WINDOWS 2000 Q. Name 3 differences between Windows 2000 Standard and Windows 2000 Advanced Server.? Ans.

The Windows 2000 Advanced Server operating system contains all the functionality and reliability of the standard version of Windows 2000 Server, plus additional features for applications that require higher levels of scalability and availability. This makes Advanced Server the right operating system for essential business and ecommerce applications that handle heavier workloads and high-priority processes. Advanced Server helps ensure your systems are available by addressing the causes of both planned and unplanned network and server downtime. It also has features that let your applications grow to support large numbers of users and data. Increasing Server Performance Advanced Server lets you increase server performance and capacity by adding processors and memory. This approach to increasing your network capacity is referred to as scaling up. You can increase the performance of a server computer by adding processors that can work together, and many well-known server manufacturers offer multi-processor servers. Enhanced symmetric multiprocessing (SMP) support in Advanced Server lets you use multiprocessor servers. Advanced Server includes enhanced memory capabilities that let you increase the memory available for server processing to as much as eight gigabytes (GB). As you well know, server downtime can result in lost revenue, wasted IT staff work, and unhappy customers. To address these concerns, the clustering technologies in Advanced Server let more than one server work together on a particular task. Clustering technologies increase server availability because they provide a safety net should one of the clustered servers fail. There are two clustering technologies in Advanced Server. The first, called the Cluster service, is used to link individual servers so they can perform common tasks. If one server stops functioning, its workload is transferred to the other server. The second clustering technology, called Network Load Balancing (NLB), is used to make sure a server is always available to handle requests. NLB works by spreading incoming client requests among a number of servers that are linked together to support a particular application Q. In reference to Windows 2000 DNS, what is resources records -better known as SRV records? Ans. Active uses DNS' as a locator service. These records allow clients and Server to locate various resources within Active Directory (Ex, Global Catalog server, AD Sites, KERBEROS, LDAP etc.) Q. What is the current service pack for Windows 2000? Ans. Windows 2000 Service Pack 4. Q. Where would I go in Windows 2000 to find out more information in reference to a service not starting? Ans. Event Viewer Q. What is Global Catalogue (GC)? Ans. Q. If there are domain and a child domain on two different servers, will we have GC on both the servers? Ans. Yes, we can have more than in every domain but one is compulsory. Q. Types of DNS Servers? Ans. Q.WHAT ARE 3 naming context of AD? Q. There are 3 servers on LAN, how do you check for connectivity and name resolution? Q. What is Mix mode environment? Q. What is Native Mode environment? Q. In NS Lookup I get an error: Unknown or non-existent domain. What does it mean? Q. What is FSMO? What are 5 FSMO roles?

Ans. flexible single master operations (FSMO) There are five different FSMO roles and they each play a different function in making Active Directory work: PDC Emulator - This role is the most heavily used of all FSMO roles and has the widest range of functions. The domain controller that holds the PDC Emulator role is crucial in a mixed environment where Windows NT 4.0 BDCs are still present. This is because the PDC Emulator role emulates the functions of a Windows NT 4.0 PDC. But even if you've migrated all your Windows NT 4.0 domain controllers to Windows 2000 or Windows Server 2003, the domain controller that holds the PDC Emulator role still has a lot to do. For example, the PDC Emulator is the root time server for synchronizing the clocks of all Windows computers in your forest. It's critically important that computer clocks are synchronized across your forest because if they're out by too much then Kerberos authentication can fail and users won't be able to log on to the network. Another function of the PDC Emulator is that it is the domain controller to which all changes to Group Policy are initially made. For example, if you create a new Group Policy Object (GPO) then this is first created in the directory database and within the SYSVOL share on the PDC Emulator, and from there the GPO is replicated to all other domain controllers in the domain. Finally, all password changes and account lockout issues are handled by the PDC Emulator to ensure that password changes are replicated properly and account lockout policy is effective. So even though the PDC Emulator emulates an NT PDC (which is why this role is called PDC Emulator), it also does a whole lot of other stuff. In fact, the PDC Emulator role is the most heavily utilized FSMO role so you should make sure that the domain controller that holds this role has sufficiently beefy hardware to handle the load. Similarly, if the PDC Emulator role fails then it can potentially cause the most problems, so the hardware it runs on should be fault tolerant and reliable. Finally, every domain has its own PDC Emulator role, so if you have N domains in your forest then you will have N domain controllers with the PDC Emulator role as well. RID Master - This is another domain-specific FSMO role, that is, every domain in your forest has exactly one domain controller holding the RID Master role. The purpose of this role is to replenish the pool of unused relative IDs (RIDs) for the domain and prevent this pool from becoming exhausted. RIDs are used up whenever you create a new security principle (user or computer account) because the SID for the new security principle is constructed by combining the domain SID with a unique RID taken from the pool. So if you run out of RIDS, you won't be able to create any new user or computer accounts, and to prevent this from happening the RID Master monitors the RID pool and generates new RIDs to replenish it when it falls beneath a certain level. Infrastructure Master - This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn't need to have much horsepower at all. Schema Master - While the first three FSMO roles described above are domain-specific, the Schema Master role and the one following are forest-specific and are found only in the forest root domain (the first domain you create when you create a new forest). This means there is one and only one Schema Master in a forest, and the purpose of this role is to replicate schema changes to all other domain controllers in the forest. Since the schema of Active Directory is rarely changed however, the Schema Master role will rarely do any work. Typical scenarios where this role is used would be when you deploy Exchange Server onto your network, or when you upgrade domain controllers from Windows 2000 to Windows Server 2003, as these situations both involve making changes to the Active Directory schema. Domain Naming Master - The other forest-specific FSMO role is the Domain Naming Master, and this role resides too in the forest root domain. The Domain Naming Master role processes all changes to the namespace, for example adding the child domain vancouver.mycompany.com to the forest root domain mycompany.com requires that this role be available, so you can't add a new child domain or new domain tree, check to make sure this role is running properly. FSMO Roles Best Practices Rule One: In your forest root domain, keep your Schema Master and Domain Naming Master on the same domain controller to simplify administration of these roles, and make sure this domain controller contains a copy of the Global Catalog. This is not a hard-and-fast rule as you can move these roles to different domain controllers if you prefer, but there's no real gain in doing so and it only complicates FSMO role management to do so. If for reasons of security policy however your company decides that the Schema Master role must be fully segregated from all other roles, then go ahead and move the Domain Naming Master to a different domain controller that hosts the Global Catalog. Note though that if you've raised your forest functional level to Windows Server 2003, your Domain Naming Master role can be on a domain controller that doesn't have the Global Catalog, but in this case be sure at least to make sure this domain controller is a direct replication partner with the Schema Master machine. Rule Two: In each domain, place the PDC Emulator and RID Master roles on the same domain controller and make sure the hardware for this machine can handle the load of these roles and any other duties it has to perform. This domain controller doesn't have to have the Global Catalog on it, and in general it's best to move these two roles to a machine that doesn't host the Global Catalog because this will help balance the load (the

