Active Directory:

Active Directory is a centralized and standardized system that automates network management of user data, security and distributed resources and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.

Divisions in AD:
: The collection of every object, its attributes and attribute syntax in the Active Directory. Forest can contain numerous domains, each sharing a common schema. : A collection of computers that share a common set of policies, a name and a database of their members. units: Containers in which domains can be grouped. They create a hierarchy for the domain and create the structure of the Active Directory's company in geographical or organizational terms. : Physical groupings independent of the domain and OU structure. Sites distinguish between locations connected by low- and high-speed connections and are defined by one or more IP subnets.

Flexible Single Master of Operations

In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

FSMO Roles Explained

Within Active Directory not all Domain Controllers are equal some have certain roles assigned to them, these roles need to be performed by a single Domain Controller. These roles are called the FSMO roles (Flexible Single Master Operations). There are 5 roles 2 of which are forest wide and the other 3 are domain wide roles.
The 5 roles are as follows:

Schema master (forest wide):

The Schema Master controls all updates to the Schema within the forest.

Domain Naming Master (forest wide):

The Domain Naming Master role is responsible for the creation and deletion of domains in the forest.

PDC Emulator (domain wide):

The PDC emulator role provides backwards compatability for Windows NT backup domain controllers (BDCs), the PDC emulator advertises itself as the primary domain controller for the domain. It also acts as the domain master browser and maintains the latest password for all users within the domain.

Infrastructure Master (domain wide):

The Infrastructure Manager role is responsible for updating references from objects within its domain with objects in other domains.

RID Master (domain wide):

The RID Master manages the Security Identifier (SID) for every object within the domain.

To transfer the FSMO role the administrator must be a member of the following group: FSMO Role Schema Domain Naming RID PDC Emulator Infrastructure Domain Admins Administrator must be a member of Schema Admins Enterprise Admins

LDAP (Lightweight Directory Access Protocol)

LDAP software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features.

Group Policy
Group Policies in Microsoft Active Directory to define settings for users and computers throughout a network. These setting are configured and stored in what are called Group Policy Objects (GPOs), which are then associated with Active Directory objects, including domains and sites. Group Policy Object (GPO) is a collection of settings that define what a system will look like and how it will behave for a defined group of users. Microsoft provides a program snap-in that allows you to use the Group Policy Microsoft Management Console (MMC). The MMC allows you to create a GPO that defines registry-based polices, security options, software installation and maintenance options, scripts options, and folder redirection options.

DHCP:

DHCP stands for "Dynamic Host Configuration Protocol". DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address

DHCP Scopes

Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet. Superscope - A range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets. Multicast scope - A range of class D addresses from 224.0.0.0 to 239.255.255.255 that can be assigned to computers when they ask for them. A multicast group is assigned to one IP address. Multicasting can be used to send messages to a group of computers at the same time with only one copy of the message. The Multicast Address Dynamic Client Allocation Protocol (MADCAP) is used to request a multicast address from a DHCP server.

DNS Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address.

DNS Domain Name Hierarchy

Name Type

Description

Example

Root domain

This is the top of the tree, representing an unnamed level; it is sometimes shown as two empty quotation marks (""), indicating a null value. When used in a DNS domain name, it is stated by a trailing period (.) to designate that the name is located at the root or highest level of the domain hierarchy. In this instance, the DNS domain name is considered to be complete and points to an exact location in the tree of names. Names stated this way are FQDNs.

A single period (.) or a period used at the end of a name, such as example.microsoft.com.

Top-level domain

A name used to indicate a country/region or the type of organization using a name.

.com, which indicates a name registered to a business for commercial use on the Internet.

Secondlevel domain

Variable-length names registered to an individual or organization for use on the Internet. These names are always based on an appropriate top-level domain, depending on the type of organization or geographic location where a name is used.

microsoft.com. , which is the second-level domain name registered to Microsoft by the Internet DNS domain name registrar.

Subdomain

Additional names that an organization can create that are derived from the registered second-level domain name. These include

example.microsoft.com. , which is a fictitious subdomain assigned by

names added to grow the DNS tree of names in an organization and divide it into departments or geographic locations.

Microsoft for use in documentation example names.

