to
create memory dump file manually after a crash ,do the following to configure the same.
Using PS/2 keyboard :1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
3. On the Edit menu, click Add Value, and then add the following registry entry:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
4. Exit Registry Editor, and then restart the computer.
Using USB keyboad:
1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
3. Make sure that the following registry entry is enabled:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
4. Exit Registry Editor.
If You can generate a system memory dump by holding down the right CTRL key and pressing the SCROLL LOCK key twice. (Ctrl+Scroll lock twice)
Note: Pressing left CTRL key does not generate the system memory dump.
How to Analyze Windows Memory Dump
Lets say you have configured a memory dump on a server and server got unexpected down with BSOD.
Now you need to go to the default location i.e. %SystemRoot%\Memory.dmp for the memory dump file.
This memory.dmp file is the dump file for complete dump. Now you need to analyze it
There are bundle of software in the market for the same, some are free of cost and some are licensed.
Microsoft has tool that we can use to analyze the memory dump on Microsoft platforms called as windows debugger (dbg_x86_6.11.1.404). You can download it from here.
After downloading the debugger you need to do little bit configuration before analyzing the dump.
Now you need to configure the symbol path for it. Before doing it just do the following
1. Create a folder named symbols without quotes in the root drive.
2. Open the Windbg and then go to FileSymbol file path.
3. Set the path to SRV*c:\symbols*http://msdl.microsoft.com/download/symbols without quotes.
Symbol Path:- Symbol files provide a footprint of the functions that are contained in executable files and dynamic-link libraries (DLLs).Additionally, symbol files can present a
roadmap of the function calls that lead to the point of failure.
Now the configuration is done, now you need to open the dump file in the debugger.
Now you need to open dump file , To do this goto File>Open Crash Dump
After you open the Memory.dmp, it will make some calculation and load the symbols as below
Now you need to write the command !analyze -v to get the details
After this command you will get the details about the reason behind the Crash
The reason for the crash was fltmgr.sys file.
What are the contents of System state?
Com+Class registration data base, Boot files and registry.
How do you configure mandatory profiles?
Rename ntuser.dat to ntuser.man
Crash Dumps Types
COMMPLETE (FULL)
Default for servers / All of RAM
Kernal _ OS/Driver Memory /No process memory/Default for vista
SMALL (MINIDUMP)
Default for Xp/ Minimal Crash information/
Contents: Bugcheck code, Parameters/list of drivers/Minimal information on current process/small size
\Windows\Minidump
112 Kb -64 bit window 32kb-32bit window
Intergrity Checks
At Boot> Page file mapping obtained \Relevant components checksummed\Boot disk miniport driver\Crash I/O functions\Page file map
On Crash> If checksum doesnt match dump is not written
Why else would not get a dump
>Crash occurred before paging file was open
>Spontaneous reboot
>Hung system
>Paging file is too small
WINDOWS Page 6
>Paging file is too small

>Not enough free space to extract dump
Download Windbg
Symobls : Symbol files contain names & locations of internal data
>Debugger needs kernel symbol file to analyze dumps
>Kernel image :Ntoskrnl.exe>Ntoskrnl.pdb is symbol file
>For minidumps, needs access to kernel image
Symbol server path > srv*c:\Symbols*http://msdl:microsoft.com/download/symbols
>also symchk.exe to force symbol download
Key Internal Concepts
>Process /Thread / Memory Protection / Interrupt Request Level (IRQL)/ Stack /
Key IRQLS
>Passive Level >
No interrupts masked / User mode code /Kernal-mode code most of the time
DISPATCH_LEVEL
>Highest software interrupt level / Scheduler is off / Page faults cause a crash /
Analysis
!analyze
!tread to see whats running
!locks to look at possible deadlocks
!irql to see previous IRQL (2003 and later)
Hung Systems
System become unresponsive > Keyboard and mouse freeze
Two types hanges> Kernal sync deadlock 2.)Infinite loop at high IRQL /Very high priority thread
>Grinding to a halt
Troubleshooting Hung Systems
Manually crash hung system and hope you get a dump
Boot system in debugging mode and break in with kernel debugger and analyze system
Forcing a System Crash from the Keyboard
NMI Crash
Boot debugging mode
Analyzing a Sick System
If system is still responsive but not operating properly, you want to look at its kernel statue but you dont want to take it off line by crashing it or connecting a debugger to it.
Create a dump of a live system with LiveKd
BlueScreen
Troubleshooting Boot and Startup Problems
Symptoms of Boot Problems
>Error Message
>Crashes/Spontaneous reboots
>Hangs
>Error message during logon
Debug Diagnostic Tool (DebugDiag) is designed to assist in troubleshooting issues such as hangs, slow performance, memory leaks or fragmentation, and crashes in any usermode process. The tool includes built-in analysis rules focused on Internet Information Services (IIS) applications, web data access components, COM+, SharePoint and related
Microsoft technologies
Typical Causes
3rd party drivers and applications /System file corruption >Hardware problems and device driver bugs
Malware viruses
Solutions to Boot problems
Reinstall ? Surgical repair ?
Need to understand boot process and available tools
Boot Process
Boot process terminology
System volume : Boot files
Master Boot Record MBR / Boot sector/ NTLDR NT Book Loader /NTDETCT.COM /BOOT.INI
Boot Volume :System files
.\Windows directory
Boot Process (Begins with setup)
1. Master boot record :- Partion table> 4 entries
2. Boot Sector :- NT Specific code >Reads root directory of volume >Load NTLDR
3. NT Boot Loader:- Moves from 16bit to 32bit mode & enables paging >If present, loads ntbootdd.sys> used if boot volume is on a SCSI disk >Reads Boot.ini >Entries points to
boot drives> If >1 choice, displays boot menu with time out >If 64bit system chosed moves CPU into 64bit mode> F8 to get to special boot menu >Last known good, Safe
WINDOWS Page 7
boot drives> If >1 choice, displays boot menu with time out >If 64bit system chosed moves CPU into 64bit mode> F8 to get to special boot menu >Last known good, Safe
modes, Debugging mode, etc >Ntdsetc.com performs BIOS hardware detection >later saved into : HKLM\Hardware|description > System registry hive loaded>Boot
driver:Critical to boot process e.g boot file system driver > Boot drivers loaded >Ntoskrnl.exe and its DLLs loaded >Tranfer control to: Ntoskrnl.exe
4. Operating System:- Splash screen appears > 2 Phase Kernel initialization >boot-start drivers started >System-start drivers loaded and started >Session manager process
created (Smss.exe)
5. Session Manager :-Runs Boot Execute programs (Autochk.exe check disk) >Process delayed file move/renames >To replace in-use system files >Pendmoves (Systinternlas
shows list >Open paging files >Initializes reset of Registry >Note crashes before this point will not result in a crash dump >
Loads win32k.sys driver . Kernel mode part of Windowing system >Starts Csrss.exe process. User mode part of Windowing system > Starts Winlogon.exe Interactive logon
process
6. Windows system. :-Csrss.exe process initializes windowing system > system moves to GUI mode >Cursor appears >
7. Logon process and security server :- > Winlogon starts Lsass.exe process > Local security Authority >Performs authentication. Applies security polices > Winlogon loads GINA
DLL > Default is Msgina.dll >Logon dialog appears
8. Services startup:- Services.exe starts services marked as automatic start >Mostly user mode process >May include kernel mode drivers >Service startup continues
asynchronous to logon
Recovery Console
Last known good Configuration: Boot from previous working setting
Safe Mode:
System Restore
MBR/Boot Sector Corruption
Sysmptoms: Hang at a black scree after BIOS executes > Invalid partion table > Error loading operating system>Missing OS on Black screen>NTLDR missing
Cause : MBR is corrupt
>Fixmbr >fixboot
8) Boot.in corruption
Cause: Boot.ini is missing or corrupt / Out of data (Partion changes)
Solution : Boot into RC > bootcfg /rebuild
9) Registry Corruption
Symptoms: NTLDR report that system hive is corrupt hive a registry file > blue screen on boot . May not see if autorestart >Disk corrupt>Regostru corrupted due to driver bug
or hardware
Solution> Boot in to RD & run chkdsk, If still fails need to restore hive >System restore point >recent system state backup > Windows rapier folder
10) System File Corruption
Symptom: NTOSKRNL.EXE, HAL.DLL other system file is missing or corrupt >Blue screen with corruption message
Cause: Disk is corrupt > File is missing or corrupt
Solution: chkdsk >restore C:\windows\system32\dllcache >repire
11) CRASHES OR HANGS
Symptoms : hang or crash
Cause : Buggy driver /Hardware problem /Bug in Windows
Solution: last know good configuration / boot Safe mode /Repair
12) Problems during LOGON
Sypmotms : Hangs, Error messages, System Crash /System Event logs error
What is recovery console?
Recovery console is a utility used to recover the system when it is not booting properly.
We can perform following operations from recovery console
1. Replace operating system files and folders,
2. Repair the file system boot sector or Master Boot Record
PoolMon
PoolMon (poolmon.exe), the Memory Pool Monitor, displays data that the operating system collects about memory allocations from the system paged and nonpaged kernel
pools, and the memory pools used for Terminal Services sessions. The data is grouped by pool allocation tag.
Driver developers and testers often use PoolMon to detect memory leaks when they create a new driver, change the driver code, or stress the driver. You can also use
PoolMon in each stage of testing to view the driver's patterns of allocation and free operations, and to reveal how much pool memory the driver is using at any given time.
Network Monitor 3.4 is the archive versioned tool for network traffic capture and protocol analysis. Download Microsoft Message Analyzer for updated parser support.
WINDOWS Page 8
WINDOWS TROUBLESHOOTING ISSUES

Thursday, May 7, 2015
12:12 AM
Explain any five troubleshooting issues WINDOWS 2008 OPERATING SYSTEM related ?
Server down alerts and h/w failure alerts
Servers weekly/monthly reboot request
CPU utilization high
Disk space issue
Physical Memory Usage High
Performance issues
Event viewr errors
Unable to RDP the server and not reachable
Server is in hug stage/ servers is down.
printer not loading paper in tray 3, and tray 3 is full of paper
Server blue screen error
services are In stop stage
Un expected reboot event id: 1076 and 6008
Printer Spooler service getting restarted
Hardware errors on the servers
Server rebooting frequently
Enabling the proxy setting va registry
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
"Proxy"=dword:00000000
Below steps to activate Windows.
Login to the server
cmd (run as administratior) and execute the below command
slmgr.vbs /skms IP
slmgr.vbs /skms IP
slmgr.vbs /ato
go to computer properties and check all "windows is activated"
SHARE FOLDER IS NOT ACCESSABLE

1) Check the network connectivity 2)disable the firewall 3) disable the ipv6 also disable via registry 4) check server service is running for shareing option 5)
check the group policy
2) Add authenticated users
Error message: "Your current security settings do not allow this file to be downloaded" when downloading
http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/error-message-your-current-security-settings-do/59cc236d-7baf-4552-92ff-b34b9a6942aa
Explain any five troubleshooting issues WINDOWS 2012 OPERATING SYSTEM related ?
Unable to rdp the server
Gateway ip address getting empty
Explain any five troubleshooting issues ACTIVE DIRECTORY related ?

AD ISSUES
AD user account is locked every five minute
Users are not able to login with AD credentia
Explain any five troubleshooting issues DNS DOMAIN NAME SYSTEM related ?
What happens if DNS server fails. Can a user is able to logon if the DNS server fails?
Windows clients use DNS for name resolution and service location, including locating domain controllers for logon. If DNS fails, user cannot logon in to domain.
Explain any five troubleshooting issues SITE AND SERVICES related ?
Explain any five troubleshooting issues GROUP POLICY related ?
Explain any five troubleshooting issues DHCP DYNAMIC HOST CONFIGURATION PROTOCOL related ?
WINDOWS Page 9
Explain any five troubleshooting issues DHCP DYNAMIC HOST CONFIGURATION PROTOCOL related ?
DHCP server is not assigning the IP address to client how ll u troubleshoot
If DHCP is not available what happens to the client?
Client will not get IP and it cannot be participated in network . Client will get Auto Private IP address APIPA ( IP Range 169.254.0.0 to 169.254.255.254 and
Subnet 255.255.0.0 )
Explain any five troubleshooting issues CLUSTER 2008 related ?

Cluster services stopped
Cluster resources are not moving
What happens to a running Cluster if the quorum disk fails in Windows Server 2008 Cluster ?
Cluster continue to work but failover will not happen in case of any other failure in the active node.
Explain any five troubleshooting issues CLUSTER 2012 related ?
Explain any five troubleshooting issues BACKUP FAILER related ?

Backup issues
backup failing
Netbackup system state backup is failing
Explain any five troubleshooting issues ANTI VIRUS related ?
Explain any five troubleshooting issues WINDOWS 7 related ?
Explain any five troubleshooting issues HP SERVER HARDWARE related ?

Array Controller Battery Failed- RAID Accelerator battery needs to be replaced.
PSP upgradation
Remote Insight/ Integrated Lights-Out Interface Error. The host OS has
Physical disk failed need to replace
Explain any five troubleshooting issues DELL SERVER HARDWARE related ?
Explain any five troubleshooting issues IBM SERVER HARDWARE related ?

Printer Spooler service getting restarted Event IdBlue screen error, how you will troubleshoot
Memory dump error how will you trouble shoot
Printer Spooler services getting crashed, Event id: what is the steps is taken to troubleshoot.
Server giving blue screen error
CPU utilization getting high
Error: Server Hungs

Solution:
Error: Server rebooting frequently
Solution:
Error: CPU utilization getting high
WINDOWS Page 10
Error: CPU utilization getting high

Solution:
Error: System status Backup is failing
Solution:
"Error: .System state backup is failing in Windows 2008 server with below error. ""Log of files for which backup failed:
C:\Windows\Logs\WindowsServerBackup\Backup_Error-08-07-2014_20-19-20.log
An operation on the global catalog failed because the catalog is corrupted.
"
Solution:
"Error: .System state backup is failing in Windows 2008 server with below error. "" The backup of the system state failed [7/8/2014 8:43 PM].
Log of files successfully backed up:
C:\Windows\Logs\WindowsServerBackup\Backup-08-07-2014_20-19-20.log
"
Solution:
Symptoms:500 Service account got locked
Resolution
Error: .
Solution:
Error: .
Solution:
Error: .
Solution:
Error: .
Solution:
Error: .
Solution:
Performance issues
Backup issues
Disk space issue
Eventviewr errors
Array Controller Battery Failed- RAID Accelerator battery needs to be replaced on MSA20 controller
Unable to RDP the server and not reachable
Server is in hug stage/ servers is down.
Machine has unexpected reboot. for further investigation Event ID: 6008
Schedule reboot of the servers
printer not loading paper in tray 3, and tray 3 is full of paper
backup failing
PSP up gradation
Remote Insight/ Integrated Lights-Out Interface Error. The host OS has
Server blue screen error
Netbackup system state backup is failing
services are In stop stage
Physical disk failed need to replace
JADE : Average (5 samples) total cpu is now 90.00%, which is above the error threshold (90%)
VMware snapshots backups are failing.
Cluster services stopped
Printer Spooler service getting restarted Event IdBlue screen error, how you will troubleshoot
Memory dump error how will you trouble shoot
Printer Spooler services getting crashed, Event id: what is the steps is taken to troubleshoot.
Server giving blue screen error
WINDOWS Page 11

CPU utilization getting high
Performance issues
Backup issues
Disk space issue
Event viewr errors
WINDOWS Page 12
UPGRADTION OF WINDOWS & AD

https://social.technet.microsoft.com/Forums/en-US/42070a54-a907-4526-b35c-6d6837f37a4e/migration-plan-for-windows-server-2003-to-windows-server-2012
http://channel9.msdn.com/Events/TechEd/Australia/2012/WSV331
Tool
Microsoft Assessment and Planning Toolkit
Active Directory Up gradation from 2003 to 2008
prerequisites
1. Take a backup of active directory using ntbackup (system state)
2. Forest and Domain functional level should be win 2000 native mode
Raise the Domian function level >windows server 2008 R2
2003 Domain must be in Native mode, SP2 must installed
2. Keep your windows 2008 CD handy
4. check hardware architecture
5. adprep /FORESTPREP (On Schema master)
adprep /DOMAINPREP (on Infrastructure Master)
adprep /DOMAINPREP /GPPREP (Run on the infrastructure master)
ADPrep /RODCPrep (If u will use Read only DC'S)
6. Once the schema is extended upgrade the OS using the CD.
Windows Server 2003 to 2008
Check the hardware compatibility
Licensing
How many process you have (Standard and Datacenter edition license)
2003 Servers should be patched to at least SP1
Download the ISO image
Application migration- Check which are applications are running? Is this application support 2012
Involve all the team for impact
Take the full backup of the servers
Stop the applicable service like, AV, Application service
Do the migration in weekend
In case of any issue need to involve vendor.
Once the migration is done power off the old server for 7 day's
if everything is fine raise the decommission request> decommission the server and wipe the data
Decommission process
Raise the change request
Take the full backup of the server
Dis-join the server from domain
Shutdown the server for one week
Notify to server owner
Raise the ticket to remove the server from monitoring/backup/DNS/AD/IP release/etc
No issues do the disk wipe using the (Darik's Boot and Nuke) /VM deleted the VM
Contact onshore team to de-rack the servers if applicable.
Follow the check list update the server as decommissioned in CMDB database
Notify to server owner
New server build process
Physical server
Raid configuration
Firmware and driver upgradation
OS installation and Follow the standard build check list
Upgrading to Active Directory Domain Services 2008
The forest and domain needs upgrading before a 2008 DC can be installed, or a 2003 DC can be upgraded.
Windows Server 2000 cannot be upgraded to 2008, but the path can be upgraded as follow 2000 --> 2003 --> 2008.
Change the Forest and Domain functional level
On the Windows Server 2008 disc copy the "adprep" folder to a domain controller.
2003 Domain must be in Native mode, SP2 must installed, Installtion must be started from 2003 OS
Inser2008 DVD C:\sources\adprep
adprep /FORESTPREP (On Schema master)
adprep /DOMAINPREP (on Infrastructure Master)
adprep /DOMAINPREP /GPPREP (Run on the infrastructure master)
ADPrep /RODCPrep (If u will use Read only DC'S)
Domain must be native mode
Active Directory Up gradation from 2003 to 2008
Just remember the prerequisites to do this tasks, that makes more of our work easy.
1. Take a backup of active directory using ntbackup (system state)
2. Transfer the FSMO roles to secondary domain controller if you have one.
WINDOWS Page 13

4. Make a note of hardware architecture on 2003 machine, if its 64bit you can directly proceed to next steps, other wise proceed to 7
5. Run adprep /forestprep, adprep /domainprep and adprep /gpoprep in sequential order to extend 2003 schema to support 2008 architecture. Run these commands on
windows 2003 machine from windows 2008 CD.
6. Once the schema is extended upgrade the OS using the CD.
7. If windows 2003 machine is 32bit, build a new windows 2008 machine and promote it as secondary domain controller. Transfer all FSMO roles from windows 2003 to
windows 2008 and raise the forest and domain functional levels to windows 2008 native.
8. Demote the windows 2003 server from the network.
Active Directory Backup and Restore
To take backup of active directory we will use NTBACKUP and choose system state backup, specify a location to save that file and BOOM!!!
WINDOWS Page 14
RAID
https://www.youtube.com/watch?v=Rn5LOtMBj_8
RAID:- A technique that combines multiple disk drives into a logical unit, (RAID) set and provides protection, performance, or both.
Multiple drives as part of set
Improve the storage performance by serving I/Os from multiple disk simultaneously
Provide data protection against drive failures
RAID:- A technique that combines multiple disk drives into a logical unit, (RAID) set and provides protection, performance, or both.
Multiple drives as part of set
Improve the storage performance by serving I/Os from multiple disk simultaneously
Provide data protection against drive failures
Software RAID
Uses host-based software
Limitations: Uses host CPU cycles for RAID calculations, which impact system performance
Supports limited RAID levels
RAID software and OS can be upgraded only if they are compatible
RAID Techniques
Striping / Mirroring /Parity
RAID Levels
RAID 0 Striped set with no fault tolerance (Single disk)
RAID 1 Disk mirroring (2 disk)
RAID 1+0 Nested RAID (4 disk require 2 for mirroring 2 for Striping) used for OLTP, database applications
RAID 3 Striped set with independent disk access and a distributed parity (Databackup and video streaming)
RAID 5- Striped set with independent disk access and a distributed parity (3 disk 2 for data 1 parity) (E-Mail, data mining )
RAID 6 Striped set with independent disk access and dual distributed parity
Hot spare : Its spare drive in RAID array that temporarily replace the disk by taking the identity of the fail disk with hot spare
RAID -Redundant Array of Independent disks
A category of disk drives that uses 2 or more drives in a combination for redundancy and performance Most common RAIDs: RAID 0(Striped), RAID 1(Mirroring), RAID 5
Dynamic disks consist of a single partition that can be divided into any number of volumes.
basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).
A category of disk drives that employ two or more drives in combination for fault tolerance and performance.
Advantages: Higher Data Security /Fault Tolerance /Improved Availability /Increased, Integrated Capacity /Improved Performance RAID levels are defined on the basis
of striping, mirroring, and parity techniques.
The data availability and performance are determined by these techniques
Different RAID levels are:
RAID 0 / RAID 1 / RAID 2 /RAID 3 / RAID 4 / RAID 5 / RAID 6 / RAID 0+1 / RAID 1+0 /50/51/52/53
Types of RAID Levels ?
RAID 0 Simple / Spanned / Striping Volume
RAID 1- Mirroring (minimum 2 HDD required)
RAID 5 Striping With Parity (Minimum 3 HDD required)
RAID levels 1 and 5 only gives redundancy
RAID 0+1 Mirrored stripes -Min 4 disks (2 stripes)
Spanned Volumes: Combines free space into one volume / Can not be used on boot/system
RAID Levels and Types
RAID, an acronym of Redundant Array of Independent (Inexpensive) Disks is the talk of the day. These are an array of disk to give more power, performance, fault
tolerance and accessibility to the data, as a single storage system. Its not mere combination of disks but all the disks are combined providing standard MTBF (mean
time before failure) reliability scheme; otherwise chances are performance would be affected drastically if disks are not combined as a single storage unit.
RAID Levels
All the RAID types and models are commonly classified as RAID levels, since RAID represented by a higher number is regarded to be superior, more efficient, highperformance array than the low numbered RAID. Hence, high security feature of RAID also depends on the RAID level you are using. RAID arrays, not only, provide the
users with maximum security and reliability but also make sure that if a disk fails no data is lost. The in-depth knowledge about RAID levels would help you through
buying of RAID servers.Lets briefly discuss here the main RAID levels and classes:
RAID 0 Striping:
Stripped volumes /Fast performance, no fault tolerance
It is the Stripped Disk Array with no fault tolerance and it requires at least 2 drives to be implemented. Due to no redundancy feature, RAID 0 is considered to be the
lowest ranked RAID level. Striped data mapping technique is implemented for high performance at low cost. The I/O performance is also improved as it is loaded across
many channels. Regeneration, Rebuilding and functional redundancy are some salient features of RAID 0.
WINDOWS Page 15
RAID 1 Mirroring:
It is the Mirroring (Shadowing) Array meant to provide high performance. RAID 1 controller is able to perform 2 separate parallel reads or writes per mirrored pair. It
also requires at least 2 drives to implement a non-redundant disk array. High level of availability, access and reliability can be achieved by entry-level RAID 1 array. With
full redundancy feature available, need of readability is almost negligible. Controller configurations and storage subsystem design is the easiest and simplest amongst
all RAID levels.
RAID 0+1:
It is the RAID array providing high data transference performance with at least 4 disks needed to implement the RAID 0+1 level. Its a unique combination of stripping
and mirroring with all the best features of RAID 0 and RAID 1 included such as fast data access and fault tolerance at single drive level. The multiple stripe segments
have added high I/O rates to the RAID performance and it is the best solution for maximum reliability.
RAID 2 (ECC):
It is the combination of Inherently Parallel Mapping and Protection RAID array. Its also known as ECC RAID because each data word bit is written to data disk which is
verified for correct data or correct disk error when the RAID disk is read. Due to special disk features required, RAID 2 is not very popular among the corporate data
storage masses, despite the extremely high data transference rates.
RAID 3:
RAID 3 works on the Parallel Transfer with Parity technique. The least number of disks required to implement the RAID array is 3 disks. In the RAID 3, data blocks are
striped and written on data drives and then the stripe parity is generated, saved and afterwards used to verify the disk reads. Read and write data transfer rate is very
high in RAID 3 array and disk failure causes insignificant effects on the overall performance of the RAID.
RAID 4:
RAID 4 requires a minimum of 3 drives to be implemented. It is composed of independent disks with shared parity to protect the data. Data transaction rate for Read is
exceptionally high and highly aggregated. Similarly, the low ratio of parity disks to data disks indicates high efficiency.
RAID 5:
RAIDS 5 is Independent Distributed parity block of data disks with a minimum requirement of at least 3 drives to be implemented and N-1 array capacity. It helps in
reducing the write inherence found in RAID 4. RAID 5 array offers highest data transaction Read rate, medium data transaction Write rate and good cumulative transfer
rate.
RAID 6:
RAIDS 6 is Independent Data Disk array with Independent Distributed parity. It is known to be an extension of RAID level 5 with extra fault tolerance and distributed
parity scheme added. RAID 6 is the best available RAID array for mission critical applications and data storage needs, though the controller design is very complex and
overheads are extremely high.
RAID 7:
RAID 7 is the Optimized Asynchrony array for high I/O and data transfer rates and is considered to be the most manageable RAID controller available. The overall write
performance is also known to be 50% to 90% better and improved than the single spindle array levels with no extra data transference required for parity handling.
RAID 7 is registered as a standard trademark of Storage Computer Corporation.
RAID 10:
RAID 10 is classified as the futuristic RAID controller with extremely high Reliability and performance embedded in a single RAID controller. The minimum requirement
to form a RAID level 10 controller is 4 data disks. The implementation of RAID 10 is based on a striped array of RAID 1 array segments, with almost the same fault
tolerance level as RAID 1. RAID 10 controllers and arrays are suitable for uncompromising availability and extremely high throughput required systems and
environment.
WINDOWS Page 16
HARDWARE
Server enclousre
HP
ILO HP(Integrated Lights-Out)
HP Smart Start cd, 10.10 Ver latest
HP Systems Insight Manager (To Manage
the HP servers)
HP System Management Home Page,
HP Array configuration Utility
HP Server Models : ProLiant DL380 G4, HP
ProLiant DL360 G6 Server
Array controller battery
HP ProLiant BL blades /HP ProLiant DL /HP
ProLiant ML /HP ProLiant Scalable Systems
/HP ProLiant MicroServer
HP Integrity systems
HP Integrity Superdome servers
HP Integrity Server blades
HP Integrity Rack servers
HP NonStop servers
HP Integrity NonStop BladeSystem
HP Integrity NonStop servers
HP Integrity BL Server Blades
HP ProLiant BL Server Blades
HP SIM
DELL
DRAC (Dell Remote Access Card )
Dell Systems Build and Update Utility to
build the server
Dell Open Manage CD (OS CD)
Dell Open Manage IT Assistant (To Manage
the Dell servers)
Dell Openmanage Essentials
Dell Open Manage Server Administrator
DELL SUU DVD VE7.4
Server Models: Power Edge
HP
HP Servers Model
Proliant DL380
ProLiant DL380 G4
ProLiant DL585 G2
ProLiant DL980 G7
ProLiant DL785 G6
ProLiant DL585 G7
ProLiant DL585 G6
ProLiant DL580 G7
ProLiant DL580 G5
ProLiant DL385p Gen8
ProLiant DL385 G7
ProLiant DL385 G6
ProLiant DL380 G7
DELL Servers Model

PowerEdge 1950
PowerEdge R710
Dell PowerEdge R900
PowerEdge T710
PowerEdge T620
PowerEdge T610
PowerEdge T605
PowerEdge R910
PowerEdge R905
PowerEdge R900
PowerEdge R805
PowerEdge R720
To check the serial number of HP server

>wmic bios get serialnumber
Dell OpenManage
Dell System E-Support Tool (DSET)
DELL
Tower Servers
PowerEdge R410
/420/510/515/520/610/620/710/715/720/72
0xd/R810/815/820/910/ Rack Server
Rack Servers -PowerEdge M-Series Blade
Servers
PowerEdge M420 /M520/M610
/M610x/M620/M820/M910/M915
IBM
RSA (Remote Supervisor Adapter)
IBM Server Guide Setup and Installation CD v9.41
IBM System Director v6.3.3
IBM update express ver 9.51
IBM server Models- IBM System HS22
Model: System x3850 X5-[7143B6G] 40 CPUs
X2.261 GHz /Processor Type: Intel(R) CPU E7-4860
@2.27GHz
14 Blade each chassis can be installed
Blade server support only 4 NIC and Rack server
support more network card.
IBM SERVER MODELS
IBM System x3950 M2 4 Node
IBM System x3950 M2
IBM System x3950
IBM System x3850 X5
IBM System x3850 M2
IBM System x3800
dsa_portable Report
CHECK THE SERIAL/TAG NUMBER
COMMAND LINE
>vmic bios
UID- button to get blink the led

DELL/HP/IBM HARDWARE
What is the advantage of RAID5 and why data is read/write fast
Different between software RAID and Hardware Raid
Have you used DRAC, iDRAC or iLO or IBM remote management tool?
Raid 5 & 1 scenario based questions.
Blade Level hp c7000
Enclosure
The BladeSystem c7000 enclosure provides all the power, cooling, and I/O infrastructure needed to support modular server, interconnect, and storage
components today and throughout the next several years. The enclosure is 10U high and holds up to 16 server and/or storage blades plus optional redundant
network and storage interconnect modules.
It includes a shared 7.1 Tbps high-speed NonStop mid-plane for wire-once connectivity of server blades to network and shared storage. Power is delivered
through a pooled-power backplane, and power input flexibility is provided with choices of single-phase AC input, 3-phase AC input, -48V DC input, and high
voltage DC input
http://www8.hp.com/us/en/products/enclosures/product-detail.html?oid=1844065#!tab=features
WINDOWS Page 17
http://www8.hp.com/us/en/products/enclosures/product-detail.html?oid=1844065#!tab=features
Virtual connect
HP Virtual Connect 16Gb 24-port Fibre Channel Module

From <http://www8.hp.com/us/en/products/servers/bladesystem/virtual-connect.html>
Profile creation
Port group
HP System mangment home page open via browser

https://servername:2381
Array Configuration Utlity
http://servername:2301
How to configure RSA on an IBM server.

Hp.com/go/hpchat
Dell Server default password
calvin
HP System Managament homepage port n (2381)
HP RAID Configuration
http://www.tricksguide.com/assign-configure-online-spare-hard-drive-to-a-raid-array-using-hp-orca.html
HP System mangment home page open via browser
https://servername:2381
Array Configuration Utlity
http://servername:2301
HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility (GUI and CLI) for Windows
HP System Mangament Home Page
https://127.0.0.1:2381/
HPS Reports Enhanced version 9.1.00

http://update.external.hp.com/HPS/HPSreports/
Proliant pack
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=5177958&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrpnavigationalState%3Didx%253D2%257CswItem%253DMTX_335408c4a064478d934e9423c0%257CswEnvOID%253D4064%257CitemLocale%253D%257CswLang%
253D%257Cmode%253D4%257Caction%
253DdriverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
Please follow the below steps to generate the survey report
a) Click 'START' > 'PROGRAMS' > 'HP SYSTEM TOOLS' > 'HP INSIGHT DIAGNOSTICS ONLINE EDITION FOR WINDOWS'
b) Survey file will load on the screen. (this would take some time)
c) Change CATEGORY from 'Overview' to 'All' (the page would refresh after this)
d) Change VIEW LEVEL from 'Summary' to 'Advance' (the page would refresh after this), 'categories' to All.
e) Click 'Save' (default filename would be survey.html and default location would c:\HP\HPDiags)
Please refer the below link to download and install the offline bundle to the server.
HP ESXi Utilities Offline Bundle:
Type: Software - System Management
WINDOWS Page 18
Type: Software - System Management

Version: 1.6 (18 Feb 2014)
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=3288144&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrpnavigationalState%3Didx%253D%257CswItem%253DMTX_1a9468a865864c44922ace6d99%257CswEnvOID%253D4115%257CitemLocale%253D%
257CswLang%253D%257Cmode%253D%257Caction%
Please refer the below link to download and install ProLiant Support Pack.
ProLiant Support Pack:
Type: Software - Support Pack
Version: 9.10 (4 Jun 2012)
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=3288144&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrpnavigationalState%3Didx%253D%257CswItem%253DMTX_63633e1bebe9431987c1ece85b%257CswEnvOID%253D4064%257CitemLocale%253D%
ProLiant Support Pack for Microsoft Windows Server 2003 x64 Editions:
Version: 8.70 (5 Apr 2011)
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=3288144&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrpnavigationalState%3Didx%253D%257CswItem%253DMTX_46e6f06f36364d0ba12427a0a4%257CswEnvOID%253D1113%257CitemLocale%253D%
ProLiant Support Pack for Microsoft Windows Server x32 2003:

Version: 8.70 (5 Apr 2011)
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=3288144&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrpnavigationalState%3Didx%253D%257CswItem%253DMTX_c4a548846c6241a68d6744ff70%257CswEnvOID%253D1005%257CitemLocale%253D%
======================================================================================
IBM
IBM Servers Models

Hewlett Packard LTO Ultrium- Drive
TAP Drive
IBM director agent
User id - jainkhan@in.ibm.com
Pwd - Zainul@123
IBM Sever Support

01475 557 390 option 1
http://www-933.ibm.com/support/fixcentral/
IBM director agent to open local system
http://www-933.ibm.com/support/fixcentral/systemx/downloadFixes
ibm_utl_dsa_v.r.m_portable_plaform -v
http://www-947.ibm.com/systems/support/reflib/simulators/xseries/x260/main.html
dsa_portable
IBM Dynamic System Analysis (DSA) v3.10 (Portable) for Microsoft Windows - IBM BladeCenter and System x
http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm/systemx/7147&fixids=ibm_utl_dsa_dsyt91l-4.00_portable_windows_x86-64
&source=dbluesearch&function=fixId&parent=System%20x3690%20X5
United States
Toll Free: 1-800-IBM-SERV

(1-800-426-7378)
IBM Hardware and Software Support
WINDOWS Page 19
IBM Hardware and Software Support

(Operating Systems, WebSphere, Information Management, Netezza, Cognos, SPSS, Lotus, Tivoli, Security Systems & Rational)
Toll: 1-919-864-3512
Toll free:1-800-426-7378
User ID: jainkhan@in.ibm.com
Security question: what is my name
Security answer: zainul
Update express link
http://www-933.ibm.com/support/fixcentral/systemx/downloadOptions
DSA report run via command line

copy the DSA report in folder ex
C:\IBM_Support>ibm_utl_dsa_dsyta0r-9.20_portable_windows_x86-64.exe -v
go to the below folder open > Index.html
======================================================================================
DELL
Dell OpenManage
Dell System E-Support Tool (DSET)
Dell OpenManage opening via IE

https://PGHESX17:1311
http://downloads.dell.com/FOLDER00925256M/1/Dell_DSET_3.3.0.302.exe
How to run DSET (windows) version 3.2:

Install to system: ( create report)
1.) Download the program to the server desktop.
2.) Run the executable and agree to the terms.
3.) For Installation Type Choose "DSET Collector and DSET CIM provider." Click Next
4.) Select "Install DSET Components" Click Next.
5.) Default install path is c:\Program files\Dell\
6.) Click next accepting defaults.
7.) Click Finish. (Leave "Run and collect DSET Report" Unchecked.)
8.) In windows go to Start/ All Applications / DSET / Create Advanced Report, right click run as administrator
9.) Then e-mail the DSET .zip file to me.
Ports (both ways):
UDP 161 - SNMP
UDP 162 - SNMPTRAP
TCP 1311 - OMSA (HTTPS)
TCP 443
TCP 445
https://delltechcenter.com
http://www.dell.com/support/Assets/us/en/19
http://support.dell.com/support/downloads/index.aspx
DSA can be downloaded from the below link:
http://www.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=SERV-DSA&brandind=5000008
Dell BIOS and Firmware upgrade utlity
Dell Q2 Server Update Utility DL-DVD ISO - 32Bit , v.7.3.0 - A01
http://www.dell.com/support/drivers/us/en/04/driverdetails?driverid=9G3JT
Dell Server Update Utility, v.7.4
http://www.dell.com/support/drivers/uk/en/ukbsdt1/DriverDetails/Product/poweredge-r620?driverId=84DXV&fileId=3105458864&osCode=MWS80
WINDOWS Page 20
http://www.dell.com/support/drivers/uk/en/ukbsdt1/DriverDetails/Product/poweredge-r620?driverId=84DXV&fileId=3105458864&osCode=MWS80
WINDOWS Page 21
ACTIVE DRIECTORY
AD- Tools
Active directory Migration tool
Process explorer
auto run
RSAT win7
AD administrative Center
Commands
Ntdsutil / Netdom /Repadmin/ADSI Edit/Dcdiag
netdom query :fsmo
AD 2008 features
AD 2012 features
"Read-Only Domain Controllers /Fine-Grained

Password Policies /Restartable Active Directory
Service /Backup and Recovery
SYSVOL Replication with DFS-R /Auditing
Improvements /UI Improvements"
Domain controller deployment : Powershell as well as GUI (Depreciated dcpromo)

AD can be installed via powershell
Deleted object can be created enabling recyclebin
GUI for Recycle Bin Microsoft introduced the Active Directory Recycle Bin in Windows Server 2008 R2, but it was
limited by its Windows PowerShell-only exposure. This time it gets a GUI.
UI for Fine-Grained Password Policies Also gaining a GUI are fine-grained password policies.
Dynamic Access Control (DAC) Windows Server 2008 R2 brought the File Classification Infrastructure (FCI). This
version's DAC adds far greater functionality to the (optional) second layer of FCI resource authorization.
Windows PowerShell History Viewer You see the Windows PowerShell commands that correspond to actions you
perform in the Active Directory Administrative Center UI.
Windows PowerShell Cmdlets for Active Directory Replication and Topology More cmdlets -- enough said.
Active Directory-Based Activation (ADBA) The good: ADBA eliminates the need for a Key Management Service server.
The bad: Only forthcoming Windows 8 computers can leverage ADBA. Seriously, Microsoft?
Flexible Authentication Secure Tunneling (FAST) The nickname for FAST is "Kerberos armoring," if that tells you
anything. It isn't enabled by default and requires clients that support it. Think you'll be using it anytime soon?
Virtual Snapshot and Cloning Support Active Directory and hypervisor snapshots didn't mix before. Now they do, if
your hypervisor supports VM Generation ID.
ADPREP Integrated into DC Promotion Can't recall the proper steps to promote a member server to a DC?
Active Directory Federation Services (ADFS) Now In-Box Adding ADFS no longer requires a separate installation. ADFS
also gains multiple improvements. Watch this space, because you'll be seeing and using more ADFS
Domain Join via DirectAccess : Computers can now be domain-joined over the Internet. You'll need DirectAccess first.
Kerberos Constrained Delegation (KCD) Across Domains Another of those capabilities you've probably never used,
but probably will in the future. KCD was first introduced in Windows Server 2003. Now it can span domains.
Group Managed Service Accounts (GMSAs) MSAs in Windows Server 2008 R2 made administering service accounts
easier. GMSAs in this version extend their support to clustered and load-balanced services.
==========================================================================================
AD TROUBLESHOOTING
AD user account is locked every five minute
Users are not able to login with AD credentials
==========================================================================================
FSMO - Flexible Single Master Operations
FSMO is the short representation of Flexible Single Master Operations. Each of these word has its own significance. Operation Master is a set of roles which handles a separate
operation. So why Flexible & Single used?
Single is used since each role works independently on a Single DC. Since these operations master roles can be moved across the DCs, it is called Flexible and thats why the name
Flexible Single Master Operations. The terms Operations Master, Single Master Operation are also used interchangeably for FSMO.
FSMO roles need not be installed separately. It will be installed automatically during the domain creation. And by default, it will be available in the first DC of the forest. All the roles
can be moved to any DC in the forest.
FSMO Roles
There are 5 FSMO roles. These roles can be classified as Forest wide role and Domain wide role.
Forest wide roles: - Schema Master > Domain Naming Master
There will be only one Schema Master and Domain Naming Master across the forest.
Domain wide roles: Infrastructure Master > PDC Emulator > RID Master
These roles are domain specific and has to be there for each domain.
Schema Master
This role manages the schema of the forest.
Any updates or modifications to the existing schema will be managed by this role.
Not dependent on Global Catalog server
Since this role is not used often once domains are setup, it is fine to place this role in a DC which does not have much of processing capability
Since schema master role is required as long as the forest exists, it is recommended to place this role in the root domain.
If Schema Master is down ?
No impact on the domain. The work of the domain will continue as always.
WINDOWS Page 22
But if the admin tries to perform any schema related change, error will occur.
Domain Naming Master
Manages the addition and removal of domains in a forest.
It is recommended to make a DC with Domain Naming Master a Global Catalog server
Since this role is not used often once domains are setup, it is fine to place this role in a DC which does not have much of processing capability
Since Domain Naming Master role is required as long as the forest exists, it is recommended to place this role in the root domain.
If Domain Naming Master role is down?
New domains cannot be added. Existing domains cannot be deleted.
Infrastructure Master
When an object in one domain is referenced in another domain, it represents the reference by the GUID, SID and the DN of the object being referenced (Phantom Object).
Responsible in updating this cross domain references
Plays an important role when there are multiple domains. But no relevance when it is a single domain environment.
Do not hold Infrastructure Master role in a DC holding Global Catalog role unless all the DCs in the environment holds the GC role.
If infrastructure master role is down?
No impact in a single domain environment.
If there are multiple domains, any change in an object which is referenced by another object in another domain will not be reflected.
Why Infrastructure Master should not be a GC ?
Infrastructure Master role is responsible for managing any cross domain references.
An AD group is something which can hold members of its own domain and groups from other domain(Eg: Global group and Universal group). For a group in one domain to
contain members from another domain, a pointer or cross-domain reference is required. This cross-domain reference is called a Phantom object.
The phantom object needs to be updated regularly. Each DC is responsible for updating its own phantom objects. For all DCs in the domain, this task is done by the DC
holding the Infrastructure Master (IM) role. But except for DCs holding GC role as it doesnt require the cross reference since it already holds a partial replica of all objects in
the forest. Phantom object will have the GUID, Distinguished Name(DN) and SID of the object which is being referenced.
PDC Emualtor
Mainly to provide backward compatibility with legacy systems such as Windows NT
Responsible for handling password changes in a domain
Manages account lock out. Whenever authentication fails a lock out counter will be incremented by the PDC.
Responsible for keeping domain time in sync. DC holding this role will be the most credible and authoritative time server in the domain.
Responsible in updating group policy
It is always better to hold DC which connects the most number of users a PDC emulator as user login often need to contact this DC for authenticating.
If PDC Emulator is down?
Users will not be able to change password
Can lead to unsynced time which can lead to logon failures
Group policy update issues
What is the role responsible for time synchronization?
PDC Emulator is responsible for time synchronization. Time synchronization is important because Kerberos authentication depends on time stamp information
RID Master
RID master is responsible in allocating the RIDs to the DCs
Each object will have an SID which is a combination of Domain SID and RID
Each DC will have a pool of 500 RIDs initially
Once RIDs allocated to a DC gets exhausted, the DC contacts the RID master for a new pool of RIDs
If RID master is down?
Not of much impact if the DCs have enough RIDs available in its pool
New objects will not be created if RIDs exhaust
What are AD, DNS, and DHCP?

AD (Active Directory)
An active directory is a directory structure used on Microsoft Windows computers and servers to store information about networks and domains. It is
primarily used for online information and was originally created in 1996. It was first used with Windows 2000.
An active directory (sometimes referred to as an AD) has many functions. It provides information on objects, organizes these objects for easy retrieval and
access, allows users and administrators to access it, and allows the administrator to set security up for the directory.
What is Active Directory?
Its essential database. Provides centralized control / records all password changes/ requires dedicated servers/Resources (Printer/Share folders) / Service like Email can use
AD/Stores Group policy /
AD: Is collection of services, Database objects,
Services are (AD Domain service,
AD Federation service,
AD Certificate service,
AD Lightweight Directory Access Protocol,
AD Right Management Service
AD is introduced in Win 2000 Server. AD is a hierarchical database.
AD is a directory service, which stores information about network resources and make the resources accessible to users and computers. AD helps to centrally manage,
organize and control access to resources. AD objects include Users, Computers, Groups, OU, Printers, etc. Active directory depends on two Internet standards one is DNS
and other is LDAP. Information in Active directory can be queried by using LDAP protocol
Benefits: Support large number of users, Easy IT administration, more security, Centralized Group Policy for computers & users
WINDOWS Page 23
Benefits: Support large number of users, Easy IT administration, more security, Centralized Group Policy for computers & users
Domain It is still a logical group of users and computers that share the characteristics of centralized security and administration. A domain is still a boundary for security
this means that an administrator of a domain is an administrator for only that domain, and no others, by default.
Domains: Logical group that share the same AD database/ Share the same name space/
Domain Controller :Runs AD domain services / Holds a copy of the AD database/Replicates changes with other DC's/Authenticates users / Determines access
Tree a tree is a collection of Active Directory domains that share a contiguous namespace.
Forest a forest is the largest unit in Active Directory and is a collection of trees that share a common Schema. In a forest all trees are connected by transitive two-way trust
relationships, thus allowing users in any tree access to resources in another for which they have been given appropriate permissions and rights. By default the first domain
created in a forest is referred to as the root domain.
OU Organizational unit, it is used to assign Group Policy settings to Users, Computers and Groups etc. One user can assign in to one OU only.
Groups Groups, it is used to assign security rights and OU for policy settings. One user can assign in to multiple groups.
Group Scope: Domain local , Global , Universal.
Domain local :
Global:
Universal - keep the information in global catlog, Changes will be replicated to global catlog server If the Global catlog is down not able to login
Group type : Security , Distribution.
Security can be used for security with files and folder and other objects
Distribution Cant be used for security, Does not have SID, use for e-mail distribution
What is LDAP: The Lightweight Directory Access Protocol (LDAP) is a protocol for clients to query and manage information in a Directory Service over a TCP connection
( port 389 ).
Active Directory information can be queried by using LDAP protocol. Microsoft has provided support for LDAP in Active Directory and enabled it to be integrated with the
Internet.
Global Catalog :The global catalog contains a complete replication of all objects in Active Directory for its own domain, and contains a partial replication of all objects in
other domain in the forest. Global catalog is one of the major role in active directory.
It is mainly used to search the objects in a entire forest . We can have each domain controller in domain or only first domain controller in a domain. A global catalog server is
a master searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replication of all objects in
Active Directory for its own domain, and contains a partial replication of all objects in other domain in the forest. In Windows 2003 ,Universal Group caching membership is
available for quick logon across domain. GC Port no:3268 & 3269. It is also taking part of AD replication. It has two major functions :
i)Provides Universal group membership information during logon and authentication
ii)Helps users to locate resources in Active Directory"
What is Active Directory:-AD is introduced in Win 2000 Server. AD is a hierarchical database.AD is a directory service, which stores information about network resources and
make the resources accessible to users and computers. AD helps to centrally manage, organize and control access to resources. AD objects include Users, Computers,
Groups,Ou, Printers, etc.
Global Catalog
Global catalog (GC) is a role handled by domain controllers in an Active directory model. The global catalog stores a full copy of all objects in the directory for its host
domain and a partial copy of all objects for all other domains in the forest.
Partial copy refers to the set of attributes that are most used for searching every object in every domain. All domain controllers can be promoted as a GC. GC helps in
faster search of AD objects. The replicas that are replicated to the global catalog also include the access permissions for each object and attribute. If you are searching for
an object that you do not have permission to access, you do not see the object in the list of search results. Users can find only objects to which they are allowed access.
Global catalog server clients depend on DNS to provide the IP address of global catalog servers. DNS is required to advertise global catalog servers for domain controller
location. By default, first DC of in a forest will be a global catalog server
What is the database files used for Active Directory?
NTDS.DIT ( New Technology Directory Service. Directory information tree )
What is the location of AD Database?
%System root% / NTDS / NTDS.DIT
What are the uses of ntdsutil tool?
1.
2.
3.
4.
5.
6.
Authoritative Restore - Authoritatively restores the Active Directory database or AD LDS instance
ifm - Create installation media for writable and RODC setups (Offline DC provisioning)
metadata cleanup - Cleans up objects of decommissioned servers
roles - Transfers and seizes operations master roles
set DSRM password - Resets DSRM administrator password
snapshot - Manages snapshots of the volumes that contain the Active Directory database and log files
AD Perquisites
Hardware Requirement:CPU-1.4GHz/512MB RAM 2GB recommended/Disk-64GB /Static Ip / DNS/First DC Local Administrator/ DCpromo/install server role >AD domain
service
DOMAIN FUNCTIONAL LEVEL FEATURES
Windows 2000 Native:
Minimum requirement for win server 2008/R2 / Must remove all NT4 DC /Basically gives you AD
Win2003
All DC's must be Win2003 or above
Allow Domain controller to be renamed
Additional AD attributes >Last login time stamp >User password (Used on iNetOrgPerson object)
Constrained delegation
Selected authentication
WINDOWS Page 24
Selected authentication
Support to store authorization policies in AD
Win2008
All DC's must be Win server 2008 or above
DFS replication for SYSVOL
Advanced Encryption system (AES) for Kerberos
Last logon including failed attempts
Fine-grained passwords
Win2008 R2
All DC's must be Win server 2008 R2 / Authentication mechanism assurance /Automatic SPN (service Principla Names) management
Mixed or Interim
Only used when upgrading from NT4
FOREST FUNCTIONAL LEVELS FEATURES
win2000 Forest Level
Basic AD functionally
All domains must be 2000 native or above
No NT4 DC's
Win Sever2003 Forest functional level
All Domains must be win2003 domain functional level or above
All DC's in your forest must be Win server 2003 or above
New features
Forest Trust / Rename domains /Linked value Replication /Improved knowledge Consistency Checker (KCC) /Dynamic auxiliary class (Dynamic entries)
Convert inter Org Person object into a user object and reverse /Win server 2008 Read only DC (RODC) /Deactivation of attributes and classes in the schema
Win server 2008 Forest Level
All Domain function levels 2008 or above /NO NEW FEATURES
Win server 2008 R2 Forest Level
All Domain function levels 2008 R2 /AD recycle bin
Contents of System state backup
Registry /COM+ Class Registration database / Boot files, including the system files / System files that are under Windows File Protection / Active Directory directory service
(If it is domain controller) /SYSVOL directory (If it is domain controller)/ Cluster service information (If it is a part of a cluster) /IIS Meta directory (If it is an IIS server)
Certificate Services database (If it is a certificate server
AD Instattion >Dcpromo/Roles>AD Domain services
NETDIAG/ DCDIAG /Ntdsutl.exe /Netdom.exe
net accounts (It will show the fsmo roles) netdom query :fsmo
Active Directory Schema:-Active Directory Schema is a combination of objects and their attributes. For example user account is an object and first name, last name, address
etc are the attributes belongs to that object. So schema can be defined as each and every object in the forest and their attributes.
What is the SYSVOL folder:-SYSVOL is a system shared folder that contains the Group Policies template, User Logon scripts and NETLOGON share.( client to locate domain
controller). SYSVOL folder ( Policy and Scripts ) will be replicated to all domain controllers in the domain.
Difference between Schema Master and Global Catalog?
Schema Master :Schema contains set of classes and attributes. eg User, computer, printer are the objects in AD which are having their own set of attributes.
other domain in the forest.
How dow you check whether Active Directory has been installed properly or not?
By checking SRV Records In DNS Server.
After Active Diretory is installed, DC will register SRV
records in DNS. / Verify SYSVOL Folder
We can check this using DNS MMC or nslookup command. Set type=ns /Using MMC
Verify Database and Log files > NTDS.DIT,edb.*,Res*.log
run dcdiag from command prompt, if it shows all test pass
then Active directory is properly installed.
check active directory users and computers
active directory domain and trust
active directory site and services
database folder / sysvol folder /log file /
when u installed dns ! check srv records / using ns lookup.
Verify SRV Resource Records
After AD is installed, the DC will register SRV records in DNS when it restarts.
If the SRV records are registered, the following folders will be there in the domain folder in
Forward Lookup Zone.
msdcs/ sites/tcp/udp
Using nslookup / >nslookup
>ls t SRV Domain
WINDOWS Page 25
>ls t SRV Domain

If the SRV records are properly created, they will be listed.
Verifying SYSVOL
If SYSVOL folder is not properly created data stores in SYSVOL such are scripts, GPO, etc will not be replicated between DCs.
First verify the following folder structure is created in SYSVOL
Domain /Staging /Staging areas/Sysvol
Then verify necessary shares are created. >net share (It should show two shares, NETLOGON and SYSVOL )
Verifying Database and Log files
Make sure that the following files are there at %systemroot%\ntds Ntds.dit, Edb.*, Res*.log
1.By checking SRV Records In DNS Server.After Active Diretory is installed, DC will register SRV records in DNS.
2. Verify SYSVOL Folder using net share command/3. Verify Database and Log files NTDS.DIT,edb.*,Res*.log
4) verify active directory objects like computers,users and ForeignSecurityPrincipals are created in ADUC
5)verify whether Default domain controllers OU is created and holds the DC in ADUC
6)verify whether Default-First-Site-Name is created ASNS
7)verify whether the DC also GC Server by checking NTDS setting in ASNS
8) very the DNS suffix for DC in My computer and also check whether it registers proper role using net accounts command
9)DCdiag and netdiag
Schema Version Win2000 -13 / 2003-29, 30 / 2003 R2-31 / 2008-44 / 2008 R2-47 / 2012-56 / 2012R2-69
How to check the schema version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters\ Schema Version
Where is the AD database held? What other folders are related to Active Directory?
NTDS.DIT is the file thats responsible for keep all Active Directory database.
NTDS.DIT New Technology Directory Service. Directory Information Tree, Location of NTDS.DIT Database - %System root% / NTDS / NTDS.DIT
And also the folder (%System root% / NTDS / NTDS.DIT ) contains the following files :
NTDS.DIT database file
EDB.CHK Checkpoint File
EDB.LOG Transaction logs
RES1.LOG & RES2.LOG Reserved transaction logs
SYSVOL is a system shared folder that contains the Group Policies template, User Logon scripts and NETLOGON share.( client to locate domain controller). SYSVOL folder
( Policy and Scripts ) will be replicated to all domain controllers in the domain.
What is the SYSVOL folder?
Application directory partition. This new partition is unique in that it allows directory information to be replicated to certain domain controllers only, on an as-necessary
basis. Specifically designed for directory-enabled applications and services, application directory partitions can contain any type of object, with the exception of security
principals such as users, computers, or security group accounts.
Difference between DC & ADC
There is no difference between in DC and ADC both contains write copy of AD. Both can also handles FSMO roles (If transfers from DC to ADC). It is just for identification.
Functionality wise there is no difference.
AD Installation requirements?
An NTFS partition with enough free space
200 MB space for AD /50 MB space for log files /An Administrator's username and password
A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
A network connection (to a hub or to another computer via a crossover cable)
DNS server (which can be installed on the DCPROMO itself)
A Domain name that you want to use
The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder)
Active Directory Partitions
There are three partitions present in AD
Schema Partition :-Contains information about forest wide schema and will be replicated to all domains in the forest
Configuration Partition :-Contains information about active directory configuration and will be replicated to all domains in the forest
Domain Partition :-Contains information about the specific domain and will be replicated to domain controllers in that domain.
What is Active Directory De-fragmentation?
De-fragmentation of AD means separating used space and empty space created by deleted objects and reduces directory size (only in offline De-fragmentation)
Difference between online and offline de-fragmentation ?
Online De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white
space is the space created because of object deletion in AD eg User) and improves the efficiency of AD when the domain controller up and running
Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the
efficiency will be same as in online defragmentation
What is tombstone period?
Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 180 days by default
(which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DCs. After 180 days object will be deleted permanently from all Dcs.
Tombstone: Lifecycle period is 180 day's, after deleting the object it will be stored in Tombstone period.
Garbage collection is the process which runs on AD database every 12 hours which erase all the objects which has crossed tombstone.
WINDOWS Page 26
To enable Ad recycle bin server should win2008 R2 and Forest functional level 2008R2, all DC are should be 2008 R2,
Recycle been features need to be enable by Powershell
What is the physical and logical structure of AD?
The physical structure of Active directory relates to two main types of objects Sites and domain controller.
The logical parts of Active directory include Forests, Trees, Domains, OUs and global catalogs.
What is trust ? Trust is relationship between domain and forest.
What is Active Directory Schema?
The schema is the Active Directory component that defines all the objects and attributes that the directory service used to store data.
How we can raise domain & forest functional level in Windows 2003?
AD users and computers>domain functional level->choose DFL as per your environment.
AD Domain and Trust>Forest functional level>choose FFL as would your environment.
Note: Once you have change the DFL and FFL,cannot be revert.
Which is default protocol used in directory services? LDAP Leight Weight Directory Access Protocol.
What is IPv6?
It is a 128 bit size address. The differences between IPv6 and IPv4 are in five major areas: addressing and routing, security, network address translation, administrative
workload, and support for mobile devices
What is default domain functional level in Windows Server 2003 ?
Windows 2000 Mixed
In which domain functional level,we can rename domain name ? Windows 2003 DFL, we can rename the domain
Which is the command used to remove AD from a domain controller ? If we want to remove Active Directory then we will use command > DCPROMO
If someone deleted parent domain and we want to remove from child domain then we will use command DCPROMO /FORCEREMOVAL
Note: - we should not remove parent domain first. We should start from bottom means child domain and after that its parent and so on.
How we can create console which contain schema?
We need to run the registry file for schema in cmd mode : regsvr32 schmmgmt.dll Then you can see the Add -snap in wizard in mmc console.
What is the authentication protocol used in NT? NTLM (New Technology LAN Manager)
Degragmentation are of 2 types:
Online defrag. - will be triggered by the garbage collection process, does not resize the ntds.dit file.
Offline defrag - can be done offline mode (DSRM mode) which resizes the AD ntds.dit database file, where it reduces the file size if necessary after defrag.
Define tombstone? Tombstone is an advanced attribute which contain deleted objects for particular period of time, default is 60 days in SP 1 its been extended up to 180
days.
You can check your tombstone-lifetime using the following command which comes with Windows Server 2003:
dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=chettyandco,DC=com" -scope base -attr tombstonelifetime
The Tombstone-lifetime applies to all domains in your forest
What are the partitions of Active Directory?
Schema Partition, Application Partition, Configuration Partition, Directory service partition
What are the different types of partitions present in AD ?
Active directory is divided into three partitions
Configuration Partitionreplicates entire forest
Schema Partitionreplicates entire forest
Domain Partitionreplicate only in domain
Application Partition (Only in Windows 2003)
Use of Netdom.exe? Netdom.exe is domain management tool to rename domain controller
What is multimaster replication?
Whenever a change occurs to any object within an Active Directory domain, that change is replicated automatically to all domain controllers within the domain. This process
is called multi-master replication.
Additional Domain : ADC is a writable copy of AD database. It is used for AD fault tolerance. We can FSMO roles from PDC to ADC ( if PDC goes offline ).
Difference between Schema Master and Global Catalog?
Schema Master :Schema contains set of classes and attributes. eg User, computer, printer are the objects in AD which are having their own set of attributes.
other domain in the forest.
If RID master fails what happens? If RID master is down we cant create any object.
What are the Classes in Windows 2003 Active directory? Structural Classes / Abstract Classes/Auxiliary Classes/ 88 Classes
Usage of NETDOM command?
To query AD functions like creation trust and finding FSMO role holders etc.
How to restore an object in authoritative mode?
Using Ntdsutil.exe
Active Directory Authoritative Restore:
Ntdsutil , activate instance ntds , authoritative restore
restore subtree ou=staff,ou=london,dc=domain,dc=local
quit , quit / ntdsutil: auth rest /restore subtree ou=OU NAME,dc=DOmainNAME,dc=com
repadmin /syncall (for replication)
How do you know which server hosts which role? >NETDOM QUERY FSMO
Rename a Domain Controller
WINDOWS Page 27
Rename a Domain Controller

