Professional Documents
Culture Documents
properly?
I am trying to get Exchange 2003 Enterprise installed on Windows 2003 Enterprise Server SP 1 in a Domain that already has
1 Windows 2000 SP4 DC. Originally I prepared to the new Exchange 2003 Enterprise server install by running the DCdiag,
Netdiag, adprep /forestprep, adprep /domainprep and dcpromo.
I first installed Windows 2003 Enterprise Server and installed all the updates. Second, I did a DCpromo on the new Windows
2003 Enterprise Server and made is the second Domain Controller. Third, I ran DCdiag, NetDiag, Forestprep, and
DomainPrep to prepare for the Exchange server install. Fourth, I installed the Exchange server and then installed SP1 and
then SP2.
So here is where the problem starts. It looked like the install went fine. All the services were installed and started. I was able
to configure the Internet messaging service and other configurations. The problem began when I went to add a mailbox to a
user account and the "Exchange Task" was missing from all the users account properties. I wasn't able to use the add
mailbox wizard for any account. I tried to install the Exchange system manager to get the "Exchange Tasks" to show up but I
couldn't get it to show up. The only mailbox that was created was the administrators account and I couldn't create any other
mailboxes.
So I decided that maybe I missed something on the install and I wanted to go back and re-install Exchange 2003 Enterprise.
I uninstalled Exchange and it seemed like it uninstalled properly. I re-ran forest prep and domainprep without any error.
When I went back to install Exchange I get a message that pops up: "Exchange Server 2003 has a known compatibility issue
with this version of Windows. For more information, refer to http://go.microsoft.com/fwlink/?LinkId=37488." . I looked up
the report and it doesn't really say anything about Windows 2003 Enterprise Server and Exchange 2003 Enterprise not being
compatible and I made sure that the server met all the minimum requirements.
I click Continue and I get tot he "Welcome to the Microsoft Exchange Installation Wizard". I click Next and then when I try to
install Exchange I get this error " The Component "Microsoft Exchange Messaging and Collaboration Services " Cannot be
assigned the action "Install" Because: To install the first Exchange server in a domain, or to run setup /forestPrep "mode, you
must be an Exchange Full Administrator at the Organization level. You must use an account that has been granted the Full
Exchange Administrator role on the Exchange organization using the Exchange Administrative Delegation Wizard"
I reinstall the exchange system managed and I checked the account. I am logging in as Administrator and in the delegation
wizard it ways the "administrator" account has "full Exchange administration" privileges.
Outlook 2002 introduced the Safe Mode feature.Much like Windows' Safe Mode, The desktop to start Outlook in SAFE mode.If
I type "outlook /safe" in the run box outlook starts in safe mode.
A. RIS comprises individual services that have been combined to enable the remote installation of Windows 2000
Professional. The Remote Installation Setup Wizard (RISetup) configures and starts the following services:
Boot Information Negotiation Layer (BINL) This service listens for and answers DHCP (PXE) requests. It also services
Client Installation Wizard requests. BINL directs the client to the files needed to start the installation process. This service
also checks Active Directory to verify credentials, determine whether a client needs service, and whether to create a new or
to reset an existing computer account object on behalf of the client.
Trivial File Transfer Protocol Daemon (TFTPD) A RIS server uses TFTP to download the initial files needed to begin the
remote installation process to the client. This includes the Client Installation Wizard and all files needed to start
Windows 2000 Setup. The first file downloaded to the client using TFTP is Startrom.com. Startrom is a small bootstrap
program that displays the Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client
Installation Wizard (OSChooser) is downloaded to begin the remote installation process. When it resides on the server side, it
is called the Trivial File Transfer Protocol Daemon (TFTPD), and when it resides on the client, it is called Trivial File Transfer
Protocol (TFTP).
1
Single Instance Store (SIS) SIS services consist of an NTFS file system filter and a service that acts on the volume on
which the RIS images are kept. SIS services reduce the storage requirements needed to store these images by combining
duplicate files.
Q. How to trouble shoot if a DHCP client won’t get IP from DHCP Server?
• A. Check the PC's network cable(s) and the network card(s) first.
• Ping the local loopback address.
• Use the Ipconfig/all command at the command line of a workstation. If you get an address in the range
169.254.x.x on a Windows 2000 client, you'll know that the client was unable to obtain an IP address
from the DHCP server.
• Try using the Ipconfig/release command followed by Ipconfig/renew. Reboot the failing workstation.
• If the problem PCs are on a different subnet from the DHCP server and are connected by a non-BOOTP
router, verify the status of the DHCP Relay Agent.
• There are two different ways that you can deploy an application through the Active Directory. You can either publish
the application or you can assign the application. You can only publish applications to users, but you can assign
applications to either users or to computers. The application is deployed in a different manner depending on which of
these methods you use.
• Publishing an application doesn’t actually install the application, but rather makes it available to users. For example,
suppose that you were to publish Microsoft Office. Publishing is a group policy setting, so it would not take effect
until the next time that the user logs in. When the user does log in though, they will not initially notice anything
different. However, if the user were to open the Control Panel and click on the Add / Remove Programs option, they
will find that Micfdrosoft Office is now on the list. A user can then choose to install Microsoft office on their machine.
• One thing to keep in mind is that regardless of which deployment method you use, Windows does not perform any
sort of software metering. Therefore, it will be up to you to make sure that you have enough licenses for the
software that you are installing.
• Assigning an application to a user works differently than publishing an application. Again, assigning an application is
a group policy action, so the assignment won’t take effect until the next time that the user logs in. When the user
does log in, they will see that the new application has been added to the Start menu and / or to the desktop.
• Although a menu option or an icon for the application exists, the software hasn’t actually been installed though. To
avoid overwhelming the server containing the installation package, the software is not actually installed until the user
attempts to use it for the first time.
• This is also where the self healing feature comes in. When ever a user attempts to use the application, Windows
always does a quick check to make sure that the application hasn’t been damaged. If files or registry settings are
missing, they are automatically replaced.
• Assigning an application to a computer works similarly to assigning an application to a user. The main difference is
that the assignment is linked to the computer rather than to the user, so it takes effect the next time that the
computer is rebooted. Assigning an application to a computer also differs from user assignments in that the
deployment process actually installs the application rather than just the application’s icon.
• Tombstones are special Active Directory objects that are created when you delete a Windows account or any other Active
Directory object. These hidden objects reside in Active Directory for a default lifetime of 60 days. This setting ensures
2
that objects across all domain controllers are deleted, because it allows enough time for the deletions to be fully
replicated.
• To prevent tombstones from deleting Exchange Server 5.5 mailboxes, configure the Active Directory Connector (ADC)
Connection Agreement to keep the deleted items and store the deletion list in the temporary .csv file.
• If the tomstones in Active Directory replicate to the Exchange Server 5.5 folder, they delete Exchange Server 5.5
mailboxes that match the legacyExchangeDN attribute of the tombstone. Before you configure the ADC Connection
Agreement, configure the Connection Agreement so that the deletions are not replicated from Active Directory to the
Exchange Server 5.5 folder. This method prevents tombstones in Active Directory from replicating to the Exchange
Server 5.5 folder.
NOTE: If the original Connection Agreement exists and the ADC service is stopped, verify that the Connection
Agreement schedule is set to Never.
A.
• Microsoft Exchange System Attendant (MSExchangeSA)- Provides monitoring, maintenance, and Active Directory
lookup services (for example, monitoring of services and connectors, proxy generation, Active Directory to metabase
replication, publication of free/busy information, offline address book generation, mailbox maintenance, and forwarding
Active Directory lookups to a global catalog server). If this service is stopped, monitoring, maintenance, and lookup
services are unavailable. If this service is disabled, any services that explicitly depend on it cannot start.
• Microsoft Exchange Information Store (MSExchangeIS)- Manages the Exchange store. The service makes mailbox
stores and public folder stores available. If this service is stopped, mailbox stores and public folder stores on this
computer are unavailable. If this service is disabled, any services that explicitly depend on it cannot start.
• Microsoft Exchange Routing Engine (RESvc)- Provides topology and routing information to servers running
Exchange 2003. If this service is stopped, optimal routing of messages will not be available.
• Microsoft Exchange MTA Stacks (MSExchangeMTA)- Provides Exchange X.400 services. You use Exchange X.400
services to connect to Exchange 5.5 servers and other connectors (custom gateways). If this service is stopped,
Exchange X.400 services are unavailable.
• Microsoft Exchange Site Replication Service (MSExchangeSRS) - Provides directory interoperability between
Exchange 5.5 and Exchange 2000 Server or Exchange 2003. Site Replication Service (SRS) acts as a directory replication
bridgehead server for an Exchange site. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory.
SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory® directory service
and the Exchange 5.5 directory. To Exchange 5.5, SRS looks similar to another Exchange 5.5 configuration/recipients
replication partner.
3
Service display Default
name/abbreviation startup type Description and dependencies
Microsoft Exchange Manual Allows sharing of Lotus Notes and Novell GroupWise Free/Busy
Calendar Connector Information.
(MSExchangeCalCon) Dependencies:
Event Log, Microsoft Exchange Information Store, Microsoft Exchange
Connectivity Controller
Microsoft Exchange Manual Provides support services for Microsoft Exchange connectors.
Connectivity Controller Dependencies:
(MSExchangeCoCo) Event Log
Microsoft Exchange Manual Allows sharing of mail traffic with Lotus Notes systems.
Connector for Lotus Notes Dependencies:
(LME-NOTES) Event Log, Microsoft Exchange Connectivity Controller
Microsoft Exchange Manual Allows sharing of mail traffic with Novell GroupWise systems.
Connector for Novell Dependencies:
GroupWise (LME-GWISE) Event Log, Microsoft Exchange Connectivity Controller, Microsoft
Exchange Router for Novell GroupWise
Microsoft Exchange Event Manual Monitors folders and triggers events for server applications compatible
(MSExchangeES) with Exchange Server 5.5.
Dependencies:
Microsoft Exchange Information Store
Microsoft Exchange IMAP4 Disabled Provides Internet Message Access Protocol version 4 (IMAP4) services
(IMAP4Svc) to clients. If this service is stopped, clients cannot connect to this
computer using IMAP4.
Dependencies:
IIS Admin Service
Microsoft Exchange Automatic Manages the Exchange store. The service makes mailbox stores and
Information Store public folder stores available. If this service is stopped, mailbox stores
(MSExchangeIS) and public folder stores on this computer are unavailable. If this
service is disabled, any services that explicitly depend on it cannot
start.
4
Dependencies:
Microsoft Exchange System Attendant
Microsoft Exchange Automatic Provides Exchange management information using Windows
Management Management Instrumentation (WMI). If this service is stopped, WMI
(MSExchangeMGMT) providers implemented to work in Microsoft Exchange Management,
like message tracking and Directory Access, will not work.
Dependencies:
Remote procedure call (RPC), WMI
Microsoft Exchange MTA Automatic Provides Exchange X.400 services. You use Exchange X.400 services
Stacks (MSExchangeMTA) to connect to Exchange 5.5 servers and other connectors (custom
gateways). If this service is stopped, Exchange X.400 services are
unavailable.
Dependencies:
Microsoft Exchange System Attendant
Microsoft Exchange POP3 Disabled Provides Post Office Protocol version 3 (POP3) services to clients. If
(POP3Svc) this service is stopped, clients cannot connect to this computer using
POP3.
Dependencies:
IIS Admin Service
Microsoft Exchange Router Manual Provides support for scheduling collaboration with Novell GroupWise
for Novell GroupWise systems.
(MSExchangeGWRtr) Dependencies:
None
Microsoft Exchange Routing Automatic Provides topology and routing information to servers running
Engine (RESvc) Exchange 2003. If this service is stopped, optimal routing of messages
will not be available.
Dependencies:
IIS Admin Service
Microsoft Exchange Site Disabled Provides directory interoperability between Exchange 5.5 and
Replication Service Exchange 2000 Server or Exchange 2003. Site Replication Service
(MSExchangeSRS) (SRS) acts as a directory replication bridgehead server for an
Exchange site. SRS runs on Exchange 2000 and serves as a modified
Exchange 5.5 directory. SRS uses Lightweight Directory Access
Protocol (LDAP) to communicate to both the Active Directory®
directory service and the Exchange 5.5 directory. To Exchange 5.5,
SRS looks similar to another Exchange 5.5 configuration/recipients
replication partner.
Note:
5
(RPC), Server, Workstation
Note:
The following Exchange services are set to manual, if installed on a cluster: IMAP4Svc, MSExchangeMTA,
MSExchangeSA, MSExchangeIS, SMTPsvc, NNTPsvc, REsvc, MSExchangeMGMT.