Host or resource name

Names that represent a leaf in the DNS tree of names and identify a specific resource. Typically, the leftmost label of a DNS domain name identifies a specific computer on the network. For example, if a name at this level is used in a host (A) resource record, it is used to look up the IP address of computer based on its host name.

host-a.example.microsoft.com., where the first label (host-a) is the DNS host name for a specific computer on the network

DNS Domain Name com

Type of Organization Commercial organizations

edu

Educational institutions

org

Non-profit organizations

net

Networks (the backbone of the Internet)

gov

Non-military government organizations

mil

Military government organizations

arpa

Reverse DNS

xx

Two-letter country code (for example, us, au, ca, fr)

Name Host (A) Alias (CNAME) Mail Exchanger (MX) Pointer (PTR) Service location (SRV)

Description For mapping a DNS domain name to an IP address used by a computer. For mapping an alias DNS domain name to another primary or canonical name. For mapping a DNS domain, name to the name of a computer that exchanges or forwards mail. For mapping a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer. For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers. Other resource records as needed.

Port Number 1 5 7 18 20 21 22 23 25 29 37 42

Description TCP Port Service Multiplexer (TCPMUX) Remote Job Entry (RJE) ECHO Message Send Protocol (MSP) FTP -- Data FTP -- Control SSH Remote Login Protocol Telnet Simple Mail Transfer Protocol (SMTP) MSG ICP Time Host Name Server (Nameserv)

43 49 53 69 70 79 80 103 108 109 110 115 118 119 137 139 143 150 156 161 179 190

WhoIs Login Host Protocol (Login) Domain Name System (DNS) Trivial File Transfer Protocol (TFTP) Gopher Services Finger HTTP X.400 Standard SNA Gateway Access Server POP2 POP3 Simple File Transfer Protocol (SFTP) SQL Services Newsgroup (NNTP) NetBIOS Name Service NetBIOS Datagram Service Interim Mail Access Protocol (IMAP) NetBIOS Session Service SQL Server SNMP Border Gateway Protocol (BGP) Gateway Access Control Protocol (GACP)

194 197 389 396 443 444 445 458 546 547 563 569 1080

Internet Relay Chat (IRC) Directory Location Service (DLS) Lightweight Directory Access Protocol (LDAP) Novell Netware over IP HTTPS Simple Network Paging Protocol (SNPP) Microsoft-DS Apple QuickTime DHCP Client DHCP Server SNEWS MSN Socks

Backup Type full backup

Description A complete set of all files you wish to back up. Think of this as your 'reference set'. You only need perform a full backup occasionally. A backup of those files which have changed since the last backup of any type.

Pros Provides a complete copy of all your data; makes it easy to locate files which need restoring.

incremental backup

Uses the lease time and space as only those files changed since the last backup are copied; lets you back up multiple versions of the same file. Takes up less time and space than a full backup; provides for more efficient restoration than incremental backups.

differential backup

A backup of those files which have changes since the last full backup. Should be performed at regular intervals.

OSI Model Data unit Layer 7. Application Host layers Data 6. Presentation 5. Session Segment/Datagram Packet Media layers Frame 4. Transport 3. Network 2. Data Link Function Network process to application Data representation and encryption Interhost communication End-to-end connections and reliability Path determination and logical addressing Physical addressing (MAC & LLC) Media, signal and binary transmission, bits on a wire (0s and 1s)

Bit

1. Physical

Groups are useful for setting common privileges or type of access to a group of users. Security Groups: These are used for setting permissions on the objects (printer, data) it can also be used as a distribution groups. This can also be used for maintaining distribution list Distribution group: Do not provide security, used for e-mails.

SOA: is a Start of Authority record, which is a first record in DNS, which controls the startup behavior of DNS. We can configure TTL, refresh, and retry intervals in this record. What is Clustering? Briefly define & explain it Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs, which can only available in Enterprise Edition and Data center edition. In Windows we can configure two types of clusters NLB (network load balancing) cluster for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or proxy. Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In 2 node active-passive cluster one node will be active and one node will be stand by. When active server fails the application will FAILOVER to stand by server automatically. When the original server backs we need to FAILBACK the application Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is very important if Quorum disk fails entire cluster will fails Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster