Material For MCSE

MCSE
DAY 1
NETWORK
NETWORK: A Network is an Interconnection of Devices
NETWORKING: It is the communication between the interconnected devices

basically to share the network resources.
Types of Networks
 LAN
 WAN
 MAN
Classification is done based upon the network it spans.
LAN: It spans a limited geographical area. And it provides a maximum bandwidth

of 100 Mbps. In LAN we have full time connectivity.
WAN: Wide area network. It spans over larger geographical area, either you can
go for full time or part time connectivity. It provides maximum of 2 Mbps.
MAN: This kind of network will work on DQDB (Distributed Queue Dual Bus). It
provides a Bandwidth of 55-150 Mbps. And it cannot span more than 30 Miles.
NETWORK DEVICES:
1. HUB
2. SWITCH
3. ROUTER
4. NIC
HUB: A Hub is a device into which you can connect all devices on a home
network so that they can communicate to each other.
SWITCH: A Switch is also a device into which you can connect all the devices on
a home network. So that they can communicate each other
ROUTER: It is a device which allows communication between two different

networks.
Nic: It forms a Interface between the networked device (Computer) and the
LAN.
-1-
LOGICAL TOPOLOGIES
 WORKGROUP MODEL or PEER TO PEER)

 DOMAIN or CLIENT SERVER MODEL
Workgroup Model: It is a logical grouping of systems where you cannot find

centralized database or centralized administration.
DOMAIN: It is a Logical grouping of systems where you can find centralized

management and centralized database.
HISTORY OF MICROSOFT NETWORK OPERATING SYSTEMS:
WIN NT 3.1 1993

WIN NT 3.5 1994
WIN NT 4.0 1997
WIN NT 5.0 OR WIN 2000
WIN 2003 SERVER OR .NET SERVER
-2-
DAY 2
ACTIVE DIRECTORY
Active Directory is a Directory service which contains information of all user

accounts and shared resources on a network.
Active Directory is a Centralized Hierarchical Directory.
What is Active Directory?
Directory service Functionality
 Organize
 Manage RESOURCES
 Control
Centralized Management
 Single Point Management
PURPOSE OF ACTIVE DIRECTORY
1. Provides User Logon & Authentication, for authentication KERBEROS

Version 5 Protocol is responsible. Authentication is nothing but proving
your identity or validation.
2. To organize or Manage
User Accounts
Computers
Groups & Network Resources
3. Enables Authorized users to easily locate network resources.
Authorization is checking permissions & privileges.
FEATURES OF ACTIVE DIRECTORY FOR WIN 2000 & 2003
1. Fully Integrated Security

2. Easy Administration using Group Policy
3. Scalable to any size network
4. Flexible
-3-
NEW FEATURES IN WIN 2003
1. Rename Computer name and Domain Name.

2. Cross Forest trust relationship.
3. Site to Site Replication is faster.
4. Active Directory Application mode (ADAM)
INSTALLING ACTIVE DIRECTORY
Requirements:
1. For Active Directory it needs Windows 2000 & 2003 Server Operating
System.
2. Static IP
3. 250 MB of space and should be formatted with NTFS
4. LAN should be active.
Installation:
1. Start
2. Run
3. dcpromo
4. Welcome > Next
5. Next
6. Domain Controller > Next
7. Domain in a New Forest > Next
8. DNS Name ( With extension like .com or .net)
Active Directory is integrated with DNS. (DNS Server can be separate
server)
DNS follows with extension.
9. Domain Net Bios Name
Net Bios name is used for backward compatibility like win98 or win NT or
win95. And Net Bios uses Flat Names.
10. Storing the Database File
Database File is saved in NTDS folder.
 NTDS: New Technology Directory Service
 In NTDS Directory NTDS.DIT file is saved.
 DIT= Directory Information Tree.
This NTDS Directory can be saved in any secondary drive but the drive
should be formatted with NTFS.
11. System volume
It is one of the default share folder responsible for replication between DC
to ADC or ADC to DC.
12. Install DNS & Configure
-4-
13. Permissions
First Option (Enables you to work with old Win OS like Win 98, 95, NT)
Second Option (Enables you to work with Win 2000 or Win 2003)
14. Directory Service Restore Mode Admin Password.
(Leave it Blank)
15. Summary
It shows all information of Active Directory Service.
16. Next > It Installs Active Directory Service in to the Computer.
ACTIVE DIRECTORY FOLLOWS NAMING CONVENTION AS FOLLOWS:
1. NET BIOS: These are flat names which will not follow extensions. (For
Example: Prakash)
2. DNS NAME SPACE: Active Directory follows DNS name space with
which you can find names with Extensions ( For Example: .com,
Prakash.net or prakash.edu)
TO IDENTIFY DOMAIN CONTROLLER OR TO CONFIRM ACTIVE

DIRECTORY SERVICES IN COMMAND PROMPT
1. NET ACCOUNTS
2. GETTYPE
NET ACCOUNTS: If we type this command in Command Prompt it shows

PRIMARY if Active Directory Service is installed.
If Active Directory Service is not installed it shows SERVER.
GETTYPE: If we type this command in Command Prompt it shows DOMAIN

CONTROLLER if Active Directory Service is installed.
If Active Directory Service is not installed it shows as SERVER.
AFTER INSTALLING ACTIVE DIRECTORY SERVICE IN SERVER

OPERATING SYSTEM YOU WILL FIND 5 NEW CONSOLES
1. Active Directory Users & Computers

2. Active Directory Domains & Trust
3. Active Directory Sites & Services
4. Domain Controller Security Policy
5. Domain Security Policy.
-5-
WHAT IS DC & ADC ?
DC = Domain Controller
ADC= Additional Domain Controller
DC: The system which is running Server Operating System and Active Directory
services is called Domain Controller.
It is one of the physical components.
Without a domain controller a Domain cannot exist
ADC: It is used as backup server. The main purpose of configuring ADC is for
fault tolerance.
IP Settings for DC & ADC
Domain Controller System
Static IP: 10.0.0.1

DNS: 10.0.0.1
Additional Domain Controller
Static IP: 10.0.0.2

DNS: 10.0.0.1
What is Domain?
Domain represent as a triangle in 2000 & 2003

Domain is a Logical Entity. A domain is secure logical administrative boundary.
FOR MAKING ADDITIONAL DOMAIN CONTROLLER
1. Start
2. Run
3. dcpromo
4. Welcome > Next
5. Next
6. Additional Domain Controller > Next
7. Type Administrator Password of the Server System.
-6-
DIFFERENCE BETWEEN NT & 2003
WINDOWS NT WINDOWS 2000 & 2003

Protocol Used for Authentication Protocol Used for Authentication
NTLM KERBEROS VERSION 5
It uses NetBIOS It uses DNS & Net Bios
It uses Primary Domain Controller & It uses Domain Controller & Additional
Backup Domain Controller Domain Controller
It Supports 40,000 of users It supports 1 Billion of users
The database where it stores in winnt It uses Directory named NTDS = New
is sam Security accounts manager Technology Directory services.
Domain Represents as circle Domain Represents as Triangle
FLEXIBILITY
In Windows NT Primary Domain Controller is configured while installing

Operating System. And if we want to remove Primary Domain Controller we have
to format the whole operating system.
In Win 2000 & 2003

We have a flexibility of installing or Uninstalling Active Directory services on the
server operating system.
-7-
DAY 3
HOW DIRECTORY SERVICES ARE EVOLVED
DAP: Directory Access Protocol is based on OSI Layers.
LDAP: Light weight Directory Access Protocol is based on TCP/IP Layers.
DAP was introduced in BANYAN VINES
It named the Database as STREET TALK
LDAP: Is introduced by NOVELL
It named the Database as NDS (Network Directory Services)
LOGICAL STRUCTURE OF ACTIVE DIRECTORY
 DOMAINS
 TREES
 FOREST
DOMAINS
 Active Directory is made up of one or more domains.

 Creating the initial domain controller in a network also creates the domain.
You cannot have a domain without at least one domain controller.
 Each domain in the directory is identified by a DNS domain name.
 You use the Active Directory Domains and Trusts tools to manage
domains.
CONFIGURING A CHILD DOMAIN CONTROLLER
Check the IP Address & preferred DNS pointing to Domain Controller.
1. Run
2. DCPROMO
3. Next
4. Next
5. Domain Controller for a New domain > Next
6. Child Domain in an existing domain > Next
7. Administrator, Password & Domain (DC Credentials)
8. Parent Domain : Microsoft.com
Child Domain : mcse
9. NET BIOS: MCSE
-8-
10. Database folder (You can save this folder in any drive where NTFS
formatting is done)
11. SYSVOL
12. Summary It shows and confirms the settings.
To confirm child domain in command prompt use the command NET

ACCOUNTS. Even Child Domain Controller will display as PRIMARY.
The other way to confirm is go to Administrator Tools then click on Active

Directory Domain & Trusts. And then expand the parent domain.
TREE
 In Win 2003 operating system, A Tree is a set of one or more domains

with contiguous names.
 If more than one domain exists, you can combine the multiple domains
into hierarchical tree structures.
 The first domain created is the root domain and tree are child domains.
 A domain immediately above another domain in the same domain tree is
its parent.
Example:
Microsoft.com
Child.Microsoft.com
grandchild.Microsoft.com
First Domain is Called as FOREST ROOT.
-9-
NEW TREE IN EXISTING FOREST
FOREST:
 Multiple Domain trees within a single forest do not form a contiguous

name space; that is they have noncontiguous DNS Domain names.
 Although Trees in a forest do not share a name space a forest does have
a single root domain called the forest root domain.
 The forest root domain is by definition the first domain created in the
forest.
 The two forest – Wide Predefined Groups – Enterprise Administrators and
Schema administrators – reside in the same domain.
Example:
FOREST
Forest / Tree Root TREE
CISCO.COM MCSE.COM
CHILD.CISCO.COM
IP SETTINGS FOR DOMAIN CONTROLLER, ADDITIONAL DOMAIN

CONTROLLER, CHILD DOMAIN CONTROLLER & NEW TREE IN EXISTING
FOREST.
DC ADC CDC NTEF

IP: 10.0.0.1 IP: 10.0.0.2 IP: 10.0.0.3 IP: 10.0.0.4
DNS: 10.0.0.1 DNS: 10.0.0.1 DNS: 10.0.0.1 DNS: 10.0.0.1
SETTINGS FOR NEW TREE IN EXISTING FOREST
- 10 -
1. Run
2. DCPROMO
3. Next
4. Domain Controller for New forest > Next
5. Domain tree in Existing Forest > Next
6. Admin Credentials
7. DNS Name
8. Rest same as before.
- 11 -
DAY 4
FSMO ROLES OR FIZZ-MOE
FSMO = Flexible Single Master Operations
They are 5 FSMO Roles. The exact difference between Domain Controller and
Additional Domain Controller is these 5 FSMO Roles.
In Windows NT Domain model Replication will always take place from PDC to
BDC. Because of which it is called Single Master Replication.
In Windows 2000 or 2003 Server Domain model Replication will take place from
Domain Controller to Additional Domain Controller. Here it is known as Multi
Master Replication.
ROLES OF ACTIVE DIRECTORY
Global Catalog Server
OPERATION MASTERS FOREST WIDE ROLES
Domain Naming Master

Schema Master
RID Master
PDC Emulator DOMAIN WIDE ROLES
Infrastructure Master
DOMAIN NAMING MASTER: It is of the important role which will check the
unique of the domains, with the help of Domain Naming Master you can create
remove or rename the domains. It checks for the DNS conflicts, in the entire
forest Domain Naming Master is present on first domain controller or root
domain.
Domain Naming Master is common in the entire forest since it is known as Forest
Wide Role.
SCHEMA MASTER: Schema is the design or Architecture of Active Directory it

forms a template for Active Directory objects with the help of schema we can
create and manipulate different objects. Schema is further divided into 2
classifications.
 Classes = Objects or Users
 Attributes= Properties of Objects or Information on Objects
- 12 -
Schema is common for the entire forest, since it is known as Forest Wide Role.
RID MASTER:
First before knowing about RID Master we have to know about SID.
SID is a collection of RID & DID
SID = Security Identifier

RID = Relative Identifier
DID= Domain Identifier
SID
RID DID
If the Objects are created in the same domain DID will be same.
Each and every object is assigned by one SID and security principle objects are
(Users, Groups & Computers) is also assigned by one SID.
SID is a collection of DID & RID. RID will check the uniqueness of the objects.
DID will give the information about domains and is common for all the domains
(Ex: 500).
RID is common for its individual domain. Since it is called Domain Wide Role.
To know SID for Administrator in command prompt is as follows:
WHOAMI /USER
Userna m e SID
Zoo m/ad min 5-1-5-21-275462 2 8 6 6- 35347 12 6 1- 24858 9 4 7 6 6- 500
DID RID
PDC EMULATOR
It is responsible for password updations in 2003 (Native mode). In mixed mode

PDC Emulator will act as a PDC for BDC. In the entire forest PDC is present on
to all the domains since it is called domain wide role.
- 13 -
INFRA STRUCTURE MASTER:
It is responsible to maintain Group membership information as well as time

synchronization. Infrastructure master will notify groups that “These are the
modifications taking place in sub domains” We can find infrastructure master in
each and every domain since it is called as Domain Wide Role.
TRANSFERRING ROLES
Transferring roles is done only when Domain Controller is in Fault Tolerance or

for Maintenance purpose.
Transferring of roles can only be done with Domain Controller to Additional

Domain Controller.
Transferring can be done in two modes one is in Command Mode and other one
in GUI Mode.
Preferably GUI Mode is much reliable.
Transferring through Command Prompt
1. NTDSUTIL
2. ROLES
3. CONNECTIONS
4. CONNECT TO SERVER
5. Q = QUIT
6. ? = HELP
7. TRANSFER DOMAIN NAMING MASTER
8. TRANSFER SCHEMA MASTER
9. TRANSFER RID MASTER
10. TRANSFER PDC
11. TRANSFER INFRASTRUCTURE MASTER
12. Q
13. Q
14. NET ACCOUNTS (To check whether it is changed from Primary to
Backup)
Transferring the roles through GUI Mode
In this we have to change with three procedures, first we have to Transfer