You must enable the following Microsoft Windows® services before you run Exchange Setup:
A. Connectors provide a one-way path for message flow to a specific destination. The primary
connectors in Exchange Server 2003 are:
• SMTP connectors SMTP connectors are used to define isolated paths for mail
that is destined for the Internet or an external address or non-Exchange mail
system. Using the SMTP connector to connect routing groups is neither
6
recommended nor preferred. SMTP connectors are designed for external mail
delivery.
Important:
X.400 connectors are only available in Exchange Server 2003 Enterprise Edition.
Each connector has an associated cost and address space or a connected routing group that is
designated as the destination point for the connector. When determining the most efficient
route for a message, Exchange's routing logic first examines the address space or connected
routing group defined on each connector to find the destination that most closely matches the
message's destination, and then routing evaluates the cost that is associated with each
connector. Routing only uses costs when the defined address space or connected routing
groups are the same on two connectors. The following section explains how Exchange uses this
information.
Microsoft Exchange Automatic Provides monitoring, maintenance, and Active Directory lookup services (for
System Attendant example, monitoring of services and connectors, proxy generation, Active
(MSExchangeSA) Directory to metabase replication, publication of free/busy information,
offline address book generation, mailbox maintenance, and forwarding
Active Directory lookups to a global catalog server). If this service is
stopped, monitoring, maintenance, and lookup services are unavailable. If
this service is disabled, any services that explicitly depend on it cannot
start.
Dependencies:
Event Log, NTLM Security Support Provider, Remote Procedure Call (RPC),
Server, Workstation
1. In Exchange System Manager, locate the mailbox store that contains the disconnected mailbox.
2. Click the Mailboxes object under the mailbox store.
3. If the mailbox is not already marked as disconnected (the mailbox icon appears with a red X), right-click the
Mailboxes object, and then click Cleanup Agent.
4. Right-click the disconnected mailbox, click Reconnect, and then select the appropriate user from the dialog
box that appears.
5. Click OK.
Note Only one user may be connected to a mailbox because all globally unique identifiers (GUIDs) are required
to be unique across an entire forest.
Back to the top
7
1. In Active Directory Users and Computers, create a new user object. When you create the new user object,
click to clear the Create an Exchange Mailbox check box.
Q; what is SID and How to find out SID for particular objects?
DSProxy
The Directory Service Proxy (DSProxy) is the Exchange Server 2003 component that provides an address book
service to Microsoft Outlook clients. DSProxy is implemented in DSProxy.dll. DSProxy has two functions:
DSProxy provides both proxy and referral services. MAPI clients running Outlook 2002 Service Release 1 and
earlier versions use the proxy functionality because these clients were designed to use Exchange Server as its
Directory Service. This was true for Microsoft Exchange Server from 4.0 to 5.5 but beginning with Exchange
Server 2000, Microsoft Active Directory takes the part of the Exchange Directory services. Therefore, DSProxy
emulates a directory service, so that earlier clients can function. Exchange Server 2003 server forwards the
requests to Active Directory.
Later versions of Outlook, such as Outlook 2000 with SR-2 and Outlook 2002/2003, are designed with the
assumption that Exchange Server 2003 does not have its own directory service. After DSProxy refers one of
these later clients to a global catalog server, the client communicates directly with Active Directory.
DSProxy obtains its list of working global catalog servers from DSAccess. DSAccess handles only LDAP queries.
However, DSProxy fully relies on DSAccess to provide global catalog failover support.
DSProxy Operations
DSAccess
8
Exchange 2003 services access information that is stored in Active Directory and write information to
Active Directory. If this communication occurred directly between each service and Active Directory,
Exchange 2003 could overwhelm an Active Directory domain controller with communication requests. DSAccess
is the component which controls the interaction between Exchange requests and Active Directory.
DSAccess is a shared API that is used by multiple components in Exchange 2003 to query Active Directory and
obtain both configuration and recipient information. DSAccess is implemented in DSAccess.dll, which is loaded
by both Exchange and non-Exchange components. The components are:
• System Attendant
• Message Transfer Agent (MTA)
• Microsoft Exchange Information Store
• Exchange Management Service
• Internet Information Services (IIS)
• Windows Management Instrumentation (WMI)
DSAccess discovers the Active Directory topology, detects domain controllers and Global Catalog servers, and
maintains a list of valid directory servers that are suitable for use by Exchange components. In addition,
DSAccess maintains a cache that is used to minimize the load on Active Directory by reducing the number of
Lightweight Directory Access Protocol (LDAP) requests that individual components send to Active Directory
servers. The DSAccess Cache is configurable through several Registry Keys.
The IIS Admin service (IIS Admin) manages the IIS Metabase and updates the registry for the
following services:
• WWW service
• FTP service
• SMTP service
• POP3 service
• IMAP4 service
• NNTP service
The IIS Admin service also provides access to the IIS configuration information to other
applications, such as to the metabase update service, which is an internal component of System
Attendant.
The registry key for the IIS Admin service is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISAdmin.
The IIS Admin service depends on the Remote Procedure Call (RPC) service and Security
Accounts Manager (SAM) service.
C:\>nslookup 12.100.12.105
Server: DNS1.christopherlewis.com
9
Address: 192.168.0.9
Name: 105.mumc.chcg.chcgil24.dsl.att.net
Address: 12.100.12.105
The Exchange Recipient Update Service is the Exchange component which is responsible for
managing the Exchange Server Proxy E-Mail addresses and for creating and updating e-mail
addresses for Exchange Server recipients and Exchange core components. There is one RUS
service in every domain where Exchange is installed and one Exchange Recipient Update
Service for the Enterprise Configuration (the whole Exchange Organization).
Q; What is Public folder tree and what is the name of Default public folder
tree?
To configure Exchange Server 2003 to use a smart host IP address, follow these steps:
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Locate the following folder:
Servers/Your_Server/Protocols/SMTP/Your_SMTP_Virtual_Server
3. Right-click Your_SMTP_Virtual_Server, and then click Properties.
4. Click the Delivery tab, and then click Advanced.
5. In the Smart host box, type the name of the smart host server.
You can type a string to represent a name or type an IP address that is enclosed in brackets.
You can route all outgoing messages for remote domains through a smart host instead of sending these messages directly to
the domain. When you do so, you can route messages over a connection that may be more direct or less costly than other
routes.
Note The smart host setting for SMTP virtual servers is similar to the smart host setting on SMTP connectors. You can
configure multiple smart hosts on the connector, because connectors can handle message delivery on a per-domain basis.
10
You can identify the smart host by either a fully qualified domain name (FQDN) or an IP address.
Note If you change the IP address, you must change it on every virtual server. If you use an IP address, you must enclose it
in brackets ([]). Exchange Server 2003 checks first for a server name and then for an IP address. The brackets identify the
value as an IP address. As a result, the DNS lookup is bypassed.
Q; What are the ports you will be opening for accessing exchange through
internet?
Q;Suppose you are sending mail to Dl and Dl has 100 members, only 2 people have not received
mail in that DL when you tried sending a test mail to that DL they received it . What is RCA?
Q; On a exchange server the SMTP service is stopped and its not coming up, how would you
trouble shoot it?
Q; What is interorg?
Q;A user is continuously receiving mail from his 5.5 servers and because of this his mail box is
full what will you do?
Q; There is One role in FSMO that Microsoft doesn’t recommend a GC server to perform which
role is that?
Q; A user is not receiving mail on his Black berry but receiving his mail on outlook, how will you
trouble shoot?
Q; Suppose I have a exchange server and my primary SMTP is acb @ xyz.com and I want all
employ of my company to have a secondary SMTP2.How will you implement that. Also when
ever a mailbox is created mailbox should be marked to new SMTP2?
Q;How will you come to know that Forestprep has been done properly?
11
Q;I have two exchange server one is exchange 5.5 and another is Exchage 2003 and I want to
setup mail flow between two server?
Q;I want to restore a deleted few mail from mailbox and it is not there in recover folder, How
can I get those mail?
Q; Can we restore a mail which has cross its retention period? What is the default retention
period?
Q;What do you under stand by Trust and what are different types?
The Message Tracking Center indicates that a message was delivered to an incorrect server in Exchange
Server 2003
On a computer that is running Microsoft Exchange Server 2003, when you use the Message Tracking Center tool to view the
message history of a sent message, incorrect information appears in the Message History dialog box.
In this scenario, the Message History dialog box indicates that a message has been delivered to an incorrect Exchange
Server computer. For example, information that is similar to the following appears in the Message History dialog box:
9/3/2004 2:25 PM SMTP: Message Routed and Queued for Gateway Delivery
What is OAB?
A9: Offline address book sizes can vary from 3 megabytes (MB) to 700 MB (uncompressed).
The following factors can affect the size of the offline address book:
12
• The usage of certificates in a company. The more PKI certificates, the larger the offline
address book. PKI certificates range from 1 kilobyte (KB) to 3 KB. They are the single largest
contributor to the offline address book size.
• The number of users in Active Directory.
• The number of distribution groups in Active Directory.
• The information that a company adds to Active Directory for each user and each distribution
group. For example, some organizations populate the address properties on each user; others
do not.
How frequently is the offline address book updated on the Outlook client?
A5: If left constantly running, Outlook in cached mode automatically updates the offline
address book on the client every 24 hours. The 24-hour time period is measured from the time
that the offline address book was last downloaded successfully. For example, if you complete
an offline address book download at 09:00 today, Outlook will start the offline address book
download the next day at approximately 09:00. Therefore, different people will receive updates
at different, random times.
Note The default setting on the Exchange computer is to generate an offline address book
differential file every morning at 04:00. For a change that is made in Active Directory to reach
the client computer, the following events must occur:
• The change must be picked up by the Exchange computer that generates the offline address
book files. This can take several hours. At worst, it can take 24 hours. This variable will be
referred to as "x."
• The Outlook clients must download the offline address book updates every 24 hours. This
update can take several hours. At worst, it can take 24 hours. This variable will be referred to
as "y."
The update reaches the client machines x+y hours later. It would be rare for a client to ever
experience a 48-hour delay or more unless there were some Active Directory or public folder
replication issues.
This step involves resetting the damaged Exchange database by removing the current database files from
the storage group directory. Keep copies of the files in case they are needed later. Microsoft® Exchange
Server 2003 re-creates blank database files to replace the files that you removed. When users attempt to
access their mailboxes, Exchange creates new mailboxes in the database, and the users are able to send
and receive mail. Because the user objects retain their original Exchange attributes (including
msExchMailboxGUID), the new mailboxes have the same GUID values as the old mailboxes. Later, this
fact allows ExMerge to successfully transfer data between the original database (which will be running in
the recovery storage group) and this temporary "dial tone" database.
If you one day are faced with a relatively large corrupt Mailbox Store, restoring it can, depending on things such
as backup hardware, backup application and network speed, be quite time consuming. Now the last thing you
want to deal with in such a situation is frustrated users (or even worse a yelling CEO!).
13
So how can you get your users to calm down (and your CEO to s… up) and get back to work while you
concentrate on getting the Mailbox Store back to life? There’s one simple answer and that is, you can create a
dial-tone database and thereby get message flow and mailbox access recovered almost instantly. By using a dial-
tone database your users can start to receive and send mail again, they can even go check out old messages that
existed in their mailbox on the Exchange server (if their Outlook client has been configured to use cached mode
that is), bear in mind though they have to switch between Online and Offline mode when prompted with the
Outlook 2003 Exchange Recovery Mode dialog box. I’ll talk more about Outlook 2003 Recovery mode in
“Demystifying The Exchange Dial-tone Restore Method (Part 2)”.
Using the dial-tone database restore method means that you, while restoring one or more corrupted Mailbox
Stores from the most recent backup, have users connect to a new empty or blank Mailbox Store. The dial-tone
restore method is by no means new; it’s been used with previous versions of Exchange as well, but now that we
have the Exchange Server 2003 Recovery Storage Group (RSG) feature, the method becomes even more
attractive when restoring Mailbox Stores within your Exchange messaging environment.
14
Figure 2: Copying the Mailbox Store Files (Priv1.edb and Priv1.stm)
Note:
If you have the disk space available it’s highly recommended you don’t delete but move the Mailbox Store files (Priv1.edb
and Priv1.stm) to another location on the server (preferably on the same logical drive), as you never know whether they are
needed at a later stage in the recovery process. Also remember to take a copy of any transaction logs contained in the
MDBDATA folder; these may very well be needed for transaction log replay after restoring the original database to the
Recover Storage Group (RSG).
