What are the requirements for installing AD on a new server?

Here is a quick list of what you must have: An NTFS partition with enough free space An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder) For More Infor : http://www.petri.co.il/active_directory_installation_requirements.htm How To Install a Domain Controller in Remote Site ? http://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a74578773d1a91033.mspx?mfr=true What roles DNS plays in Active Directory ?
When Windows 2003 domain controllers boot, not only do they register their hostname and IP address with the DNS server, but they also register service records (SRV) that indicate which services that domain controller is supporting (domain controller, Global Catalog, and Kerberos). Windows 2003 member servers and clients use these SRV to locate domain controllers and Global Catalog servers. Further, the client will determine which Active Directory site it is in and will attempt to contact a domain controller or Global Catalog server in that site first.

How will u ensure that Active Directory is Installed Successfully ?

First, check the contents of the %SystemRoot%\Debug\Dcpromo.log file.

To Verify that the installation was successful. Open a command prompt

and enter the Net Share command. It should report the existence of the Netlogon and SYSVOL shares. To verify that the DNS service locator records for the new DC were successfully created, follow these steps: In Dns Console --- Expand the server name-- Expand Forward Lookup Zones. Expand the domainand Verify that the _msdcs, _sites, _tcp, and _udp folders are present and contain records for your new DC. These service location records are crucial to the operation of the DC

What Will u do If DCPROMO Fails to install Active Directory.

There are a few things to check for after a failure of the Active Directory Installation Wizard. First, check the contents of the %SystemRoot%\Debug\Dcpromo.log file. XIf the log file reports that The system cannot find the file specified, then check for the presence of the %SystemRoot%\System32\Ntds.dit file. This is a default directory services file on a member server. The way to fix this is to expand Ntds.di_ from any server CD. Note that this file should be in the System32 folder on a member server. Once you run a successful dcpromo, the active Ntds.dit file will be in the folder you specified during the promotion. XIf you receive an Access is denied error, check for incorrect permissions on the default Ntds.dit file, as well as on your new and existing NTDS folders. XIf SRV records fail to show up in the appropriate DNS zone, check first to see if the new DCs Primary DNS Server TCP/IP property is set to the correct DNS server. If the DC is a DNS server, then this value should point to itself.

Where is the AD database held? What other folders are related to AD?
By default, this file is installed into the %SYSTEMROOT%\NTDS folder. Folders Releated to Active Directory NetLogon. Sysvol. NTDS.

What is SYSVOL Folder ?

Every domain controller has a built-in collection of folders named SYSVOL (for System Volume). The SYSVOL folders provide a default Active Directory location for files that must be replicated throughout a domain. You can use SYSVOL to replicate Group Policy Objects, startup and shutdown scripts, and logon and logoff scripts. A Windows Server 2003 service named File Replication Service (FRS) is responsible for replicating files in the SYSVOL folders between domain controllers. FRS uses site boundaries to govern the replication of items in the SYSVOL folders.

What are the Contents of SYSVOL folder. Following are the contents of sysvol folder. \SYSVOL \SYSVOL\domain \SYSVOL\staging\domain \SYSVOL\staging areas \SYSVOL\domain\Policies \SYSVOL\domain\scripts \SYSVOL\SYSVOL What is Directory Access Protocol

For clients to search for objects, update information, and communicate with DCs when logging on to the network, a directory access protocol must be used. A protocol is a set of rules that dictate how data is sent over a network. A directory access protocol is used for the specific purpose of exchanging information with the directory service.

What is LDAP(Lightweight Directory Access Protocol)

A directory access protocol is used for the specific purpose of exchanging information with the directory service. Active Directory uses LDAP for communications between clients and directory servers. LDAP is a version of the X.500 Directory Access Protocol (DAP), and is considered lightweight because it uses less code than DAP does

How to Uninstall Active Directory ? Administrative Credentials To perform this procedure, you must be a member of the Domain Admins group. To uninstall Active Directory 1. Click Start, click Run, type dcpromo and then click OK. 2. The Active Directory Installation Wizard appears. Click Next at the Welcome screen. 3. You have an option to select This server is the last domain controller in the domain. If you select this option, the wizard attempts to remove the domain from the forest. Do not select this option. Click Next. 4. At the Administrative Password screen, enter and confirm the password that you want to assign to the local Administrator account after Active Directory is removed. Click Next. 5. At the Summary screen, verify that the information is correct and then click Next to proceed with the removal. 6. The wizard proceeds to remove Active Directory. After it finishes, the wizard displays a completion screen. Click Finish to close the wizard. 7. Click Restart to restart the domain controller

What is the Global Catalog?

The GC server is a DC that stores a copy of all objects in its host domain, and a partial copy of objects in other domains throughout the forest.The partial copy contains objects that are most commonly searched for. Because the GC contains a subset of information in Active Directory, less information needs to be replicated, and increases performance when users search for specific attributes of an object. In addition to being used for searches, the GC is also used to resolve UPNs that are used in authentication

What are the Functions of Global Catalog Server ?

UPN Authentication

The UPN is meant to make logon and e-mail usage easier, since the two (your user account and your e-mail address) are the same. An example of a UPN is Brian@syngress.com.The GC provides assistance when a user from a domain logs on and the DC doesnt know about the account.When the DC doesnt know the account, it generally means that the account exists in another domain.The GC will help in finding the users account in Active Directory.The GC server will help resolve the user account so the authenticating DC can finalize logon for the user.
Directory Information Search

To help a user who is searching the database for an object, the GC answers requests for the entire forest. Since the complete copy of every object available is listed in the GC, searches can be completed quickly and with little use of network bandwidth.
Universal Group Membership Information

When setting up your network, you will have certain features available based on the Forest Functional Level and Domain Functional Level. Universal Groups is one of these features that will or will not be available depending on your functional level. If your Domain Functional Level is set to at least Windows 2000 Native or later, you will have Universal Groups available on your network. Universal Groups can have members belonging to various domains in the forest.Without a GC server, Universal Groups could not exist.That is

because Universal Group membership is stored in the GC only.This means that every DC will not have a copy of Universal Group membership; only the DCs serving as GC servers have this information.When a user logs on, his Universal Group membership is checked. The GC provides this information to the authenticating DC. Universal Group membership information is stored in all GC servers,

How to Find the Domain Controllers or Global Catalog Servers in a Site

Using a graphical user interface
1. 2. Open the Active Directory Sites and Services snap-in. In the right pane, expand the site that contains the domain controller. For the list of domain controllers, expand the Servers container. To find the global catalog servers, expand each domain controller, right-click on NTDS Settings, and select Properties.

3. 4.

5. Global catalog servers will have the box checked beside Global Catalog.

Using a command-line interface

The following query finds all domain controllers in specified site. dsquery server -site <SiteName> To find only the global catalog servers in a site, use the same command with the -isgc option. dsquery server -site <SiteName> -isgc Using DNS Go to the dns and forward lookup zones. Your domain, _sites, a specific site, _tcp, all _gc -orGo to the dns and forward lookup zones. Your domain, _tcp, all _gc

Using Replmon.exe
If you need to determine which domain controllers are Global Catalog servers, the Windows 2003 Support Tools includes a fantastic utility called ReplMon.exe (Replication Monitor). Connect to any domain controller using ReplMon , and right-click the server name. Choose Show Global Catalog Servers in Enterprise to display a list of all Global Catalog servers in the entire forest.

How many GCs you should have in your network.

You should have at least 2 GCs in a site. It totally Depends upon how much your clients generates traffic to the GCs. If you have Exchange Server in your environment then you should have more GCs as Exchange server 2003 Generates Heavy traffic to GC by querying for Users, Groups and other resources.

How to view Active Directory Schema ?