Global Catalog is usually heavily used). Rule Three: In each domain, make sure that the Infrastructure Master role is not held by a domain controller that also hosts the Global Catalog, but do make sure that the Infrastructure Master is a direct replication partner of a domain controller hosting the Global Catalog that resides in the same site as the Infrastructure Master. Note however that this rule does have some exceptions, namely that the Infrastructure Master role can be held by a domain controller hosting the Global Catalog in two circumstances: when there is only one domain in your forest or when every single domain controller in your forest also hosts the Global Catalog. Q.In Windows 2000 server which 5 files are shared by default? Ans. Active Directory Services Q.What is Active Directory? A.The Active Directory catalogs information about all the objects on a network, including people, computers, and printers, and distributes that information throughout your network. Security is integrated with Active Directory through logon authentication and access control. With Active Directory, you only need to log on once to easily find and use resources anywhere on the network. For example, you can search Active Directory for a printer that prints in color and is located near your computer, a group of users managed by a particular individual, or a shared folder to which a unique keyword has been assigned. Q.What is Active directory Database? Ans. Windows 2000 Active Directory data store, the actual database file, is %SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects. Back to the real world. Only the Jet database can maniuplate information within the AD datastore. The Active Directory ESE database, NTDS.DIT, consists of the following tables: Schema table the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table. Link table contains linked attributes, which contain values referring to other objects in the Active Directory. Take the MemberOf attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table. Data table users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as GivenName. Q. Define Groups in Active Directory ? Ans. The following sections discuss the structure of groups and how you can use the various groups to help organize your network: Group Type: Security or Distribution Group Scope: Local, Domain Local, Global, or Universal How Domain Mode Affects Groups Windows 2000 Built-in, Predefined, and Special Groups Groups on Standalone Servers and Windows 2000 Professional Group Type: Security or Distribution Windows 2000 Server has two kinds of groups: Distribution groups Security groups Although this section is primarily about the role groups play in security, distribution groups are also briefly described to clarify the difference between the two group types. The next two subsections describe the characteristics of security and distribution groups. Distribution Groups

Distribution groups have only one functionto create e-mail distribution lists. You use distribution groups with email applications (such as Microsoft Exchange) to send e-mail to the members of the group. As with a security group, you can add a contact to a distribution group so that the contact receives e-mail sent to the group. Distribution groups play no role in security (you do not assign permissions to distribution groups), and you cannot use them to filter Group Policy settings. Security Groups In the Windows 2000 operating system, security groups are an essential component of the relationship between users and security. Security groups have two functions: To manage user and computer access to shared resources To filter Group Policy settings Q. What are Group Scope: Local, Domain Local, Global, or Universal ? Ans. Both types of groupsecurity and distributioncan have one of three scopes (four when you include local groups, which exist in Windows 2000 to provide backward compatibility with Windows NT groups). A group's scope determines the extent to which the group can be nested in other groups or referenced in DACLs on resources in the Active Directory domain or forest The four possible Windows 2000 group scopes are: Groups with local scope (also called local groups) Groups with domain local scope (also called domain local groups) Groups with global scope (also called global groups) Groups with universal scope (also called universal groups) Groups with Local Scope The local groups used in both Windows NT and Windows 2000 are precursors of and are in some ways similar to the domain local groups (described next) introduced in Windows 2000. Local groups are sometimes referred to as machine local groups to contrast them with domain local groups. Local groups have the following features: Mode. Local groups are the only type of local group available in a Windows 2000 mixed-mode domain. In the case of Windows 2000 native-mode domains, only Built-in groups have local scope. Membership. Local groups can have members from anywhere in the forest, from trusted domains in other forests, and from trusted down-level domains. Permissions. A local group has only machine-wide scope; that is, it can be used to grant resource permissions only on the machine on which it exists. (Note, however, that local groups created on a domain controller are available on every domain controller in that domain and can be used to grant resource permissions on any domain controller in that domain.) Groups with Domain Local Scope Domain local groups, a new feature of the Windows 2000 operating system, have the following features: Mode. Domain local groups are available only in native-mode (but not mixed-mode) domains. Membership. Like local groups, domain local groups can have members from anywhere in the forest, from trusted domains in other forests, and from trusted down-level domains. Permissions. A domain local group has domain-wide scope; that is, it can be used to grant resource permissions on any Windows 2000 machine within the domain in which it exists (but not beyond its domain). Groups with Global Scope Global groups, effectively the same as Windows NT global groups, have the following features: Mode. Global groups exist in both mixed-mode and native-mode domains. Membership. Global groups can have members from within their own domain (only). Permissions. Although a global group is limited to domain-wide scope as far as membership goes, it can be made a member of machine or domain local groups or granted permissions in any domain (including trusting domains in other forests and down-level domains with which a trust relationship exists). That is, groups with global scope can be put into other groups in any trusting domain. Groups with Universal Scope Universal groups, a new feature of the Windows 2000 operating system, have the following features: Mode. Universal groups are available only in native-mode domains. Membership. Universal groups can have members from any Windows 2000 domain in the forest. (Universal groups can contain members from mixed-mode domains in the same forest, but this is not recommended. Members from such domains cannot have the universal group's SID added to their access token because universal groups are not available in mixed-mode domains. Therefore, troubleshooting access problems would be difficult.) Permissions. Universal groups can be granted permissions in any domain, including in domains in other forests with which a trust relationship exists.

Q. Explain some Active Directory Commands ? Ans. Ldifde Creates, modifies, and deletes directory objects on computers running Windows Server 2003 operating systems or Windows XP Professional. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services. Syntax: Ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a UserDistinguishedName Password] [-b UserName Domain Password] [-?] Csvde Imports and exports data from Active Directory using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard. Csvde is a command-line tool that is installed in the %windir%/system32 folder on Windows Server 2003 by default. To run csvde on a computer running Windows Server 2003, open a command prompt, type csvde with the appropriate parameters, and then press ENTER. You can also run csvde on a computer running Windows XP Professional if you install Active Directory Application Mode (ADAM) on that computer. Csvde will be located in the %windir%/ADAM folder. To download ADAM, see Active Directory Application Mode (ADAM) at the Download Center (http://go.microsoft.com/fwlink/? LinkID=29359). Syntax: Csvde [-i ] [-f FileName] [-s ServerName] [-c String1 String2] [-v ] [-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l LDAPAttributeList] [-o LDAPAttributeList] [-g ] [-m ] [-n ] [-k ] [-a UserDistinguishedName Password] [-b UserName Domain Password]

Q. What are Operation Master Roles.? Ans. W2K AD domain controllers split up the master operations roles. This is usually transparent to most administrators. Active Directory will manage which domain controller has which master operations role. The key is normally. There are five master controller roles. By default, they are on the first domain controller in the domain. For performance issues, you probably want to split the roles apart. 1. Place the RID and PDC FSMO emulator roles on the same DC. 2. Place the infrastructure FSMO master on a non-global catalog server. 3. Place the domain naming FSMO master on a Global Catalog Server. Q.What is Domain Controller on Active Directory Services? And. The domain controllers in a Microsoft Windows network as well as backup domain controllers are central to the security of all devices on that network and must be secured to a high level. In a Windows 2000 Server domain, the domain controller is the computer running Windows 2000 Server that manages all user access on the network which includes logging on, authentication and access to the directory and shared resources. Q. Name atleast 5 services on Active directory Sevices? Q. What are hidden shares? And. A network share on a Microsoft <http://www.computerhope.com/comp/msoft.htm> network that is not visible when viewing another computers shares, however is still accessible if the name of the hidden share is known. Q. Creating a Microsoft Windows hidden share Ans. Microsoft Windows hidden share is created by adding a "$" symbol to the end of the name of the share. For example if you were sharing a folder named "hope" when creating the shared name adding a "$" to the end of hope so the shared name is "hope$" will make a hidden share. Q.Accessing a Microsoft Windows hidden share Ans. Assuming we were attempting to access the "hope$" share that we created in the above example from another computer we would type the below network path to access the hidden share. //<computer_name>/hope$ Q. Viewing Microsoft Windows hidden shares

Ans. Hidden shares give the users a false impression that the share cannot be found unless it is known. Although this may be true for most users, a user can still obtain numerous programs available on the Internet that enable a user to view all shares regardless if they are hidden or not. If you are creating a hidden share to protect sensitive data it is recommend you password protect the shareinstead of making it hidden. Q. What is SCHEMA in active directory database? Ans. The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest. The schema also contains formal definitions of every attribute that can exist in an Active Directory object. Q. What types of classes exist in Windows Server 2003 Active Directory? Ans. Structural class The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes. Abstract class Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects. Auxiliary class The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action. 88 class The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments.