We’re now ready to create the dial-tone database; this is done by right-clicking the Mailbox Store we dismounted earlier,
then selecting Mount Database as seen in Figure 3.
Figure 3: Creating the Dial-tone Database by mounting the Mailbox Store in Exchange System Manager
After a couple of seconds you will be prompted with the dialog box in Figure 4 below.
15
Figure 4: Creating the Dial-tone database
Click Yes and again wait a couple of seconds for the next dialog box to appear then click OK (see Figure 5).
Q; Tell me one example when Infracture master and Global catalog will be on one DC, what is
the issue if both resides on same system?
16
The Infrastructure Master (IM) role should be held by a domain controller that is not a Global
Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop
updating object information because it does not contain any references to objects that it does
not hold. This is because a Global Catalog server holds a partial replica of every object in the
forest. As a result, cross-domain object references in that domain will not be updated and a
warning to that effect will be logged on that DC's event log.
If all the domain controllers in a domain also host the global catalog, all the domain controllers
have the current data, and it is not important which domain controller holds the infrastructure
master role.
2003 modes?
FSMO roles?
Stress on PDC emulator?
2003 advantages?
About migration?(W2k to W2k3 and NT to W2k3).
Question on System State data Backup?
For certain types of changes, Windows 2000 incorporates methods to prevent conflicting Active Directory updates from
occurring.
Back to the top
The Windows 2000 Active Directory extends the single-master model found in earlier versions of Windows to include multiple
roles, and the ability to transfer roles to any domain controller (DC) in the enterprise. Because an Active Directory role is not
bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows 2000 there are
five FSMO roles:
• Schema master
• Domain naming master
• RID master
• PDC emulator
• Infrastructure daemon
17
Tools for Deploying DNS:
Windows Server 2003 includes a number of tools to assist you in deploying a DNS infrastructure.
Netdiag.exe
The Netdiag.exe tool assists you in isolating networking and connectivity problems. Netdiag.exe performs a
series of tests that you can use to determine the state of your network client. For more information about
Netdiag.exe, in Help and Support Center for Windows Server 2003, click Tools, and then click Windows
Support Tools .
Nslookup.exe
You can use the Nslookup.exe command-line tool to perform query testing of the DNS domain namespace
and to diagnose problems with DNS servers.
Dnscmd.exe
You can use the Dnscmd.exe command-line tool to perform administrative tasks on the DNS server the
same as you can by using the DNS Microsoft Management Console (MMC) snap-in.
DNSLint
DNSLint is a command-line tool that you can use to address some common DNS name resolution issues,
such as lame delegation and DNS record verification. DNSLint is in the Support.cab file in the
\Support\Tools folder on the Windows Server 2003 operating system CD. You can install DNSLint by running
Suptools.msi.
The Standard Edition had the same 16 GB database size limitation as earlier versions of
Exchange Server, while the Enterprise Edition had an increased limit of 8 TB (although
Microsoft's best practices documentation recommends that the message store not exceed 100
GB).
Bridgehead server - A domain controller that is used to send replication information to one or more other sites.
In Windows 2000 Server, bridgehead servers are the contact point for the exchange of directory information
between sites. A bridgehead server is a domain controller that has been either administratively assigned or
automatically chosen to replicate changes collected from other domain controllers in the site to bridgehead
servers in other sites.
By default, the Active Directory replication topology generator, the Knowledge Consistency Checker (KCC),
automatically chooses servers to act as bridgehead servers. However, if you are an administrator, you may
select one or more domain controllers in the site to be preferred bridgehead servers. These servers are used
exclusively to replicate changes collected from the site. Even though you may have administratively configured
several domain controllers as preferred bridgehead servers, the KCC chooses one of these servers to become the
bridgehead server for the site. However, if you choose only one bridgehead server for a particular site, and that
server becomes unavailable, the KCC does not choose another domain controller to be the bridgehead server.
Therefore, if you assign a preferred bridgehead server, you should assign more than one.
Multiple bridgehead servers may be required to replicate full copies of data from one site to another. This
behavior depends on the transports available, the directory partitions that have to be replicated, and the
availability of global catalog servers. You must assign one bridgehead server for each writable directory
partition in your forest. When you assign a bridgehead server, you can establish a preferred bridgehead server
18
for one or more protocols such as IP or SMTP. When you configure a domain controller to be the preferred
bridgehead server, you must specify the transports that are preferred for replication.
A. WSUS (previously called Windows Update Services) is the new name for the next
version of Software Update Services (SUS). WSUS is a patch and update component of
Windows Server and offers an effective and quick way to help you get secure and stay
secure. WSUS represents an important step toward delivering a core software
distribution and update management infrastructure in Windows. WSUS has both a
server and client component.
Q. Why is the name changing again after it was just changed from SUS to Windows
Update Services?
19
A. Based on customer and partner feedback, the name Windows Update Services and the
associated abbreviation (WUS) did not accurately describe the functionality and value
of the product. Windows Server Update Services more appropriately positions the
product as a component of Windows Server and reflects the fact that it can be used for
updates beyond Windows itself.
A. No. WSUS will support updating Windows operating systems and, over time, additional
Microsoft software products. When initially released, WSUS will support updating
Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP,
Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine
(MSDE) 2000, and Microsoft Exchange Server 2003. Support for additional Microsoft
products will be added over time, without the need to upgrade or redeploy WSUS.
A. WSUS can use MSDE, WMSDE, or SQL Server. If you choose to use SQL Server 2000 as
its datastore, then SQL Server 2000 needs to be licensed appropriately, with either a
SQL Server 2000 CAL for every device managed by WSUS, or a per-processor license.
For more information about SQL Server 2000 licensing, see the SQL Server How to Buy
page.
A. Yes.
A. No, the current version of WSUS is not supported on 64 bit platforms. However it can
manage/update PCs that run on those platforms.
A. Yes, WSUS can be used to distribute critical security updates released for 64-bit
systems however, the WSUS server is not officially supported on 64-bit platforms.
Support for WSUS on 64-bit platforms is planned for inclusion in a future release of
WSUS.
WSUS and SUS
20
For a list of the new capabilities, please refer to the WSUS Datasheet.
Q.Will the existing SUS client work with WSUS servers, or will a new client need to be installed?
A. Existing SUS clients must be updated to work with WSUS. The update process is automatic if you previously
used SUS. If you never used SUS before, the latest Automatic Update client is available as part of Windows XP
SP2. The new client is also backward-compatible with SUS 1.0 servers.
A. No. SMS 2003 can provide the same basic services that WSUS can, in addition to the advanced controls for
update management, so you will not need WSUS if you have SMS 2003.
Windows
A. Server Update Services provides basic patch and update capabilities only. If your environment requires
support for deployment of software packages, reporting on software and hardware inventory, remote-control
functionality, or other more advanced functions, SMS 2003 includes these features.
For a more detailed comparison of your update choices, see the Compare Microsoft Update, Windows Server
Update Services, and SMS page.
Q. What does SMS 2003 provide in update management that WSUS does not?
A. SMS 2003 provides a number of capabilities in the areas of advanced administrator control and awareness that
WSUS does not include. In particular, SMS users can create collections based on inventory characteristics of
machines, which enables administrators to better target their updates and perform functions such as:
. How can I automatically download and locally store all updates on my WSUS server?
A. By default, updates are downloaded to your Windows Server WSUS server only when they have been approved for
installation. You can choose to download and store all updates regardless of approval, or you can choose not to download
21
and store any updates locally. (updates are downloaded to computers directly from the Windows Update Web site after
being approved for installation.) To change the default settings, go to Advanced Settings in the Options screen of your
WSUS console.
For details about how updates are stored on WSUS, see the "Configuring Update Services Server" section of Deploying
Windows Server Update Services.
Q.What are the prerequisites for installing WSUS on Windows Server 2003?
..How can I automatically download and locally store all updates on my WSUS server?
.A. By default, updates are downloaded to your Windows Server WSUS server only when they have been approved for
installation. You can choose to download and store all updates regardless of approval, or you can choose not to download and
store any updates locally. (updates are downloaded to computers directly from the Windows Update Web site after being
approved for installation.) To change the default settings, go to Advanced Settings in the Options screen of your WSUS
console.
2. Crisis Management?
3. Mail flow in Exchange Server.
22
12. What is the difference between windows 2003 DFS & windows 2000 DFS?
13. Compaq Insight Manager version?
14. What are the Classes in Windows 2003 Active directory?
15. What is the tool to delete lingering objects in windows 2003?
16. Through Compaq Insight Manager can we delete/create Raid?
17. What is the difference between ILO & rilo?
18. How to authenticate two windows 2003 forests?
19. Windows 2003 Features?
20. How to install dual booting in windows 2003 server?
21. I have a medium organization? I want to put multiple forests? What are the factors?
22. I have deleted one user. Deleted user having some permissions. I want to create the same user
name & same password. Will the permissions remain same & what is the SID status?
23. Where the roaming profile is exists?
24. What does u can do with Group policy?
25. What is server hardening?
26. What is the SUS version u r using?
27. There is on Scenario. I have one DHCP server and the IP address are configured as static. And I want
to get rid of the server. How do I create a new server with same configuration as old?
28. How does u transfer Schema master?
29. How do get Schema Snap in MMC? What u will do if wont get schema snaps in MMC?
30. What are the enhancement advantages of GC in 2003?
31. If u change the password in the client, how much time will it take too update the password in the
domain controller?
32. What r the modes in Terminal Server in windows 2003?
Low Level
1. Features of windows2003
ACTIVE DIRECTORY
Easier Deployment and Management
ADMT version 2.0—migrates password from NT4 to 2000 to 20003 or from 2000 to
2003
Domain Rename--- supports changing Domain Name System and/or NetBios name
Schema Redefine--- Allows deactivation of attributes and class definitions in the Active
directory schema
AD/AM--- Active directory in application mode is a new capability of AD that addresses certain
deployment scenarios related to directory enabled applications
Group Policy Improvements----introduced GPMC tool to manage group policy
UI—Enhanced User Interface
Grater Security
Cross-forest Authentication
Cross-forest Authorization
Cross-certification Enhancements
IAS and Cross-forest authentication
Credential Manager
Software Restriction Policies
Improved Performance and Dependability
Easier logon for remote offices
Group Membership replication enhancements
Application Directory Partitions
Install Replica from media
Dependability Improvements--- updated Inter-Site Topology Generator (ISTG) that scales
better by supporting forests with a greater number of sites than Windows 2000.
FILE AND PRINT SERVICES
23
Volume shadow copy service
NTFS journaling file system
EFS
Improved CHDSK Performance
Enhanced DFS and FRS
Shadow copy of shared folders
Enhanced folder redirection
Remote document sharing (WEBDAV)
IIS
Fault-tolerant process architecture----- The IIS 6.0 fault-tolerant process architecture isolates Web
sites and applications into self-contained units called application pools
Health Monitoring---- IIS 6.0 periodically checks the status of an application pool with automatic
restart on failure of the Web sites and applications within that application pool, increasing application
availability. IIS 6.0 protects the server, and other applications, by automatically disabling Web sites and
applications that fail too often within a short amount of time
Automatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and
applications based on a flexible set of criteria, including CPU utilization and memory consumption,
while queuing requests
Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will
automatically disable it and return a "503 Service Unavailable" error message to any new or queued
requests to the application
Edit-While-Running
http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/default.mspx
24
There is no difference between in DC and ADC both contains write copy of AD. Both can also handles
FSMO roles (If transfers from DC to ADC). It is just for identification. Functionality wise there is no
difference.
10. what is the process of DHCP for getting the IP address to the client
There is a four way negotiation process b/w client and server
DHCP Discover (Initiated by client)
DHCP Offer (Initiated by server)
DHCP Select (Initiated by client)
DHCP Acknowledgement (Initiated by Server)
DHCP Negative Acknowledgement (Initiated by server if any issues after DHCP offer)
11. Difference between FAT,NTFS & NTFSVersion5
NTFS Version 5 features
Encryption is possible
We can enable Disk Quotas
File compression is possible
Sparse files
Indexing Service
NTFS change journal
In FAT file system we can apply only share level security. File level protection is not possible. In NTFS
we can apply both share level as well as file level security
NTFS supports large partition sizes than FAT file systems
NTFS supports long file names than FAT file systems
12. What are the port numbers for FTP, Telnet, HTTP, DNS
FTP-21, Telnet – 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389
25
Local Profiles
Roaming profiles
Mandatory Profiles
Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one
larger block of addresses. Borrowing network bits to combine several smaller networks into one larger
network does supernetting
Medium Level
1. what is the difference between Authorized DHCP and Non Authorized DHCP
To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000
must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server
in the network it stop serving the clients
2. Difference between inter-site and intra-site replication. Protocols using for replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication
can be done between two different sites over WAN links
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site
replication can be done B/w BHS in one site and BHS in another site.
We can use RPC over IP or SMTP as a replication protocols where as Domain partition is not possible to
replicate using SMTP
26
Normal Backup
Incremental Backup
Differential Backup
Daily Backup
Copy Backup
Transaction Log files and NTBACKUP
Backup Type What to Backup Exchange Logs
Normal Backs up selected files and marks each file as Backup Logfiles and delete Transaction
backed up Logfiles
Copy Backs up selected files, but does not mark any as Backup Logfiles but doesn’t delete
backed up Transaction Logfiles
Incremental Backs up selected files only if they were created or Backup only Logfiles but cannot be used
modified since the previous backup with enabled circular logging
Differential Backs up selected files only if they were created or Backup only Logfiles but cannot be used
modified since the previous backup, but does not with enabled circular logging. Logfiles
mark them as backed up will not be deleted after Backup
27
10. what are the port numbers for Kerberos, LDAP and Global catalog
Kerberos – 88, LDAP – 389, Global Catalog – 3268
11. what is the use of LDAP (X.500 standard?)
LDAP is a directory access protocol, which is used to exchange directory information from server to
clients or from server to servers
12. what are the problems that are generally come across DHCP
Scope is full with IP addresses no IP’s available for new machines
If scope options are not configured properly eg default gateway
Incorrect creation of scopes etc
Bridgehead server - A domain controller that is used to send replication information to one or more other sites.
Ans:
28
When the day comes that you have to put your disaster recovery plan into action, you will find that the process is fairly
simple conceptually, but can be much more difficult when it comes to actually executing it. Exchange 2000 Server
provides a means within itself to help restore a system or server, but this must be done after rebuilding the Windows 2000
server itself. The basic process to perform a disaster recovery is outlined in the following steps:
1. Reinstall Windows 2000 Server on the computer, taking care to ensure that the following items are observed:
a. Install the same version of Windows 2000 that you had installed on the server previously: Server,
Advanced Server or Datacenter Server.
b. Install Windows 2000 to the same volume and path as it was installed during the previous installation.
c. Configure the server with the same name as during the previous installation.
d. Configure the installation to have all of the components installed in the previous installation.
e. Install Windows 2000 as a stand-alone server; do not join the server to a domain during Windows 2000
installation or thereafter.
2. Restore the system volume to the new server using NTBACKUP as follows:
a. Launch the Backup utility by clicking Start > Programs > Accessories > System Tools > Backup.
b. Click the Restore Wizard icon to start the restoration.
c. Click Next on the Welcome to the Restore Wizard window to continue.
d. From on the What to Restore window, choose the media and the backup set from within that group that
you want to restore. If you do not see the media you want to restore from, click Import Media to open a
new window enabling you to browse to the media you wish to work with. Select the files within the group
to be restored. Click Next to continue after making all of your selections.
e. On the Completing the Restore Wizard screen, you can review the settings that you have supplied. If all
settings are acceptable, click Next to continue. If the settings are not acceptable, click Advanced to
configure advanced restoration options.
f. On the Where to Restore window, you will need to decide the location to which the restored files will be
copied. In this case (assuming that all volumes and paths have been created properly), you need to
choose Original Location and click Next.
g. On the How to Restore screen you will need to specify what to do if the restore process detects a file in
the restore location that is the same as a file trying to be restored. In this situation, I prefer to select
Always replace the file on disk, but you can make your selection according to your preferences. When you
have made your selection, click Next to continue.
h. On the Advanced Restore Options window, select which special options you want applied to your
restoration and click Next to continue. If you want additional information on the advanced options, search
Windows 2000 Server online help for “To set advanced backup options”.
i. Click Finish on the Completing the Restore Wizard window to begin restoring the selected files.
j. Click Close to finish the process when the restore completes.
3. Restore the system state to the new server using NTBACKUP by following the same procedure as for the system
volume, but this time selecting the System State data to be restored.
4. Run Exchange 2000 Server setup in Disaster Recovery mode as follows:
a. From a command prompt, launch the Exchange 2000 Server Installation Wizard in Disaster Recovery
mode by entering X:\Setup\I386\Setup.exe /DisasterRecovery, where X is the location of the Exchange
2000 Server setup CD-ROM.
b. The window as shown in Figure 1 will open and you can then proceed to install Exchange 2000 Server as
you normally would. Remember that you must select every component that was originally installed on the
computer to the action Disaster Recovery. If originally installed components are not selected for Disaster
Recovery, then you must manually select them.
29
Figure 1 – The Exchange 2000 Server Installation Wizard in Disaster Recovery mode.
c. An important note if you are trying to accomplish this procedure by using the Exchange 2000 Server
online help files—The directions provided are wrong in that you are directed to use the following
command to perform the Disaster Recovery installation: X:\Setup\I386\Setup\DisasterRecovery. As you
can obviously see, this will not provide the desired result.
6. Restore the your Exchange 2000 Server databases using NTBACKUP by following the same procedure as for the
system volume, but this time selecting the media and group that contains your Exchange 2000 Server databases.
The following amplifying instructions apply to restoring databases. For more information, see the “Prepare to
Restore Information” topic in the Exchange 2000 Server online help.
c. Verify that the Exchange Server services are running on the server in question (a departure from previous
versions of Exchange Server). See the “Monitor Services Used by Exchange” topic in the Exchange 2000
Server online help for more information on this.
d. Dismount the databases to be restored. See the “Dismount an Information Store” topic in the Exchange
2000 Server online help for more information on this action.
e. Select the media and databases to be restored. Click Start Restore to continue. Figure 2 shows this step
of the process.
30
Figure 2 – Preparing to restore the Exchange 2000 Server databases.
d. On the Restoring Database Store window (shown in Figure 3), specify a directory to store the log and
patch files during the restore in the Temporary location for log and patch files. Be careful to ensure
that the specified location has enough disk space to store the files. DO NOT specify the Temporary
location directory to be same as the original location of the database of log files, or the restore process will
not work.
31
Figure 3 – Selecting a temporary location for the log and patch files.
e. If you are restoring a full backup without any incremental backups, select Last Backup Set to start log file
replay after restoring the database. If you are restoring a backup with incremental backups, do not select
this option until you are restoring the last incremental backup.
f. If you want the database to be mounted as soon as the restoration process is complete, select the Mount
Database After Restore option.
g. To begin restoring the database, click OK.
7. You’re done—finally! Time to test and deploy your newly restored Exchange 2000 Server implementation.
However, if you are running the Key Management Server, the Site Replication Service or participating in an
Exchange 2000 Server cluster you will have additional work left to complete. I will discuss these scenarios in a
separate article.
The process to restore a single server is the same as the aforementioned procedure for restoring an entire Exchange
2000 Server system. The only difference is that you will only be working with one specific server, and thus you will choose
your restoration options accordingly.
Wrap-up
You may have noticed that you have to go through three restoration steps in this process: restoring the System Volume,
restoring the System State and restoring the Exchange 2000 Server databases. If you try to restore system data and
Exchange data, you will receive the warning dialog box as shown in Figure 4.
Figure 4 – Error when attempting to restore system data and Exchange data at the same time.
The NTBACKUP utility that ships with Windows 2000 is replaced by an updated version during the installation of
Exchange 2000 Server. This updated version allows for online backups of the Exchange 2000 Server files.
Although no amount of preparation can prevent disaster from striking, you can take steps to minimize the impact of such a
disaster when one occurs. Even though the process to get your network up and running again smoothly could take days or
32
even a week or two, it’s still a better solution than having nothing at all to fall back on. Always remember the rule of the
seven P’s and you will be in a much better position when the dreaded day comes to be.
IIS Components
FSMO ROLES
Domain Naming Master 1 per forest Controls the addition and removal of domains from the
forest
33
Synchronizes cross-domain group membership
Infrastructure Master 1 per domain changes. The infrastructure master cannot run on a
global catalog server (unless all DCs are also GCs.)
• Global Catalog: The Global Catalog (GC) contains a partial replica of every single object in the AD enterprise such
as Users, Groups, Computers, Printers and etc. The global catalog is a distributed data repository that contains a
searchable, partial representation of every object in every domain in a multi-domain Active Directory forest. The global
catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals
to different domain controllers
• Universal Group Caching: By configuring universal group caching on the domain controllers in your remote site,
you ensure that a user's universal group membership information is available when he tries to log on and there is no GC
available at the remote site. Enabling universal group caching is easy. Just open Active Directory Sites and Services,
connect to a domain controller in the remote site, expand the Sites container, expand the name of the site, right-click on
NTDS Site Settings, select Properties, and select the checkbox
Windows 2003 / 2000 aware backup applications allow you to back up something called the System State
Data. The System State Data is a collection of several Windows 2003 / 2000 subcomponents (including
Active Directory) that can’t be backed up separately. The System State Data includes such components
as:
• The registry
• The system startup files
• The class registration database
• The Certificate Services database
• The File Replication service
• The Cluster service
• The Domain Name Service (DNS)
• Active Directory
• ntds.dit--The database
• edb.chk--Checkpoint file
• edb*.log--Transaction log files
• res1.log and res2.log--Reserved transaction log files (used in case the server runs out of hard disk
space)
Schema
34
Configuration
Domain
.org,.com,
When the
Global
Catalog
Server
Enabled.
As I mentioned earlier, the Active Directory can only be backed up along with the system state data. To
back up the system state data, follow these steps:
• Select Tools|Backup Wizard. When the Backup Wizard starts, click Next, select Only Backup System
State Data, and click Next again and Finish.
• If you're backing up the system state to a file, I recommend placing the file on a partition that's
running the Windows 2003 / 2000 version of NTFS. Doing so will help ensure that no information is
lost during the backup process.
35
Restoring from the backup media brings the Active Directory database to the state it was in at
the time of the last backup. You have two options when restoring the system state data from a
backup tape: an authoritative restore or a nonauthoritative restore. Before I get into the differences, I
need to mention an issue associated with restoring system state data.
Suppose for a moment that your server's information was completely destroyed due to a hardware failure.
Obviously, before you could restore anything, you'd have to fix the problem and reload Windows. When
doing so, keep in mind that for the restore to work correctly, you'll have to reinstall Windows 2003 / 2000
onto the same partition it was previously loaded on. Once you've reloaded Windows 2003 / 2000, you
must recreate the partitions that existed before at their previous size or larger.
Non-authoritative restore
To perform a nonauthoritative restore, the directory services database must be offline (the database
doesn't have to be offline during the backup). To restore the Active Directory, you must place the server
into Directory Services Restore Mode. To do so, reboot the server. When you see the screen that asks you
to select your operating system, press F8. You'll see a menu with various diagnostic and recovery options.
Select the Directory Services Restore Mode command from this menu and press Enter.
Windows will now appear to boot normally. However, you must log in using the local administrator's
account and password. Keep in mind that because the Active Directory has been taken offline, it's
impossible to log in to the domain. Therefore, the only accounts that you can use to log in are those stored
within the security accounts manager database (sometimes called the SAM).
Once logged in, you may begin restoring the Active Directory:
• Select Start|Run and enter "ntbackup" at the prompt. Windows 2003 / 2000 will load the backup
program.
• Select Tools|Restore Wizard. Click Next to clear the welcome message. The backup program will
display the backup sets that are available for restore.
• Select the backup set you want to use and navigate through the backup set to find the system
state option. Select the System State check box and click Next followed by Finish.
It's important to point out that Windows 2003 / 2000 won't let you restore system state data that's older
than the default tombstone lifetime. The default tombstone lifetime is the amount of time that a deleted
object is maintained within the Active Directory before the garbage collection process clears it out. By
36
default, this period is set to 60 days. So, unless you do some tweaking, you can't restore Active Directory
information that's older than 60 days.
Upon completion of the restore operation, the file replication service is reset so that replication may begin.
You may then reboot your server in the normal manner. Upon rebooting, Windows 2003 / 2000 will
perform a consistency check against the Active Directory and reindex the files that make up the Active
Directory database. Windows will also begin the replication process with its replication partners and
restore the certificate services database if appropriate.
Authoritative restore
To perform an authoritative restore, you must first perform a nonauthoritative restore. Then, you can use
the NTDSUTIL tool to make the restored Active Directory authoritative. An authoritative restore can be
used to replace an entire Active Directory or just a portion of it.
To perform an authoritative restore, use the process I discussed earlier to restore the system state. When
the restore process completes, don't reconnect to the network--instead, reboot the computer. When you
see the screen that asks which operating system you want to use, press F8. You'll see the same diagnostic
menu you saw earlier; select the Directory Services Restore Mode command and press Enter.