Domain Naming Master. Then we have to change RID, PDC & Infrastructure.
And the last one is Transferring Schema Master.
- 14 -
Transferring Domain Naming Master:
1. Programs
2. Administrator Tools
3. Active Directory Domains & Trust
4. Active Directory Domains & Trust (Right Click)
5. Connect to DC
6. Select the sys2 (The ADC where you want to transfer the DC)
7. Check Domain Controller
8. Active Directory Domains & Trust (Right Click)
9. Select Operations Master
10. Click on Change
11. Ok
To Transfer RID, PDC & Infrastructure
1. Administrative Tools
2. Active Directory User and Computers
3. Right click on the Domain (Like zoom.com)
4. Select Connect to Domain Controller
5. From the list select sys2 (The ADC where you want to transfer the DC)
even check current Domain Controller.
6. Right click on Domain Controller (Like zoom.com)
7. Operation Master
8. Continue Change for all the roles
To Transfer Schema Master
1. REGSVR32 SCHMMGMT.DLL (First Register the File with the command

this command in Start > Run)
2. Start
3. Run
4. MMC (Microsoft Management Console)
5. File Menu
6. Add / Remove Snap in
7. Add
8. (Select) Active Directory Schema
9. Add
10. Close
11. ok
12. (Select) & Right Click on Active Directory Schema
13. Change Domain Controller
14. Check Specify name
15. Assign the server name as sys2 (The Name of the computer you want to
change ADC to DC)
16. ok
- 15 -
17. Right Click on Active Directory Schema
18. Operation Master
19. Change
20. To confirm use NET ACCOUNTS Command in command prompt whether
it changed from Primary to Backup.
GLOBAL CATALOG SERVER
It is not a Role it is a Service and you can’t transfer Global Catalog Server.
Global Catalog Server it maintains the complete information about it domain and
partial information about other domains, which exist in the forest. It is also known
as Master Searchable Index. By default we can find Global Catalog Server in
domain controller or root domain. It is called as Forest Wide Role.
To Check Global Catalog Server
1. Open Active Directory Sites & Services

2. Expand Sites
3. Default – First – Site – Name
4. Server
5. Sys1
6. Right Click on NTDS Settings
7. Properties
- 16 -
Day 5
FUNCTIONAL LEVELS
Forest and Domain Functional Levels

 Functional level determines
- Supported domain controller operating system.
- Active Directory features available.
 Domain Functional levels can be raised independently of

one another.
 Raising forest functional level is performed by Enterprise
Administrator
- Requires all domains to be a windows 2000 native or windows
server 2003 functional levels.
Functional Levels are classified into two levels
 Domain Functional Level

 Forest Functional Level
Domain Functional Levels:

a) Windows 2000 Mixed Mode
b) Windows 2000 Native Mode
c) Windows 2003 Interim Mode
d) Windows 2003 Mode
a) Windows 2000 Mixed Mode:
Windows
2003
2000 NT
- 17 -
b) Window 2000 Native Mode
Windows
2003
2000 2000
c) Window 2003 Interim Mode
Windows
2003
2003 NT
d) Windows 2003 Mode
Windows
2003
2003 2003
- 18 -
Forest Function Levels
Forest Function Level Domain Controller Supported

Windows 2000 (Default) Win NT 4.0, 2000, 2003 Server
Windows Server 2003 Interim Win NT 4.0, 2003 Server
Windows Server 2003 Server Family Win Server 2003 Family
Function Levels are important when you are planning to upgrade the operating
system or for establishing trust relationship.
To check Functional levels
1. Active Directory Domains & Trusts

2. Right Click on the domain name (Ex: zoom.com)
3. Click on the Function level or Forest Function Level
TRUST RELATIONSHIP
CISCO.COM (Trusting)
CHILD.CISCO.COM (Trusted)
 Secure Communication paths that allow security principals in one domain

to be authenticated and accepted in other domains.
 Some trusts are automatically created.
- Parent Child domains trust each other.
- Tree root domains trust forest root domains.
- 19 -
 Other trusts are manually created
 Forest – Forest transitive trust relationship can be created in windows
2003 forest only.
Transitive Trust: In Transitive trust relationship Domain A trust Domain B, In the

same way Domain B trust Domain C and in the same way Domain C trust
Domain A. This is called Transitive Trust.
B C
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B
trusts Domain C but Domain C will not trust Domain A. It is known as Non
Transitive Trust Relationship.
B C
One Way Incoming: Example
A1 Incoming
A2
A3 DatabaseServer
A4
Zoom.com Yahoo.com
- 20 -
Types of Trust:
Default: Two ways transitive trust Kerberos trusts (Intra-Forest)
Shortcut: One or two way transitive Kerberos trusts (Intra-Forest)

- Reduce Authentication requests.
Forest: One or two way transitive Kerberos trust

- Windows Server 2003 Forest – Windows 2000 does not support
forest trusts.
- Only between Forest Roots
- Creates transitive domain relationship
External: One way Non-Transitive NTLM trusts.

- Used to connect to/from Windows NT or External 2000 domains
- Manually Created
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX
MIT Kerberos Realms.
Configuring Cross Forest Trust Relationship
IP Setting in 2 different domains
Satyam.com SBI.com
Root Domain Controller Root Domain Controller
IP: 10.0.0.1 IP: 10.0.0.2

PDNS: 10.0.0.1 PDNS: 10.0.0.2
SDNS: 10.0.0.2 SDNS: 10.0.0.1
1. In two different domains Assign alternate DNS as above given example.
2. To Raise the function levels domains as well as forest open the console
3. Active Directory Domain & Trusts.
4. Right Click on the Domain ( for Example: select the domain SBI.com and
raise domain functional level from the list as Window Server 2003)
- 21 -
5. To raise forest functional level right click on Active Directory Domains &
trust Raise forest function Level
6. Select windows Server 2003 and raise it.
7. Follow the same in other domain even to raise the functional levels.
8. To establish a trust between two different forest for example in SBI.com

open the console Active Directory Domains & Trusts
9. Right Click on the domain SBI.com
10. Select next tab trust
11. And Click on new trust
12. Assign the DNS name of other domain for example satyam.com
13. Check Forest trust
14. Select 2 way
15. Check “Both this domain and specified Domain” > Next
16. Assign the credentials as admin & Password > Next
17. Check “Forest wide Authentication”
18. Check “Forest wide Authentication”
19. Next
20. Next
21. Next
22. Yes > Next
23. Yes > Next
24. Finish.
We have to give permissions from the server side also to logon.
1. To give permissions for users/ admin/ Groups

2. Admin Tools
- 22 -
3. Domain Controller security policy
4. Double Click Local Policies
5. User Right Assignment
6. Allow Logon Locally
7. Add user or group
8. Browse
9. Locations
10. Select the Other Domain
11. OK
12. Specify Administrator and Click on check names
13. OK
14. OK
15. OK
16. (To Update default policies) Start > Run > GPUPDATE
External Trust
It is non-transitive it is used to communicate with Windows Server 2003 to Lower

Versions like Win NT, Win 2000 server. It is also used to communicate between
only two roots in the forest,
REALM
It is used to communicate between windows 2003 server to Non Windows

Operating system.
- 23 -
DAY 6
PHYSICAL COMPONENTS
Logical Components of Window 2003 Server is Forest & Trees.
Physical Components:
 Domain Controllers
 Sites
Domain Controller is a system which is loaded with Active Directory Services in

Windows 2000 or Windows 2003 server operating system.
- Stores Replicas of Active Directory Database.

- Associated with given site.
Sites are areas of good connectivity it is one of the Physical component of the
Active Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP
Network.
A Site can span multiple domains. A domain can span multiple sites.
Example for Sites:
INDIA USA
Servers Servers
DC WAN LINK DC
Clients Clients
REPLICATION TOPOLOGY
They are classified into 2 sites
1. Intra Site Replication

2. Inter Site Replication
- 24 -
Intra Site Replication: The replication which is taking place within a single site
between DC to ADC is called Intra Site Replication.
For Replication KCC (Knowledge Consistency Checker) service is responsible.
Inter Site Replication: The Replication which is taking place between 2 different
sites is called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information
from one Domain Controller. So that it can replicate to another Domain Controller
(ADC)
By Default DC & ADC serves will get updated in default first site name. In site by
default one site link also configured.
Configuring Sites:
1. To create sites open the console.

2. Active Directory sites & services.
3. Expand Sites
4. Right Click on site folder
5. New Site
6. Mention the name of the site
7. And Select Default site link
8. ok
9. To Add the servers expand the newly created sight default first sight name
Expand servers.
10. Right click on the server
11. Select and move from the list select new site
12. OK
13. Create one more site by following the same steps
TO CONFIGURE SITE LINKS
1. Expand Inter site transport

2. Right Click on IP
3. Select New site link
4. Specify the name of the site link
5. Add them in the list
6. Ok
- 25 -
TO SET THE REPLICATION SCHEDULE
1. Select IP Folder
2. Double click newly created site link
3. Click on change schedule
4. set the schedule
ACTIVE DIRECTORY PARTITIONS
NTDS
NTDS.DIT
SCHEMA CONFIGURATION DOMAIN APPLICATION
Active Directory Service Database is stored in NTDS.DIT. This database further

logically divided into four partitions.
1. Schema Partition
2. Configuration Partition
3. Domain Partition
4. Application Partition
1. Schema Partition: Schema is a design or architecture of Active Directory,

where it is built on. It provides set of rules to create or manipulate different
objects only schema administrators can modify the schema. You can
modify schema partition only when you are planning to upgrading or
installing active directory applications.
Schema is also known as forest wide replication.
2. Configuration Partition: It is one of the logical partition which maintains the

information about structure of the forest. It contains information like
Domain Controller, Sites, Sites Links and Trust relationship.
Configuration partition is the road map of Active Directory because of

which users are easily able to locate network objects. It is also called
forest wide replication.
- 26 -
3. Domain Partition: Will maintain the information about domains specific
objects. It is a domain wide replication
4. Application Partition: It is configurable partition either it can be forest wide
replication or Domain wide replication. It maintains the information about
the DNS.
- 27 -
DAY -7
USERS & PERMISSIONS
Client Operating Systems: Win 95, Win 98, Win2000 Professional, Win XP
Server Operating Systems: Windows 2000 & 2003 Server
MEMBER SERVER: Member server is a server which can host services like
DNS, DHCP, IIS, etc. The system which is running server operating system and
it is a part of the domain.
Member server is also configured for even load balancing.
TO CONFIGURE MEMBER SERVER
1. Check the preferred DNS

2. Right Click on MY COMPUTER
3. Select Properties
4. Select Tab COMPUTER NAME
5. Click on CHANGE
6. Check the option MEMBER OF DOMAIN
7. And Specify the domain name
8. OK
9. Assign the Credentials
10. To confirm either member of clients in Domain Controller open
Administrator console USER & COMPUTERS
11. Expand Domain & Select Computers
12. To confirm Member Server in Command prompt use the command
GETTYPE
In Member Server login as Domain Administrator to perform Administrative Task

or to Access Active Directory Consoles.
The Below given shortcuts are to access Active Directory Services from Domain
Controller:
1. To open Active Directory Users & Computers => DSA.MSC

2. DOMAINS & TRUST => DOMAIN.MSC
3. SITES & SERVICES => DSSITE.MSC
To know more about shortcuts of consoles type *.msc in search
- 28 -
LOCAL USERS:
You can create local users in work group or Member servers.
Local users can login locally onto there respected systems. They cannot login
from the domain.
PROCEDURE TO CREATE LOCAL USER IN MEMBER SERVER
1. Right Click on My Computer

2. Select Manage
3. Expand Local Users & Groups
4. Right Click on USER FOLDER
5. NEW USER
6. Specify the User Name and Password
7. By providing user name password in LOGON TO SELECT THIS
COMPUTER
CREATING A DOMAIN USER
You can create Domain Users in Domain Controller, Additional Domain

Controller & Member Server
1. In Domain Controller open the console Active Directory Users &
Computers
2. Expand the Domain
3. Check USERS FOLDERS
4. NEW USER
5. Specify the User Name and Logon name
6. Give Password
7. Next > Finish
Domain users can login any where from the network.
Login as domain user (Member Server) users doesn’t have some of the
privileges as given below:
1. They cannot change IP address

2. Cannot share the folder
3. Cannot Create one more new user
4. They cannot shutdown computer.
- 29 -
TO ALLOW LOGON PERMISSIONS FOR DOMAIN USERS
1. Domain Controller Security Policy

2. Local Policies
3. User Right Assignments
4. Allow Logon Locally
5. Add User
6. Browse
7. Specify the User Name Click on check names
8. ok > ok > ok
9. To update Default policies Go to > Start > Run
Type “GPUPDATE”
Login as a Domain user from Domain Controller
PASSWORD POLICY
1. Domain Security Policy

2. Account Policies
3. Password Policies
4. Start > Run > GPUPDATE
TO RESTORE DEFAULT SETTING FOR THE ACCOUNT POLICIES
DCGPOFIX in Command Prompt.
TO CONVERT THE FILE SYSTEM FROM FAT TO NTFS
CONVERT D: /FS: NTFS
- 30 -
DAY8
PERMISSIONS
PERMISSIONS: Privileges to access and Manipulate resource objects such as

Folders, Files and Printers.
For Example: Privilege to read file, Delete a file or create a file.
Types of permissions:
1. Security Level Permissions:

- Only implemented on NTFS Partition
- Applies to Local NTFS Drives only
- NTFS Permissions can be set on drives, files and folders.
2. Share Level Permissions:
- Can be implemented on NTFS and FAT partitions.
- Applies to share folders only and can be accessed from the
network.
- Share permissions can be set only on Drives & Folders
File System provides hierarchical structure to store files or directories, where

operating system can identify and retrieve the files back. There are two types of
file systems FAT & NTFS
FAT: File Allocation Table onto this files systems you can apply only share level
permissions. It doesn’t support security level permissions.
NTFS: New Technology File System

Where it provides extra functionalities comparing to FAT file system on to NTFS
you can apply both levels of permissions sharing and security.
ACCESS CONTROL LIST
DACL
ACCESS CONTROL
ENTRY
- 31 -
DACL = DISCREATIONARY ACCESS CONTROL LIST
SACL = SYSTEM ACCESS CONTROL LIST
You can apply different levels of permissions for the Network objects. The
windows where you can give different permissions for different domain users is
access control list. It will determine which object has a permission and at what
level they can access the object.
In the Access Control List individual entry is known as Access Control Entry
(ACE). Further ACL is classified into 2 types
1. DACL
2. SACL
1. DACL: Discretionary Access Control list it determines different levels of

permissions for an individual object or network object.
2. SACL: System Access Control List. Here you can apply audit policies as
well as system policies.
PROCEDURE TO GIVE SECURITY LEVEL PERMISSIONS:
1. Create Domain Users

For Example: a1, a2 & a3
2. Open MY COMPUTER
3. In one of the Drive create a folder with new files.
TO GIVE DIFFERENT LEVEL PERMISSIONS
4. Right Click on the Folder which is created
5. Click on Sharing & Security
6. Select tab SECURITY
7. Before applying the permissions remove inheritance which is propagating

from existing drives.
8. To Remove Inheritance from the Security Tab
9. Select Advance
10. Allow inheritable permissions
- 32 -
11. For Administrator set full control
12. And add individual users set different levels of permissions.
13. To Check security level permissions login as a USER
14. Open the Drive Letter and access the folder.
MODIFY:
Permission will allow the user to create, delete, rename and modify the files and
folders but in Modify user cannot change the permissions or add the new users in
Access Control list where as in full permissions to edit the object as well as
change the existing permissions.
PROCEDURE TO TAKE OWNERSHIP:
The Access control List if Administrator doesn’t have the permission or in the
Access Control List if the Administrator has been deleted then you need to take
ownership.
1. Right click on respected folder

2. Properties
3. Select Security Tab
4. Advanced
5. Select owner
6. Select Admin
7. Check and Replace owner on Sub containers and objects
8. Once you take the ownership only administrator will be the owner of the
object.
SHARE LEVEL PERMISSIONS:
Share level permissions will apply over the network
1. In one of the drive create a folder with new files in it.

2. To share the folder Right click on the folder
3. Sharing & Security
4. Select the Tab Security
5. Check Share this folder
6. Click on permissions
7. Either add the user or give the permissions for everyone full control
8. To check share level permissions
- 33 -
9. For Ex: Sys2 Login as Domain User
10. To Access the share folder open MY NETWORK PLACES
11. Windows Network
12. Double Click the domain
13. Open Sys1 and access the share folder
14. Security level permission will apply locally
Security level permission will apply locally.
Share level permissions will apply across the network.
- 34 -
DAY -9
PROFILES
-Profiles is a User-State Environment.
-Profile is a Unique identity where user can perform all his task operations.
Profile is a collection of Desktop Icons, Background, Start Menu, Task Bar, Etc.
DEFAULT USER:
It is one of the important folder which is responsible for providing new profiles. It
is even called as template.
NTUSER.DAT:
You can change the work environment by changing the position of Task Bar,
Desktop icons as well as screen savers.
These modifications will store in NTUSER.DAT. It contains collection of settings

and configurations where you can manipulate for user profile.
DIFFERENT TYPES OF PROFILES:
1. Local Profile
2. Roaming Profile
3. Mandatory Profile
1. Local Profile: Local profiles will not travel along with the user, and it is
going to be stored in the Local machines. A local user profile is created to
a computer, Any changes made to local user profile are specific to the
computer on which we have made the changes.
TO CONFIRM LOCAL PROFILE:
1. In Domain Controller
2. Create a Domain User
3. In Member Server login as a domain user and change the profile
4. To confirm the type of profile
5. Right Click on My Computer
6. Properties
7. Select Tab Advanced
8. Click on user profile settings
- 35 -
2. Roaming Profile:
(//sys1/user/a1) is called as Universal Naming Convention (UNC)
A Roaming user profile is created by an Administrator and it is stored on

the server. Roaming profile will travel along with the users.
Configure roaming profile to make the work environment common for the
particular user.
Changes made to the roaming profile will be saved on the server.
Configuring a Roaming Profile:
1. In Domain Controller or Sys1

2. Create a folder
3. And apply share level permissions
4. Create a Domain user
5. To convert from local to roaming assign the network path which is
called UNC path (Universal Naming Convention)
6. To Assign the path
7. Right Click on the user
8. Properties
9. Select the tab profile
10. Assign the path of the share folder
//sys3/sharedfolder/username
11. In sys2 login as a Domain user change the work environment and
create new documents on to it.
12. Log off to save the changes
13. And from sys1 login as a same user and check the profile
To set the profile for more than one user with in a single folder
\\sys1\roam\%username%
3. MANDATORY PROFILE:
In Mandatory Profile user object cannot change the work environment.
Convert from Roaming to Mandatory to Standard Desktop or Fixed
Environment.
1. Open Share folder

2. Open users folder
3. If your not able to access users folder take the ownership.
4. To take the owner ship Right Click on the user
5. Sharing & Security
6. Security Tab
7. Advanced
8. Owner
9. Administrator
- 36 -
10. Check ( REPLACE OWNER ON SUBCONTAINERS & OBJECTS)
11. Open user profile
12. Change NTUSER.DAT to NTUSER.MAN
13. To Apply the permissions to the parent folder (Shared Folder)
14. Right click on Properties
15. Select Security
16. Advanced
17. Check REPLACE PERMISSIONS
18. To confirm Mandatory profile Login as a user and change the
profile.
HOME FOLDER:
Home folder is a centralized location of the user personal files.
Home directories and My Documents make it easier for an Administrator to

Backup user files and Manage User Accounts, By collecting the information from
one central location.
TO CONFIGURE HOME FOLDER:
1. Create a Share Folder

2. Open Active Directory Users & Computers
3. Right Click on One user
4. Properties
5. Select the tab “Profile”
6. In Home Folder check “Connect”
7. Assign the Drive letter and specify UNC Path
8. Login as a Domain user from sys2.
9. Open My Computer as well as home directory
10. Create few new files in it
11. In sys1 to check the home directory for a user
12. Open the shared folder as well as user’s folder.
- 37 -
DAY 10
DFS
DFS= Distributed File System or File Storage Architecture
Distributed file system (DFS) allows Administrators to make it easier for users to
access and manage files that are physically distributed across the network.
With DFS you can make files distributed across multiple servers. It may appear
for user that files actually reside in one place (Computer) on the network.
DFS ROOT
DIRECTORY1 System1
DIRECTORY 2 System2
DIRECTORY3 System3
You can find DFS service in Workgroup Systems, Domain Controller and
Member server.
Shortcut to Open DFS Console: DFSGUI.MSC
DFS ROOT:
DFS Root is the beginning of a hierarchy of DFS links that points to shared
folders.
DFS Link:
A Link from a DFS Root to one or more shared files or folders.
- 38 -
PROCEDURE TO CONFIGURE DFS ROOT
1. Create a Shared folder (For Example: DFS ROOT)

2. And one more share folder “Sales”
3. While Creating the shared folder even check the type of file system
4. To Create DFS ROOT from administrator tools open DFS
5. Right Click on DFS
6. New Root
7. Next
8. Check Domain Root
9. Next
10. Specify the server name “BROWSE”
11. Select the Server name from the list.
12. Next
13. Specify the root name has DFS Root
14. Next
15. Finish
To create a link or a pointer
1. Right click on existing root

2. Select New Link
3. Specify the link name as SALES
4. Assign the Network Path
5. Browse
6. Entire Network
7. Windows Network
8. Expand the domain as well as server
9. And select the shared folder SALES
10. OK > OK
After configuring DFS Root to access the Root in system2. In Start Run specify
the Root name as given below example
Ex: 0
It will display the number of links or shared folders
ROOT TARGET:
The mapping destinations of DFS Root or Links which corresponds to a physical

folder that has been shared.
- 39 -
Procedure to Create Target:
For Example: In System2 create a shared folder by the name Root Target.
In sys1 open DFS where Root is already configured.
1. Right click on the existing root

2. Select New Root Target
3. Browse from the list select SYS2
4. Next
5. Select The Shared Folder by clicking on Browse
6. Expand the Drive and select the share folder
7. ok
8. To confirm the Backup Server
9. In Sys2 open DFS expand the root
10. This Backup server will maintain the information about existing root as well
as links.
LINK TARGET:
To Create a Link Target
For Example:
1. In sys2 create a shared folder by the sales target

2. To configure link target
3. In sys1 Right click on existing link
4. New target
5. Browse
6. Assign the New Path of sys2 (Where sales target is created)
7. ok
8. Yes
To Configure Replication
9. Next
10. Select Sys1 in the list
11. Select the Topology as Ring
12. Next
13. Finish
To Configure the Replication between DFS1 & 2
1. Restart 2 Services from Admin tools

2. Open Services Console
3. Restart DFS & File Replication Services.
- 40 -
DAY11
GROUP POLICIES-1
Group Policy:
Group Policy is a collection of settings which can be applied on computers and

users.
With Group policy Administrator can centrally manage the Computer and users.
Ease Administration using Group Policy.
In Window NT there is no concept of Group Policy. In Win NT system policies are

used, which are not much powerful comparing to Group policies. Windows NT
does not support Group Policies.
The Window which is used to apply or edit the policy is POLEDIT.
Group policies are associated with levels:
1. Site Level
2. Domain Level
3. Organizational Unit Level (OU Level)
1. Site Level: Apply the policy on site level which is going to be common for
multiple Domains in a single forest.
2. Domain Level: Apply the policy on Domain Level which is common

Domain Controllers and Client systems.
3. OU Level: Apply the policy on OU Level which will be common for users
and computer objects.
OU is a smallest Administrative Unit, It is also referred as sub-tree or sub

container. It is one of the logical component of Active Directory.
It contains different objects which is maintained in a domain. OU can

contain Groups of Users or Groups of Computers.
PROCEDURE TO APPLY THE POLICY ON OU LEVEL
To Restrict Internet Explorer Icon from the Desktop
1. Open the Admin Console

- 41 -
3. To Create a OU
Right Click on the Domain
For Example: Zoom.com
4. Select New > Organizational Unit
5. Specify the Name > Ok
6. In OU create some Domain Users
7. To Apply the policy Right click on OU > Properties > Select Group Policy
8. Create a New Policy and Label it
9. Click EDIT
10. In User configuration expand Administrative templates
11. Select Desktop from the list applies any policy by making the option
enable.
Restricting the Applications:

3. To Create a OU
7. Create a New Policy or edit the existing policy.
8. Click on EDIT
9. Expand> ADMINISTRATIVE TEMPLATES
10. Select > System
11. Double click the policy > Do Not run specified windows application.
12. Check > Enable
13. Click on > Show
14. Add
15. Specify > IEXPLORER.EXE
16. Ok>Ok>Ok
17. Login as a user from client of Member server and access internet
Explorer.
“GPMC Service Pack”= To make Group Policies to default settings.
TO ALLOW THE POLICY FOR ONE OF THE USER FROM THE GROUP
POLICY WINDOW
1. Select the Policy

2. Properties
3. Security
4. Add user
5. Check Names > Add The User
6. And Apply Group Policy (DENY)
- 42 -
7. To Confirm login as a user and check the application or policy.
RESTRICTING DRIVES

3. To Create a OU
7. Open Group Policy Window
8. Create a New policy and label it
9. Click on Edit
10. Expand > Admin Templates
11. Windows Component
12. Windows Explorer
13. Open the Policies > Hide these specified Drives from MY COMPUTER
14. Check > The List
15. Select one of the Drive
16. OK
17. Check the result by logging as user.
DELEGATE CONTROL
Delegate Control (Giving Partial permissions from the Administrator)
With the help of Delegate control. Admin can give partial permissions for Domain
users to perform Administrative Task with out specifying Admin Credentials.
PROCEDURE TO CREATE DELGATE CONTROL:
1. Right Click on OU
2. Select > Delegate Control
3. Add the User
4. Next
5. Check the option >Create Delete & Manage user Accounts
6. Next > Next > Finish
7. To Confirm Delegate Control
8. Login as a user
9. Open Active Directory Users and Computers
10. Right Click on OU & Create a user
- 43 -
DOMAIN POLICIES:
To apply the policy on Domain Level:
1. Right Click on the Domain

2. Properties
3. Select Tab > Group Policy
4. Create a New Policy
5. Edit
6. Expand Admin Templates
7. Select > Start Menu and Task Bar
8. Double Click on the policy and make the option enable
9. Login as a user or an Admin to check domain level policy is activated.
SITE LEVEL:
To apply the policy in Site Level:
1. Open the console Active Directory Sites & Services
2. Right Click on > Default First Site Name
3. Properties
4. Select Group Policy Tab and Apply any Policy.
BLOCK POLICY INHERTANCE:
This Policy is to prevent or to block the policies which are applied on to the
Domain level to the OU level.
Configuring BLOCK POLICY INHERITANCE to block the policies from Domain to

OU level or from site to Domain level.
2. Properties
3. Select > Group Policy
4. Check > Block Policy Inheritance.
NO OVERRIDE:
Use No Override to apply the policy of Site Level or Domain Level forcefully.
Comparing to Block Policy Inheritance No Override has the highest priority.
1. Apply one policy on OU Level as well as Domain Level
2. On OU Level check Block Policy Inheritance, In the Domain Level check

the option No Override from Group Policy window.
- 44 -
RESTRICTING ACCESS TO DRIVES FOR DOMAIN USERS
1. Apply the policy on OU Level

2. Create a New Policy and label it
3. Click on Edit
4. Expand Administrative Templates
5. Windows Components
6. Windows Explorer
7. Double Click the Policy “PREVENT ACCESS TO DRIVES FROM MY
COMPUTER”
8. Apply the Policy
9. Login as a user
10. And try to Access the Drive.
- 45 -
DAY 12
GROUP POLICY -2
 Software Deployment
 Folder Redirection
 Scripts
Software Deployment: You can use Software Deployment to make the software
available for few groups of users, rather then installing normally on to individual
system use group policy 2 even you can restrict the users to user a particular
application.
Group policies will not support EXE Files in order to convert from .EXE to >MSI
the third party tool is used which is “WININSTALLLE”. It is not a Microsoft
product it is produced by Veritas.
To convert from EXE to MSI in win installle follow these steps:
 Before Snap Shot

 Installing Application
 After Snapshot
Before Snap Shot: The only difference between Before Snap Shot and After
Snap Shot is newly installed application.
In this procedure it converts from EXE to MSI (Microsoft Software Installer)
The file size of Win installLe is 12466KB
1. Install Winstallle from the Application folder

2. Next > Next
3. Specify Read Information
4. Next
5. Next > Finish
6. Share Name (Leave it blank)
7. Next > Finish
To Perform Before Snap Shot
Create a Share Folder and apply full control sharing
1. After Installing the tool

2. Open WININSTALLLE from Programs Menu
3. Right Click on Window Installer Packages
4. Select Run Discover
- 46 -
5. Next
6. Specify the Application with UNC Path
7. Click on Browse
8. My Network Places
9. Entire Network
10. Open the Share Folder from the system where you want to save
11. Specify the application name as “ Acrobat.MSI”
12. Open > Next > Next
13. Add all the drives
14. Next > Next > Next
15. Finish
1. Confirm the file which is created is converted from EXE to MXI

2. Open the shared folder and check the file
3. Install the application from application folder
4. Double click on Acrobat.exe and install it
5. You can install the application from the Application folder or from the
Application programs which is continuing Before Snap Shot.
To Perform After Snapshot
1. Open the same window WININSTALLLE

2. Right Click on Windows Installer Packages
3. Select Run Discover
4. Next
5. Check After Snap Shot
6. Next > Finish
7. Open the share folder and check the file formats which is converted from
EXE to MSI .
To Apply policy and deploy the software create OU as well as new users.
1. Right Click on Properties

2. Select Group Policy
3. Create a New Policy and Label it
4. Click on edit
5. In User Configuration
6. Expand Software settings
7. Right Click on Software Installation.
8. Select New Package
9. And Apply Network path
10. Open My Network Places
11. Entire Network
12. Windows Network
13. Open the Domain
- 47 -
14. Server
15. Double Click the Share folder
16. Select the application
17. Acrobat.msi
18. Give > Open
19. And Check Assigned
20. OK
21. Login as a user
22. And check the policy
Importance of Deployment Method
Published: Select Publish to Advertise the software in Control Panel. The User
has to install the application normally from control panel.
Assigned: This option will Advertise the software in Start Menu Desktop and in
control panel. User can open the application directly.
Advanced: Choose advanced to perform modifications or updating in existing

software.
FOLDER REDIRECTION
You can use folder redirection to redirect the user profile to the main server. With
folder redirection Administrator can update the information of the user profile.
1. Create a shared folder

3. In the Group Policy Window create a New Policy
4. Edit
5. Expand Window Settings
6. Folder Redirection
7. Select Desktop
8. In the list select Basic Redirect to everyone folder in the same location.
9. In the next block select redirect to following path
10. Click on Browse
11. Give UNC Path
12. Open the shared folder
13. ok
14. In the path specify %Username%
15. In Member server login as a user
16. Onto the Desktop create New directories for files and logoff.
17. In Sys1 which is domain controller open the shared folder take the owner
ship to access the user folder.
- 48 -
BACKUP & RECOVERY
Backup is a utility or tool which will protect the data from accidental loss. Either it
can be systems Hardware problem or storage media with the help of Backup we
can create a duplicate copy of the same data and retrieve it back. You can take a
Backup of User Data and System State Data.
User Data: User generated files or folders are called User Data.
System State Data: System Generated Data like Operating System files, Boot
files, Registry files as well as Active Directory database.
ARCHIVE BIT: It is one of the file Attribute which determine the status of the files
or folders with the help of this property you can confirm whether backup is
created or not. In 2000 and 2003 NTBACKUP Tool is used. In Win NT you can
take backup only in Tape Drives.
USER DATA: In User Data is once again classified into five different types of
backups:
1. Normal
2. Incremental
3. Differential
4. Copy
5. Daily
Normal: In Normal Backup you can take the backup of all files. It will not check
for Archive Bit, Normal Backup is Irrespective or Irrelevant of Archive Bit. After
taking the Backup it will uncheck Archive status or Bit.
Practical:
1. Create a folder as well as new files in it.

2. To take the backup in Start > Run (Specify) > “NTBACKUP”
3. Next
4. Check “Back Up Files and Settings”
5. Next
6. Let me chose what to backup
7. Next
8. Select the Drive and check the folder
9. Next
10. Browse
11. Change the drive and save the backup
12. Next > Finish
- 49 -
After taking the Backup open the folder and check Archive Bit.
Incremental: This type of Backup will check for Archive status and it will take the
Backup of only those files where ever it is finding Archive Bit on. Even in
Incremental. After taking backup Archive Bit will be unchecked. Prefer
Incremental Backup in the existing folder if files are modified or added newly.
Practical:
1. Open the same existing folder

2. Modify the files
3. And Add New Files
4. To take the Backup
5. Start > Run > NTBACKUP
6. Next > Check Backup Files
7. Next > Let me chose to backup
8. Next > Expand My Computer and Drive
9. Check the folder
10. Next
11. Save the type of Backup by choosing Browse
12. Next
13. Click on Advanced
14. From the List Select Incremental
15. Next
16. Check the option “Verify Data After Backup”
17. Next
18. Check “Append”
19. Next
20. Select “NOW” > Next & Finish
DIFFERENTIAL:
The basic difference between Incremental and Differential is after Backup.

Differential Backup will check for Archive Bit, Once after taking the backup
Archive Bit will be checked.
RESTORING
Practical
1. Open the Original Folder

2. Remove all the files
3. To restore either select the drive > Open backup or continue with
NTBACKUP
- 50 -
4. Next
5. Check > Restore Files
6. Next > From the list Select the Backup Type
7. Expand
8. And Check the drive letter
9. Next > Finish
COPY & DAILY BACKUPS:
These two different backups will not check for Archive Status, either before
taking the backup or after. You can use copy backup to maintain the same copy
of data. Daily Backup is used to maintain the information up to date.
SYSTEM STATE DATA:
USN: Update Sequence Number
Each and every object is assigned by one USN value this value will gradually
increase when the object is modified or while changing password.
To Check USN Value:

2. Select View Menu
3. Check Advanced Features
4. Right Click on the existing user
5. Properties
6. Select the tab object.
If objects are removed or deleted from the database, for these deleted objects
one ID is assigned which is nothing but Ghost ID. It will be a period of sixty days
even this duration is known as Tomb Stone Period.
Practical to take System State Backup:
1. Create a Organizational Unit and New Users

2. To take System State Backup
4. Click on Advanced Mode
5. Backup Wizard
6. Next
7. Check “ONLY BACKUP SYSTEM STATE DATA”
8. Save the Location
9. Next and finish
- 51 -
TO RESTORE SYSTEM STATE BACKUP
After taking System State Backup from OU remove few users.
1. Restart the system

2. Press F8
3. From the list select DIRECTORY SERVICE RESTORE MODE
4. And Login as a Administrator
Note: You cannot Restore System State Backup in Active Mode (Normal Mode).
Restoring is possible only in DSRM Mode.

6. Next
7. Check Restore Files
8. Next > Expand System State Backup
9. And Check “System State”
After Restoring Continue with “No” which is similar to Authoritative Restore. In

Authoritative restore you can restore Active Directory objects back. In Non-
Authoritative restore you cannot retrieve Active Directory Objects.
AUTHORITATIVE RESTORE
1. Command Prompt
2. NTDSUTIL
3. Authoritative Restore
4. Restore Database
TO RESTORE INDIVIDUAL OBJECT:
1. NTDSUTIL
2. Authoritative Restore
3. Restore Subtree CN=u1 (Username), OU=OU1 (Organizational Unit
Name), Dc=Zoom (Domain Controller first name), DC= Com
(Cn=Canonical Name)
- 52 -
DAY 14
DHCP
DHCP: Dynamic Host Configuration Protocol
It gives IP Address Automatically to the clients who is requesting for a Dynamic

IP Address.
DHCP users a Client /Server Model where the DHCP Server will maintain
centralized management of IP Address that is used on the network.
DHCP PROCESS
DHCP DISCOVER
DHCP CLENT DHCP OFFER DHCP SERVER
DHCP REQUEST
DHCP ACKNOWLEDGEMENT
DHCP DISCOVER: The Client system request DHCP Server to release one IP
Address. This request is known as DHCP Discover.
DHCP OFFER: The DHCP server check the respond from the client system and
offer pool of IP Address. This process is known as DHCP OFFER.
DHCP Request: The Client System once again request the DHCP server from
the pool of IP’s to provide one IP to the Client System.
DHCP Acknowledgement: Finally DHCP Server check for the IP Address

whether it is provided to the client system.
This process or Mechanism is known as Four Way Hand Shaking Process.
Practical:
1. Install Sys1 Configure DHCP

2. From Control Panel
3. Add/Remove Programs
4. Add/Remove Windows Components
5. From the list select Networking Services
6. Click Details
7. And Check DHCP
8. Give Ok > Next > Finish
- 53 -
You can configure DHCP in DC, Member Server or Work Group Systems.
The Shortcut to Access DHCP from RUN > DHCPMGMT.MSC
TO CREATE A SCOPE:
1. Open DHCP in Admin Console

2. Before creating a Scope Authorize DHCP Server
3. Right Click on DHCP
4. Select Manage Authorized Services
5. Click on Authorize
6. Assign the name of the server or IP Address
7. Close the window and refresh
8. To create a Scope Right Click on the Server.
9. Select New Scope
10. Next
11. Specify the Scope name
12. Next
13. Assign the IP Address from Starting to End
14. Next
15. Add Exclusions in the list.
16. Next > Next
17. Yes > Next
18. Next
19. Specify the domain name as well as server name
20. Click on Resolve
21. And Add in the List
22. Next > Next
23. Yes > Next > Finish
In System 2
24. Remove Static IP Address

25. From Command Prompt use Command
IPCONFIG /RELEASE (To Remove Existing IP Address)
IPCONFIG /RENEW (To automatically assign IP address from the DHCP
Server)
IPCONFIG /ALL (To Show all the details about the system Network)
GET MAC (To get the Mac address of the current system)
ARP –A (To Know the Mac address of other systems)
Address resolution protocol
- 54 -
SCOPE: It’s a Range of IP address which is assigned to computers requesting
for a Dynamic IP Address.
AUTHORIZATON: It’s a security precaution that ensures that only Authorized

DHCP servers can run in the network, to avoid computers running illegal DHCP
server in the Network.
Non-Authorized DHCP Servers are also called as “ROGUE SERVERS”.
EXCLUSIONS: From the pole of IP Address. In a single scope, use exclusions if

IP Addresses are used for example: DHCP Servers, DNS or Domain Controller.
Once if these Static IP Address are added in Exclusions the DHCP server will
Assign the IP Address apart from Exclusions.
RESERVATIONS: Configure Reservations to reserve a particular IP address

from the Pool of IP addresses to the particular computer. Comparing to Dynamic
IP’s Reservation is having the highest priority. Through Reservation you can
Assign a dynamic IP which is in the Static Mode.
Practical:
1. Expand Scope
2. To know the Mac address of the current system in command prompt type
“GET MAC”
3. To know the Mac Address of other system first make a communication
between both the system by giving ping command to the IP address of
other system when it responds type the command “ARP –A” (Address
Resolution Protocol)
4. To copy the Mac Address Right Click on Physical address select Mac and
mark the physical address and give Enter.
To Create Reservations
5. Right Click on Reservations

6. New Reservation
7. Specify the name and IP address from the Range
8. Right Click on the Mac Address and paste
9. Check DHCP only and click on Add and close the window
From the Client Side use the command in command prompt.
10. IPCONFIG /RELEASE

11. IPCONFIG /RENEW
- 55 -
TO CREATE A SUPER SCOPE
To group more then one scope in the DHCP Server create Super Scope. Super
Scope is a collection of Multiple Scopes.
Practical:
1. In the DHCP Server

2. Create 2 Scopes
3. For Example: Scope1 as 10.0.0.1
Scope2 as 10.0.11.1
4. Right Click on the server select New Super Scope

5. Next
6. Select 2 Scopes together
7. Next > Finish
To get an IP Address from 2nd Scope
1. Deactivate the first scope

2. From Sys2 check the result by following the commands or add exclusions
in the first scope.
3. Expand the scope
4. Right Click on Address Pole
5. Select New Exclusion Range
6. And Assign the IP from Starting to Ending
7. Once if all the IP address is used or leased from the first scope the
identification will be exclamation it means IP Address are exhausted.
SCOPE OPTIONS: Configure Scope options to provide Additional Information

like preferred DNS, Default Gateway, Etc. It is common only for individual scope.
SCREEN OPTIONS: Configure Server options to provide additional information

along with all the dynamic IP’s It is common for multiple scopes.
APIPA = Automatic Private IP Address
In absence of DHCP server APIPA will provide IP address for the Client
Systems. If the DHCP is not authorized then it can’t provide IP address to the
Client Systems.
- 56 -
TO CHECK APIPA
1. In the IP Address Window

2. Check “Obtain an IP Address Automatically”
3. Select Next Tab > Alternate Configuration
- 57 -
DAY 15
DNS
Domain Naming System / Server
 Defines a hierarchical name space where each level of name space is
separated by “.”
 Provides resolution of names to IP Address and resolution of IP Address
to names.
NETBIOS
BROADCAST:
The first naming convention was broadcast.
The first method of resolving names to IP or IP to names was broadcast. In

Broadcast it generates network traffic and more over router will drop Broadcast
packets.
LM HOST FILES:
LAN Manager Host Files
To Map names to IP or IP to names the second method of naming convention

was LM Host files.
In a single network if any system wants to communicate then it has to check LM

Host table. It contains system names and corresponding IP address. In LM Host
you can communicate between two different networks. But only the draw back is
manually we have to update the entries.
The way to find out LM HOST FILES

C:\WINDOWS\SYSTEM32\DRIVERS\ETC
WINS
Windows Internet Naming Server or Service
It’s a DYNAMIC SERVICE
Microsoft came up with one more Dynamic service which is nothing but WINS.
WINS Server will register client systems NETBIOS with corresponding IP
- 58 -
Address Automatically because of this reason it is known as Dynamic service.
But it doesn’t follow naming hierarchy in Windows NT Win Server is configured to
map names to IP or IP to names. In 2000 or 2003 DNS is a Dynamic Service
which is used. It maintains standard Internet naming conventions.
You can configure DNS in Workgroup, Member Server or Domain Controller. It

requires a Server Operating System CD
To open DNS START > RUN > DNSMGMT.MSC
- 59 -
DAY-16
Mail yahoo com .
1= Root Server
2= Top Level Domain
3= Second Level Domain
4= Sub Level Domain
Root server will maintain the information about Top Level Domains.
. .
Top Level Domains like “ Com “ or “ Org” will maintain the information about
second level domains and second level domains will maintain the information
about Sub-Level Domains.
They are 13 Root Servers all over the world:
1. Asia
2. Japan
3. And the most of root servers are located in USA.
ISP DNS SERVER
Yahoo.com 203.54.92.64
Google.com 204.66.54.89
Rediff.com 17.34.68.2 Yahoo.com
203.54.92.64
1
3
Google.com
2 204.66.54.89
Client typed
www.yahoo.com
Rediff.com
17.34.68.2
- 60 -
1. Client request ISP DNS for resolving www.yahoo.com
2. DNS Server gives the IP address of yahoo.com to the client
3. In the third point client get the IP address of yahoo.com and
communicates directly with yahoo server.
QUERY TYPES:
Iterative Query: The DNS server returns an answer to the query or a pointer to
other DNS servers.
Recursive Query: The DNS returns a complete answer to the query not a pointer
to another DNS Server.
Client Local DNS ISP DNS ROOT Server
ITERATIVE QUERY
Top Level Domain
RECURSIVE QUERY
Sub Level Domain Second level

Domain
Client to DNS = Recursive Query

DNS to DNS = Iterative Query
LOOKUP TYPES:
Forward Lookup: Requests Name to address resolution
Reverse Lookup: Request Address to Name Resolution.
- 61 -
Forward Lookup
USER FRIENDLY NAME

Client DNS
IP ADDRESS
Reverse Lookup
IP ADDRESS
Client DNS
USER FRIENDLY NAME
FULLY QUALIFIED DOMAIN NAME (FQDN)
 Identifies a Host name within the DNS Name Space Hierarchy

 Host Name Plus DNS Domain = FQDN
HOST DOMAIN NAME
FQDN
SYS1 . MCSE . COM
- 62 -
DNS TAKING PLACE IN LOCAL LAN
DC1
Mcse.com
IP: 10.0.0.25 DNS CLIENT

PDNS: 10.0.0.40 10.0.0.40 IP: 10.0.0.10
PDNS: 10.0.0.40
DC2
Zoom.com
IP: 10.0.0.26
PDNS: 10.0.0.40
Note: (To remove the cache files use this command in cmd prompt :
IPCONFIG /FLUSHDNS )
ZONES
There are 4 types of Zones:
1. Primary Zone
2. Secondary Zone
3. Stub Zone
4. Primary Zone Integrated with Active Directory
Zone is a storage database which maintains the information about its domain or
Multiple domains. It maintains the file by default in the local system. In a single
zone you can find collection of records which is going to map IP’s to Names or
Names to IP’s.
- 63 -
There are 4 types of Resource Records:
1. Start of Authority (SOA)
2. Name Server (NS)
3. Host Records
4. Alias Records
Primary Zone: is a master copy where you can modify or edit records.
Practical:
TO CREATE A PRIMARY ZONE:
1. Open DNS Console

2. Expand the Server
3. Forward Lookup Zone
4. Right Click on Forward Lookup Zone
5. New Zone
6. Next
7. Check Primary Zone
8. And Uncheck the Last option
9. Next
10. Specify the zone name (For Ex: google.com)
11. Next > Next
12. Check 2nd Option
13. Next > Finish
TO CREATE HOST RECORD
1. Right click on the newly created zone

2. Select New Host
3. Specify the system name with IP address
4. Click on Add Host
TO CREATE ALIAS
1. Right click on the same zone

2. New Alias
3. Specify the alias name (WWW)
4. Browse
5. Double Click Sys1
6. Forward Lookup
7. Double Click the Zone
8. Select Sever Name
9. OK > OK
10. To check the resolution in command prompt
Type PING SYS1. GOOGLE.COM or PING WWW.GOOGLE.COM
- 64 -
SECONDARY ZONE: is a read only copy where you cannot modify the records.
And always it replicates from Primary to Secondary to maintain one more DNS
server for fault tolerance or for load balancing.
TO CREATE A SECONDARY ZONE:
1. In DNS create a Primary Zone with resource records

2. DNS2 Create a Secondary Zone
4. New Zone
5. Check Secondary Zone
6. Next
7. Specify the Zone name of Master Copy
8. Next
9. Assign the IP address of DNS1
10. Add in the list
11. Next and Finish
TO TRANSFER THE RECORDS FROM PRIMARY TO SECONDARY
1. In DNS 1
2. Right Click on Primary Zone
3. Properties
4. Zone Transfer
5. Check allow zone transfer (Only to the following service)
6. Add IP address of Second DNS Server
7. OK
8. In DNS2 Right Click on the Secondary Zone Select Transfer from Master
9. Continue with Finish
- 65 -
DAY 17
PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY:
In Domain Controller by default DNS is configured DNS is one of the important

service which will advertise or publish about Domain controller in the network.
In this DNS by default a zone is configured by the domain name. And only in this
zone you can find Six Service Records for example: The Zone name is
zoom.com
1. MSDCS
2. SITES
3. TCP
4. UDP = User Datagram Protocol
5. Domain DNS Zone
6. Front DNS Zone
MSDCS: It maintains the information about different Domain Controllers

configured in the forest.
SITES: It contains the information about sites which is configured in the forest.
TCP & UDP: These are two important protocols
Domain DNS Zone: It maintains the information about Domain wide replications.
Forest DNS Zone: It maintains the information about forest wide replications.
With the help of 6 Service Records DNS Server is able to identify Domain
Controller.
DIFFERENCE BETWEEN PRIMARY ZONE AND PRIMARY ZONE

INTEGRATED WITH ACTIVE DIRECTORY
Primary Zone Primary Zone Integrated with Active

Directory
We can create N number of Primary In this Zone is linked with the Domain
Zone in one DNS Server Like: Controller Domain Name where it
Yahoo.com, google.com maintains all the records of the Domain
Controller
The Data is saved in Local Hard Disk The Data of this zone is saved in
Application Partition.
- 66 -
TO CREATE A PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY
1. Right click on forward lookup zone

2. New Zone
3. Next > Check Primary Zone and the Last option INTEGRATED WITH
ACTIVE DIRECTORY
4. Next
5. Check to all Domain Controller in Active Directory Domain “ZOOM.COM”
6. Next
7. Specify the zone name which is related to the Domain Name for ex:
zoom.com
8. Next
9. Check “Allow Only Secure Dynamic Updates”
10. Next > Finish
To get all six service records open services console and restart 2 services that is
DNS Server & Netlogon.
The Zone which is integrated with Active Directory will store in Application
Partition.
(TIP: “IPCONFIG /REGISTER DNS” to register DNS)
DYNAMIC UPDATES:
ALLOW ONLY SECURE DYNAMIC UPDATES:
This option will support the zone which is created or Integrated with Active
Directory.
It supports Dynamic updates of Member servers. Dynamic updates also follows

operating system like 2000 or 2003 the system which is running 2000 or 2003 the
information regarding client systems will get updated automatically in the DNS
Server. The system which is running 95 or 98 operating system cannot use the
command “IPCONFIG /REGISTER DNS” to register the information about these
systems in DNS Server. DCHP Server will take responsibility to update the
information in DNS Server.
Practicals:
In DHCP Server:
1. Right click on the server

2. Properties
3. Select the DNS
4. And check last option DYNAMICALLY UPDATED.
- 67 -
STUB ZONE
It is also called as Incremental Zone Transfer. Configure Stub Zone to forward

the Query from one DNS to another DNS. Stub Zone will make a fast naming
resolution or it will create a shortcut zone or a index zone.
Practical:
1. In DNS 1 create a Primary Zone with Resource Records

2. In DNS 2 create a Stub Zone
4. New Zone
5. Next
6. Check the Option Stub Zone
7. Specify the name of the zone of the Master Copy
8. Next > Next
9. Assign the IP Address of DNS 1
10. Next > Next
TO REPLICATE THE RECORDS FROM PRIMARY TO STUB ZONE:
1. Right Click on the Primary Zone in DNS1

2. Properties
3. Select the Zone Transfer
4. Assign the IP Address of DNS2
5. Right Click on the Stub Zone in DNS2
6. Select transfer from Master
Before creating a stub zone check the IP address of DNS 2 and also check the
resolution in the command prompt.
RESOURCE RECORDS
There are 4 types of Resource Records:

1. Start of Authority (SOA)
2. Name Server (NS)
3. Host Records
4. Alias Records
SOA: Start of Authority serial number will get updated based upon the
modifications done in the existing zone. In a Individual Zone you can add the
Records as well as delete them.
NA: Name Server will give the information about Authoritative DNS Server or the
DNS Server which maintains different mappings of Records.
- 68 -
REVERSE LOOKUP ZONE
Practical:
Create a Forward Lookup Zone with Resource Records
TO CREATE REVERSE LOOK UP ZONE
1. Right Click on Reverse Lookup Zone

2. New Zone
3. Next
4. Check Primary Zone
5. Next
6. Assign the Network ID
7. Next
8. Next > Next
9. Allow Both Non Secure & Secure Dynamic Updates
10. Next & Finish
TO CREATE A POINTER
1. Right Click on Newly created Zone

2. New Pointer
3. Assign Host IP
4. Browse
5. System Name
6. Double click on the server
7. Forward Look Up Zone
8. Double Click on the Zone
9. Select the Server
10. Ok > Ok
To check the resolution from IP to names in Command prompt use the command
“NSLOOKUP”
For ex: NSLOOKUP 10.0.0.1
TO CREATE A ROOT SERVER

2. New Zone
3. Primary Zone
4. Zone name Assign “.” (Dot)
5. Next > Next
6. Check ALLOW NON SECURE AND SECURE DYNAMIC UPDATES
7. NEXT > Finish
- 69 -
Create few more zones with different extensions like “OU.EDU, HP.ORG, and
USA.NET etc”
Refresh the root and check Top Level Domains.
- 70 -
DAY -18
TO CREATE A BACKUP COPY FOR PRIMARY ZONE INTEGRATED WITH

ACTIVE DIRECTORY
1. In DNS 1
2. Check the Zone (Which is created by the Domain name) with 6 SRV
Records
3. In DNS 2
4. Create a Primary Zone with same Domain Name
5. To Display all Six Service Records
Start > Run > Specify the UNC Path
\\sys1\c$
6. Double click windows Folder
7. System 32
8. Config
9. Right Click on “NETLOGON.DNS”
10. Open with Notepad
11. Copy the Content in that
12. In Sys2 open
C:\windows\system32\dns
13. Open the zone file for ex: Zoom.com.dns
14. And paste the content below the matter
15. From services Restart the DNS Server & Net Logon
16. And Check the result in DNS2 Server
TO TAKE A BACKUP OF PRIMARY ZONES IF THERE IS ONLY ONE DNS

SERVER. THROUGH REGISTRY
1. Open DNS Console

2. Create few zones with Resource Records
TO TAKE THE BACKUP OF ZONES
3. in Run > REGEDIT
4. In the Registry window Expand
HKEY LOCAL MACHINE >
Software>
Microsoft>
Windows NT>
Current Version>
5. Right Click on DNS Server
6. Select Export
7. Select a different drive create a folder named Backup and save the
registry
- 71 -
8. From the same registry window once again expand
HKEY LOCAL MACHINE>
SYSTEM>
CURRENT CONTROL SET>
SERVICES
9. Right Click on DNS and Select Export
10. And save the second registry in the same Backup Directory
11. Copy even the files from local system which is belonging to the zones
C:\windows\system32\dns
12. And copy zone files and paste in the directory where registry files are
stored.
TO RESTORE THE PRIMARY ZONE FROM REGISTRY.
1. In DNS Server delete all the Primary Zones

2. Open the Back up files
3. Right click on the First Registry and select Merge
4. Follow the same for the second Registry also
5. And restart the services
6. DNS Server & NET LOGON from the services console.
7. And check the result in the DNS Server if it restored
CONDITIONAL FORWARDERS:
Configure Forwarders to forward the Query from One DNS to Multiple DNS
servers. In 2003 forwarders are known as Conditional Forwarders.
Configure then even for Load Balancing.
Practical:
In DNS one
1. Create few Zones with resource records
In DNS two
2. Change the Preferred DNS to the same system IP Address
3. Open the DNS Console
4. Right Click on the Server
5. Properties
6. Forwarders
7. And Assign the IP Address of DNS One
To check the naming resolution.
In Command Prompt Ping with the created zones in DNS one.
- 72 -
ROUND ROBIN:
Is a one of the best feature in the DNS Server. Configure Round Robin for Load
Balancing Mechanism which is used in DNS Server. For Sharing and Distributing
Network Resources.
IN DNS1
1. Create a zone called Yahoo.com with Resource Records

2. Create 2 or more hosts records. By specifying the server name with
different IP Address
For Ex: Sys1 10.20
Sys1 10.30
Sys1 10.40
3. Add the IP address in the IP Address Window
4. Click on Advanced
In DNS to confirm or to check Round Robin
1. Right Click on the sever

2. Properties
3. Advanced
4. And Check Enable Round Robin
To check the Resolution in cmd prompt ping with the zone name.
To Clear the History files or cache use the command “IPCONFIG \FLUSH DNS”
And once again check with Ping Command the Zone name and check the IP
Address.
- 73 -
DAY-19
IIS
Internet Information Services
IIS VERSIONS
WINDOWS NT 2.0
2000 SERVER 5.0
2003 SERVER 6.0
WINDOWS 98 Personal Web Manager
Protocols Installed Under IIS
1. HTTP
2. FTP
3. NNTP
4. SMTP
It is one of the windows components used for hosting websites with the help of
this service you can publish the data over internet world. IIS is introduced in Win
NT Version 2.0 in Windows 2000 Server Ver 5.0 and 2003 Server Ver 6.0. The
Basic difference between 2000 & 2003 is in 2000 Server O.S. IIS is by installed
by default where as in 2003 Server OS it is not configured with O.S. But in 2003
it provides additional features like:
 Provides full Security

 Isolation for users
 Backup and Restoration
 It supports even Ip version 6
When you configure IIS it will install with additional services or protocols:
1. HTTP: HYPER TEXT TRASFER PROTOCOL

It is used to publish the data over Internet you can easily manage and
configure websites with this protocol. It uses default port as 80
Note: Port Numbers are logical services from 1 to 1024 numbers are
allotted only for port numbers.
2. FTP: FILE TRANSFER PROTOCOL

To Transfer the files from one location to another or for downloading or
uploading the files we use this protocol. It uses default port as 21
- 74 -
3. NNTP: NETWORK NEWS TRANSFER PROTOCOL
This is used to publish the data over news groups or news agencies. It
uses default port as 119.
4. SMTP: SIMPLE MAIL TRANSFER PROTOCOL

It is used for sending mails or configuring mail servers. It uses default port
as 25.
REQUIREMENT OF IIS
1. 2000 or 2003 Server Operating System (Enterprise or Web Edition)

2. Public IP / Private Ip
3. Domain Name
4. DNS Server
5. Designed Websites
TO INSTALL IIS:
1. Control Panel
2. Add / Remove Programs
3. Add Remove Windows Components
4. Check Application Services
5. Click on Details
6. Check IIS
7. Ok
8. Next > Finish
Short cut to open IIS from Start > Run