Q. Name the file where database is store in Active directory Services? Ans. NTDS.DIT Q. What is REGEDIT ? It is a tool for editing registry. Q. Port Numbers for the following:And. HTTP 80 HTTPS 443 DNS 53 POP3 110 SMTP 25 TCP/IP FTP 21 TELNET 23 DHCP Client 546 DHCP Server 547 DHCP Server UPD 67 (While getting IP during Broadcast) Client Active Directory service (LDAP): 389 Global Catalog Default: 3268 Kerberos UDP, TCP 88 Q. Define Forest, tree, domain Q. How is server configured, migrated Q. Types of Backup Ans. The Backup utility supports five methods of backing up data on your computer or network. Copy backup A copy backup copies all selected files but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

Daily backup A daily backup copies all selected files that have been modified the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared). Differential backup A differential backup copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup. Incremental backup An incremental backup backs up only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets in order to restore your data. Normal backup A normal backup copies all selected files and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set. Backing up your data using a combination of normal backups and incremental backups requires the least amount of storage space and is the quickest backup method. However, recovering files can be time-consuming and difficult because the backup set can be stored on several disks or tapes. Backing up your data using a combination of normal backups and differential backups is more time-consuming, especially if your data changes frequently, but it is easier to restore the data because the backup set is usually stored on only a few disks or tapes. Q.Disaster Recovery Q.Database Corruption Problems Q. IMC And MTA & All Type Of Connectors Problems Q. Public Folder Replication Ans. One of the most common problems I see when people migrate from Exchange 5.5 to Exchange 2000 is the public folders seem to disappear. Technically, the public folders are migrated to the new server, but no one seems to be able to access them. In most cases this is caused by a glitch in the migration process. The Exchange 2000 Setup program examines the access control list for the public folder being migrated, and ensures that every user or group found on the access control list also exists in the Active Directory. If even a single user or group exists in the folders access control list but doesnt exist in the Active Directory, then nobody except for the public folders owner is given access to the public folder under Exchange 2000. What makes this problem even stranger is apparently it is a design feature rather than a glitch. I say this because migrating from Exchange 5.5 to Exchange 2003 works in the exact same way. The solution to the problem is to bring an Exchange 2000 Server online prior to attempting the migration. To do so, you can just load Windows 2000 Server and Exchange Server onto a spare PC. You can remove this temporary server from your Exchange organization and the network after the migration has been completed. In the meantime, you want to have this temporary Exchange 2000 Server online at the same time as your existing Exchange 5.x servers. Once you have the temporary server in place, run a DS/IS consistency check on your Exchange 5.x server. This will cause Exchange to identify any users or groups who have entries on access control lists within Exchange 5.x, but do not have a corresponding Active Directory account. These accounts are then removed from the access control list. This means you can safely replicate your public folders to the Exchange 2000 Server or migrate your Exchange 5.5 Servers to Exchange 2000 or Exchange 2003 without having to worry about public folder access problems. Before I explain how to do a DS/IS consistency check, I need to give you a word of caution. Before running the DS/IS consistency check, you must verify that all your existing Exchange Servers in all your sites are online and accessible. If you fail to do this and a site is inaccessible, you will cause major problems for your Exchange organization. With that said, open the Exchange Administrator program on your Exchange 5.5 Server. Next, select your Exchange Server from the server list and then select the Properties command from the consoles File menu. When you do, youll see the servers properties sheet. Select the Advanced tab and click on Consistency Adjustment.

When you see the DI/IS Consistency Adjustment dialog box, select the Remove Unknown User Accounts From Public Folder Permissions check box. Now, clear all other check boxes and click All Inconsistencies. When the process completes, it should be safe to migrate the public folders for that server. Exchange 5.5

Q. What Migration Wizard Does? Ans. Migration Wizard is designed to do the following things: - Create new Active Directory users based on Exchange 5.5 accounts in the source organization (if matching users do not already exist in Active Directory). - Convert Active Directory contacts to users. - Migrate X.400, SMTP, cc:Mail, Microsoft Mail, and other e-mail addresses into the e-mail addresses attribute of the new Active Directory user. - Migrate the following mailbox and calendar data to the new Exchange 2000 mailboxes: - Inbox - Drafts - Sent Items - Calendar - Tasks - Custom folders created by the mailbox owner - Update Exchange 2000 groups (but does not migrate Exchange 5.5 distribution lists). For example, a distribution group in Active Directory may contain contacts. During migration, the Active Directory contacts become disabled users, and the distribution group in Active Directory is updated to reflect this change. Q. What Migration Wizard Does Not Do? Ans. Migration Wizard is not designed to do the following things: - Migrate mailboxes within an organization (in other words, migrate from Exchange 5.5 to Exchange 2000 in the same Exchange 5.5 organization or forest). The source server running Exchange 5.5 must be in a different organization (forest) from the target server running Exchange 2000. - Clean up mailboxes on the server running Exchange 5.5 after migration. Old mailboxes continue to receive mail after migration unless you delete the old mailboxes or set up alternate recipients that point to the Exchange 2000 mailboxes. - Migrate personal mail archives or personal address books. For information about methods for migrating personal mail archives or personal address books, see the Exchange 2000 online documentation. - Migrate distribution lists. Two options exist for migrating distribution lists. Either convert distribution lists to public folders and then migrate the public folders, or export the distribution lists and use the LDIFDE or CSVDE command prompt utilities to convert them. - Migrate custom recipients. Instead, Migration Wizard creates contacts from the custom recipients. - Migrate Inbox rules. After migration, mailbox owners must re-create their Inbox rules in Microsoft Outlook. - Migrate public folders. Use the Exchange Server InterOrg Replication utility to replicate standard and free and busy public folders to Active Directory and Exchange 2000 public folder stores. Then, locate each public folder in the new organization by adding a public folder replica to the server running Exchange 2000 and removing the public folder from the source server. (For more information, see Q288150, "XADM: How to Rehome Public Folders in Exchange 2000 Server," in the Microsoft Knowledge Base.) The Exchange InterOrg Replication utility is available in the Support\Exchsync\ directory on the Exchange 2000 compact disc. (For more information, see Q238573, "XADM: Installing, Configuring, and Using the InterOrg Replication Utility," in the Microsoft Knowledge Base.) - Migrate mailboxes from one server running Exchange 2000 to another server running Exchange 2000. - Preserve access control lists (ACLs) to other mailboxes or public folders. For example, if a mailbox owner updates his or her profile after migration to reference the new mailbox, he or she will not be able to access any mail resources in the old Exchange 5.5 organization. Q. What do you understand by an Exchange Server? Ans. Exchange Server, the Microsoft messaging and collaboration server, is software that runs on servers that enables you to send and receive electronic mail and other forms of interactive communication through computer networks. Designed to interoperate with a software client application such as Microsoft Outlook, Exchange Server also interoperates with Outlook Express and other e-mail client applications.