Windows will now load. Log in to Windows using the local administrator's account as you did earlier. Select
Start|Run and execute the ntdsutil command. To restore the entire database, enter the following
commands:
authoritative restore
restore database
If you want to restore only a portion of the database, you can use the following commands (of course,
substitute your own sub tree):
authoritative restore
restore subtree ou=Brien,dc=files,dc=COM
At this point, type "quit" and restart the server in the normal manner.
• Local Policy
• Site Linked Policies
• Domain Linked Policies
• Organizational Unit Policies
37
Group policy may be set using Active Directory globally or or using Local Group Policy on local
computers. The files are stored:
• Locally - SystemRoot\System32\GroupPolicy\
The GPT.INI file contains information about the policy. Group policy templates are in the system
volume\public directory.
What is Replication ?
Ans:
Latency - The required time for all updates to be completed throughout all comain controllers on the network
domain or forest.
Convergence - The state at which all domain controllers have the same replica contents of the Active directory
database.
Loose consistency - The state at which all changes to the database are not yet replicated throughout all
controllers in the database (not converged).
A change is made to the Active Directory database on a domain controller. The attribute of the object and the
new USN is written to the database. The entire object is NOT replicated. This is called an atomic operation
becuase both changes are done, or neither change is done. This is an origination update. There are four types:
Add - An object is added to the database.
Delete - An object is deleted from the database.
Modify - An object in the database has its attributes modified.
Modify DN - An object is renamed or moved to another domain.
The controller the change was made on (after five minutes of stablilty), notifies its replication partners that a
change was made. It sends a change notification to these partners, but only notifies one partner every 30 seconds
so it is not overwhelmed with update requests. Each controller, in turn, when it is updated, sends a change notice
to its respective replication partners.
38
The replication partners each send an update request with a USN to the domain controller that the change was
made on. The USN identifies the current state of the domain controller making the change. Each change has a
unique USN. This way the domain controller that has the change knows the state of the domain controller
requesting the changes and only the changes are required to be sent. The time on each controller, therefore, does
not need to be synchronized exactly although timestamps are used to break ties regarding changes.
Changes are made through replication partners until all partners are replicated. At some point, replication
partners will attempt to replicate partners that are already updated. This is where propagation dampening is
used.
If no changes have been performed in six hours, replication procedures are performed to be sure no information
has been missed.
Updated object
The GUID and USN of the domain server with the originating update.
A local USN of the update on the updated object.
The KCC uses information provided by the administrator about sites and subnets to
automatically build the Active Directory replication topology.
Replication Partitions
Types of Active Directory data storage categories which are called partitions:
• Schema partition - Defines rules for object creation and modification for all objects in the
forest. Replicated to all domain controllers in the forest. Replicated to all domain controllers in
the forest, it is known as an enterprise partition.
• Configuration partition - Information about the forest directory structure is defined including
trees, domains, domain trust relationships, and sites (TCP/IP subnet group). Replicated to all
domain controllers in the forest, it is known as an enterprise partition.
• Domain partition - Has complete information about all domain objects (Objects that are part of
the domain including OUs, groups, users and others). Replicated only to domain controllers in
the same domain.
o Partial domain directory partition - Has a list of all objects in the directory with a partial
list of attributes for each object.
These partitions are all replicated between domain controllers by Active directory. Different partitions may be replicated between different
replication partners.
39
Replication Conflict
Replication conflict occurs when changes are made to the same object and attribute before the changes can be replicated throughout all
domain controller's copies of the database. Additional data (metadata) stored for each object attribute includes (not related to USN):
When an Active Directory database update is received on a domain controller, one of the following happens:
• If the update attribute version number is higher than the current version number on the controller, the
new value of the attribute is stored and the version number is updated.
• If the update attribute version number and stored attribute version number are the same, timestamps
are used to resolve the conflict.
• If the both version numbers and both timestamps are the same, the update from the controller with the
highest GUID is used.
In Windows 2000, the SYSVOL share is used to to authenticate users. The SYSVOL share includes group policy
information which is replicated to all local domain controllers. File replication service (FRS) is used to replicate the
SYSVOL share. The "Active Directory Users and Computers" tool is used to change the file replication service schedule.
Intrasite Replication
Replication that happens between controllers inside one site. All of the subnets inside the site should be connected by
high speed network wires. Replication between two sites may need to be sent over a slower WAN link or leased line.
Intrasite replication data is sent uncompressed.
Site replication is done using Remote Procedure Call (RPC). If a change is made, replication occurs within five minutes,
and replication is done every six hours if no changes were made. Domain controllers that receive updates replicate that
information to other domain controllers on their route list. All changes are therefore completed within a site within 15
minutes since there can only be three hops.
The topology used here is the ring topology talked about earlier and this replication is automatically set up by
Active Directory, but may be modified by an administrator.
DNS Replication
The DNS IP address and computer name is stored in Active Directory for Active Directory integrated DNS
zones and replicated to all local domain controllers. DNS information is not replicated to domain controllers
outside the domain.
Intersite Replication
Intrasite replication is replication between sites and must be set up by an administrator.
Replication Management
The administrative tool, "Active Directory Sites and Services", is used to manage Active Directory replication.
Replication data is compressed before being sent to minimze bandwidth use. There are two protocols used to
replicate AD:
40
• Normally Remote Procedure Call (RPC) is used to replicate data and is always used for
intrasite replication since it is required to support the FRS. RPC depends on IP (internet
protocol) for transport.
• Simple Mail Transfer Protocol (SMTP) may be used for replication between sites.
SMTP can't replicate the domain partition, however. Therefore the remote site would need to be in
another domain to be able to effectively use SMTP for carrying replication data.
High Level
41
Schema Master
PDC Emulator
Infrastructure Master
RID Master
3. Brief all the FSMO Roles
Domain Naming master and schema master are forest level roles. PDC emulator, Infrastructure master
and RID master are Domain level roles;
First server in the forest performs all 5 roles by default. Later we can transfer the roles
Domain Naming Master: Domain naming master is responsible for maintaining the relation ship
between the domains. With out this role it is not possible to add or remove any domain.
Schema Master: Schema contains set of classes and attributes. eg User, computer, printer are the
objects in AD which are having their own set of attributes.. Schema master is responsible for
maintaining this schema. Changes to the schema will affect entire forest.
PDC Emulator: Server, which is performing this role, acts as a PDC in a mixed mode to synchronize
directory information between windows 2000 DC to Windows NT BDC. Server, which is performing
this role, will contain latest password information. This role is also responsible for time synchronization
in the forest.
Infrastructure Master: It is responsible for managing group membership information in the domain.
This role is responsible for updating DN when name or location of the object is modified.
RID Master: Server, which is performing this role, will provide pool of RID to other domain controllers
in the domain. SID is the combination of SID and RID SID=SID+RID where SID is Security identifier
common for all objects in the domain and RID is relative identifier unique for each object.
42
7. Difference between online and offline de-fragmentation
Online De-fragmentation will be performed by garbage collection process, which runs for every 12
hours by default which separate used space and white space (white space is the space created because of
object deletion in AD eg User) and improves the efficiency of AD when the domain controller up and
running
Offline defragmentation can be done manually by taking domain controller into Restoration mode. We
can only reduce the file size of directory database where as the efficiency will be same as in online
defragmentation
10. what are the monitoring tools used for Server and Network Heath. How to define alert mechanism
Spot Light , SNMP Need to enable .
11. How to deploy the patches and what are the softwares used for this process
Using SUS (Software update services) server we can deploy patches to all clients in the network. We
need to configure an option called “Synchronize with Microsoft software update server” option and
schedule time to synchronize in server. We need to approve new update based on the requirement. Then
approved update will be deployed to clients
We can configure clients by changing the registry manually or through Group policy by adding WUAU
administrative template in group policy.
NLB (network load balancing) cluster for balancing load between servers. This cluster will not
provide any high availability. Usually preferable at edge servers like web or proxy.
Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In
2 node active-passive cluster one node will be active and one node will be stand by. When active server
fails the application will FAILOVER to stand by server automatically. When the original server backs
we need to FAILBACK the application
Quorum: A shared storage need to provide for all servers which keeps information about clustered
application and session state and is useful in FAILOVER situation. This is very important if Quorum
disk fails entire cluster will fails
43
Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to
identify the status of other servers in cluster.
44
In Windows 2000 it is not possible. In windows 2003 it is possible. On Domain controller by going to
MYCOMPUTER properties we can change.
20. What is the difference between IIS Version 5 and IIS Version 6
Refer Question 1
You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup.
ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes,
and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all
the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple
installation of Windows and automatically starts a restoration using the backup created by the ASR
Wizard.
22. What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level
23. What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with
domain GPO, Where as Domain controller policy will be applied only on domain controller. By default
domain controller security policy will be associated with domain controller GPO. Local policy will be
applied to that particular machine only and effects to that computer only.
45
24. What is the use of SYSVOL folder
Policies and scripts saved in SYSVOL folder will be replicated to all domain controllers in the domain.
FRS (File replication service) is responsible for replicating all policies and scripts
Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate
folder object, an administrator can designate which folders to redirect and where To do this, the
administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can
designate the server file system path to which the folder should be redirected.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to
dynamically create a newly redirected folder for each user to whom the policy object applies.
26. What different modes in windows 2003 (Mixed, native & intrim….etc)
Different Active Directory features are available at different functional levels. Raising domain and forest
functional levels is required to enable certain new features as domain controllers are upgraded from
Windows NT 4.0 and Windows 2000 to Windows Server 2003
Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows
server 2003 and Windows server 2003 interim ( Only available when upgrades directly from Windows
NT 4.0 to Windows 2003)
Forest Functional Levels: Windows 2000 and Windows 2003
Microsoft doesn’t recommend Internet Protocol security (IPSec) network address translation (NAT)
traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind
network address translators. When a server is behind a network address translator, and the server uses
IPSec NAT-T, unintended side effects may occur because of the way that network address translators
translate network traffic
If you put a server behind a network address translator, you may experience connection problems
because clients that connect to the server over the Internet require a public IP address. To reach servers
that are located behind network address translators from the Internet, static mappings must be
configured on the network address translator. For example, to reach a Windows Server 2003-based
computer that is behind a network address translator from the Internet, configure the network address
translator with the following static network address translator mappings:
• Public IP address/UDP port 500 to the server's private IP address/UDP port 500.
• Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500.
These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is
sent to the public address of the network address translator is automatically translated and forwarded to
the Windows Server 2003-based computer
28. How to create application partition windows 2003 and its usage?
46
An application directory partition is a directory partition that is replicated only to specific domain
controllers. A domain controller that participates in the replication of a particular application directory
partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can
host a replica of an application directory partition.
Applications and services can use application directory partitions to store application-specific data.
Application directory partitions can contain any type of object, except security principals. TAPI is an
example of a service that stores its application-specific data in an application directory partition.
Application directory partitions are usually created by the applications that will use them to store and
replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can
manually create or manage application directory partitions using the Ntdsutil command-line tool.
29. Is it possible to do implicit transitive forest to forest trust relation ship in windows 2003?
Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit
trust
Two-way trust
One-way: incoming
One-way: Outgoing
Information is stored locally once this option is enabled and a user attempts to log on for the first time.
The domain controller obtains the universal group membership for that user from a global catalog. Once
the universal group membership information is obtained, it is cached on the domain controller for that
site indefinitely and is periodically refreshed. The next time that user attempts to log on, the
authenticating domain controller running Windows Server 2003 will obtain the universal group
membership information from its local cache without the need to contact a global catalog.
By default, the universal group membership information contained in the cache of each domain
controller will be refreshed every 8 hours.
RSoP provides details about all policy settings that are configured by an Administrator, including
Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts,
and Group Policy Software Installation.
When policies are applied on multiple levels (for example, site, domain, domain controller, and
organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and
their precedence (the order in which policies are applied).
47
any document having that extension then the application install into the local machine. If any application
program files missing it will automatically repair.
With Publish option you can apply only on users. It will not install automatically when any application
program files are corrupted or deleted.
48
Netdom.exe is domain management tool to rename domain controller
Second level
What are the services installed when RIS is installed. Read about RIS.
How to trouble shoot if a DHCP client won’t get IP from DHCP Server?
What is the diff between publish and assign?
What is tombstone and what is the period of tombstone?
What is online and offline fragmentations?
Garbage collections and white spaces?
Authoritative and non auth restore?
Tell me one example when Infracture master and Global catalog will be on one DC, what is the issue if both
resides on same system?