INETMGR
TO HOST WEBSITES:
1. Open IIS
2. Expand the server & Websites folder
3. Right Click on websites folder
4. New websites
5. Next
6. Specify the description of any website name
7. Next
8. Assign the IP from the List (All Unassigned: Giving a choice of assigning
multiple Ip addresses)
9. In the Host Header “SPECIFY THE FORMAT THE WAY YOU ACCESS
THE WEBSITES” for ex: www.google.com
10. Next
- 75 -
11. Assign the path of the web pages folder by clicking on browse
12. Next
13. Check Browse
14. Next & Finish
Open DNS Create a primary zone by the website name with Host Records and
Alias.
TO CREATE A HOME PAGE FOR EXISTING WEBSITE:
1. In IIS Select the created website

2. In the Right click on the website name and select the name of the file for
ex: google.htm
3. Copy the Text or name with extension
4. Right Click on the website
5. Properties
6. Select the tab Documents
7. Click on Add and paste the text.
8. Give OK and remove the existing pages
9. Apply OK
10. Open Internet Explorer and access the website www.google.com
BACK UP FOR TAKING HTTP OR FTP SITES:
(XML = Extensible Markup Language)
To take the back of websites
1. Right Click on the existing website

2. All Task
3. Save Configuration
4. Select Browse
5. Specify the path by selecting the drive
6. Give OK
7. Assign file Name
TO RESTORE THE WEBSITES:

1. Remove the Existing websites
2. Right Click on websites folder
3. New
4. Website (From File)
5. Click on browse give the path of the backup file
6. And open the file
7. Click on load file and then give ok
- 76 -
VIRTUAL DIRECTORY
To access sub links or sub WebPages create a Virtual Directory. By configuring

virtual directory you can make the task easy or there is a shortcut way to access
sub pages.
1. Open IIS
3. New
4. Virtual Directory
5. Next
6. Specify the alias name for example: Mail or Messenger
7. Next
8. Assign the path of WebPages
9. Next
10. Check Browse
11. Next and Finish
TO CREATE A HOMEPAGE FOR VIRTUAL DIRECTORY
1. From the list Remove yahoo mail

2. Copy the text of file name with extension
3. Expand the website
4. Right Click on the virtual directory
5. Properties
6. Select the tab documents
7. Click on add and paste the copied text
8. Add move the main page up and give ok
9. Open Internet Explorer and access the website with Virtual Directory
- 77 -
DAY 20
REDIRECTING WEBSITE
In IIS configure redirection either to block or to restrict websites for client systems
with the help of redirection you can block a single website.
Practical:
1. Open IIS
2. Host to Websites
3. And Create the zones in DNS Server
4. Access both the websites in Internet Explorer
TO PERFORM REDIRECTION
5. Right click on one of the website
6. Properties
7. Select the tab HOME DIRECTORY
8. Check “REDIRECTION TO A URL”
9. And specify the format of another website
10. Give Apply > OK
11. To confirm Redirection
12. Open Web Browser (IE) for ex: Specify wwww.zoom.com Automatically it
will redirect to Yahoo.com
DOCUMENT FOOTER
Configure Document Footer to enable Licensing mode for the existing website.
To Publish or to advertise “DISCLAIMER PERMISSION” use Document Footer.
TO CREATE DOCUMENT FOOTER

2. Properties
3. Select the Tab DOCUMENT
4. And check enable Document Footer
5. Click on Browse
6. And give the path of the HTML file
7. To confirm Document Footer Open Internet Explorer and access the
website.
8. In the Web Browser you can find 2 different websites for ex: The bottom
website is the licensing mode.
- 78 -
TO RESTRICT WEBSITE TO INDIVIDUAL CLIENT SYSTEMS
1. In WEB SERVER
2. Right click on existing website
3. Properties
4. Select the tab DIRECTORY SECURITY
5. Select EDIT (IP Address and Domain Name)
6. Check Granted Access and Add the IP Address of the client system you
want to Deny.
7. OK > Apply > OK
8. In system2 Open IE and Access the website.
FTP:
To Configure FTP in IIS

1. Control Panel
3. Add / Remove Windows Components\
4. Select Application Server
5. Details
6. Select IIS
7. Click on Details
8. And Check FTP
9. OK and Continue the Wizard
TO CREATE A FTP SITE:
1. Create a Folder
2. Arrange HTML and other files
3. To Create a FTP Site open IIS
4. Right click on FTP site folder
5. New FTP site
6. Next
7. Description : “NAME”
8. Next
9. Assign the IP
10. Next
11. Do not Isolate Users
12. Give the path of the newly created directory
13. Check Read / Write
Read = Downloading
Write = Uploading
14. Next and Finish
Open Internet Explorer and specify IP address (FTP://11.0.0.1)
- 79 -
TO COPY THE CONTENT
In Command Prompt
1. FTP
2. Open
3. TO “IP ADDRESS”
OR GIVE FTP “IP ADDRESS”
4. User : anonymous
5. Password: Press Enter
6. LS to list the files
TO DOWNLOAD A SINGLE FILE USE
7. GET Google.htm (or any file)

8. And check the downloaded files in the local drives
9. To quit FTP
10. Type BYE
TO UPLOAD FILES THROUGH COMMAND PROMPT
Create a some new files at C drive
Through command prompt after connecting to FTP use the command
PUT
For example: PUT RICH.TXT
To confirm in Internet Explorer access FTP site and check the new modification.
ISOLATING USERS IN FTP
Isolate Users:
Create Isolate users for local users or Domain users which will provide security.
More over you can allow permissions for specific users to download and upload
the files.
- 80 -
Practical:
1. In one of the Drive Create a folder by the name ROOT

2. Inside the Root folder create a folder by the Domain Name
3. Inside the Domain folder create users folder
ROOT
DOMAIN USER1
NAME
FOLDER
USER2
4. Create Domain users with password

5. Open IIS
6. Right Click FTP site
7. New FTP Site
8. Specify the Description
9. Assign the IP
10. Check Isolate Users
11. Give the path of the ROOT Directory
12. Next > Check Read & Write
13. Next > Finish
For Isolate users you will get a Logon screen to specify the Username and
Password for downloading or uploading files.
TO BROWSE THE SITE
1. Open Explorer
2. And Access FTP
- 81 -
ISOLATE USERS FOR ACTIVE DIRECTORY
It will provide more security comparing to isolate users. You can configure Isolate
Users with Active Directory only for Domain Users.
Practical
1. In one of the Drive
2. Create a folder
3. By the Domain name and sub folders for the users.
4. Arrange documents in each sub directory
5. Create Domain users with password
6. Create a FTP site by selecting Isolate users with Active Directory.
7. In command prompt for setting the Database for Individual users.
TYPE
Set AD Properties Username Directory
iisftp /setadprop a1 ftproot c:\zoom
iisftp /setadprop a1 ftpdir a1
- 82 -
DAY 21
ROUTING
SOFTWARE ROUTING
Router: It is a device for enabling the communication between the two different
networks.
Router will make the communication possible between 2 different networks.

There are of 2 types of routers.
1. Software Router
2. Hardware Router
1. Software Router : It is configured with operating system like 2000 and

2003 server in software router even you can configure other services it is
very easy to setup and less expensive.
2. Hardware Router: These are devices specifically used to perform Routing
they provide more efficiency and reliable.
PHYSICAL CONNECTION
SYSTEM1 SOFTWARE SYSTEM2

IP:10.0.0.2 ROUTER IP: 11.0.0.2
GW:10.0.0.1 GW:11.0.0.1
NIC1 NIC2
IP:10.0.0.1 IP:11.0.0.1
PRACTICALS:
1. Assign the IP address for 10.0.0.2 network with default gateway 10.0.0.1
follow the same for the 11.0.0.2 network and default gateway 11.0.0.1.
2. In the Software Router Assign the IP address for the both interfaces as
10.0.0.1 and in another one 11.0.0.1.
3. In the software router in Administrator Tools Open the Console Routing
and Remote Access.
5. Select Configure and Enable Routing
- 83 -
6. Next
7. Check > Custom Configuration
8. Check > Lan Routing
9. Next > Finish
After configuring Software Router check the communication between 10.0.0.2
to 11.0.0.2.
DHCP RELAY AGENT

DHCP RELAY AGENT is used for assigning dynamic IP address. It converts the
broadcast done by the DHCP & Client to Unicast. Like Assume DHCP Server is
in network A and the client is in network B with this protocol the DHCP Server
can allot a dynamic IP address to the client system which is in Network B.
DHCP SERVER SOFTWARE ROUTER CLIENT
IP: 10.0.0.2 IP: 10.0.0.1 IP: 11.0.0.10

GW: 10.0.0.1 GW: 10.0.0.2
DHCP
RELAY
AGENT
Scope Created:
11.0.0.10 to 11.0.0.50 IP: 11.0.0.1
1. In 10.0.02 Network Install DHCP Server

2. Authorize the Server
3. Create a Scope for 11.0.0.1 Network
4. In the scope add the Router IP Address as default gateway (10.0.0.1)
5. Add this default gateway as Router IP address
IN THE SOFTWARE ROUTER

1. Open Routing and Remote Access
3. IP Routing
4. Right click on General
5. New Routing Protocol
6. Select > “DHCP RELAY AGENT” from the menu
7. OK
8. Right Click on DHCP Relay Agent
10. Add the IP address of DHCP Server (10.0.0.2)
11. Right click on DHCP Relay Agent
12. Select New Interface
13. Add both Interfaces in the list 10.0.0.1 and 11.0.0.1
14. In 11.0.0.1 network make the IP address Dynamic
15. In command prompt use the Command
“IPCONFIG /RELEASE”
&
“IPCONFIG /RENEW”
- 84 -
NAT
NETWORK ADDRESS TRANSLATION
Note: NAT is going to work only with static IP address.
NAT is a basic firewall used for tanslating the Private IP to Public IP, thus
providin the security using NAT, one way communication is possible i.e., Private
can access the Public but Public cannot access the Private Network.
By Configuring NAT you can even differentiate Public Network and Private
Network
Private Network Software Router Public
IP: 10.0.0.2 10.1

GW: 10.0.0.1 NAT 11.1 INTERNET
NIC
Practicals:
Configure 11.1 Network as a Public and 10.1 as Private Network.
TO CONFIGURE NAT
1. Open Routing & Remote Access
2. Expand IP Routing
3. Select NAT Basic Firewall
4. Right Click on it
5. New Interface
6. Select 10.1
7. OK
8. And Check Private Interface
9. OK
10. Right Click on NAT
11. Select New Interface
12. Select 11.1 Network
13. OK
14. Check “PUBLIC INTERFACE” and Enable NAT
15. Check the Result by pinging in command prompt
IMP: NAT does not support Dynamic IP’s.
- 85 -
DAY22
RAS
REMOTE ACCESS SERVER
Remote Access is a feature that enables Client Computer to use Dial-Up and
VPN connection to connect to a Remote Access Server. A Remote Access
Server is a windows server computer that runs the routing and remote access
service and is configured to provide remote access. There is no difference in
Network functionality for the remote access client execpt the speed of the link is
often much slower then a client connection to Lan.
WAN LINKS
MODEM PHONE TELE-EX TELE-EX PHONE MODEM
RAS REMOTE
SERVER CLEINT
NOTE: REMOTE ACCESS SERVER CAN BE CONFIGURED ONLY IN DOMAIN

CONTROLLER.
Pracs:
1. In RAS Server
2. Install the Modem
3. From Control Panle
4. Phone and Modem Options
5. Select the Tab Modem
6. Click on Add
7. Check “Don’t Detect”
8. Next
9. Select “Standard 56kbps Modem”
10. Next
11. Select the Port
12. Next and Finish
- 86 -
TO CONFIGURE REMOTE ACCESS SERVER
1. Open Routing & RAS
3. Select Configure - Enable Routing & RAS
4. Next
5. Check Remote Access
6. Next
7. Check Dail Up
8. Next
9. Next
10. Check from specified Range of Address
11. Click on New
12. Add the range of IP address
13. OK
14. Next
15. Check NO
16. Next & Finish
(Select the Option YES to configure Radius Server. It is a Authenticated Server

which will manage if you have Multiple RAS Servers.)
Open Active Directory Users & Computers Console and Create a User
To allow the permissions

1. Right Click on the User
2. Properties
3. And Select the Tab “Dail-in”
4. Check “Allow Access”
REMOTE CLIENT
1. Install the Modem from the control Panel
To establish the connection to RAS Server
2. Right Click on My Network Places

3. Properties
4. Double Click New Connection Wizard
5. Next
6. Check the Option Connect to the Network at My Work Place
7. Check Dailup Connection
8. Assign the Company Name
9. Give RAS Server Phone Number
10. Check “My Use Only”
11. Next & Finish
In the Logon Screen Specify the Username and Select Dail-In
- 87 -
ONCE AFTER ESTABLISHING THE CONNECTION. TO KNOW THE SERVER
AND CLIENT IP
1. Right Click on Newly established connection
2. Select Status
VPN
Virtual Private Network
Virtual Private Network connection is a virtual connection that is funneled inside

of an existing TCP/IP network connection. VPN connection can be established by
using either PPTP and L2TP are commonly used between two computers that
communicate over the internet.
VPN NETWORK
RAS SERVER INTERNET REMOTE CLIENT
PPTP = POINT TO POINT TUNELLING PROTOCOL

PPP= POINT TO POINT PROTOCOL
L2TP= LAYER 2 TUNELLING PROTOCOL
TO CONFIGURE VPN SERVER
1. Open Routing & Remote Access

2. Next
3. Check Custom Configuration
4. Check VPN Access
5. Next & Finish
TO ESTABLISH VPN CONNECTION
1. Right click on My Network Places

2. Double Click New Connection Wizard
3. Next
4. Check Connect to the Network at my work place
5. Check Virtual Private Network Connection
- 88 -
6. Specify the Company Name
7. Check Automatically
8. Specify the Host name or IP address for example: sys1
9. Next
10. My Use Only
11. Next & Finish
In the Logon screen specify the user name and connect
TO ASSIGN THE IP IN VPN SERVER

3. Select the Tab IP
4. And Check Static Address Pole
5. Click on Add
6. And Add the IP address.
- 89 -
DAY 23
TERMINAL SERVICES
Terminal Services
Terminal services is a Windows 2003 component that provides terminal

emulation to network clients. This means that the network clients can access a
terminal server, begin a session with it, and run application from the terminal
server as though the application were installed locally on the users computer.
Terminal Server is a service which is used to name server environment on the