Q. Describe Mail Flow in an exchange Server. Q. Name at least 5 services on an Exchange 5.5 server. Q. What is the latest Service Pack for Exchange 5.5 server? Q. What files are usually located in the MDBDATA directory on an Exchange 5.5 server Ans: pub.edb, edb.chk edb.log, res I res2.log. transaction logs Q. What is the difference between Priv.edb and Pub.edb? Ans : Priv.edb is the private information store primarily for mailboxes. Pub.edb is a public information store for public folders, Information.

Exchange 2000

Q. Where is the directory information stored in Exchange 2000? Ans. The most notable difference between Exchange 5.5 and Exchange 2000 is the location where directory information is stored. In Exchange 5.5, directory information resides in the Exchange 5.5 directory. Exchange 2000, however, relies entirely on Microsoft Active Directory directory service. To migrate mailboxes from Exchange 5.5 to Exchange 2000, you must update Active Directory with all of the accounts that exist in the Exchange 5.5 directory. You can use Migration Wizard to do this process for you by allowing Migration Wizard to match Exchange 5.5 mailboxes with existing Active Directory users and create users if they do not already exist.

You access Migration Wizard from the Start menu (click Start, point to Programs, point to Microsoft Exchange, and then click Migration Wizard).

Note You can also use the command prompt utility, Mailmig.exe, with a combination of switches and a control file to perform a batch-process migration

Q.How many times do you need to run forest prep in a single Active Directory forest that contains 4 domains? Ans. Only one because Forestprep runs on the Root to update the schema but if you want to run Domainprep you need to run for all the domain as there are 4 domains.

Setup /forestprep. The /forestprep option runs in the AD forest domain that hosts the schema master (typically the root domain). The option updates the schema, instantiates the Exchange 2000 organization, adds the Exchange 2000 container to the configuration naming context, and creates the Domain EX Admins and All Exchange Servers universal groups. The /forestprep option is useful when you want to replicate schema updates throughout the forest before any server installations begin.

You can't execute this command unless you can log on with Enterprise and Schema Admin privileges. In addition, if you need to join an existing Exchange Server 5.5 organization, you must have Read access (at a minimum) to the Exchange Server 5.5 Directory Store. (This option replaced the /schema only command-line switch that was in the first Exchange 2000 public beta.) If you plan to run a mixed-mode Exchange server organization, you must install the ADC within the organization before you run /forestprep.

((( The Forestprep Utility will perform three major functions. It creates an Exchange organization object in AD, defines the first Exchange administrator account, and extends the AD Schema with the Exchange 2000 schema extensions. There are user rights required to run Forestprep. If your plan is to create a new Exchange 2000 organization, you can use an account that has rights to modify the schema and to write information to the Configuration Naming Context. A member of the Schema Admins and Enterprise Admins security groups has these rights. If you are migrating from an existing Exchange 2000 Organization, you should clone the service account from NT to Win2K and make this cloned account a member of the same two security groups. Then, use the service account to log on to run Forestprep to get sufficient rights to execute the operation.)))

Setup /domainprep. The /domainprep option runs in every domain in which an Exchange 2000 server resides. The option performs tasks such as creating the global groups that Exchange administration uses. You must be a domain administrator to run this option.

The Domainprep Utility will perform several crucial tasks. It will create the global security group Exchange Domain Servers, create the local security group Exchange Enterprise Servers, place the Exchange Domain Server group into the Exchange Enterprise Servers group, grant permission for the Exchange Enterprise Servers on the Domain object and the AdminSDHolder object, create the Microsoft Exchange System Objects container underneath the domain node, and change the DC security policy to let all Exchange servers manage the auditing and security log. The Domainprep Utility will run quickly. After it is complete, allow time for the domain changes to replicate to all DCs. Then, to set the security policy, run the command: secedit / refreshpolicy machine_policy

Q. What is the Active Directory Connector (ADC)? A. The task of the ADC is to replicate directory information (such as mailboxes, users and groups) between the Exchange 5.5 directory and Active Directory. The ADC uses LDAP to contact both the Exchange 5.5 and Active Directory. LDAP works efficiently over all types of network links, regardless of whether the connection is fast, slow, or high latency. With the help of the ADC, you can create the following CA (Connection Agreement): Recipient Connection Agreement Public Folder Connection Agreement Recipient Connection Agreement The Recipient Connection Agreement creates a connector to replicate mailbox information, distribution lists and custom recipients from Exchange 5.5 to Active Directory. Public Folder Connection Agreement

The Public Folder Connection Agreement creates a connector to replicate Public Folder information (not the content of Public Folders) from Exchange 5.5 to Active Directory. It is important to know that the Recipient Connection Agreement and Public Folder Connection Agreement dont replicate the content of Public Folders and Mailboxes. Organizations deploy Active Directory Connector (ADC) for four main reasons: To replicate Microsoft Exchange directory information (from DIR.EDB) to Microsoft Active Directory (NTDS) To replicate existing Microsoft Exchange Server version 5.5 directory data to Active Directory so that third-party applications can take advantage of it. To replicate directory information between Active Directory and the Exchange directory for coexistence from one management application. To deploy Exchange 2003 Server in an existing Exchange 5.5 environment for consolidation and migration purposes.

Q. What is the Recipient Update Service (RUS)? A; The Recipient Update Service (RUS) is a very important component in your Exchange
installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory. Many people ask a simple question, "I just created a new mailbox, but when I look at the users properties in Active Directory Users and Computers, nothing is listed on the Email Address Tab, what did I do wrong?", well the simple answer is nothing, the RUS takes it's time to update all the information in AD, so give it some time and everything will appear. What we will discuss here is how to ensure that the RUS is running correctly and some issue with using RUS in a multiple domain environment. By default your organization will have two RUS objects (Figure 1) a. The "Enterprise Configuration" Recipient Update Service is responsible for the updating of the email addresses for the system objects such as the Message Transfer Agent (MTA) and System Attendant. The "Domain" Recipient Update Service is responsible for the updating of the address information for recipient objects in the domain that it is responsible for, in Figure 1 our domain is NWTRADERS

b.

To adjust the properties for the Recipient Update Service, right click over the service and then select Properties, the properties for the Recipient Update Service will now be displayed (Figure 2). Field Domain Exchange Server Description This is the domain that is serviced by this Recipient Update Service. This is the Exchange server responsible for the creation and updating of the address list for the domain specified in the Domain field.

The Windows 2000 Domain Controller that this Recipient Windows 2000 Update Service will connect to when it creates and Domain Controller updates the address list. Update Interval How often the Recipient Update Service will run, if you leave it selected to "Always Run" it will update once every minute.

Q. What Makes Exchange 2000 Better Than Exchange 5.5? Ans. The key difference between the two servers is that Exchange 2000 relies entirely on Windows 2000
Active Directory for all directory and security information. Because there is no separate Exchange directory, this integration between Exchange and Windows creates the following far-reaching effects: * It allows for dramatic improvements in flexible administration brought about when network security and messaging share the same directory. * It creates a stronger link and dependence between Exchange and Windows administrators, who now have to work together more than ever before. * It provides a new user model, which has expanded to include attributes for mail delivery and storage, as well as a new Windows 2000 group model, which supports the functionality of both Exchange 5.5 distribution lists and Microsoft Windows NT 4.0 groups. * Because Exchange 2000 uses only Active Directory, several new components now exist, such as the Active Directory Connector (ADC), Site Replication Service (SRS), and Recipient Update Service(RUS). *Another major difference between Exchange 5.5 and Exchange 2000 is the relationship between user mailboxes and Windows accounts. Q. What is Site Replication Service (SRS)? Ans. Q. What is LSDOU ? Ans. Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. Q. What is Forward lookup and Reverse lookup Zone? Ans. Forward lookup DNS zones allow a resolver (an application included in web browsers and most FTP software) to obtain an IP address when the host name is known. We can set up forward lookup zones to manage our resources by assigning resources to certain domain locations. In Figure 3.2, the top-level domain is .com. The second-level domain is our company domain, what. Assume that we have corporate offices in Charlotte, St. Louis, New Orleans, and Sacramento. We have decided to partition the what domain into three domains: east.what.com, central.what.com, and west.what.com. Our corporate headquarters is in Charlotte, and a majority of the employees are located there. Computer personnel work out of the Sacramento office, sales and marketing staff work primarily from the New Orleans office, and warehousing and storage is located in St. Louis. For effective and efficient management of our network resources, we will divide our domain structure into two zones. One zone will include the west.what.com domain, and the other zone will include the central.what.com and east.what.com domains. Zone names are derived from the root domain of the zone. Based on this information, the zone names for our domain structure will be what.com (this includes both central.what.com, and east.what.com), and west.what.com. These are the Forward lookup zones for what.com, where hosts look to resolve a FQDN with an IP address.

Reverse Lookup Zones A Reverse lookup DNS zone allows a resolver to obtain a host name when an IP address is known. Forward lookup zone files are not configured to respond to this type of query. In order to answer a reverse lookup query, you must first create a new zone, the reverse lookup zone. Reverse lookup zones are contained in a special domain called in-addr.arpa. This special domain behaves similarly to the forward lookup zone. Subdomains in the in-addr.arpa zone are configured using the octets in the dotted quads of each network ID. Each octet is reversed in the naming of each zone. For example, you have a network ID of 132.165.7.0. The reverse lookup zone for this domain is 7.165.132.in-addr.arpa. If you have a Network ID of 151.255.0.0, the reverse lookup zone is 255.151.in-addr.arpa. Reverse lookup zones are created independently of Forward lookup zones. Pointer records (PTR) are created when you set up the reverse lookup zones for your domain. You can manually enter the reverse lookup zones for each computer on your network, or you can automatically create the PTR record when you enter a record into the Forward lookup zone. Q. If there are two Windows 2003 computer connected in Network. One Computer is the Domain having FSMO Rules. Somehow the Domain Controller is burnt so how we will get back all FSMO roles through other Computer. Ans. You can transfer FSMO roles either by using the Microsoft Management Console (MMC) Active Directory (AD) snap-ins (e.g., Active Directory Users and Computers) or the Ntdsutil utility. However, if the server trying to take ownership of the FSMO role can't contact that role, you might need to force the FSMO role transfer by using Ntdsutil with the seize switch. To use this option, perform the same actions as you usually do when transferring a role with Ntdsutil, except that instead of entering the command fsmo maintenance: transfer <role> enter the command fsmo maintenance: seize <role> When you use the seize option, Ntdsutil first tries to transfer the role gracefully. If that transfer fails, Ntdsutil forces the role transfer. You should use the seize option only when the current role holder will be offline indefinitely and its functionality must remain available. Q. What is Loopback Policy. Is it possible that a User logs on to different machine but when he logs on one particular machine the RUN command text box is deactivated. And. Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to. 1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration. 2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers where you must modify the user policy based on the computer that is being used. For example, computers in public areas, in laboratories, and in classrooms. Note Loopback is supported only in an Active Directory environment. Both the computer account and the user account must be in Active Directory. If a Microsoft Windows NT 4.0 based domain controller manages either account, the loopback does not function. Q. Can we set different Account policy for different users in a OU ? Ans. No, account policy like password policy will be same across domain.

Q. How DHCP works. If one computer is connected to a network how it gets the IP address from DHCP? Ans. DHCP uses a client-server model. The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration information and provide it to clients. The server database includes the following: Valid configuration parameters for all clients on the network. Valid IP addresses maintained in a pool for assignment to clients, plus reserved addresses for manual assignment. Duration of a lease offered by the server. The lease defines the length of time for which the assigned IP address can be used. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP address and related configuration parameters dynamically each time they start and join your network. DHCP servers provide this configuration in the form of an address-lease offer to requesting clients

The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores the configuration information in a database, which includes: Valid TCP/IP configuration parameters for all clients on the network. Valid IP addresses, maintained in a pool for assignment to clients, as well as reserved addresses for manual assignment. Duration of the lease offered by the serverthe length of time for which the IP address can be used before a lease renewal is required. A DHCP-enabled client, upon acceptance of a lease offer, receives: A valid IP address for the network it is joining. Additional TCP/IP configuration parameters, referred to as DHCP options Discover Broadcast when a client connects to network Offer Server offers IPs from available pool Request Client take an IP and server sends all configuration to client. Acknowledgement Sends acknowledgement to Server with IP bindings with NIC Q. Troubleshooting DHCP Client ? Ans. Troubleshooting DHCP Clients The most common DHCP client problem is a failure to obtain an IP address or other configuration parameters from the DHCP server during startup. When a client fails to obtain configuration, answer the following questions in order to quickly identify the source of the problem. DHCP client does not have an IP address configured or has an IP address configured as 0.0.0.0. The client was not able to contact a DHCP server and obtain an IP address lease, either because of a network hardware failure or because the DHCP server is unavailable.

Verify that the client computer has a valid, functioning network connection. First, check that related client hardware devices (cables and network adapters) are working properly at the client. DHCP client has an auto-configured IP address that is incorrect for its current network. The Windows 2000 or Windows 98 DHCP client could not find a DHCP server and has used the Automatic Private IP Addressing (APIPA) feature to configure its IP address. In some larger networks, disabling this feature might be desirable for network administration. First, use the ping command to test connectivity from the client to the server. Next, verify or manually attempt to renew the client lease. Depending on your network requirements, it might be necessary to disable APIPA at the client. Next, if the client hardware appears to be functioning properly, check that the DHCP server is available on the network by pinging it from another computer on the same network as the affected DHCP client. Also, try releasing or renewing the client's address lease, and check the TCP/IP configuration settings on automatic addressing. The DHCP client is missing configuration details. The client might be missing DHCP options in its leased configuration, either because the DHCP server is not configured to distribute them or the client does not support the options distributed by the server. For Microsoft DHCP clients, verify that the most commonly used and supported options have been configured at either the server, scope, client, or class level of option assignment. Check the DHCP option settings. The client has the full and correct set of DHCP options assigned, but its network configuration does not appear to be working correctly. If the DHCP server is configured with an incorrect DHCP router option (option code 3) for the client's default gateway address, clients running Windows NT or Windows 2000 do not use the incorrect address. However, DHCP clients running Windows 95 use the incorrect address. Change the IP address list for the router (default gateway) option at the applicable DHCP scope and server, and set the correct value in the Scope Options tab of the Scope Properties dialog box. In rare instances, you might have to configure the DHCP client to use a specialized list of routers different from other scope clients. In such cases, you can add a reservation and configure the router option list specifically for the reserved client. DHCP clients are unable to get IP addresses from the server. This problem can be caused the following: The IP address of the DHCP server was changed and now DHCP clients cannot get IP addresses. A DHCP server can only service requests for a scope that has a network ID that is the same as the network ID of its IP address. Make sure that the DHCP server IP address falls in the same network range as the scope it is servicing. For example, a server with an IP address in the 192.168.0.0 network cannot assign addresses from scope 10.0.0.0 unless superscopes are used. The DHCP clients are located across a router from the subnet where the DHCP server resides and are unable to receive an address from the server. A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router that separates them can act as a DHCP relay agent. Completing the following steps might correct this problem: 1. Configure a BOOTP/DHCP relay agent on the client subnet (that is, the same physical network segment). The relay agent can be located on the router itself or on a Windows 2000 Server computer running the DHCP Relay service component. 2. At the DHCP server, configure a scope to match the network address on the other side of the router where the affected clients are located. 3. In the scope, make sure that the subnet mask is correct for the remote subnet. 4. Use a default gateway on the network connection of the DHCP server in such a way that it is not using the same IP address as the router that supports the remote subnet where the clients are located. 5. Do not include this scope (that is, the one for the remote subnet) in superscopes configured for use on the same local subnet or segment where the DHCP server resides. 6. Make sure there is only one logical route between the DHCP server and the remote subnet clients.

 Multiple DHCP servers exist on the same local area network (LAN). Make sure that you do not configure multiple DHCP servers on the same LAN with overlapping scopes. You might want to rule out the possibility that one of the DHCP servers in question is a Small Business Server (SBS) computer. By design, the DHCP service, when running under SBS, automatically stops when it detects another DHCP server on the LAN. Q. How DHCP client contacts DHCP server? Ans. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP address and related configuration parameters dynamically each time they start and join your network. DHCP servers provide this configuration in the form of an address-lease offer to requesting clients. Address Conflicts : DHCP operates on a lease renewal basis. During the leasing process, address conflicts can occur as leases are renewed and expired. Client lease requests might be denied by the server for invalid (out of pool) or duplicate addresses. Multiple address conflict messages can indicate that your lease period, your scope, or both, need adjustment in your DHCP server configuration. Client Service Availability: A computer running Microsoft Windows Vista becomes a DHCP client if Obtain an IP address automatically is selected in its TCP/IP properties. When a client computer is set to use DHCP, it accepts a lease offer and can receive the following from the server: - Temporary use of an IP address known to be valid for the network it is joining. - Additional TCP/IP configuration parameters for the client to use in the form of options data. Configuration: Each time a DHCP client starts, it requests IP addressing information from a DHCP server, including: Ip Address. Subnet mask Additional configuration parameters, such as a default gateway address, Domain Name System (DNS) server addresses, a DNS domain name, and Windows Internet Name Service (WINS) server addresses. When a DHCP server receives a request, it selects an available IP address from a pool of addresses defined in its database (along with other configuration parameters) and offers it to the DHCP client. If the client accepts the offer, the IP addressing information is leased to the client for a specified period of time. The DHCP client will typically continue to attempt to contact a DHCP server if a response to its request for an IP address configuration is not received, either because the DHCP server cannot be reached or because no more IP addresses are available in the pool to lease to the client. For DHCP clients that are based on Microsoft Windows Vista, Microsoft Windows XP or Windows Server 2003 operating systems, the DHCP Client service uses the alternate configuration when it cannot contact a DHCP server. The alternate configuration can be either an Automatic Private IP Addressing (APIPA) address or an alternate configuration that has been configured manually.

Ipv6 Availability : DHCP can lease both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) addresses. If IPv6 is not available, the DHCP service uses IPv4 only. Lease Availability: Each time a DHCP client starts, it requests IP addressing information from a DHCP server, including : Ip Address. Subnet mask

Additional configuration parameters, such as a default gateway address, Domain Name System (DNS) server addresses, a DNS domain name, and Windows Internet Name Service (WINS) server addresses. When a DHCP server receives a request, it selects an available IP address from a pool of addresses defined in its database (along with other configuration parameters) and offers it to the DHCP client. If the client accepts the offer, the IP addressing information is leased to the client for a specified period of time. The DHCP client will typically continue to attempt to contact a DHCP server if a response to its request for an IP address configuration is not received, either because the DHCP server cannot be reached or because no more IP addresses are available in the pool to lease to the client. For DHCP clients that are based on Microsoft Windows Vista, Microsoft Windows XP or Windows Server 2003 operating systems, the DHCP Client service uses the alternate configuration when it cannot contact a DHCP server. The alternate configuration can be either an Automatic Private IP Addressing (APIPA) address or an alternate configuration that has been configured manually. Network Errors: A network error might prevent the DHCP client from sending messages to the DHCP server. DHCP clients and servers use the following messages to communicate during the DHCP configuration process: DHCPDiscover - Sent from client to server to initially discover the presence of DHCP servers on the network. DHCPOffer - Sent from server to client to respond to the DHCPDiscover message. The DHCPOffer message contains an IP address configuration offered to the requesting DHCP client. DHCPRequest - Sent from client to server to request a specific IP address configuration from a specific DHCP server. DHCPAck - Sent from server to client to acknowledge that the client has been allocated a specific IP address configuration. DHCPNak - Sent from server to client to indicate that the client cannot use a specific IP address configuration. For example, DHCP servers send DHCPNak messages when a wireless client has moved to a different subnet and attempts to renew the lease on its previous address. DHCPDecline - Sent from client to server to indicate that the offered IP address configuration is invalid. For example, DHCP clients send DHCPDecline messages when they discover that the offered IP address is a duplicate. DHCPRelease - Sent from client to server to indicate that the DHCP client is no longer using the IP address configuration. DHCPInform - Sent from client to server to request additional configuration settings. Q. What is Unicasting and Multicasting? Ans. Unicasting is where nodes of the network only have the ability to send to one other node at a time whereas In a multicast transport service, a single node can send a single data stream to many destinations. Q. Difference and advantages between NAS and SAN ? Ans. At first glance NAS and SAN might seem almost identical, and in fact many times either will work in a given situation. After all, both NAS and SAN generally use RAID connected to a network, which then are backed up onto tape. However, there are differences -- important differences -- that can seriously affect the way your data is utilized. For a quick introduction to the technology, take a look at the diagrams below.

Wires and Protocols Most people focus on the wires, but the difference in protocols is actually the most important factor. For instance, one common argument is that SCSI is faster than ethernet and is therefore better. Why? Mainly, people will say the TCP/IP overhead cuts the efficiency of data transfer. So a Gigabit Ethernet gives you throughputs of 60-80 Mbps rather than 100Mbps. But consider this: the next version of SCSI (due date ??) will double the speed; the next version of ethernet (available in beta now) will multiply the speed by a factor of 10. Which will be faster? Even with overhead? It's something to consider. The Wires --NAS uses TCP/IP Networks: Ethernet, FDDI, ATM (perhaps TCP/IP over Fibre Channel someday) --SAN uses Fibre Channel The Protocols --NAS uses TCP/IP and NFS/CIFS/HTTP --SAN uses Encapsulated SCSI Difference between NAS and SAN NAS Almost any machine that can connect to the LAN (or is interconnected to the LAN through a WAN) can use NFS, CIFS or HTTP protocol to connect to a NAS and share files. A NAS identifies data by file name and byte offsets, transfers file data or file meta-data (file's owner, permissions, creation data, etc.), and handles security, user authentication, file locking A NAS allows greater sharing of information especially between disparate operating systems such as Unix and NT. File System managed by NAS head unit Backups and mirrors (utilizing features like NetApp's Snapshots) are done on files, not blocks, for a savings in bandwidth and time. A Snapshot can be tiny compared to its source volume. SAN Only server class devices with SCSI Fibre Channel can connect to the SAN. The Fibre Channel of the SAN has a limit of around 10km at best A SAN addresses data by disk block number and transfers raw disk blocks. File Sharing is operating system dependent and does not exist in many operating systems.

File System managed by servers Backups and mirrors require a block by block copy, even if blocks are empty. A mirror machine must be equal to or greater in capacity compared to the source volume. Q. What is RAID read and write speed in all RAID 0,1,2,3,4,5,6 ? Ans. Standard RAID Levels RAID 0: Striped Set (2 disks minimum) without parity. Provides improved performance and additional storage but no fault tolerance from disk errors or disk failure. Any disk failure destroys the array, which becomes more likely with more disks in the array. The reason a single disk failure destroys the entire array is because when data is written to a RAID 0 drive, the data is broken into "fragments". The number of fragments is dictated by the number of disks in the drive. Each of these fragments are written to their respective disks simultaneously on the same sector. This allows smaller sections of the entire chunk of data to be read off the drive in parallel, giving this type of arrangement huge bandwidth. When one sector on one of the disks fails, however, the corresponding sector on every other disk is rendered useless because part of the data is now corrupted. RAID 0 does not implement error checking so any error is unrecoverable. More disks in the drive means higher bandwidth, but greater risk of data loss. RAID 1: Mirrored Set (2 disks minimum) without parity. Provides fault tolerance from disk errors and single disk failure. Increased read performance occurs when using a multi-threaded operating system that supports split seeks, very small performance reduction when writing. Array continues to operate so long as at least one drive is functioning. RAID 3 and RAID 4: Striped Set (3 disk minimum) with Dedicated Parity, the parity bits represent a memory location each, they have a value of 0 or 1, whether the given memory location they represent, is empty or full, thus enhancing the speed of read and write. This mechanism provides an improved performance and fault tolerance similar to RAID 5, but with a dedicated parity disk rather than rotated parity stripes. The single disk is a bottle-neck for writing since every write requires updating the parity data. One minor benefit is the dedicated parity disk allows the parity drive to fail and operation will continue without parity or performance penalty. RAID 5: Striped Set (3 disk minimum) with Distributed Parity. Distributed parity requires all but one drive to be present to operate; drive failure requires replacement, but the array is not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be calculated from the distributed parity such that the drive failure is masked from the end user. The array will have data loss in the event of a second drive failure and is vulnerable until the data that was on the failed drive is rebuilt onto a replacement drive. RAID 6: Striped Set (4 disk minimum) with Dual Distributed Parity. Provides fault tolerance from two drive failures; array continues to operate with up to two failed drives. This makes larger RAID groups more practical, especially for high availability systems. As drives grow in size, they become more prone to error and exposure to failure during fixing, a single drive may be 1 Terabyte in size. Single parity RAID levels are vulnerable to data loss until the failed drive is rebuilt: the larger the drive, the longer the rebuild will take. With dual parity, it gives time to rebuild the array by recreating a failed drive with the ability to sustain failure on another drive in the same array.

Nested RAID Levels Many storage controllers allow RAID levels to be nested. That is, one RAID can use another as its basic element, instead of using physical drives. It is instructive to think of these arrays as layered on top of each other, with physical drives at the bottom. Nested RAIDs are usually signified by joining the numbers indicating the RAID levels into a single number, sometimes with a '+' in between. For example, RAID 10 (or RAID 1+0) conceptually consists of

multiple level 1 arrays stored on physical drives with a level 0 array on top, striped over the level 1 arrays. In the case of RAID 0+1, it is most often called RAID 0+1 as opposed to RAID 01 to avoid confusion with RAID 1. However, when the top array is a RAID 0 (such as in RAID 10 and RAID 50), most vendors choose to omit the '+', though RAID 5+0 is more informative. [edit] Common nested RAID levels RAID 0+1: Striped Set + Mirrored Set (4 disk minimum; Even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 1+0 is that RAID 0+1 creates a second striped set to mirror a primary striped set. The array continues to operate with one or more drives failed in the same mirror set, but if two or more drives fail on different sides of the mirroring, the data on the RAID system is lost. RAID 1+0: Mirrored Set + Striped Set (4 disk minimum; Even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 0+1 is that RAID 1+0 creates a striped set from a series of mirrored drives. The array can sustain multiple drive losses as long as no two drives lost comprise a single pair of one mirror. RAID 5+0: A stripe across distributed parity RAID systems RAID 5+1: A mirror striped set with distributed parity (some manufacturers label this as RAID 53) Non-standard RAID levels Given the large amount of custom configurations available with a RAID array, many companies, organizations, and groups have created their own non-standard configurations, typically designed to meet at least one but usually very small niche groups of arrays. Most of these non-standard RAID levels are proprietary. Some of the more prominent modifications are: ATTO Technology's DVRAID adds parity RAID protection to systems which demand performance for 4K film, 2K film, high-definition audio and video. The Storage Computer Corporation uses RAID 7, which adds caching to RAID 3 and RAID 4 to improve performance. EMC Corporation offers RAID S as an alternative to RAID 5 on their Symmetrix systems, though this is no longer supported on the latest release of Enginuity, the Symmetrix's operating system. RAID-Z in the zfs filesystem of OpenSolaris solves the "write hole" problem of RAID-5. [Intel(R)] has introduced a concept of ['Matrix Storage'] whereby a part(identical) of each of the disk drive will be configured as one type of RAID(Say Striped) while the other part may act like a mirrored array. Q. How many types of Users exist?

Q. Can we host 2 or more websites on a single IIS server. Ans. Yes The information in this tutorial applies to: Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Microsoft Windows 2003 Server Family Microsoft Small Business Server 2000 Important Notice: Microsoft Internet Information Server (IIS) 5.x under Windows 2000, Windows XP Home or Windows XP Professional does not allow you to host more than one web server. You will have to upgrade to one of the operating systems in the list above to be able to host multiple Web sites with IIS or simply choose other Web Server platform (e.g. Apache). Summary: This tutorial provides step-by-step instructions for hosting multiple Web sites with IIS (Internet Information Server) 5.x or 6.x by using a single IP address and No-IP service.

Setting up NO-IP+ Plus accounts Create an No-Ip account, if you haven't already done that, login to your account, and click "Add Domain" in the No-Ip Plus menu. Enter the domain name you want to use with No-IP Plus service and follow instructions to complete your setup. Download and install Dynamic DNS update client and configure it for your account allowing it to download your hosts you recently setup with NO-IP+ Plus service. Note: If you have choosen to setup a new domain name, you have to allow DNS services for your domain name up to 24 hours to be propagated on the Internet. Setting up IIS Usually IIS is not installed automatically under MS Windows operating systems, so you will have to install it by going to Windows Control Panel, choosing Add/Remove Programs, then Add/Remove Windows components, and check Internet Information Services (IIS). After installation is completed, go to Windows Control Panel, Administrative Tools and start Internet Services Manager.