When you require a Infrastructure Master.
What are Windows 2003 modes?
What are FSMO roles and explain then?
Stress on PDC emulator?
2003 advantages?
About migration?(W2k to W2k3 and NT to W2k3).
Question on System State data Backup?
Diff types of DNS roles and Zones?
What are the steps you follow when you are promoting a server as ADC in windows 2003?
What are the two parameters you run before upgrading the server to an ADC(/forestprep, /domainprep).
What is the authentication process?
What is the role of GC in authentication process?
What happens if DNS server fails. Can a user is able to login if the DNS server fails(if you have only one DNS
Server).
How do you promote a server to a domain controller(in windows 2003) over a slow wan links.
A) Take the backup of systemstate from the DC and restore it in the server where you are promoting using
“dcpromo /adv” and select restore from backup.
1. What is the difference between windows 2003 DFS & windows 2000 DFS?
2. Compaq Insight Manager version?
3. What are the Classes in Windows 2003 Active directory?
4. What is the tool to delete lingering objects in windows 2003?
5. Through Compaq Insight Manager can we delete/create Raid?
6. What is the difference between ILO & rilo?
7. How to authenticate two windows 2003 forests?
8. Windows 2003 Features?
9. SUS implementation steps?
10. How to install dual booting in windows 2003 server?
11. I have a medium organization? I want to put multiple forests? What are the factors?
12. I have deleted one user. Deleted user having some permissions. I want to create the same user name & same
password. Will the permissions remain same & what is the SID status?
13. Where the roaming profile is exists?
14. What does u can do with Group policy?
15. What is server hardening?
16. What is the SUS version u r using?
49
17. There is on Scenario. I have one DHCP server and the IP address are configured as static. And I want
to get rid of the server. How do I create a new server with same configuration as old?
18. How does u transfer Schema master?
19. How do get Schema Snap in MMC? What u will do if wont get schema snaps in MMC?
20. What are the enhancement advantages of GC in 2003?
21. If u change the password in the client, how much time will it take too update the password in the
domain controller?
22. What r the modes in Terminal Server in windows 2003?
Low Level
50
availability. IIS 6.0 protects the server, and other applications, by automatically disabling Web sites and
applications that fail too often within a short amount of time
Automatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and
applications based on a flexible set of criteria, including CPU utilization and memory consumption,
while queuing requests
Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will
automatically disable it and return a "503 Service Unavailable" error message to any new or queued
requests to the application
Edit-While-Running
http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/default.mspx
51
Secondary DNS
Active Directory Integrated DNS
Forwarder
Caching only DNS
30. what is the process of DHCP for getting the IP address to the client
There is a four way negotiation process b/w client and server
DHCP Discover (Initiated by client)
DHCP Offer (Initiated by server)
DHCP Select (Initiated by client)
DHCP Acknowledgement (Initiated by Server)
DHCP Negative Acknowledgement (Initiated by server if any issues after DHCP offer)
31. Difference between FAT,NTFS & NTFSVersion5
NTFS Version 5 features
Encryption is possible
We can enable Disk Quotas
File compression is possible
Sparse files
Indexing Service
NTFS change journal
In FAT file system we can apply only share level security. File level protection is not possible. In NTFS
we can apply both share level as well as file level security
NTFS supports large partition sizes than FAT file systems
NTFS supports long file names than FAT file systems
32. What are the port numbers for FTP, Telnet, HTTP, DNS
FTP-21, Telnet – 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389
52
Subnetting is the process of borrowing bits from the host portion of an address to provide bits for
identifying additional sub-networks
Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one
larger block of addresses. Borrowing network bits to combine several smaller networks into one larger
network does supernetting
Medium Level
21. what is the difference between Authorized DHCP and Non Authorized DHCP
To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000
must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server
in the network it stop serving the clients
22. Difference between inter-site and intra-site replication. Protocols using for replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication
can be done between two different sites over WAN links
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site
replication can be done B/w BHS in one site and BHS in another site.
We can use RPC over IP or SMTP as a replication protocols where as Domain partition is not possible to
replicate using SMTP
53
Global catalog is a role, which maintains Indexes about objects. It contains full information of the
objects in its own domain and partial information of the objects in other domains. Universal Group
membership information will be stored in global catalog servers and replicate to all GC’s in the forest.
29. What is the process of user authentication (Kerberos V5) in windows 2000
After giving logon credentials an encryption key will be generated which is used to encrypt the time
stamp of the client machine. User name and encrypted timestamp information will be provided to
domain controller for authentication. Then Domain controller based on the password information stored
in AD for that user it decrypts the encrypted time stamp information. If produces time stamp matches to
its time stamp. It will provide logon session key and Ticket granting ticket to client in an encryption
format. Again client decrypts and if produced time stamp information is matching then it will use logon
session key to logon to the domain. Ticket granting ticket will be used to generate service granting ticket
when accessing network resources
30. what are the port numbers for Kerberos, LDAP and Global catalog
Kerberos – 88, LDAP – 389, Global Catalog – 3268
31. what is the use of LDAP (X.500 standard?)
LDAP is a directory access protocol, which is used to exchange directory information from server to
clients or from server to servers
32. what are the problems that are generally come across DHCP
Scope is full with IP addresses no IP’s available for new machines
If scope options are not configured properly eg default gateway
Incorrect creation of scopes etc
54
TTL is Time to Live setting used for the amount of time that the record should remain in cache when
name resolution happened.
We can set TTL in SOA (start of authority record) of DNS
35. How to take DNS and WINS,DHCP backup
%System root%/system32/dns
%System root%/system32/WINS
%System root%/system32/DHCP
High Level
55
36. Can we establish trust relationship between two forests
In Windows 2000 it is not possible. In Windows 2003 it is possible
56
41. what is Active Directory De-fragmentation
De-fragmentation of AD means separating used space and empty space created by deleted objects and
reduces directory size (only in offline De-fragmentation)
Offline defragmentation can be done manually by taking domain controller into Restoration mode. We
can only reduce the file size of directory database where as the efficiency will be same as in online
defragmentation
45. what are the monitoring tools used for Server and Network Heath. How to define alert mechanism
Spot Light , SNMP Need to enable .
46. How to deploy the patches and what are the softwares used for this process
Using SUS (Software update services) server we can deploy patches to all clients in the network. We
need to configure an option called “Synchronize with Microsoft software update server” option and
schedule time to synchronize in server. We need to approve new update based on the requirement. Then
approved update will be deployed to clients
We can configure clients by changing the registry manually or through Group policy by adding WUAU
administrative template in group policy
NLB (network load balancing) cluster for balancing load between servers. This cluster will not
provide any high availability. Usually preferable at edge servers like web or proxy.
Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In
2 node active-passive cluster one node will be active and one node will be stand by. When active server
fails the application will FAILOVER to stand by server automatically. When the original server backs
we need to FAILBACK the application
57
Quorum: A shared storage need to provide for all servers which keeps information about clustered
application and session state and is useful in FAILOVER situation. This is very important if Quorum
disk fails entire cluster will fails
Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to
identify the status of other servers in cluster.
55. What is the difference between IIS Version 5 and IIS Version 6
Refer Question 1
You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup.
58
ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes,
and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all
the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple
installation of Windows and automatically starts a restoration using the backup created by the ASR
Wizard.
57. What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level
58. What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with
domain GPO, Where as Domain controller policy will be applied only on domain controller. By default
domain controller security policy will be associated with domain controller GPO. Local policy will be
applied to that particular machine only and effects to that computer only.
Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate
folder object, an administrator can designate which folders to redirect and where To do this, the
administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can
designate the server file system path to which the folder should be redirected.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to
dynamically create a newly redirected folder for each user to whom the policy object applies.
61. What different modes in windows 2003 (Mixed, native & intrim….etc)
Different Active Directory features are available at different functional levels. Raising domain and forest
functional levels is required to enable certain new features as domain controllers are upgraded from
Windows NT 4.0 and Windows 2000 to Windows Server 2003
Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows
server 2003 and Windows server 2003 interim ( Only available when upgrades directly from Windows
NT 4.0 to Windows 2003)
Forest Functional Levels: Windows 2000 and Windows 2003
Microsoft doesn’t recommend Internet Protocol security (IPSec) network address translation (NAT)
traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind
network address translators. When a server is behind a network address translator, and the server uses
IPSec NAT-T, unintended side effects may occur because of the way that network address translators
translate network traffic
59
If you put a server behind a network address translator, you may experience connection problems
because clients that connect to the server over the Internet require a public IP address. To reach servers
that are located behind network address translators from the Internet, static mappings must be
configured on the network address translator. For example, to reach a Windows Server 2003-based
computer that is behind a network address translator from the Internet, configure the network address
translator with the following static network address translator mappings:
• Public IP address/UDP port 500 to the server's private IP address/UDP port 500.
• Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500.
These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is
sent to the public address of the network address translator is automatically translated and forwarded to
the Windows Server 2003-based computer
63. How to create application partition windows 2003 and its usage?
An application directory partition is a directory partition that is replicated only to specific domain
controllers. A domain controller that participates in the replication of a particular application directory
partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can
host a replica of an application directory partition.
Applications and services can use application directory partitions to store application-specific data.
Application directory partitions can contain any type of object, except security principals. TAPI is an
example of a service that stores its application-specific data in an application directory partition.
Application directory partitions are usually created by the applications that will use them to store and
replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can
manually create or manage application directory partitions using the Ntdsutil command-line tool.
64. Is it possible to do implicit transitive forest to forest trust relation ship in windows 2003?
Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit
trust
Two-way trust
One-way: incoming
One-way: Outgoing
Information is stored locally once this option is enabled and a user attempts to log on for the first time.
The domain controller obtains the universal group membership for that user from a global catalog. Once
the universal group membership information is obtained, it is cached on the domain controller for that
site indefinitely and is periodically refreshed. The next time that user attempts to log on, the
authenticating domain controller running Windows Server 2003 will obtain the universal group
membership information from its local cache without the need to contact a global catalog.
By default, the universal group membership information contained in the cache of each domain
controller will be refreshed every 8 hours.
60
Who are the users effecting by these polices, who is managing these policies. GPMC will display all the
above information.
RSoP provides details about all policy settings that are configured by an Administrator, including
Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts,
and Group Policy Software Installation.
When policies are applied on multiple levels (for example, site, domain, domain controller, and
organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and
their precedence (the order in which policies are applied).
61
Netdom.exe is domain management tool to rename domain controller
SID history
Low Level
62
Automatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and
applications based on a flexible set of criteria, including CPU utilization and memory consumption,
while queuing requests
Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will
automatically disable it and return a "503 Service Unavailable" error message to any new or queued
requests to the application
Edit-While-Running
http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/default.mspx
63
48. If DHCP is not available what happens to the client
Client will not get IP and it cannot be participated in network. If client already got the IP and having
lease duration it use the IP till the lease duration expires.
50. what is the process of DHCP for getting the IP address to the client
There is a four way negotiation process b/w client and server
DHCP Discover (Initiated by client)
DHCP Offer (Initiated by server)
DHCP Select (Initiated by client)
DHCP Acknowledgement (Initiated by Server)
DHCP Negative Acknowledgement (Initiated by server if any issues after DHCP offer)
51. Difference between FAT,NTFS & NTFSVersion5
NTFS Version 5 features
Encryption is possible
We can enable Disk Quotas
File compression is possible
Sparse files
Indexing Service
NTFS change journal
In FAT file system we can apply only share level security. File level protection is not possible. In NTFS
we can apply both share level as well as file level security
NTFS supports large partition sizes than FAT file systems
NTFS supports long file names than FAT file systems
52. What are the port numbers for FTP, Telnet, HTTP, DNS
FTP-21, Telnet – 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389
64
Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one
larger block of addresses. Borrowing network bits to combine several smaller networks into one larger
network does supernetting
Medium Level
41. what is the difference between Authorized DHCP and Non Authorized DHCP
To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000
must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server
in the network it stop serving the clients
42. Difference between inter-site and intra-site replication. Protocols using for replication.
Intra-site replication can be done between the domain controllers in the same site. Inter-site replication
can be done between two different sites over WAN links
BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site
replication can be done B/w BHS in one site and BHS in another site.
We can use RPC over IP or SMTP as a replication protocols where as Domain partition is not possible to
replicate using SMTP
65
Active directory is a directory service, which maintains the relation ship between resources and enabling
them to work together. Because of AD hierarchal structure windows 2000 is more scalable, reliable.
Active directory is derived from X.500 standards where information is stored is hierarchal tree like
structure. Active directory depends on two Internet standards one is DNS and other is LDAP.