Client PC’s, without upgrading the system or the hardware in order to run some
application or to perform some task terminal services are used.
In 2000 Terminal Services works in Relax Mode and Application Server Mode.
In 2003 Terminal Services works in Relax Mode and Full Security Mode.
 Remote Administration Mode

 Remote Application Mode
REMOTE ADMINISTRATION MODE:
SYS1 SYS2
Domain Controller Internet SERVER ADMIN

MEMBER SERVER
In Remote Administration Mode only two users can establish the session in order
to access server desktop. In this mode they cannot access any applications from
server.
Pracs:
1. In Sys1 Right Click on MY COMPUTER

2. Properties
3. Select the Tab Remote
4. And check Allow Remote Desktop Users
5. Create a user
- 90 -
TO ALLOW THE PERMISSION FOR THE USER
1. Open Console Terminal Services configuration

SHORTCUT: TSCC.MSC
2. Right Click on RTP / TCP
3. Properties
4. Permissions (Tab)
5. Add the user for which you want to give permissions
IN SYSTEM 2
1. Login as a User
2. Right Click MY COMPUTER
3. Click on Properties
4. Remote
5. Check Allow Users
TO ESTABLISH A SESSION FROM CLIENT
1. Programs > Accessories > Communication> Remote Desktop Connection

2. Specify the System Name as Sys1 and connect
3. At the same time once after establishing the session you can find 2
Desktops on your screen
IN SYS1 IF ADMINISTRATOR WANTS TO MONITOR HIS DESKTOP OR

USER DESKTOP
TO ESTABLISH THE SESSION FROM ADMIN TO USER
1. From Accessories > Communication > Remote Desktop Connection\

2. Specify Sys1
3. Connect
4. Maximize the session
5. And Open the Console Terminal Services Manager
SHORTCUT: TSADMIN.EXE
6. Right Click on the User
7. Select Remote Control
8. Set the HOT KEY
9. Give OK
MOVE ONTO SYSTEM 2
10. Create some files onto the Desktop

11. And check some changes on Sys1
- 91 -
INTERACT WITH THE SESSION
Before giving the permissions or changing it from view to Interact first

disconnect the sessions from both the systems.
1. In System1 to change from View to Interact
2. Open the Console Terminal Services Configuration
3. Right Click on RDP
5. Select the tab REMOTE CONTROL
6. And Check Interact with the session
7. In Sys2 login as a user
8. Establish a session with System1
TO CHECK INTERACT SESSION
1. In system1
2. Establish a session by specifying System1
3. Logon as a Administrator
4. Open Terminal Services Manager
5. Select Remote Control
6. Once after establishing the connection
7. In System2
8. Open MY COMPUTER and respected drives
9. In System1
10. Try to open or close the folder windows.
REMOTE APPLICATION MODE:
SERVER
RUNNING A
DATABASE
APPLICATION
CLIENT CLIENT CLIENT
1 2 3
Clients are Thin Clients Running with VXL Chipset
Thin Clients are the computers with low hardware configuration, OS is not
installed and they boot from the network.
Thick Clients are the computers which work on OS and have good configuration.
- 92 -
In Remote Application Mode more then two users can establish the session to
get Server Environment on their own Thin Client PC’s. And even they can access
application from the server.
Practicals:
1. Open Control Panel

3. Add/Remove Windows Components
4. Select Terminal Services
5. Next
Installs the Terminal Services
6. Next
7. Check Full Security
8. Next & Finish
System will Restart
TO PROVIDE GROUP OF APPLICATIONS FOR USERS
In System1
1. Open MY COMPUTER
2. One of Drive
3. Create a Text Document
4. And Specify some applications like WINWORD.EXE, NOTEPAD.EXT,
CALULATOR.EXE
5. And save the file with extension as “BAT”
To assign the path
6. Open Terminal Services Configuration
7. Right Click on RDP
8. Properties
9. Select the tab Environment
Ex: C:\GROUP.BAT
IN SYSTEM2 LOGIN AS A USER AND ESTABLISH A SESSION
Login as a User Automatically you can find different application one after one
TO INSTALL REMOTE DESKTOP CONNECTION

1. C:\windows\system32\clients\tsclients\win32\setup.exe
- 93 -
DAY 24
ISA
Internet Security and Acceleration Services
ISA is called as a Software Router
ISA Server
ISA Server is a upgraded version of Microsoft Proxy 2.0 with built-in Firewall
PROXY FIREWALL
FIREWALL: Firewall is a device which will secure and protect network resources
it forms network between the gateway and ensures only authorized users to
access valuable data. ISA is a software Firewall.
Proxy Server: Proxy server will emulate like a web server. The benefit is for
speed up the respond time and also for faster internet access.
CLIENT PROXY SERVER INTERNET
192.168.1.2 192.168.1.1
Hacking: Taking over your resources or attempt to bring down your server.
Types of Attack:
1. Foot Printing: The way to know the Operating System and IP of the Server
2. Scanning: Scanning System for bugs and loopholes.
3. Dos Attack: Denial of Service
- 94 -
4. Exploits: Writing scripts to bring down server
5. Trojans: Sending Viruses to Steal Data
6. Port Scan: Scanning Ports for getting into application etc.
CLIENT SOFTWARE ROUTER WEBSERVER

ISA
1 2 3 4
1 NIC= IP: 10.0.0.2

DG:10.0.0.1
DNS: 202.153.32.2
2 NIC= IP: 10.0.0.1

DNS: 202.153.32.2
3NIC= IP: 202.153.32.1

DNS: 202.153.32.2
4NIC = IP: 202.153.32.2

GW:202.153.32.1
DNS: 202.153.32.2
Practicals:
In System 3
1. Install IIS with DNS Service

2. Host Websites
3. And Create the Zones in DNS
4. In System2 configure Software Routing and access the websites
5. In System1 check the IP Address with Default Gateway and Preferred
DNS
6. Access the websites
- 95 -
In System2
1. Install ISA by opening one of the Drive ISA2K Standard > ISA > Setup.exe
2. Click on continue twice
3. And Provide the CD Key as all one’s
4. Select on “I Agree”
5. Full Installation
6. Integrated Mode
7. Continue
8. Select the Drive and Give OK
9. Add the IP Address of the Private Network.
10. Add in the list
11. Give OK for twice
TO INSTALL SERVICE PACK
1. Open the Folder “ISA 2K STANDARD”

2. ISA Service Pack 2
3. Update
4. Update.exe
ISA SERVER REQUIREMENTS
1. Member Server or Domain Controller or Work Group

2. Service Pack 1 or above
3. Two interface (Public and Private)
4. Pentium III 300 Mhz or above
5. 256 Mb Ram or above
6. 20 MB of HDD Space with NTFS 5.0 partition
Practicals:
TO ALLOW CLIENT SYSTEM TO ACCESS THE WEBSITES
IN SYSTEM2
1. Open ISA Management

2. Expand Services and Arrays
- 96 -
TO CREATE CLIENT ADDRESS SET
4. Expand Policy Elements
5. Right Click on Client Address Set
6. New Set
7. Specify the Name
8. Click on Add and Add the Range of IP Address of Private Network for Ex:
10.0.0.1
TO CREATE A PROTOCOL RULE
9. Expand Access Policy

10. Right Click on Protocol Rule
11. New Rule
12. Specify the Rule Name
13. Next
14. Check Allow
15. Next
16. From the List select the selected Protocols
17. And check HTTP
18. Next
19. Next
20. Check Specific Computers
21. Next
22. Click on Add
23. Add the list > OK
24. Next & Finish
IN SYSTEM1 BEFORE ACCESSING WEBSITES CONFIGURE PROXY

CLIENT.
25. Open Explorer

26. Select Tools Menu
27. Internet Options
28. Select the Tab Connection
29. LAN Settings
30. And check “USE PROXY SERVER”
31. Assign the IP Address as 10.0.0.1 Port 8080
32. Open the website and access websites.
TO RESTRICT THE WEBSITES
1. In ISA management
2. Express Policy Elements
3. Right Click on Destination Set
4. New Set
- 97 -
5. Give Name
6. Click on Add
7. Check Destination
8. And Specify the website name
10. Right Click on the Site and Content Rule
11. New Rule
12. Specify the Name
13. Next
14. Check Deny Access based on Destination
15. Next
16. From the list select “SPECIFIED DESTINATION SET”
17. And select it from the name list
18. Next & Finish
In system1 open internet explorer and try to access the website which you have
blocked.
REDIRECTING WEBSITE:
To redirect a particular website
1. Remote Existing Destination Set

2. And Site and Content Rule
3. Create a Destination Set by Right clicking on
4. Give set name as yahoo redirection
5. click on Add
6. Check Destination
7. Assign website name
9. Site and Content Rule
10. Create a new rule
11. Specify the name
12. Next
13. Check (HTTP Request) and specify the website name following http for
ex: http://something.com
14. Next > Check Deny Access based on destination
15. Next
16. Specified Destination Set
17. Select it from the list
18. Next and Finish
In System1 try to open internet explorer and try to access yahoo website and
it will redirect you to another website.
- 98 -
DAY 25
RIS
Remote Installation Service
It is used to deploy operating systems to the RIS Client Systems.
Requirements for configuring a RIS Server
1. Windows 2000 or 2003 Server Operating System
2. Minimum of 2GB of Primary Partition with NTFS format
3. 1 OS CD (It could be Windows XP Home or Professional or Windows

2000 Professional or Win 2000 or 2003 server Operating System)
4. DHCP SERVER, DNS SERVER & DOMAIN CONTROLLER
Requirements for configuring a RIS Client
1. Boot Floopy or CD or NIC card with PXE ROM

RBFG.EXE
REMOTE BOOT FLOOPY GENERATOR
This file is used to create Boot Floopy or a CD
To know the path for RBFG.EXE
1. Open Newly Created Drive in RIS Server

2. Remote Install Folder
3. Admin
4. i386
5. RBFG.exe
TO CREATE A IMAGE
1. Create a Primary Partition with 2 GB formatted with NTFS
To take the Image, from Admin Tools select RIS Services Setup
2. Next
3. Assign the CD Drive Path
4. Next
- 99 -
5. Next (WINDOWS)
6. Next (USER FRIENDLY DESCRIPTION)
7. It shows you summary
8. Next & Finish
RIS PROCESS
REQUESTING FOR IP
DHCP
SERVER GIVING DYNAMIC IP WITH P.DNS CLIENT
DNS REQUESTING FOR DC IP

DHCP
GIVING DC IP TO THE CLIENT
REQUESTING FOR RIS IP

DOMAIN
CONTROLLER GIVING RIS SERVER IP ADDRESS
RIS REQUESTING FOR OS IMAGE

GIVING O.S. IMAGE TO CLIENT
This whole process is known as BINL, this one of the service of RIS Server they
are three RIS services.
 BINL
 TFTP
 SIS
BINL: Boot Information Negotiation Layer
It manages the overall RIS Process. It makes the client to boot through the
network sequential order as above given diagram.
TFTP: Trivial File Transfer Protocol
It transfers Image files from RIS Server to Client. TFTP basically transfers Client
Installation Wizard. It also saves time to resume the installation during power
failure.
- 100 -
SIS: Single Instance Storage
This is responsible to monitor the partition where the image has been stored.
Whenever a duplicate file or existing file is copying it is going to create a pointer
and this saves disk space.
AFTER TAKING IMAGE IN RIS SERVER
 In DHCP create a scope with DNS Information

 In DNS Server check the zone where you have all 6 SRV Records
TO CONFIRM THE IMAGE AT DOMAIN CONTROLLER
Either open newly created drive with sub folders or open Active Directory Users
& Computers from DC Administrator Console.
1. Expand the Domain

2. Select Domain Controller
3. Right Click on Server
5. Select the tab “Remote Install”
6. Click on Advanced Settings
7. Select the Next Tab “IMAGES”
8. There you can find RIS server if it is installed.
Prestaging
By prestaging the client, the administrator can define a specific computer
name, and optionally, the RIS server that can service the client:
1. Locate the container in the Active Directory service in which
you want your client accounts to be created.
2. Right-click the container, click New, and then click

Computer. The New Object-Computer dialog box is
displayed.
3. Enter the computer name and authorize domain-join

permissions for the user or security group that contains the
user who is going to use the computer that this computer
account represents.
In the next dialog box, you are prompted for either the
4.
globally unique identifier (GUID) or universally unique
identifier (UUID) of the computer itself and whether you
intend to use this computer as a managed (Remote OS
Installation-enabled) client. Enter either the GUID or UUID,
- 101 -
and then click to select the This is a managed computer
check box.
The GUID or UUID is a unique 32-character number that is supplied by the
manufacturer of the computer, if it is a assembled PC add 20 zero’s in front
of the MAC address of your NIC card, and is stored in the system basic
input/output system (BIOS) of the computer. This number is written on the
case of the computer, or on the outside of the box that the computer had
been shipped in. If you cannot locate this number, run the system BIOS
configuration utility. The GUID is stored as part of the system BIOS. Contact
your OEM for a VBScript (created with Visual Basic Scripting Edition) that can
be used to prestage newly purchased clients in Active Directory for use with
Remote OS Installation.
The next screen prompts you to indicate the RIS server that this computer is
serviced by. This option can be left blank to indicate that any available RIS
server can answer and service this client. If you know the physical location of
the specific RIS server and where this computer can be delivered, you can
use this option to manually load clients in the RIS servers in your
organization as well as segment the network traffic. For example, if a RIS
server had been located on the fifth floor of your building, and you are
delivering these computers to users on that floor, you can assign this
computer to the RIS server on the fifth floor.
TROUBLE SHOOTING POINT:
If RIS Client not able to contact DHCP server or other services.
1. Open DHCP in the Address Lease

2. Remove the IP Address
3. And Refresh the scope
From Admin Tools Open services console
And Restart these services.
1. DHCP SERVICE
2. DNS SERVICE
3. RIS SERVICE
4. SIS
5. TFTP
TO REFRESH THE IMAGE
Open Active Directory Users and Computers

1. Select Domain Controller
3. Properties
- 102 -
4. Select the Tab Remote Install
5. Properties
6. Select the Tab Remote Install
7. Click on Verify server
8. Next > Next & Finish
TO CREATE A ANSWER FILE
1. Open the New Drive created to create Image

2. Follow this Path
REMOTE INSTALL\SETUP\ENGLISH\IMAGES\WINDOWS\
i386\TEMPLATES
3. Double Click on RISTNDRD.SIF
RIS STANDARD SETUP INFORMATION FILE

4. Edit
[USER DATA]
After “COMPUTER NAME”

type
PRODUCT ID = 4587-4587-4545-4597 (product key)
[REMOTE INSTALL]
REPARTITION = NO
USEWHOLE DISK = NO
5. Save the File
CREATING A ANSWER FILE THROUGH SETUPMGR.EXE
1. Insert the OS CD
2. Open the CD Drive where the image is created
3. Follow the path
Support\tools\Deploy. cab
4. Right Click
5. Select “Extract”
6. While extracting give the path either Desktop or My Documents
7. On Desktop you can find the file SETUPMGR.EXE
8. From the Menu Create a New Answer file
9. And follow the steps according to the questions
10. Finally save the file in the below given path.
Remoteinstall\Setup\English\Images\Windows\i386\Templates
- 103 -
- 104 -
DAY-26
DISK MANAGEMENT
Disk Management: it is a tool or utility which will help to manage the hard disk
more efficiently.
The new hard disk is called RAW HARD DISK or PRE FORMATTED HARD
DISK.
You cannot store the data directly on the Raw Hard Disk.
First you need to create the partitions and format it.
Partitioning is dividing the Hard Disk and Formatting is creating file systems on
the Hard Disk which is identified by the Operating System.
File System provides hierarchical structure to store files or directories, where

operating system can identify and retrieves the files back.
For Example: FAT 16

FAT 32
NTFS = New Technology File System
EFS = Encrypted File System
EFS is not a file system it is one of the feature of NTFS file system
TYPES OF DISK
There are 2 types of DISK
BASIC & DYNAMIC
BASIC: Basic Disk is a disk which will follow industrial standards while
partitioning and formatting it. The storage unit in the basic disk is called partition.
And it supports all types of file system.
In 2000 and 2003 you can create 4 Partitions, either 3 Primary and 1 Extended.
DISK PART
To extend the size or to allocate extra space for the existing partitions use
Diskpart.
- 105 -
PROCEDURE FOR DOING DISKPART
1. Open Computer Management

2. Create the Partition following with respected file system
3. In Command Prompt give the commands as given below:
A) DISKPART
B) LIST VOLUME
C) SELECT VOLUME 1 (You will find the list of volume in numeric
way, give the number of that drive which you want to extend)
D) EXTEND SIZE = 500 (Give which ever size as per your
requirement and un-allotted disk space in MB)
E) Check the Drive size by going to My Computer and right click on it.
COMMAND CONVERT FROM FAT TO NTFS
CONVERT D:/FS:NTFS
Drive Letter File System Format
MOUNTING
Create Mounting in the Basic Disk, in case if all the Drive letters are assigned
you can use Mounting.
PROCEDURE TO CREATE MOUNTING:
1. In the existing Drive create a folder and Rename it.

3. Right Click in Unallocated Space
4. New Partition
5. Next
6. Check Primary Partition
7. Allocate the space
8. Next
9. Check (MOUNT IN THE FOLLOWING EMPTY NTFS FOLDER)
10. Click on Browse
11. Expand the Drive
12. Select the folder which is created newly
13. Give ok
14. Next & finish
To confirm open My Computer and open the drive where you have created
the folder you will find the directory changed as Drive.
- 106 -
REMOTE HARD DISK
You can use Remote Hard Disk to connect remotely to another system either to
create partition or logical drive.
Procedure

2. Right Click on Computer Management
3. Connect to another Computer
4. Check another computer
5. And specify the system name and Give OK
6. After Connecting to sys2
7. Expand storage and select Disk Management.
DYNAMIC DISK
DYNAMIC: Dynamic Disk is a disk which will not follow industrial standards while
formatting or partitioning it. The Storage unit in Dynamic Disk is called Volume.
And it supports only NTFS file system.
On to the Dynamic Disk you cannot install Operating System. You can convert
from Basic to Dynamic without loss of Data, but you cannot convert from
Dynamic to Basic if done there will be loss of data.
TYPES OF VOLUMES
1. Simple Volume
2. Spanned Volume No Fault Tolerance
3. Stripped Volume
4. Mirror Volume
5. Raid -05 Volume Fault Tolerance is Available
SIMPLE VOLUME: You can create simple volume on to the Dynamic Disk. It
cannot span or utilize the space onto one more Dynamic Disk.
Requirements : Minimum 1 Disk

Maximum 1 Disk
- 107 -
Fault Tolerance : NO
Read Write Speed : Normal
Simple volumes can be mirrored and even extend the size or space.
Procedure to Create Simple Volume
1. Convert Basic to Dynamic

2. Right Click on the Dynamic Disk Select New Volume
3. Next
4. Check Simple Volume > Next
5. Allocate the space > Next
6. Assign the Drive Letter > Next
7. Check Perform a Quick Format
8. Next & Finish
SPANNED VOLUME
If the Simple Volume is extended to another Dynamic Disk it is known as Span

Volume.
Requirements : Minimum : 2 Disks

Maximum : 32 Disks
Read Write Speed : Normal
STRIPPED VOLUME OR RAID-0
Strip Volume is a volume which will occupy equal amount of disk space. And the
Data Methodology is known as Stripping. In Strip Volume the Read Write Speed
is fast. Because the data which is written onto the Strip Volume will be
simultaneously on another disk.
Requirements : Disk 2
Disk 32
Read Write Speed : Fast
- 108 -
MIRROR VOLUME OR RAID-01
In Mirror Volume you can find fault tolerance because the data which is writtern
onto the 1st Dynamic Disk, It will synchronies onto another Dynamic Disk.
Requirements : Minimum 2 Disks

Maximum 2 Disks
Read Write speed : Normal
Fault Tolerance : Yes
RAID-05
RAID = Redundant Array of Independent Device
Data Mode in Raid-05
A A CD
B AB C
AD B D
To create Raid -5 volume the Minimum Requirement is 3 Dynamic Disks. Even in

Raid-5 you can find Fault Tolerance with the help of Parity Bit. Parity Bit is
nothing but which will maintain the information about other two Dynamic Disks.
Procedure to Create Raid 05 Volume
1. Convert all three Disks from Basic to Dynamic

2. Right Click on Unallocated Space
3. New Volume
4. Check Raid 05
5. Add all the Disks in the list
- 109 -
6. Allocate the space
7. Next
8. Check Perform Quick Format
9. Next & Finish
- 110 -
Day-27
Advanced Topics
RSOP
Resultant Set of Policy
(For More Console which are not shown normally in Admin Tools type this
command: ADMINPAK.MSI)
To view the list of policies which is applied on any individual level, either Domain
Level or OU Level, with the help of RSOP you can find the list of policies which is
applied on any container, but you cannot edit or modify the policies.
Procedure:
1. Create a Organizational Unit and apply few policies

2. Using Group Policy Object to perform RSOP
4. All Task
5. Select “Resultant Set of Policy”
6. Continue the Wizard with Next
7. Give Finish
In RSOP window expand Administrative Templates and Select the list of Policies.
To add RSOP Console in Admin Tools. Add it from MMC
GPMC:
GROUP POLICY MANAGEMENT CONSOLE
It is a third party tool from Microsoft.
GPMC comparing to RSOP it has all additional features like creating New
Policies, Modify the existing Policies, etc.
Procedure:
Before installing GPMC apply the policy on Site Level, Domain Level and on OU
Level.
- 111 -
To Install GPMC
1. Select one of the Drive where GPMC.MSI file is present

2. Double Click on GPMC.MSI
3. After installing GPMC
4. Open the console to view or to Modify Existing Policies
5. Expand the Domains
6. And Select the Domain from the List
To View Site Level Policies
7. Right Click on the Sites folder

8. Show Sites and check “Default First Site Name”
To create a New Policy at Site Level
9. Right Click on Default First Site Name

10. Select Link and Existing GPO
11. And from the list Select “Create New Group Policy Object”
12. And Label or Rename it
13. Right Click on the Policy
14. Select Edit
15. And Edit the Policy.
- 112 -
SEIZING THE ROLES
With the help of Seizing you can copy the Roles forcefully onto Additional
Domain Controller.
If you have only ADC which is the Backup Server then opt for seizing.
Procedure:
1. In Command Prompt
2. NTDSUTIL
3. Roles
4. Connections
5. Connect to Server Sys1
6. Quit
7. Seize Domain Naming Master
8. Seize Schema Master
9. Seize RID Master
10. Seize PDC
11. Seize Infrastructure Master
12. Quit
13. Quit
14. Net accounts
- 113 -
SCRIPTS
Scripts are used to give messages or intimation to the users within the Domain.
Procedure:
1. Create a Shared Folder

2. Create a Text Document and Add WSCRIPT.ECHO “YAHOO”(Add any
message you want to intimate to the users)
3. Save the file with the extensions .VBS or .VBE
4. Before applying the policy execute the program
5. To Apply the Policy
7. Properties
8. Select Group Policy
9. Create a New Policy
10. Click on EDIT
11. Expand “Windows Settings”
12. Select “Scripts Logon / Logoff”
13. Double click one of them from the list
14. Click on Add
15. Specify the UNC Path
16. Using Browse or Assign the UNC Path Manually
17. To Confirm the Scripts
18. Login as a User
19. And you will find a popup window with Yahoo
- 114 -
VSC
Volume Shadow Copy
Create volume shadow copy to maintain the backup of share folders or even to
update day to day information in Volume Shadow Copy. It is one of the new
features in 2003.
Procedure:
To Create Volume Shadow Copy
1. In One of the Drive

2. Create a Shared Folder with some files in it
3. To Enable Volume Shadow Copy
4. Right Click on the Drive
6. Select the Tab Shadow Copy
7. From the List select Drive
8. Click on Enable
9. Give OK
To restore the files from the Shared Folder
1. Open My Network Places

2. Windows Network
3. Double Click the Domain as well as the server
4. Right Click on the Shared Folder
5. Properties
6. Select the Tab “Previous Version”
7. And use “Restore”
Restoring Volume Shadow Copy is not possible if shared folder is deleted or

removed.
After adding the contents to the existing share folder to update even this
information, from Shadow Copy Window select CREATE NOW.
- 115 -
DISK QUOTA
You can give disk quotas on drives formatted with NTFS file system to monitor
and limit the amount of disk space available to individual users.
It is only for Individual System
Procedure:
To Apply Disk Quotas for Individual Users.
1. Right Click on one of the Drive

2. Properties
3. Select the Tab “Quota”
4. Check Enable Quota Management
5. Check Disable Disk Space
6. Click on Quota Entries
7. Click on Quota Menu
8. Click on New Quota Entry
9. Add the user
10. Click on Check Names
11. Give the Entry
12. Check the Limit Disk Space and Warning Level
13. After allocating the space to the user
14. Login as a user and Confirm it from MY COMPUTER
- 116 -
MBSA
MICROSOFT BASELINE SECURITY ANALYSER
It is a third party tool provided by Microsoft.
It is used to scan the entire system or even another system in the network
To scan the information of any system which is in the Network, the minimum
requirements is Computer Name or IP Address.
MBSA will scan all the Lope Poles of the Current System or another System
Procedure:
1. Open one of the Drive where MBSA.MSI is saved

2. Double Click on MBSI.MSI
3. After Installing
4. Open MBSA Console
5. From Programs
6. Select MBSA
7. Select Scan a Computer either specify the system IP address and click on
Scan a Computer.
***********************
- 117 -

Material For MCSE

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Material For MCSE

Uploaded by

Copyright:

Available Formats

MCSE

NETWORK: A Network is an Interconnection of Devices

NETWORKING: It is the communication between the interconnected devices

Classification is done based upon the network it spans.

LAN: It spans a limited geographical area. And it provides a maximum bandwidth

ROUTER: It is a device which allows communication between two different

 WORKGROUP MODEL or PEER TO PEER)

Workgroup Model: It is a logical grouping of systems where you cannot find

DOMAIN: It is a Logical grouping of systems where you can find centralized

HISTORY OF MICROSOFT NETWORK OPERATING SYSTEMS:

WIN NT 3.1 1993

Active Directory is a Directory service which contains information of all user

Active Directory is a Centralized Hierarchical Directory.

What is Active Directory?

Directory service Functionality

 Single Point Management

PURPOSE OF ACTIVE DIRECTORY

1. Provides User Logon & Authentication, for authentication KERBEROS

FEATURES OF ACTIVE DIRECTORY FOR WIN 2000 & 2003

1. Fully Integrated Security

1. Rename Computer name and Domain Name.

INSTALLING ACTIVE DIRECTORY

ACTIVE DIRECTORY FOLLOWS NAMING CONVENTION AS FOLLOWS:

TO IDENTIFY DOMAIN CONTROLLER OR TO CONFIRM ACTIVE

NET ACCOUNTS: If we type this command in Command Prompt it shows

If Active Directory Service is not installed it shows SERVER.

GETTYPE: If we type this command in Command Prompt it shows DOMAIN

If Active Directory Service is not installed it shows as SERVER.

AFTER INSTALLING ACTIVE DIRECTORY SERVICE IN SERVER

1. Active Directory Users & Computers

It is one of the physical components.

Without a domain controller a Domain cannot exist

IP Settings for DC & ADC

Domain Controller System

Static IP: 10.0.0.1

Additional Domain Controller

Static IP: 10.0.0.2

Domain represent as a triangle in 2000 & 2003

FOR MAKING ADDITIONAL DOMAIN CONTROLLER

WINDOWS NT WINDOWS 2000 & 2003

In Windows NT Primary Domain Controller is configured while installing

In Win 2000 & 2003

HOW DIRECTORY SERVICES ARE EVOLVED

DAP: Directory Access Protocol is based on OSI Layers.

LDAP: Light weight Directory Access Protocol is based on TCP/IP Layers.

DAP was introduced in BANYAN VINES

It named the Database as STREET TALK

LDAP: Is introduced by NOVELL

It named the Database as NDS (Network Directory Services)

LOGICAL STRUCTURE OF ACTIVE DIRECTORY

 Active Directory is made up of one or more domains.

CONFIGURING A CHILD DOMAIN CONTROLLER

Check the IP Address & preferred DNS pointing to Domain Controller.

To confirm child domain in command prompt use the command NET

The other way to confirm is go to Administrator Tools then click on Active

 In Win 2003 operating system, A Tree is a set of one or more domains

First Domain is Called as FOREST ROOT.

 Multiple Domain trees within a single forest do not form a contiguous

Forest / Tree Root TREE

IP SETTINGS FOR DOMAIN CONTROLLER, ADDITIONAL DOMAIN

DC ADC CDC NTEF

SETTINGS FOR NEW TREE IN EXISTING FOREST