Add another computer name for the DC:
netdom computername %computername% /add:lon-dc01.domain.local
Make it the primary computer name:
netdom computername %computername% /makeprimary:lon-dc01.domain.local
Remove the old computer name:
netdom computername %computername% /remove:dc01.domain.local
Register the Active Directory Schema snap-in
regsvr32.exe schmmgmt.dll
Active Directory Logical Structure are:
1. Trees and Forests
2. Domains and Domain Controllers
3. Global Catalog
4. Organizational Units
5. Sites
6. Security Groups
How does u transfer Schema master?
Using the Windows interface
Open the Active Directory Schema snap-in. Run>mmc>
In the console tree, right-click Active Directory Schema>Active Directory Schema>Operation Master> and then click Change Domain Controller.
Click Specify Name and type the name of the domain controller that you want to hold the
schema master role.
In the console tree, right-click Active Directory Schema, and then click Operations Master.
And Click Change. Using a command line
1. Open Command Prompt.
2. Type: ntdsutil
3. At the ntdsutil command prompt, type: roles
4. At the fsmo maintenance command prompt, type: connection
5. At the server connections command prompt, type: connect to server (Servername)
6. At the server connections command prompt, type: quit
7. At the fsmo maintenance command prompt, type: transfer schema master
If u change the password in the client, how much time will it take to update the Password in the domain controller?
When you change a password, it is setting immediate over Netlogon's secure channel to the PDC operations master. Specifically, the domain controller makes a remote
procedure call (RPC) to the PDC operations master that includes the user name and new password information.
The PDC operations master then locally stores this value
When you require a Infrastructure Master?
The infrastructure master role needs to be held by a domain controller that is not a Global Catalog server.
If the infrastructure master role is held by a domain controller that is a Global Catalog server,
cross-domain object references in that domain will not be updated. If all domain controllers in a domain are Global Catalog servers, it does not matter which domain
controller holds the infrastructure master role.
What is the role of GC in authentication process?
It has two major functions : Provides Universal group membership information during logon and authentication, Helps users to locate resources in Active Directory
How do you promote a server to a domain controller (in windows 2003) over a slow wan links?
Take the backup of system state from the DC and restore it in the server where you are promoting using dcpromo /adv and select restore from backup.
What is new in Windows 2008 AD?
"Read-Only Domain Controllers /Fine-Grained Password Policies /Restartable Active Directory Service /Backup and Recovery
SYSVOL Replication with DFS-R /Auditing Improvements /UI Improvements"
How to edit Schema in AD?
Firstly, schmmgmt.dll has to be register. Then ADSIEdit tool can be used to edit schema.
What are the components of Logical AD?
The logical parts of Active Directory include forests, trees, domains, OUs and global catalogs.
Restore AD Object from the AD snapshot in Server 2008
Active Directory Backup and Restore in Windows 2008
http://www.systemadminguide.in/2013/07/active-directory-backup-and-restore.html
Windows NT architecture SAM Database / It support 5000 objects / Single Master Architecture
Windows 2008 Architecture Domain Controller of Read and Write copy / Multi Master architecture (make changes any DC)
Maximum DC support in windows 2003 and above -1200
Users
OUWINDOWS Page 28
OUGroup policy container

Win2000 AD support -800
==========================================================================================
TRUSTS
TRUST ISSUES
"Clients are unable to access resources in a domain outside of the forest. "
On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then
click Properties.>Click Validate.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5d345467-992e-4a58-8b59-cbd72c014728/how-can-troubleshoot-the-trust-issues-in-ad-and-how-alltrust-works-in-backend?forum=winserverDS
Solution:
netdom trustTrustingDomainName/d:TrustedDomainName/verify
DNS configuration for example, firewall settings, physical connectivity etc.
DNS resolution: In this case, you have to check how the DNS resolution is made. You can configure conditional forwarders or secondary DNS zones for such resolution
Blocked ports issues: You have to make sure that needed ports are opened in both directions:
Broken trusts: You can validate again the trust to solve that
Reset and verify the trust between the domains. The PDC emulator master must be available for a trust to be successfully reset.
Run Netdom to verify, reset, or establish the trust between computers. This command-line tool performs batch management of trusts, verifies trusts and secures channels
between computers, and can join computers to domains.
===========================================================================================
Active Directory Trust Types
Parent-child Trust: Parent-child Trust is an implicitly established, two-way, transitive trust when you add a new child domain to a tree.
Tree-root Trust: Tree-root Trust is an implicitly established, two-way, transitive trust when you add a new tree root domain to a forest.
Shortcut Trust: Shortcut Trust is an explicitly created, transitive trust between two domains in a forest to improve user logon times. Shortcut Trust will make a trust path
shorter between two domains in the same forest. The Shortcut Trust can be one-way or two-way.
External Trust: External Trust is explicitly created, non-transitive trust between Windows Server 2003 domains that are in different forests or between a Windows Server
2003 domain and Windows NT 4 domain. The External Trust can be one-way or two-way.
Realm Trust: Realm Trust is explicitly created transitive or non-transitive trust between a non Windows Kerberos realm and a Windows Server 2003 domain. This trust helps
to create trust relationship between Windows Server 2003 domain and any Kerberos version 5 realm. The Realm Trust can be and one-way or two-way.
Forest Trust: Forest Trust is explicitly transitive (between two forests) created trust between two forest root domains. The Forest Trust can be one-way or two-way.
Trust: Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit trust
Two-way trust /One-way: incoming/One-way: Outgoing
Active Directory Trust Types
Parent-child Trust: Parent-child Trust is an implicitly established, two-way, transitive trust when you add a new child domain to a tree.
Tree-root Trust: Tree-root Trust is an implicitly established, two-way, transitive trust when you add a new tree root domain to a forest.
Shortcut Trust: Shortcut Trust is an explicitly created, transitive trust between two domains in a forest to improve user logon times. Shortcut Trust will make a trust path
shorter between two domains in the same forest. The Shortcut Trust can be one-way or two-way.
External Trust: External Trust is explicitly created, non-transitive trust between Windows Server 2003 domains that are in different forests or between a Windows Server
2003 domain and Windows NT 4 domain. The External Trust can be one-way or two-way.
Realm Trust: Realm Trust is explicitly created transitive or non-transitive trust between a non Windows Kerberos realm and a Windows Server 2003 domain. This trust helps
to create trust relationship between Windows Server 2003 domain and any Kerberos version 5 realm. The Realm Trust can be and one-way or two-way.
Forest Trust: Forest Trust is explicitly transitive (between two forests) created trust between two forest root domains. The Forest Trust can be one-way or two-way.
What is the main function of trust?
To allow users in one domain to access resources in another, AD uses trust. Trust is automatically produced when domains are created. The forest sets the default
boundaries of trust, not the domain, and implicit trust is automatic. As well as two-way transitive trust, AD trusts can be shortcut (joins two domains in different trees,
transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or no transitive, one- or two-way), or external (no transitive, one- or two-way) in order to
connect to other forests or non-AD domains. AD uses the Kerberos V5 protocol, although NTLM is also supported and web clients use SSL/TLS.
What is trusting (transitive and not transitive)
The trust between child and parent domain which can have access both sides.
What is one way trusting and two way trusting
One way is nothing but access to one side and 2 way can have both side access
Structure of trusting
Its agreement between domain controllers.
What is the usage of Domains & Trusts?
Domains are collection of users and computers where we can have centralized administration and also domains store the information and replicate through out the
domain.
Difference between NT/2000/2003 trust relationship?
Windows NT Trust relationship will be created manually.
Windows 2000 Trust relationship will be created automatically. Cross forest trust relationship Is not possible.
Windows 2003 - Trust relationship will be created automatically. Cross forest trust relationship Is possible.
WINDOWS Page 29
Windows 2003 - Trust relationship will be created automatically. Cross forest trust relationship Is possible.
How will you verify whether the AD installation is proper ?
What are the different types of profiles in 2003?
Local User Profile. Created the first time that a user logs on to a computer, the local user profile is stored on a computer's local hard disk. Any changes made to the local
user profile are specific to the computer on which the changes are made.
Roaming User Profile. A copy of the local profile is copied to, and stored on a server share. This profile is downloaded every time that a user logs on to any computer on the
network, and any changes made to a roaming user profile are synchronized with the server copy upon logoff.
Mandatory User Profile. A type of profile that administrators can use to specify particular settings for users. Only system administrators can make changes to mandatory
user profiles. Changes made by the user to desktop settings are lost when the user logs off.
Explain use of ipconfig/registerdns? It is used to manually force a refresh of the client name registration in DNS .
Configure Global Catalog?
By default, the first DC in the First Domain in the First Tree in the AD Forest (the root domain) will be configured as the GC.
You can configure another DC to become the GC, or even add it as another GC while keeping the first default one.
Reasons for such an action might be the need to place a GC in each AD Site.
To configure a Windows 2000/2003 Domain Controller as a GC server, perform the following steps:
Start the Microsoft Management Console (MMC) Active Directory Sites and Services Manager. (From the Start menu, select Programs, Administrative Tools, Active Directory
Sites and Services Manager). >Select the Sites branch. >Select the site that owns the server, and expand the Servers branch. >Select the server you want to configure.
Right-click NTDS Settings, and select Properties. >Select or clear the Global Catalog Server checkbox, which the Screen shows.>Click Apply, OK.
You must allow for the GC to replicate itself throughout the forest. This process might take anywhere between 10-15 minutes to even several days, all depending on your
AD infrastructure.
How to change SID in Windows Server 2008 R2
Start->Run, type sysprep and press OK > This will open sysprep folder which is located in c:\Windows\System32. Open sysprep application.
PAE - Physical Address Extension (Memory support 4 GB)
How to convert FAT32 to NTFS ? convert c:/fs :ntfs
What is the use of terminal services?
"Terminal services can be used as Remote Administration mode and Application Server Mode.
Remote administration mode is used to administer the server remotely.
Application Server Mode is used to run the application in one server and users can login to that server to use that application. >Run mstsc or mstsc /console "
===========================================================================================
DFS
DFS ISSUE
===========================================================================================
What is DFS & its usage ?
DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically.
There are two types of DFS Domain DFS and Stand alone DFS. We cannot provide redundancy for stand alone DFS in case of failure. Domain DFS is used in a domain
environment which can be accessed by /domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed
through /server name/root1 (root 1 is DFS root name). Both the cases we need to create DFS root ( Which appears like a shared folder for end users) and DFS links ( A logical
link which is pointing to the server where the folder is physically shared)
Distributed File System: DFS is enhanced for Windows Server 2003, Enterprise Edition and Windows Server, Datacenter Edition by allowing multiple DFS roots on a single
server. You can use this feature to host multiple DFS roots on a single server, reducing administrative and hardware costs of managing multiple namespaces and multiple
replicated namespaces.
The maximum number of Dfs roots per server is 1.
The maximum numbers of Dfs root replicas are 31.
The maximum number of Dfs roots per domain is unlimited.
The maximum number of Dfs links or shared folders in a Dfs root is 1,000
How many root replicas can be created in DFS? The maximum numbers of Dfs root replicas are 31.
What is the difference between Domain DFS and Standalone DFS?
There are two types of DFS. Domain DFS and Stand alone DFS.
We cannot provide redundancy for stand alone DFS in case of failure.
Domain DFS is used in a domain environment which can be accessed by /domain name/root1
(root 1 is DFS root name).
Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name).
What is RIS and what are its requirements ?
RIS is a remote installation service, which is used to install operation system remotely.
Client requirements
PXE Boot ROM enabled Ethernet card.
Server Side Requirements
RIS services must be active on RIS server or any server in the network
Domain Name System (DNS Service)
Dynamic Host Configuration Protocol (DHCP)
Free partition with NTFS file system
WINDOWS Page 30
SITE AND SERVICES
COMMAND
repadmin /kcc site:sitename
repadmin/synall (Forece replication)
repadmin /brideheads
repadmin /bridgeheads /v (It shows when last time
replication happened)
TOOLS
==========================================================================================
SITE AND SERVICE
ISSUES
==========================================================================================
What is a Site? A site is a group of well-connected networks
Intrasite replication : Happens between domain controller in the same site, Replication happens 15 seconds after a change
Intersite Replication : site links connect sites, created manually, Bridgehead server replicates between DC's in different sites
Can select a DC/s to be a preferred bridge head server If chosen preferred bridgehead servers are not available Replication will not occur at that site
Site Links: Schedule when replication will occur
Site Transport : Eithere RPC over IP or SMTP
RPC over Ip ofter referred to as just IP support everything required for Active Directory
SMTP: Does not support file replication
Cannot be used bt itself at the domain level
Could be used for replication between domains
SMTP: uses asynchronous
IP uses synchronous
In the real world Use the Ip transport only
SMTP used on networks that are not ip routable
Intrasite always uses the Ip transport
KCC Knowldge Consistency checker
Automatically makes connections between sites
Reconfigures the connection when links go down
Runs in the background and does not need to be configured
Created both intrasite and intersite connections
Choose bridgehead server
uses the AD database to decide which connections to create
Create site
Subents> Create new subnet >Configuring Sites >>Create a site >>Create a Subnet >>Add a Domain Controller to the site
What is Bridge Head Server?
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site replication can be done between BHS in one site and BHS in another site.
Explain Site & difference between inter-site and intra-site replication?
Site is one or more IP subnets connected by a high speed link .It contains connection objects and computer objects and mainly used for AD replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication can be done between two different sites over WAN links
Replication Intervals 5 min in same sites. Replication Intervals 3 Hours between different sites.
KCC (Knowledge Consistency Checker) handles inter site(different sites) replication where as ISTG handles intra site (same site) replication
REPADMIN A CUI tool for troubleshooting AD replication related issues,
repadmin /syncall initiates replication
repadmin /showreps displays replication partners
repadmin /kcc re-creates replication topology automatically
What is the main function of sites and servers
We can create multiple sites and configure replication between different sites and also we can enable or disable GC on a particular server.
What is the usage of sites & services?
Using sites & services we can create high availability connections between different sites and also we can have control on all sites in order to manage replication between
domains.
What is replication?
Complete domain directories are kept up-to-date with one another .
Each time you make a change to Active Directory (AD), the servers update sequence number (USN), where the change implements, increases by one. AD then stores the new
USN, as well as the change. These changes must replicate to all the DCs in the domain;.
What is the command in replmon for checking the replication status
WINDOWS Page 31
What is the command in replmon for checking the replication status

replmon - gui
repadmin - cmd line
repadmin /showreps
repadmin /syncall (to forece the replication)
Replmon.exe not included in Windows Server 2008/2008 R2
Repadmin.exe - In windows 2008
repadmin.exe /showrepl shows the replication-status for the domain controller the tool are being run from.
repadmin.exe /showrepl servername shows the replication-status for the domain controller with the provided servername,
repadmin.exe /queue shows the replication-queue for the domain controller the tool are being run from.
repadmin.exe /queue servername shows the replication-queue for the domain controller with the provided servername,
repadmin.exe /replsummary shows a brief summary of the replication status.
repadmin.exe /kcc site:SITENAME (to recared site to KCC)
repadmin.exe /BridgeHeads (it will show the all bridgehead server in DC)
What in Between site replication & within site replication?
Within Site replication is Intersite replication which created automatically.
Between site is intrasite replication which recommended to schedule the replication
What is KCC? Knowledge consistency checker.
What is KDC? Key Distribution Center, a network service that supplies tickets and temporary session keys
What is Bridgehead server?
Bridgehead server The server which is responsible for communication or updating information between servers is called Bridgehead server.
What is the replication protocol?
Normally Remote Procedure Call (RPC) is used to replicate data and is always used for intrasite replication since it is required to support the FRS. RPC depends on IP (internet
protocol) for transport.
Simple Mail Transfer Protocol (SMTP) may be used for replication between sites.
SMTP can't replicate the domain partition, however. Therefore the remote site would need to be in another domain to be able to effectively use SMTP for carrying replication
data
Explain Site & difference between inter-site and intra-site replication?
Site is one or more IP subnets connected by a high speed link .It contains connection objects and computer objects and mainly used for AD replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication can be done between two different sites over WAN links
Replication Intervals 5 min in same sites. Replication Intervals 3 Hours between different sites.
Protocols using for replication?
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site replication can be done between BHS in one site and BHS in another site.
We can use IP or SMTP as a replication protocols, where as Domain partition is not possible to replicate using SMTP. Two services required: FRS (File Replication Service) & KCC
(Knowledge Consistency Checker)
How to monitor replication ?
We can use Replmon.exe from support tools / Repadmin for 2008 OS
What is the frequency of Intra site replication
When a DC writes a change to its local copy of the AD, a timer is started that determines when the DC's replication partners should be notified of the change. By default, this
interval is 5 minutes. When this interval elapses, the DC initiates a notification to each intra-site repliaction partner that it has changes that needs to be propagated.
Another configurable param. determines the no. of sec's to pause between notification. This param. prevents simultaneous replies by the repln partners. By default, this interval
is 30 sec's. Both of these intervals can be modified by editing the registry.
1. To modify the delay betn the change to the AD and first repln partner notfn, use the reg edit.exe to modify the value data of "Replication notify pause after modify(secs)"
Dword value in the following registry key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\
Value is 0x12c (hex) 300 dec. (5 mins).
To modify the notification delay betwn DCs, Use following value to change. "Replication notify pause between DSA (secs)" DWORD value to 0xe1 (hex) 30 dec (30 secs) loacted at
key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\
What is Strict Replication?
Strict Replication is a mechanism developed by Microsoft developers for Active Directory Replication. If a domain controller has the Strict Replication enabled then that domain
controller will not get Lingering Objects from a domain controller which was isolated for more than the TombStone Life Time. TSL is 180 days by default on a Forest created
with Windows Server 2003 SP1. A domain controller shouldnt be outof sync for more than this period. Lingering Objects may appear on other domain controllers if replication
happens with the outdated domain controllers. These domain controllers will not replicate with the outdated domain controllers if you have set the below mentioned registry
key.You must set the following registry setting on all the domain controllers to enable the Strict Replication:
How to troubleshoot AD replication issues?
It can be troubleshooted by repmon/repadmin command that generates the error result in eventvwr. DNS can be checked between two destination. Network/Firewall issue
How we can replication monitoring?
The Active Directory Replication Monitor, replmon.exe, is part of the Windows 2000 Support Utilities available on the Windows 2000 Server CD in the \SUPPORT\TOOLS folder.
Primary uses of replmon :
2008 repadmin.exe
Check for replication errors
Run the KCC Knowledge Consistency Checker to check replication topology
Synchronize each directory partition with all servers
Generate status reports on replication info on servers
List domain controllers
Check Group Policy Object status
Choose performance counters to be monitored
List server hosting Global Catalog
List bridgehead servers
WINDOWS Page 32
List bridgehead servers

Display trust relationships List AD meta-data info
What are the (two) services required for replication?
File Replication Service (FRS) and Knowledge Consistency Checker (KCC)
Domain Functional Levels: Windows 2000 Mixed mode ( Default), Windows 2000 Native mode, Windows server 2003 and Windows server 2003 interim (Only available when
upgrades directly from Windows NT 4.0 to Windows 2003)
Forest Functional Levels: Windows 2000 ( Default)
Is it possible to do implicit transitive forest to forest trust relationship in windows 2003?
Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit trust
Two-way trust/ One-way: incoming/One-way: Outgoing
What is universal group membership cache in windows 2003?
Information is stored locally once this option is enabled and a user attempts to log on for the first time. The domain controller obtains the universal group membership for that
user from a global catalog. Once the universal group membership information is obtained, it is cached on the domain controller for that site indefinitely and is periodically
refreshed. The next time that user attempts to log on, the authenticating domain controller running Windows Server 2003 will obtain the universal group membership
information from its local cache without the need to contact a global catalog. By default, the universal group membership information contained in the cache of each domain
controller will be refreshed every 8 hours.
PPTP protocol for VPN in windows 2003?
Point-to-Point-Tunneling Protocol (PPTP) is a networking technology that supports virtual private networks (VPN), enabling remote users to access corporate networks securely.
By using Internet to connect securely to their corporate network.
WINDOWS Page 33
GROUP POLICY
GROUP POLICY
==========================================================================================
GPO
Templates (ADMX)
Block inheritance
Enforced
Loopback policy
What is Granular password policy

FGPP was introduced in 2008 . Earlier u can only have one password policy for the domain but with fine grained password policy you can define a different password
policy for the bunch of users.you define a PSO ( Password setting object ) through adsiedit.msc
In older releases of windows (2000/2003) active directory domain you were only allowed to have 1 password policy and 1 account lockout policy both defined in the
Default Domain Policy and applied to all users in the domain. As a result, you were not able to define different policies to each set of users. As a workaround, Microsoft
has released with Windows server 2008 a possibility of having multiple password/lockout policies to allow IT administrators increase security on selected accounts such as
financial officers while keeping such measures lighter for ordinary users.
For implementing fine-grained password policies we need to perform the following steps but first we need to define the following requirements
Log on to one of your domain controllers and open ADSI Edit snap-in
http://www.showmehowtodoit.com/step-by-step-fine-grained-password-policy-in-windows-2008/
Navigate to Start, Run, type MMC.
From the File menu, select Add/Remove Snap-in
Select ADSI Edit, click Add and OK.
AD Audit policy> GPO>Copmuter C>Win>Sec>Local police> Audit policy
"Enable policy via command line
>auditpol /set /Subcategory:""directory service changes"" /sucess:enable"
WINDOWS Page 34
DNS
Tools
COMMAND
Tracert
Nslookup
Ipconfig /flushdns
Ipconfig /registerdns
ipconfig /displaydns
nbtstat -n
=========================================================================================
QUESTIONS.
Stub zone
What is Read Only DNS?
http://dnsfunda.blogspot.in/
DNS (Domain Naming Service/System)
Domain Name System (DNS) is an Internet Engineering Task Force (IETF) standard name service that allows a computer to register and resolve domain
names. The DNS makes it possible to assign domain names to organizations independent of the routing of the numerical IP address. In other words, DNS is
a system that translates domain names into IP addresses. This is necessary because computers only use IP addresses, yet only human readable names are
used since the names are easier to remember than IP addresses. Without this DNS resolution, the Internet would be a very inconvenient place. DNS
resolution is therefore a very important task.
What is DNS?
DNS stands for Domain Name System. It is a hierarchical system for identifying hosts on the Internet or on a private, corporate TCP/IP internetwork.
It resolves the IP addresses to host names (or friendly internet names) and Host names to IP addresses.
IPv6 addresses and its DNS record
128 bit address
Represented as 8 groups of 4 hexadecimel digits seperated by colons
Represented by AAAA record in DNS
Uses DHCP v6 for addressing
How DNS Work?
DNS contact local dns server, then it will contact Root hint dns server,
Local cache check (ipconfig /flushdns and ipconfig /registerdns) / Host file Check (C:\Windows\System32\drivers\etc\Host) / Preferred DNS server
What is the structure of DNS?
The structure of DNS starts with root domain. Then it (root domain) braches to TOP level domains, then second level domains, and so on to the individual host names.
Root Domain > Top level Domains> Second level Domains> So on so forth up to individual host systems
What are the commands do we use for DNS?
Nslookup (and all interactive mode commands)/ Ipconfig /fulshdns /Ipconfig /registerdns
What is the purpose of forward lookup?
It resolves the Host names (Friendly Name) to IP addresses
What is the purpose of Reverse lookup zone?
It resolves the IP addresses to Host names
How to check whether DNS is working or not?
Type the command nslookup at command prompt >Then it gives the DNS server name and its IP addres
Suppose the Secondary zone is Expired then, how to solve the problem?
First go to primary zone check primary zone is working or not.
IF primary zone is working then go to secondary zone, Right click on zone name select the Transfer from Master then it automatically contacts the primary DNS, if any
updates are there then it takes the updates from the Primary.
How to know whether the recent changes in Primary are updated to secondary zone or not?
Compare the Serial Number on Start of Authority tab in both secondary on primary DNS zone properties.
If both are same then recent updates are made to secondary zone. If not (i.e., secondary is less then primary) click on Transfer from Master
What is a forwarder?
(Open DNS console ==> Right click on Domain name ==> Click on forwarder tab)
A forwarder is server, which has more access than the present DNS server. May be our present DNS server is located in internal network and it cannot resolve the
Internet names. May be it is behind a firewall or may it is using a proxy server or NAT server to get to the Internet. Then this server forwards the query to the another
DNS server that can resolve the Internet names.
Command prompt commands
Type Nslookup to get into the Nslookup mode.
Type set type=SOA then press enter type domain name
Type set type=NS then press enter type domain name.
Type set type=ALL then press enter. Note: To come out from Nslookup mode type exit.
Stub Zones: This is introduced in windows 2003 DNS. A stub zone is like a secondary zone in that it obtains its resource records from other name servers (one or more
master name servers). A stub zone is also read-only like a secondary zone, so administrators can't manually add, remove, or modify resource records on it. First, while
secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource
WINDOWS Page 35
secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource
records: A. A copy of the SOA record for the zone. B .Copies of NS records for all name servers authoritative for the zone. C .Copies of (glue)A records for all name
servers authoritative for the zone.
Types of DNS Servers Primary DNS /Secondary DNS/Active Directory Integrated DNS/Forwarder/ Caching only DNS.
What is DNS & WINS
DNS is a Domain Naming System, which resolves Host names to IP addresses. It uses fully qualified domain names. DNS is a Internet standard used to resolve host names
WINS is a Windows Internet Name Service, which resolves Netbios names to IP Address. This is proprietary for Windows
Difference between host and lm host file
The Hosts file is primarily used to resolve host names (Computer Names) to an IP address.
The Lm Hosts files are primarily used to resolve NetBIOS names to IP addresses
Get a good idea about DNS records, how many records are there and what are they
Get an idea about different zones
Primay zone /Forward lookup zone /Reverse lookup zone/Secondary zone/Forward lookup zone /Reverse lookup zone/Stub zone /AD integrated DNS /Forwarders
Roothint Files
Basic network troubleshooting steps
Check the physical connectivity between machines >Ping the ips >nslookup to check dns is working >tracert the destination ip to verify where the request is dropping
out >route print >most of the problems are associated with DNS configuration > verify the machine is able to resolve hostnames to ip >verify the machine has pointer
record on dns > right click on network connection and repair/diagnose >reset the tcpip stack using netsh
command : netsh> interface > ip> reset reset.txt (go to google if you need more info)
What happens if DNS server fails. Can a user is able to logon if the DNS server fails?
Windows clients use DNS for name resolution and service location, including locating > domain controllers for logon. If DNS fails, user cannot logon in to domain.
What is subnetting and supernetting?
Subnetting is the process of borrowing bits from the host portion of an address to provide bits for identifying additional sub-networks
Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one larger block of addresses. Borrowing network bits to combine
several smaller networks into one larger network does supernetting
What is AAAA records? It is use for IPv6 as A record
How to assigh local admin rights to domain user?
Using the "restricted groups" GPO or you can also log onto the client workstation as an Administrator and run net localgroup Administrators domain\ user /add
What authentication options do Windows 2000 Servers have for remote clients?
PAP, SPAP, CHAP, MS-CHAP and EAP.
What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP?
NWLink (Novell), NetBEUI, AppleTalk (Apple).
What is LMHOSTS file?
Its a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
Whats the difference between forward lookup and reverse lookup in DNS?
Forward lookup is hostname-to-IP address, the reverse lookup is IP address-to-hostname.
Define FQDN, SOA, NS, MX, CNAME, and PTR?
FQDN: fully qualified domain name, SOA: start of authority, NA: Name server, MX: Mail exchange, CNAME: Canonical Name and PTR: pointer record
How to stop DNS by Command Prompt? >NET STOP DNS
Define Zone transfer? Zone transfer is nothing but replication zones between primary and secondary servers.
What is round-robin rotation? Round robin is formula which is used to define replication partners.
When clear cache required in DNS? IPCONFIG /FLUSHDNS
Debug logging enabled or disabled, which is best? Disable
Where is dns.log is stored? Dns.log, is stored in the %systemroot%\System32\Dns folder
What is Zone delegation?
Where we can delegate specified permissions to particular user
Define scavenging stale records? Scavenge is an option in DNS where we can set time to store unused IP address. It remove the unwanted resources
How to view a client resolver cache?
The ipconfig /displaydns command provides you with a means to view the contents of the DNS client resolver cache
How to flush and reset a client resolver cache?
The ipconfig /flushdns command provides you with a means to flush and reset the contents of the DNS client resolver cache
How to renew DNS client registration?
The ipconfig /registerdns command provides you with a means to manually initiate dynamic registration for the DNS names and IP addresses configured at a computer.
What is TTL & how to set TTL time in DNS?
Time-To-Live (TTL) is a duration of time when a specific resource record could be cached.
We can set TTL in SOA (start of authority record) of DNS
How to take DNS and WINS,DHCP backup ?
%System root%/system32/dns
%System root%/system32/WINS
%System root%/system32/DHCP
Differences b/w Conditional Forwarding and Stub Zones.
Both do the same thing like forwarding the requests to appropriate name servers who are authoritative for the domains in the queries. However, there is difference in
both, Stub Zone are Dynamic and Conditional forwarder are static.
Conditional Forwarding Where you want DNS clients in separate networks to resolve each others names without having to query DNS servers on the Internet, such as
in the case of a company merger, you should configure the DNS servers in each network to forward queries for names in the other network. DNS servers in one network
will forward names for clients in the other network to a specific DNS server that will build up a large cache of information about the other network. When forwarding in
this way, you create a direct point of contact between two networks DNS servers, reducing the need for recursion.
How DNS is important in AD replication?
Once DC gets its replication Partner Hostname then it queries DNS for IP Address. Also, _MSDCS zone is required for Domain Controller Locator that enables the client to
locate the DC.
What is glue record?
Name servers in delegations are identified by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the
IP address of the server to which it has been referred. If the name given in the delegation is a subdomain of the domain for which the delegation is being provided, there
WINDOWS Page 36
IP address of the server to which it has been referred. If the name given in the delegation is a subdomain of the domain for which the delegation is being provided, there
is a circular dependency. In this case the name server providing the delegation must also provide one or more IP addresses for the authoritative name server mentioned
in the delegation. This information is called glue. The delegating name server provides this glue in the form of records in the additional section of the DNS response, and
provides the delegation in the answer section of the response.
For example, if the authoritative name server for example.org is ns1.example.org, a computer trying to resolve www.example.org first resolves ns1.example.org. Since
ns1 is contained in example.org, this requires resolving example.org first, which presents a circular dependency. To break the dependency, the name server for the top
level domain org includes glue along with the delegation for example.org. The glue records are address records that provide IP addresses for ns1.example.org. The
resolver uses one or more of these IP addresses to query one of the domains authoritative servers, which allows it to complete the DNS query.
Installing the DNS Service
1. Control Panel >2. DCPROMO ( At the time of promoting PDC )
1.Control Panel >Open the Control Panel and select Add or Remove programs >Select Add/Remove Windows Components >Select Networking Services and Select
Domain Name System (DNS) and click OK. >You'll be prompted to insert the CD (Windows Server OS ).The DNS Server service will load, >Appearing in the list of
Administrative Tools. >After restarting, the installation will put files into the %systemroot% \system32\dns.
What is the zone Transfers
Transfer of DNS records between DNS server > Between Domain controller AD integrated > Between Primary and Secondary Zones >Zone Transfer : Secondary zone of
DNS server updated by primary zone server is called zone transfer. > Between AD intergrated and Secondary zone
New DNS Feature win2008
IPv6 Support (E.g Reverse Lookup > Primary Read-only zone > Background Zone Loading >Global names zone
Zone Replication
AD Integrated zones replicate with AD > Runs on same schedule >good for recovery as DNS is simply installed on a DC
Primary and secondary zones >Set security who can replicate the data > Zone replication trigger by Refresh interval expires >The server holding the secondary DNS zone
boots up >Primary zone can notify the seondary zone a change has occured
What is a DNS zone
Portion of DNS name space > Divided for administration reasons
Types: Primary/Secondary/AD Integrated zone/Stub zone
Authority zone: Has a full copy of all the records that zone can be read only copy >Primary zones >Read/Write copy >One primary writable zone
stored in a text file / Easy to backup and recover >Primary zone must be avilable to make changes
Secondary Zone
Read only copy, can be copies of primary, > secondary and AD integrated >Primary zone must be available to make changes >Windows can be a secondary zone to a
Unix primary zone
AD Intergrated zones
Only avilable on domain controller, All domain > controller have a read write copy of the zone >High availability and redundancy >Harder to restore in a disaster
also supported on read only domain controller > Support secure updates, Win2000 and above can interface with DHCP to provide dynamic updates
NSLOOKUP commands
http://www.systemadminguide.in/2013/07/nslookup-commands.html
WINDOWS Page 37
DHCP
TOOLS
COMMAND
==========================================================================================
QUESTIONS
IIS service name
What is the DHCP realy agent? How it work
DHCP server is not assigning the IP address to client how ll u troubleshoot
DHCP (Dynamic Host Configuration Protocol)
A DHCP (Dynamic Host Configuration Protocol) server is used on networks that allow computers to be automatically configured for network communication. A
DHCP server automatically assigns an IP address to a computer connected to a network from a pre-defined range of IP addresses. It ensures that no two
computers on a network are assigned the same address. DHCP can be used for both Ipv4 and Ipv6 network addressing. However, lpv4 and lpv6 are considered
separate protocols for each model of IP address assignments.
What is DHCP Dynamic host configuration protocol /allows dynamic allocation of network config
How DHCP Work
DORA -process
D- Discover (Broadcast of DHCP servers) /Discover client discover server broadcast (255.255.255.255)-MAC address
O- Offer (Broadcast an offer to the client) / Offer, DHCP client work port 68,67, Ip config server offer ip 255.255.255.0 broadcast request and acknowledgement
R- Request (Request the IP address from the DHCP server)
A-Acknowledge ( DHCP server confirms client can use IP address)
What is DHCP? What are the benefits and drawbacks of using it?
DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned
IP address being reused to configure a new computer on the network.
What is DHCP, scope and super scope etc
DHCP (dynamic host control protocol) is protocol which runs as service to provide IP address to clients within the net work. It will work based on BORA (B stands for broadcast
O stands for offer R stands for request A stands for acknowledgement) and it will work based TCIP protocol purely.
The super scope is new future of DHCP where in we can give multi range IP address from single server with the help of VLAN switches.
Superscope: A superscope is an administrative grouping of scopes that can be used to support multiple logical IP subnets on the same physical subnet. Superscopes only
contain a list of member scopes or child scopes that can be activated together. Superscopes are not used to configure other details about scope usage. For configuring most
properties used within a superscope, you need to configure member scope properties individually.
Where the DHCP database stores?
%systemroot%\system32\dhcp\dhcp.mdb
What is the Rogue DHCP server?
A rogue DHCP server starts, it can begin leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients attempting to renew their current address lease.
Describe the lease process of the DHCP server?
A DHCP lease is the amount of time that the DHCP server grants to the DHCP client to use a particular IP address.
DHCP Server leases the IP addresses to the clients as follows :
D (Discover) : DHCP Client sends a broadcast packets to identify the dhcp server, this packet will contain the source MAC.
O (Offer) : Once the packet is received by the DHCP server, the server will send the packet containing Source IP and Source MAC.
R (Request) : Client will now contact the DHCP server directly and request for the IP address.
A (Acknowledge) : DHCP server will send an ack packet which contains the IP address.
The default lease period is 8 days.
What is scope & super scope?
In DHCP, scope is used to specify a range of IP Address which will be leased to the DHCP clients.
Super scope is the combination of multiple scopes.
DHCP relay agent where to place it?
DHCP Relay agent to be placed in Software Router.
If DHCP is not available what happens to the client?
Client will not get IP and it cannot be participated in network . Client will get Auto Private IP address APIPA ( IP Range 169.254.0.0 to 169.254.255.254 and Subnet
255.255.0.0 )
How DNS and DHCP are integrated?
The DHCP server can be used to register and update the pointer (PTR) and host (A) resource records on behalf of its DHCP-enabled clients.
The DHCP server might be configured in one of the following ways:
The DHCP server registers and updates client information with the authoritative DNS server
of the zone in which the DHCP server is located according to the DHCP client request.
This is the default configuration for DHCP servers running Windows Server 2003 and
DHCP clients running Windows 2000, Windows XP, or a Windows Server 2003 operating system.
In this mode, the DHCP client can request the way in which the DHCP server performs
updates of its host (A) and pointer (PTR) resource records. If possible, the DHCP server
accommodates the client request for handling updates to its name and IP address information in DNS.
WINDOWS Page 38
accommodates the client request for handling updates to its name and IP address information in DNS.
To modify this setting, select the Dynamically update DNS A and PTR records only if requested
by the DHCP clients check box, which is located in Properties on the DNS tab on the applicable
DHCP server or on one of its scopes.
The DHCP server always registers and updates client information in DNS.
This is a modified configuration supported for DHCP servers running Windows Server 2003 and DHCP clients running Windows 2000, Windows XP, or a Windows Server 2003
operating system. In this mode, the DHCP server always performs updates of the client's FQDN, leased IP address information, and both its host (A) and pointer (PTR)
resource records, regardless of whether the client has requested to perform its own updates.
To modify this setting, select the Enable DNS dynamic updates according to the settings below check box and click Always dynamically update DNS A and PTR records, which is
located in Properties on the DNS tab on the applicable DHCP server or on one of its scopes.
The DHCP server never registers and updates client information in DNS.
To set this behavior, the DHCP server must be configured to disable performance of DHCP/DNS proxied updates. By disabling this feature, no client host (A) or pointer (PTR)
resource records are updated in DNS for DHCP clients.
If necessary, this change in setting can be made at DHCP servers running Windows Server 2003 by clearing the Enable DNS dynamic updates according to the settings below
check box, which is located in Properties on the DNS tab on the applicable DHCP server or one of its scopes. By default, updates are always performed for newly installed
DHCP servers running Windows Server 2003 and any new scopes created for them.
DHCP Backup & Restore?
Maintaining a backup of the DHCP database protects you from data loss if the DHCP database is lost (for example, due to hard disk failure) or becomes corrupted.
There are three backup methods supported by the DHCP Server service:
1. Synchronous backups that occur automatically. The default backup interval is 60 minutes.
2. Asynchronous (manual) backups, performed by using the Backup command on the DHCP console.
3.Backups using Windows Backup (ntbackup.exe).
When a synchronous or asynchronous backup occurs, the entire DHCP database is saved, including the following:
All scopes, including superscopes and multicast scopes
Reservations
Leases
All options, including server options, scope options, reservation options, and class options
All registry keys and other configuration settings (for example, audit log settings and folder location settings) set in DHCP server properties. These settings are stored in the
following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
What is the difference between Authorized DHCP and Non Authorized DHCP?
In windows 2003 , DHCP must be authorizes by AD before starting service to clients. If an authorized DHCP finds any DHCP server in the network it stop serving the clients
What are the problems that are generally come across DHCP ?
1.Scope is full with IP addresses ( no IPs available for new machines )
2.If scope options are not configured properly eg default gateway
3.Incorrect creation of scopes etc
What is the issue , the users do not seem to be getting DHCP leases off of it ?
The server must be authorized first with the Active Directory.
How can you force the client to give up the DHCP lease if you have access to the client PC?
ipconfig /release & ipconfig /renew
Explain APIPA ? Auto Private IP addressing takes effect on windows computers if no DHCP server Can be contacted. APIPA range : 169.254.0.0 to 169.254.255.254 / Subnet :
255.255.0.0
WINDOWS Page 39
CLUSTER
COMMAND
Tools
http://www.techiebird.com/cluster_interview_questions1.html
http://yourcomputer.in/windows-cluster-interview-questions-and-answers/
http://windowsadminsexperience.blogspot.in/2012/11/windows-server-2008-r2-clustering.html
http://windowsadminsexperience.blogspot.in/2012/11/microsoft-windows-server-2008-failover.html
http://microsoftworld.blogspot.in/2011/07/questions-on-clustering.html
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverClustering
http://www.techiebird.com/cluster_interview_questions.html
==========================================================================================
QUESTIONS
What is the quorum disk
types of cluster
Setting up cluster servers
How many types of Quorums are there in a Cluster?
Disk signaturing
One disk is showing offline how ll u troubleshoot
How to restore the cluster configuration > System State backup
What is the maximum number node support clusters Win 2003 -8 Nodes, 2008-Nodes 16, 2012
What is the cluster 2008/2012 features
After moving the cluster Resource to other node its getting failed immediately
How will troubleshoot cluster issue.
Before patching the cluster server, what are the steps need to take care
Moving resource from one node to another node, immediately it will get fail.
Load balancer vs Clustering
1. Cluster is a group of resources that are trying to achieve a common objective, and are aware of one another.
2. Clustering usually involves setting up the resources (servers usually) to exchange details on a particular channel (port) and keep exchanging their states, so a
resources state is replicated at other places as well.
3. It usually also includes load balancing, wherein, the request is routed to one of the resources in the cluster as per the load balancing policy
Load Balancing
1. Used to forward requests to either one server or other, but one server does not use the other servers resources. Also, one resource does not share its state
with other resources.
Improvements in Clustering:
In Datacenter Edition, the maximum supported cluster size has been increased from 4-nodes in Windows 2000, to 8-nodes in Windows Server 2003.
In Enterprise Edition, the maximum supported cluster size has been increased from 2-nodes in Windows 2000 Advanced Server to 8-nodes in Windows Server 2003.
What is Clustering. Briefly define & explain it?
Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service)
component from Add remove programs, which can only available in Enterprise Edition and Data center edition.
In Windows we can configure two types of clusters
Network load balancing (NLB) cluster : for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or
proxy.
Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In 2 node active-passive cluster one node will be active and one node will
be stand by. When active server fails the application will FAILOVER to stand by server automatically. When the original server backs we need to FAILBACK the application
Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is
very important if Quorum disk fails entire cluster will fails
Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster.
What is Clustering?
Clustering is a technology in which one or more computers work together as a single instance by sharing their resources. Clustering is used mainly for redundancy of the
services hosted on it. In other words, in a cluster all the hosts are work together, if one of the host fails all the services hosted on it comes online immediately on to another
host with out any downtime. Apart from the redundancy a cluster is used for load balancing also, in this case what ever the load comes to the cluster is shared by all the
hosts in it.
What are the types of Clusters and How do we configure them ?
Clustering is two types, Active/Active and Active/Passive.
Active/Active : In this scenario all the hosts configured in the cluster takes all the load comes to that cluster, and if any one of the host fails the remaining hosts share the
requests to make it online all the time. If you have same copies of application configured on multiple hosts this type of clustering is applicable.
Active/Passive : In this scenario load balancing is not works, as at any point of time only one host receives all the requests, and if any of the host fails the remaining hosts
takes those services and make them available online. That means, only one host is active at any point of time and the other one is passive.
WINDOWS Page 40
takes those services and make them available online. That means, only one host is active at any point of time and the other one is passive.
What are the requirements to configure a cluster and How it works?
There are so many requirements to configure the cluster, but all those requirements are inter dependable on each other. And these requirements (we call them as
resources in clustering), are shared between all the hosts, that means these should be available to all the hosts in the cluster. for example, SAN storage resource, the
storage which configured in network and is accessible by all hosts (Click here for SAN Information). In the same way all the resources are accessible by all the hosts in a
cluster. If one of the host fails, all these resources are moved to another host. In detail, at a particular time one host is accessing these resources, at that time those are
locked by that particular host, whenever this host fails, the lock was released and those resources are locked by another host. But in active/active clusters these resources
have multiple copies as multiple instances on all hosts.
Windows 2008 R2vCluster requirement
Cluster services. / 2 NIC 1) Production 2) Heartbeat /Cluster Name /IP /SAN DISK -Quorma
Disable the NetBIOS name for heartbeat network (WINS)disable NetBIOS over TCP/IP for both nodes
Install .net framework For installing service 1-disk -1 ip-serivice name
Active passive (1 Active node another stand by Active Active Implementation steps
1) LAN Configuration and disabled the firewall check the connectivity.
netsh int ipv4 show int
If require add route add 10.10.11.0 mask 255.255.255.0 10.10.11.2
2) Configure quorum disk, check the disks both the node.
3) Install Cluster service both the node. (failover clustering)
4) Create cluster> add both node>Validate report
5) Give >cluster name> validate
6) Next go to another node>Manager cluster> give the cluster name
7) Disable the NetBIOS for heart bit network
8) Install .net framework
9) Install Application.
Cluster: Group of independent computer working together as single system. Client interacts with a cluster as though it were single server
The group is managed as a single system share common name spaces. Designed to tolerance components failure in a way that is transparent to use
Cluster log generation
cmd>cluster log /g (C:\Windows\Cluster\Reports
What new functionality does failover clustering provide in Windows Server 2008 ?
New validation feature. With this feature, you can check that your system, storage, and network configuration is suitable for a cluster.
Support for GUID partition table (GPT) disks in cluster storage. GPT disks can have partitions larger than two terabytes and have built-in redundancy in the way partition
information is stored, unlike master boot record (MBR) disks.
2008 cluster features
Cluster validation /simplifies cluster setup /support GPT partion style /Support for multiple subnet / IPv6/
2008R2 Features in clustering
Validation enhancements / Migration wizard / powershell support /new role support /cluster shared volumes
What happens to a running Cluster if the quorum disk fails in Windows Server 2008 Cluster ?
Cluster continue to work but failover will not happen in case of any other failure in the active node.
WINDOWS Page 41
BACKUPS
Difference between full Backup, differential backup, incremental backup

Full backup will have complete copy of data;
Differential backup will have only changes from full back.
Incremental backup: will have previous days changes
Difference Between Incremental and Differential Backup?
Incremental Backup Only modify files (after taken normal) and remove the Archive Bits.
Differential Backup - Only modify files (after taken normal) and dont remove the Archive Bits
What are the different backup strategies are available?
Normal Backup Complete Backup and remove the Archive Bits.
Incremental Backup Only modify files (after taken normal ) and remove the Archive Bits.
Differential Backup - Only modify files (after taken normal ) and dont remove the Archive Bits.
Daily Backup- Current day modify datas only.
Copy Backup- Similar to normal and dont remove the Archive Bits.
Note : Backup Extension ( . bkf )
Backup types
1. Full backup - Will take the backup of all selected files and reset the archive bit
2. Copy backup - Will take the backup of all selected files but does not reset the archive bit
3. Incremental backup - Will take the backup of files whose archive bits are set and resets it after backup
4. Differential backup - Will take the backup of files whose archive bits are set but does not reset it after backup
Incremental vs Differential backups
Incremental backup - Will take the backup of files whose archive bits are set and resets it after backup
Differential backup - Will take the backup of files whose archive bits are set but does not reset it after backup
How does the backup software recognize that a file has changed since last backup?
The files use a bit called archive bit for tracking any change in the file.
The backup softwares normally checks the archive bit of the file to determine whether the file has to be backed up or not
WINDOWS Page 42
PORT-NO
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Protocol / Port No
FTP -20 /21 (20 is for controlling, 21 is Transmitting)
Telnet -23
SMTP 25
DNS 53
DHCP67
DHCP client -68
HTTP -80
Kerberos -88
POP3 -110
NNTP -119
MAP4 -143
RPC -135
LDAP -389
HTTPS -443
Global Catalog -3268 / 3269
RDP - 3389
WINDOWS Page 43
QUERY
How AD application partion work, how can we check

Password change reminder e-mail
Lost and found folder in AD
how to recover the deleted item
ldap.exe
Restore AD Object from the AD snapshot in Server 2008
Difference between domain admin and enterprise admin
What is AD certificate services
What is AD Federation services
How to configure the wireless network in DHCP server
How do the authorative restore
Memory dump file is not creating in C:\windows\minidump
WINDOWS Page 44
ITIL
Incident management system: The Goal of incident management process is to restore a normal service operation as quickly as possible and to minimize the impact business
Operations.
Problem Management : Aimed to resolving incidents and problems caused by end-user errors to IT infrastructure issues and preventing recurrence of such incidents.
Change Management: Is a structured approach to shifting individuals, teams and organizations from current state to a desired feature state
Types changes >
Normal/Immediate/Emergency
Types of Problem Recorders
Proactive and Re-active
WINDOWS Page 45
POWERSHELL
TOOLS
http://go.microsoft.com/fwlink/?LinkId=210614
Download powershell
Microsfot.com/powershell
Install powershell
C:\Windows|System32\Powershell\v1.0
Enable executive policy
Run command
> Set-ExecutionPolicy unrestricted
> Set-ExecutionPolicy RemoteSigned
PS C:\windows\system32> Get-ExecutionPolicy
RemoteSigned
Or group policy running below tool
Administrative template for Windows powershell
File name .ps1
ps
ps > procs.txt
ps >> procs.txt
ps | out-file procs2.txt
dir
type c:\procs.txt
cat c:\procs.txt
=========================================
Array declaration
And for each
Synatax
Logic
WINDOWS Page 46
HYPER-V
Cmd>bcdboot h:\windows
>bcdedit /set {default} description "2012"
>reboot
WINDOWS Page 47
LINKS
http://technet.microsoft.com/en-us/sysinternals/bb795533
Sysinternals Process Utilities
http://www.windbg.org/
http://technet.microsoft.com/en-in/sysinternals/bb842062.aspx
http://yourcomputer.in/wintel-interview-questions-and-answers/
http://www.linkedin.com/groups/Active-Directory-L3-support-interview-2351153.S.184952258
http://winadministration.com/?p=213 Good site
http://www.techiebird.com
Good site
http://www.lazywinadmin.com/p/links.html
http://www.jppinto.com/topics/active-directory/
http://yourcomputer.in/wintel-interview-questions-and-answers/
http://microsoftworld.blogspot.in/2012/09/wintel-l2-or-l3-interview-questions.html
http://eniackb.blogspot.in/search/label/Windows%20Server%202008
http://www.windowstricks.in/
Interview questions
http://wintelinterviewquestions.blogspot.in/
Google drive links
https://drive.google.com/folderview
https://drive.google.com/folderview
From <https://www.facebook.com/groups/Winsysadmin/?notif_t=group_r2j_approved>
From <https://www.facebook.com/groups/Winsysadmin/?notif_t=group_r2j_approved>
VISIO
http://www.visiocafe.com/dell.htm
CERTIFCATION LINKS
http://www.examcollection.com/70-640.html
http://aiotestking.com/
http://www.actualtests.com/
ITIL LINK
http://itil.osiatis.es/ITIL_course/it_service_management/incident_management/introduction_and_obje
ctives_incident_management/escalation_and_support.php
WINDOWS Page 48
COMMANDS
To query ntp server of a server

Net Time /querysntp
To sync time of member servers with domain controller
w32tm /resync /nowait
To query FSMO roles in an environment
netdom query fsmo
To query the details of currently logged in users
qwinsta -server servername
To log off a currently logged in user using his session id
rwinsta -server servername sessionid
To query the membership details of a domain user
DSQUERY USER -samid loginname | DSGET USER -memberof -expand
To query the sharing & security details of a folder
showacls
To check whether an account is locked out
NET USER loginname /DOMAIN | FIND /I "Account active"
To unlock a domain user
NET USER loginname /DOMAIN /ACTIVE:YES
To query members in a domain
net view
To query the member DCs of a domain
NETDOM QUERY DC
To collect network statistics
pathping ipaddress
To query the current running tasks
tasklist -svc
To kill a currently running task using its pid number
taskkill -pid pidnumber
getmac /s servername |clip (to get the mac address detials)
Pasted from <http://www.systemadminguide.in/2013/07/useful-commands-for-windows-admin.html>
WINDOWS Page 49
ANTI-VIRUS
Monday, December 22, 2014
12:22 AM
Removing McAfee VirusScan Enterprise 8.x & McAfee Agent

Step 1: frminst
Click Start, Run
Type cmd and press Enter
For 64-bit operating systems, change directory (cd) to C:\Program Files (x86)\McAfee\Common Framework\ or For 32-bit operating systems, change directory (cd) to C:
\Program Files\McAfee\Common Framework\
Type frminst.exe /forceuninstall and press Enter
Step 2: msiexec
Click Start, Run.
Type the removal string for your version of VSE, then click OK.
C:\Program Files\McAfee\VirusScan Enterprise>Shstat.exe -disable
WINDOWS Page 50
CHANGE-TASK
12:24 AM
Apply ESX4i Update 3

Extend the following Data stores to 900 GB in size.
Cloneing
Disk wiping
P2V Converting
ESX patch update
VM Ware tools Upgrade
Dell Openmanage monitoring for ESX hosts
Apply ESXi Update 3 to PGHESX14 - Caution PGHWFS01 Cluster resources must be failed over first then VM shutdown
Upgrade TSM client on WMS servers
Please extend the space on F: drive of SAMPGHWMSDB000
P2V of server SAMPGHDW2 on 12/12/2012 starting at 23:00 PM
Upgrade SP1 and install hotfix on SAMPGHEDI004
Upgrade TSM on SAAPGHTS804, SAAPGHTS805 and SAAPGHIS800
Patching Arnold
Monthly Kronos Environment reboot
CCCD053.Citrix upgrade and expansion. Install HBAs, MS Patching & BIOS/FMW/Driver upgrades on PGHCPS01/02
CCCD053.Citrix upgrade and expansion (XenServer). Build PGHXEN04 on old PGHCTX03 after decommissioning it.
Server Patching PGHEDP03
ESX Essentials Upgrade pghesx01 and the latest BIOS upgrade
WINDOWS Page 51
TIVOLI
12:35 AM
WINDOWS Page 52

Windows

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windows

Uploaded by

Copyright:

Available Formats

CERTIFICATION

MCITP Microsoft Certified IT Professional

Windows 2003 vs Windows 2008

Windows Server 2003:

Pageing non paging file

the operating system is installed.

Automatically Restart checkbox = AutoReboot

>Paging file is too small

WINDOWS TROUBLESHOOTING ISSUES

SHARE FOLDER IS NOT ACCESSABLE

Explain any five troubleshooting issues ACTIVE DIRECTORY related ?

Explain any five troubleshooting issues SITE AND SERVICES related ?

Explain any five troubleshooting issues GROUP POLICY related ?

Explain any five troubleshooting issues CLUSTER 2008 related ?

Explain any five troubleshooting issues CLUSTER 2012 related ?

Explain any five troubleshooting issues BACKUP FAILER related ?

Explain any five troubleshooting issues ANTI VIRUS related ?

Explain any five troubleshooting issues WINDOWS 7 related ?

Explain any five troubleshooting issues HP SERVER HARDWARE related ?

Explain any five troubleshooting issues DELL SERVER HARDWARE related ?

Explain any five troubleshooting issues IBM SERVER HARDWARE related ?

Un expected reboot event id: 1076 and 6008

Error: Server Hungs

Error: CPU utilization getting high

Server rebooting frequently

UPGRADTION OF WINDOWS & AD

3. Keep your windows 2008 CD handy

DELL Servers Model

To check the serial number of HP server

UID- button to get blink the led

HP Virtual Connect 16Gb 24-port Fibre Channel Module

HP System mangment home page open via browser

How to configure RSA on an IBM server.

HPS Reports Enhanced version 9.1.00

Type: Software - System Management

ProLiant Support Pack for Microsoft Windows Server x32 2003:

IBM Servers Models

IBM Sever Support

Toll Free: 1-800-IBM-SERV

IBM Hardware and Software Support

DSA report run via command line

Dell OpenManage opening via IE

How to run DSET (windows) version 3.2:

"Read-Only Domain Controllers /Fine-Grained

Domain controller deployment : Powershell as well as GUI (Depreciated dcpromo)

What are AD, DNS, and DHCP?

>ls t SRV Domain

Rename a Domain Controller

OUGroup policy container

SITE AND SERVICES

What is the command in replmon for checking the replication status

List bridgehead servers

What is Granular password policy

Difference between full Backup, differential backup, incremental backup

How AD application partion work, how can we check

To query ntp server of a server

Removing McAfee VirusScan Enterprise 8.x & McAfee Agent

Apply ESX4i Update 3

You might also like