Information in Active directory can be queried by using LDAP protocol
49. What is the process of user authentication (Kerberos V5) in windows 2000
After giving logon credentials an encryption key will be generated which is used to encrypt the time
stamp of the client machine. User name and encrypted timestamp information will be provided to
domain controller for authentication. Then Domain controller based on the password information stored
in AD for that user it decrypts the encrypted time stamp information. If produces time stamp matches to
its time stamp. It will provide logon session key and Ticket granting ticket to client in an encryption
format. Again client decrypts and if produced time stamp information is matching then it will use logon
session key to logon to the domain. Ticket granting ticket will be used to generate service granting ticket
when accessing network resources
50. what are the port numbers for Kerberos, LDAP and Global catalog
Kerberos – 88, LDAP – 389, Global Catalog – 3268
51. what is the use of LDAP (X.500 standard?)
LDAP is a directory access protocol, which is used to exchange directory information from server to
clients or from server to servers
52. what are the problems that are generally come across DHCP
Scope is full with IP addresses no IP’s available for new machines
If scope options are not configured properly eg default gateway
Incorrect creation of scopes etc
66
56. What is recovery console
Recovery console is a utility used to recover the system when it is not booting properly or not at all
booting. We can perform fallowing operations from recovery console
We can copy, rename, or replace operating system files and folders
Enable or disable service or device startup the next time that start computer
Repair the file system boot sector or the Master Boot Record
Create and format partitions on drives
High Level
67
RID Master
73. Brief all the FSMO Roles
Domain Naming master and schema master are forest level roles. PDC emulator, Infrastructure master
and RID master are Domain level roles;
First server in the forest performs all 5 roles by default. Later we can transfer the roles
Domain Naming Master: Domain naming master is responsible for maintaining the relation ship
between the domains. With out this role it is not possible to add or remove any domain.
Schema Master: Schema contains set of classes and attributes. eg User, computer, printer are the
objects in AD which are having their own set of attributes.. Schema master is responsible for
maintaining this schema. Changes to the schema will affect entire forest.
PDC Emulator: Server, which is performing this role, acts as a PDC in a mixed mode to synchronize
directory information between windows 2000 DC to Windows NT BDC. Server, which is performing
this role, will contain latest password information. This role is also responsible for time synchronization
in the forest.
Infrastructure Master: It is responsible for managing group membership information in the domain.
This role is responsible for updating DN when name or location of the object is modified.
RID Master: Server, which is performing this role, will provide pool of RID to other domain controllers
in the domain. SID is the combination of SID and RID SID=SID+RID where SID is Security identifier
common for all objects in the domain and RID is relative identifier unique for each object
68
Offline defragmentation can be done manually by taking domain controller into Restoration mode. We
can only reduce the file size of directory database where as the efficiency will be same as in online
defragmentation
80. what are the monitoring tools used for Server and Network Heath. How to define alert mechanism
Spot Light , SNMP Need to enable .
81. How to deploy the patches and what are the softwares used for this process
Using SUS (Software update services) server we can deploy patches to all clients in the network. We
need to configure an option called “Synchronize with Microsoft software update server” option and
schedule time to synchronize in server. We need to approve new update based on the requirement. Then
approved update will be deployed to clients
We can configure clients by changing the registry manually or through Group policy by adding WUAU
administrative template in group policy
NLB (network load balancing) cluster for balancing load between servers. This cluster will not
provide any high availability. Usually preferable at edge servers like web or proxy.
Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In
2 node active-passive cluster one node will be active and one node will be stand by. When active server
fails the application will FAILOVER to stand by server automatically. When the original server backs
we need to FAILBACK the application
Quorum: A shared storage need to provide for all servers which keeps information about clustered
application and session state and is useful in FAILOVER situation. This is very important if Quorum
disk fails entire cluster will fails
Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to
identify the status of other servers in cluster.
69
For SNMP programs to communicate we need to configure common community name for those
machines where SNMP programs (eg DELL OPEN MANAGER) running. This can be configured from
services.msc--- SNMP service -- Security
Stub zones are a new feature of DNS in Windows Server 2003 that can be used to streamline
name resolution, especially in a split namespace scenario. They also help reduce the amount
of DNS traffic on your network, making DNS more efficient especially over slow WAN links.
90. What is the difference between IIS Version 5 and IIS Version 6
Refer Question 1
91. What is ASR (Automated System Recovery) and how to implement it.
ASR is a two-part system; it includes ASR backup and ASR restore. The ASR Wizard, located in
Backup, does the backup portion. The wizard backs up the system state, system services, and all the
disks that are associated with the operating system components. ASR also creates a file that contains
information about the backup, the disk configurations (including basic and dynamic volumes), and how
to perform a restore.
You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup.
ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes,
and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all
the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple
installation of Windows and automatically starts a restoration using the backup created by the ASR
Wizard.
70
92. What are the different levels that we can apply Group Policy
We can apply group policy at SITE level---Domain Level---OU level
93. What is Domain Policy, Domain controller policy, Local policy and Group policy
Domain Policy will apply to all computers in the domain, because by default it will be associated with
domain GPO, Where as Domain controller policy will be applied only on domain controller. By default
domain controller security policy will be associated with domain controller GPO. Local policy will be
applied to that particular machine only and effects to that computer only.
Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate
folder object, an administrator can designate which folders to redirect and where To do this, the
administrator needs to navigate to the following location in the Group Policy Object:
User Configuration\Windows Settings\Folder Redirection
In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can
designate the server file system path to which the folder should be redirected.
The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to
dynamically create a newly redirected folder for each user to whom the policy object applies.
96. What different modes in windows 2003 (Mixed, native & intrim….etc)
Different Active Directory features are available at different functional levels. Raising domain and forest
functional levels is required to enable certain new features as domain controllers are upgraded from
Windows NT 4.0 and Windows 2000 to Windows Server 2003
Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows
server 2003 and Windows server 2003 interim ( Only available when upgrades directly from Windows
NT 4.0 to Windows 2003)
Forest Functional Levels: Windows 2000 and Windows 2003
Microsoft doesn’t recommend Internet Protocol security (IPSec) network address translation (NAT)
traversal (NAT-T) for Windows deployments that include VPN servers and that are located behind
network address translators. When a server is behind a network address translator, and the server uses
IPSec NAT-T, unintended side effects may occur because of the way that network address translators
translate network traffic
If you put a server behind a network address translator, you may experience connection problems
because clients that connect to the server over the Internet require a public IP address. To reach servers
that are located behind network address translators from the Internet, static mappings must be
configured on the network address translator. For example, to reach a Windows Server 2003-based
computer that is behind a network address translator from the Internet, configure the network address
translator with the following static network address translator mappings:
71
• Public IP address/UDP port 500 to the server's private IP address/UDP port 500.
• Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500.
These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is
sent to the public address of the network address translator is automatically translated and forwarded to
the Windows Server 2003-based computer
98. How to create application partition windows 2003 and its usage?
An application directory partition is a directory partition that is replicated only to specific domain
controllers. A domain controller that participates in the replication of a particular application directory
partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can
host a replica of an application directory partition.
Applications and services can use application directory partitions to store application-specific data.
Application directory partitions can contain any type of object, except security principals. TAPI is an
example of a service that stores its application-specific data in an application directory partition.
Application directory partitions are usually created by the applications that will use them to store and
replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can
manually create or manage application directory partitions using the Ntdsutil command-line tool.
99. Is it possible to do implicit transitive forest to forest trust relation ship in windows 2003?
Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit
trust
Two-way trust
One-way: incoming
One-way: Outgoing
Information is stored locally once this option is enabled and a user attempts to log on for the first time.
The domain controller obtains the universal group membership for that user from a global catalog. Once
the universal group membership information is obtained, it is cached on the domain controller for that
site indefinitely and is periodically refreshed. The next time that user attempts to log on, the
authenticating domain controller running Windows Server 2003 will obtain the universal group
membership information from its local cache without the need to contact a global catalog.
By default, the universal group membership information contained in the cache of each domain
controller will be refreshed every 8 hours.
RSoP provides details about all policy settings that are configured by an Administrator, including
Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts,
and Group Policy Software Installation.
When policies are applied on multiple levels (for example, site, domain, domain controller, and
organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and
their precedence (the order in which policies are applied).
72
102. Assign & Publish the applications in GP & how?
Through Group policy you can Assign and Publish the applications by creating .msi package for that
application
With Assign option you can apply policy for both user and computer. If it is applied to computer then the
policy will apply to user who logs on to that computer. If it is applied on user it will apply where ever he
logs on to the domain. It will be appear in Start menu—Programs. Once user click the shortcut or open
any document having that extension then the application install into the local machine. If any application
program files missing it will automatically repair.
With Publish option you can apply only on users. It will not install automatically when any application
program files are corrupted or deleted.
Low Level
73
Automated System Recovery (ASR) provides a facility to get Windows Server 2003 systems back up and
running quickly after a failure occurs.
Saved Queries: Active Directory Users and Computers now includes a new node named Saved Queries,
which allows an administrator to create a number of predefined queries that are saved for future access.
Group Policy Management Console (GPMC) is a new a new tool for managing Group Policy in Windows
Server 2003. While Group Policy–related elements have typically been found across a range of tools—such
as Active Directory Users And Computers, the Group Policy MMC snap-in, and others—GPMC acts as a
single consolidated environment for carrying out Group Policy–related tasks.
RSoP tool, the administrator could generate a query that would process all the applicable Group Policy
settings for that user for the local computer or another computer on the network. After processing the query,
RSoP would present the exact Group Policy settings that apply to that user, as well as the source Group
Policy object that was responsible for the setting.
Remote Desktop: In Windows Server 2003, Terminal Services Remote Administration mode is known as
Remote Desktop. Remote Desktop connections are enabled via the Remote tab in the System applet in
Control Panel. When connecting to a terminal server using an RDP 5.1 client, many of the local resources
are available within the remote session, including the client file system, smart cards, audio (output), serial
ports, printers (including network), and the clipboard.
Cross-Forest Trust Relationships : Windows Server 2003 supports cross-forest transitive trust
relationships to allow users in one forest to access resources in any domain in another, and vice versa.
Universal Group Membership Caching: Windows Server 2003 introduces a new feature aimed at
reducing the need for global catalog servers at all remote locations. Universal group membership caching is
a new feature that can be enabled on selected domain controllers, making them capable of caching universal
group information locally without being a full-fledged global catalog server.
Volume shadow copies of shared folders feature makes point-in-time backups of user data to ensure that
previous versions are easily accessible in cases where a user has accidentally deleted a file.
Application Directory Partitions: Active Directory forest has a copy of the schema partition, which
defines the object types that can be created, and their associated properties. Similarly, all domain controllers
in the forest hold a copy of the configuration partition, which holds information about sites and services.
Within a domain, all domain controllers hold a copy of the domain partition, which includes information
about the objects within that particular domain only.
Application directory partition. This new partition is unique in that it allows directory information to be
replicated to certain domain controllers only, on an as-necessary basis. Specifically designed for directory-
enabled applications and services, application directory partitions can contain any type of object, with the
exception of security principals such as users, computers, or security group accounts.
74
Distributed File System: DFS is enhanced for Windows Server 2003, Enterprise Edition and Windows
Server, Datacenter Edition by allowing multiple DFS roots on a single server. You can use this feature to
host multiple DFS roots on a single server, reducing administrative and hardware costs of managing multiple
namespaces and multiple replicated namespaces.
Improvements in Clustering:
In Datacenter Edition, the maximum supported cluster size has been increased from 4-nodes in Windows
2000, to 8-nodes in Windows Server 2003.
In Enterprise Edition, the maximum supported cluster size has been increased from 2-nodes in Windows
2000 Advanced Server to 8-nodes in Windows Server 2003.
Server clusters running Windows Server 2003, Enterprise Edition or Datacenter Edition integrate with the
Microsoft Active Directory® service.
This integration ensures that a "virtual" computer object is registered in Active Directory. This allows
applications to use Kerberos authentication and delegation to highly available services running in a cluster.
The computer object also provides a default location for Active Directory-aware services to publish service
control points.
Server clusters are fully supported on computers running the 64-bit versions of Windows Server 2003.
Windows Server 2003 supports Encrypting File System (EFS) on clustered (shared) disks.
RIS server supports to deploy all editions of Windows 2000, Windows XP Professional, and all editions of
Windows Server 2003 (except Windows 2000 Datacenter Server and Windows Server 2003, Datacenter
Edition.) In addition, administrators can use RIS servers using Risetup to deploy Windows XP 64-bit
Edition and the 64-bit versions of Windows Server 2003.
Point-to-Point Protocol over Ethernet (PPPoE) : Windows Server 2003 delivers a native PPPoE driver
for making broadband connections to certain Internet service providers (ISPs) without the need for
additional software.
Small businesses or corporate branch offices may also utilize PPPoE's demand dial capabilities to integrate
with the Routing and Remote Access service and NAT.
Internet Connection Firewall (ICF): ICF, designed for use in a small business, provides basic protection
on computers directly connected to the Internet or on local area network (LAN) segments. ICF is available
for LAN, dial-up, VPN, or PPPoE connections. ICF integrates with ICS or with the Routing and Remote
Access service.
Open File Backup: The backup utility included with Windows Server 2003 now supports "open file
backup". In Windows 2000, files had to be closed before initiating backup operations. Backup now uses
shadow copies to ensure that any open files being accessed by users are also backed up.(Need to modify
some registry keys)
Stub Zones: This is introduced in windows 2003 DNS. A stub zone is like a secondary zone in that it
obtains its resource records from other name servers (one or more master name servers). A stub zone is also
read-only like a secondary zone, so administrators can't manually add, remove, or modify resource records
on it. First, while secondary zones contain copies of all the resource records in the corresponding zone on
the master name server, stub zones contain only three kinds of resource records:
a. A copy of the SOA record for the zone.
b. Copies of NS records for all name servers authoritative for the zone.
75
c. Copies of (glue)A records for all name servers authoritative for the zone.
That's it--no CNAME records, MX records, SRV records, or A records for other hosts in the zone. So while
a secondary zone can be quite large for a big company's network, a stub zone is always very small, just a
few records. This means replicating zone information from master to stub zone adds almost nil DNS traffic
to your network as the records for name servers rarely change unless you decommission an old name server
or deploy a new one.
Windows NT SAM database is a flat database. And windows 2000 active directory database is a
hierarchical database.
In Windows NT only PDC is having writable copy of SAM database but the BDC is only having
read only database. In case of Windows 2000 both DC and ADC is having write copy of the
database.
Windows NT will not support FAT32 file system. Windows 2000 supports FAT32.
Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default
authentication protocol is Kerberos V5.
So many more features introduced in windows 2000, those are not Windows NT.
NTFS v5 supports Disk quotas.
Remote Installation Service
Built in VPN & NAT support
IPv6 supports.
USB support.
Distributed File System.
Clustering support.
ICS (Internet Connection Sharing)
PDC contains a write copy of SAM database where as BDC contains read only copy of SAM database. It
is not possible to reset a password with out PDC in Windows NT. But both can participate in the user
authentication. If PDC fails, we have to manually promote BDC to PDC from server manger.
There is no difference between in DC and ADC both contains write copy of AD. Both can also handles
FSMO roles (If transfers from DC to ADC). Functionality wise there is no difference. ADC just require for
load balancing & redundancy. If two physical sites are segregated with WAN link come under same domain,
better to keep one ADC in other site, and act as a main domain controller for that site. This will reduce the
WAN traffic and also user authentication performance will increase.
76
66. What is DNS & WINS
DNS is a Domain Naming System/Server, use for resolve the Host names to IP addresses and also do the
IP address to host name. It uses fully qualified domain names. DNS is a Internet standard used to resolve
host names. Support up to 256 characters.
WINS is a Windows Internet Name Service, which resolves Netbios names to IP Address and also
resolve the IP address to Netbios names. This is proprietary of Microsoft and meant for windows only.
Support up to 15 characters.
First time client is trying to get IP address DHCP server, If DHCP server is not found. Client will get
the class C -IP address from APIPA (Automatic Private I P Address) range 192.168.0.1-254.
If client already got the IP and having lease duration it use the IP till the lease duration expires.
Windows Server 2003 Active Directory supports the following types of trust relationships:
Tree-root trust Tree-root trust relationships are automatically established when you add a new tree root
domain to an existing forest. This trust relationship is transitive and two-way.
Parent-child trust Parent-child trust relationships are automatically established when you add a new
child domain to an existing tree. This trust relationship is also transitive and two-way.
Shortcut trust Shortcut trusts are trust relationships that are manually created by systems
administrators. These trusts can be defined between any two domains in a forest, generally for the
purpose of improving user logon and resource access performance. Shortcut trusts can be especially
useful in situations where users in one domain often need to access resources in another, but a long path
of transitive trusts separates the two domains. Often referred to as cross-link trusts, shortcut trust
relationships are transitive and can be configured as one-way or two-way as needs dictate.
Realm trust Realm trusts are manually created by systems administrators between a non–Windows
Kerberos realm and a Windows Server 2003 Active Directory domain. This type of trust relationship
provides cross-platform interoperability with security services in any Kerberos version 5 realm, such as a
UNIX implementation. Realm trusts can be either transitive or nontransitive, and one-way or two-way as
needs dictate.
77
External trust External trusts are manually created by systems administrators between Active Directory
domains that are in different forests, or between a Windows Server 2003 Active Directory domain and a
Windows NT 4.0 domain. These trust relationships provide backward compatibility with Windows NT
4.0 environments, and communication with domains located in other forests that are not con-figured to
use forest trusts. External trusts are nontransitive and can be configured as either one-way or two-way as
needs dictate.
Forest trust Forest trusts are trust relationships that are manually created by systems administrators
between forest root domains in two separate forests. If a forest trust relationship is two-way, it
effectively allows authentication requests from users in one forest to reach another, and for users in
either forest to access resources in both. Forest trust relationships are transitive between two forests only
and can be configured as either one-way or two-way as needs dictate.
By default implicit two way transitive trust relationship establish between all domains in the
windows 2000/2003 forest.
70. what is the process of DHCP for getting the IP address to the client
Discover ----- Client broadcast the packets to find the DHCP server
Offer ----- Server offers
Request for IP address ---- Client request for IP address to the offered server.
Acknowledge ----- Server sends the Acknowledgement to the client
NACK -------- If client not get the IP address after server given offer, then Server sends the Negative
Acknowledgement.
DHCP Server uses port no.: 67
DHCP Client uses port no.: 68
Dcpromo.log c:\windows\system32\dcpromp
Dcdiag
Netdiag
78
Responsible record in DNS ---- for know the responsible for person.
SYSVOL Consistency Considerations
SYSVOL is a file system folder that stores files that must be available and synchronized among all domain
controllers. SYSVOL contains the NETLOGON share, Group Policy settings, and File Replication service
(FRS) staging directories and files. SYSVOL is required for Active Directory to function properly.
SYSVOL is replicated by the File Replication service (FRS). FRS has a fixed tombstone lifetime of 60 days.
Because you cannot change this interval, any domain controller that is disconnected for more than 60 days
potentially has an outdated SYSVOL. Updating SYSVOL requires performing a non-authoritative restore of
SYSVOL.
In addition, SYSVOL replication cannot be synchronized manually. For this reason, ensuring that SYSVOL is
updated prior to disconnecting the domain controller is more difficult than simply updating SYSVOL when the
domain controller is reconnected. Regardless of the length of the disconnection, to
ensure that SYSVOL is synchronized when the domain controller is reconnected, prepare the domain controller
to perform a non-authoritative restore of SYSVOL prior to disconnecting it. When it restarts, non-authoritative
restore of SYSVOL occurs automatically. For information about performing non-authoritative restore of
SYSVOL, see “Restoring and Rebuilding SYSVOL” earlier in this guide.
Medium Level
61. what is the difference between Authorized DHCP and Non Authorized DHCP
62. Difference between inter-site and intra-site replication. Protocols using for replication.
63. How to monitor replication
64. Brief explanation of RAID Levels
79
65. what are the different backup strategies are available
66. what is a global catalog
67. what is Active Directory and what is the use of it
68. what is the physical and logical structure of AD
69. What is the process of user authentication(kerbros V5) in windows 2000
70. what are the port numbers for Kerberos, LDAP and Global catalog
71. what is the use of LDAP (X.500 standard?)
72. what are the problems that are generally come across DHCP
73. what is the role responsible for time synchronization
74. what is TTL & how to set TTL time in DNS
75. How to take DNS and WINS Backup
76. What is recovery console
77. what is DFS & its usage
78. what is RIS and what are its requirements
79. How many root replicas can be created in DFS
80. what is the difference between Domain DFS and Standalone DFS
High Level
80
135. what is universal group membership cache in windows 2003.
136. GPMC & RSOP in windows 2003?
137. Assign & Publish the applications in GP & how?
138. DFS in windows 2003?
139. How to use recovery console ?
140. PPEP protocol for VPN in windows 2003?
151. How can we get the list of worker process running in IIS along with the Application pool
name ?
81
Answer:
By running iisapp.vbs script from command Prompt.
Below are the steps :
1. Start > Run > Cmd
2. Go To Windows > System32
3. Run cscript iisapp.vbs
152. How we can open IIS Configuration manager ?
Answer: Just simply Run >inetmgr
Or we can open it from control panel > Administrative tools.
153 How we can create a Virtual Directory on IIS ?
Answer:
Open IIS Configuration Manager
First of all Right Click on Default web sites > New > Virtual Directory .
Browse the Physical Path. Set the properites. Click on OK
154 What are the permission settings are available for Virtual Directory ?
Answer: Below are the list of permission that can be set during virtaul directory creation
1. Read
2. Run Scripts
3. Execute:
4. Write:
5. Browse
155 What is the use of Enable Pinging Properties for Application Pool ?
Answer: IIS should periodically monitor the health of a worker process [ Idle or not ,
Time for recycle or not, All Worker process are running properly or not ] .
Pining means, Activation Process monitor Worker process performance, health, idle time
etc.
By default it sets to 30s .
156 What is the folder location for Virtual Directory ?
Answer: <Drive>:\inetpub\wwwroot
157 Does One Web Application can have multiple Application Pool ?
Answer: No. Every Web Application should have one Application Pool. Bydefault it is
"DefaultAppPool ".
158 What are the different security settings available in IIS ?
Answer: Below are the commonly used IIS Security settings
1 Anonymous
2 Integrated Windows Authentication
3. Basic Authentication
4. Digest Authentication
5. Passport Authentication
For Set security permission you need to go to Virtul Directory > Right Click > Properties
> Directory Security
Click on Edit Button .
159 What are the different version on IIS that you have worked on ?
Answer: Before answering this question you need to know what are the different IIS
version is available in different OS. Below is the list of IIS version with different
82
Operating system.
Windows Server 2008 - Windows Vista - Home Premium/ Ultimate - IIS 7.0
Windows Server 2003 - IIS 6.0
Windows XP Professional - IIS 5.1
Now based on your working experience you can say that you have worked on IIS 5.1 and
6.0 or only IIS 7. Etc.
Now, the next question that can asked after answering this question is “what is the
difference between them ? ” – Well I will come with this later.
160 What is Application Pool in IIS ?
Answer: Before Giving the Definition : you can say like this, Concept of Application pool
has from IIS 6.0 . Application pools are used to separate sets of IIS worker processes that
share the same configuration and application boundaries. Application pools used to
isolate our web application for better security, reliability, and availability and
performance and keep running with out impacting each other . The worker process serves
as the process boundary that separates each application pool so that when one worker
process or application is having an issue or recycles, other applications or worker
processes are not affected.
One Application Pool can have multiple worker process Also.
IIS provides a redesigned WWW architecture that can help you achieve better
performance, reliability, scalability, and security for our Web sites. IIS can support
following Protocol HTTP/HTTPS, FTP, FTPS, SMTP Etc. We need to host the site on
IIS, when request comes from client it first hits the IIS Server, then the server passed it to
ASP.NET worker process to execute. Then the response also passes to client via IIS itself.
Note only Hosting of Site we can create our FTP Server, SMTP Server using IIS itself.
There are different version of IIS available like 5.1, 6.0, 7.0 etc
162 What are the main layers of IIS Architecture ?
Answer: IIS having mainly two layer Kernel Mode and User Mode
83
163 What is Recycling of Application Pool ?
Answer: Recycling Application pool means recycle the Worker process (w3wp.exe ) and
the memory used for the web application.
There are two types of recycling related with Application pool
84
What iMarshalling is the process of gathering data from one or more applications or non-
contiguous sources in computer storage, putting the data pieces into a message buffer, and
organizing or converting the data into a format that is prescribed for a particular receiver
or programming interface.
What is Marshalling
s Marshalling
Contact milind
marshalling is the process of transforming the memory representation of an object to a
data format suitable for storage or transmission. It is typically used when data must be
moved between different parts of a computer program or from one program to another
173 How many data types are supported in Vbscript?
Answer: VBScript consists of only one data type (Variant)
174
85