Setting-Up Web Site(s) 1. Right-click the Server name (root of the tree marked with an asterisk *) choose New, Web Site. 2. Type Description of your first Web site and click next. (e.g. mysite1) 3. In the Ip address field choose "(All Unassigned)". 4. In the port field enter 80 or something else if you are using alternate ports (or if your ISP has blocked port 80). 5. In the Host Header field enter domain name (e.g. mysite1.com) (One of the domain names you have setup earlier with No-Ip+ service) and click next. 6. Click Browse and point to the directory where your Web Site files for the domain name above are located.

(e.g. c:\sites\mysite1) Make sure that "Allow anonymous access.." box is checked if you want all users to be able to see your website. Click next. 7. For standard browsing preferences leave settings on this page as they are, otherwise configure them after your needs. Click next. 8. Click Finish. Repeat this step for every Website you need to setup. Now, you will be able to see your WebSite(s) name(s) in the server list now. Try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com) If everything is configured as it should be, you will be able to see your website. Congratulations! Now, you can repeat process above to setup as many Websites you want with IIS. Configuring/Troubleshooting Web Site(s) If you can't see your website or see login window (web browser returns message "You are not authorized to view this page") you will have to configure properly access rights for your website or index file (the first file that your users see when they type in your domain name) that you will use with your website. 1. Right-click the Website name in your server list you recently setup and choose Properties from the menu.

2. Click Directory Security tab then click Edit "Anonymous Access.." section. 3. Make sure that Anonymous Access property is checked and click "Edit..." button. 4. See if user account located has right access setup to access information on your computer/website folder. To make sure that you have a problem with access rights, try using/setting Administrators account here. Now, try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com) If you had a problem with access rights, this has been resolved and you will be able to see your website. If you have resolved access-right issue, but you are receiving "Directory Listing Denied" message, you have probably pointed your website to the index file that has not been associated with allowed/registered index file on/for your website.

1. Right-click the Website name in your server list you recently setup and choose Properties from the menu. 2. Click Documents tab. Under Enable Default Document section you will se index files registered with your website. If you are using e.g. myindexfile.htm or myindexfile.html or myindexfile.php as your index file you will have to declare/register it here. 3. Click Add, then type your index file name (e.g. index.php), and press Ok. 4. Press Ok again. Now, try opening your browser and type your domain name in the URLs field, (e.g. mysite1.com). Congratulations! Now, you can repeat process above to properly configure all Website(s) with IIS.

Q. How does a DNS client query works? Ans. How DNS query works When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. Each query message the client sends contains three pieces of information, specifying a question for the server to answer: A specified DNS domain name, stated as a fully qualified domain name (FQDN) A specified query type, which can either specify a resource record by type or a specialized type of query operation A specified class for the DNS domain name. For Windows DNS servers, this should always be specified as the Internet (IN) class. For example, the name specified could be the FQDN for a computer, such as "host-a.example.microsoft.com.", and the query type specified to look for an address (A) resource record by that name. Think of a DNS query as a client asking a server a two-part question, such as "Do you have any A resource records for a computer named 'hostname.example.microsoft.com.'?" When the client receives an answer from the server, it reads and interprets the answered A resource record, learning the IP address for the computer it asked for by name. DNS queries resolve in a number of different ways. A client can sometimes answer a query locally using cached information obtained from a previous query. The DNS server can use its own cache of resource record information to answer a query. A DNS server can also query or contact other DNS servers on behalf of the requesting client to fully resolve the name, then send an answer back to the client. This process is known as recursion. In addition, the client itself can attempt to contact additional DNS servers to resolve a name. When a client does so, it uses separate and additional nonrecursive queries based on referral answers from servers. This process is known as iteration. In general, the DNS query process occurs in two parts: A name query begins at a client computer and is passed to a resolver, the DNS Client service, for resolution. When the query cannot be resolved locally, DNS servers can be queried as needed to resolve the name. Both of these processes are explained in more detail in the following sections. Part 1: The local resolver The following figure shows an overview of the complete DNS query process.

Art Image As shown in the initial steps of the query process, a DNS domain name is used in a program on the local computer. The request is then passed to the DNS Client service for resolution using locally cached information. If the queried name can be resolved, the query is answered and the process is completed. The local resolver cache can include name information obtained from two possible sources: If a Hosts file is configured locally, any host name-to-address mappings from that file are preloaded into the cache when the DNS Client service is started. Resource records obtained in answered responses from previous DNS queries are added to the cache and kept for a period of time. If the query does not match an entry in the cache, the resolution process continues with the client querying a DNS server to resolve the name Part 2: Querying a DNS server As indicated in the previous figure, the client queries a preferred DNS server. The actual server used during the initial client/server query part of the process is selected from a global list. For more information about how this global list is compiled and updated, see Client features. When the DNS server receives a query, it first checks to see if it can answer the query authoritatively based on resource record information contained in a locally configured zone on the server. If the queried name matches a corresponding resource record in local zone information, the server answers authoritatively, using this information to resolve the queried name. If no zone information exists for the queried name, the server then checks to see if it can resolve the name using locally cached information from previous queries. If a match is found here, the server answers with this information. Again, if the preferred server can answer with a positive matched response from its cache to the requesting client, the query is completed. If the queried name does not find a matched answer at its preferred server -- either from its cache or zone information -- the query process can continue, using recursion to fully resolve the name. This involves assistance from other DNS servers to help resolve the name. By default, the DNS Client service asks the server to use a process of recursion to fully resolve names on behalf of the client before returning an answer. In most cases, the DNS server is configured, by default, to support the recursion process as shown in the following figure.

Art Image In order for the DNS server to do recursion properly, it first needs some helpful contact information about other DNS servers in the DNS domain namespace. This information is provided in the form of root hints, a list of preliminary resource records that can be used by the DNS service to locate other DNS servers that are authoritative for the root of the DNS domain namespace tree. Root servers are authoritative for the domain root and top-level domains in the DNS domain namespace tree. For more information, see Updating root hints. By using root hints to find root servers, a DNS server is able to complete the use of recursion. In theory, this process enables any DNS server to locate the servers that are authoritative for any other DNS domain name used at any level in the namespace tree. For example, consider the use of the recursion process to locate the name "host-b.example.microsoft.com." when the client queries a single DNS server. The process occurs when a DNS server and client are first started and have no locally cached information available to help resolve a name query. It assumes that the name queried by the client is for a domain name of which the server has no local knowledge, based on its configured zones. First, the preferred server parses the full name and determines that it needs the location of the server that is authoritative for the top-level domain, "com". It then uses an iterative (that is, a nonrecursive) query to the "com" DNS server to obtain a referral to the "microsoft.com" server. Next, a referral answer comes from the "microsoft.com" server to the DNS server for "example.microsoft.com". Finally, the "example.microsoft.com." server is contacted. Because this server contains the queried name as part of its configured zones, it responds authoritatively back to the original server that initiated recursion. When the original server receives the response indicating that an authoritative answer was obtained to the requested query, it forwards this answer back to the requesting client and the recursive query process is completed. Although the recursive query process can be resource-intensive when performed as described above, it has some performance advantages for the DNS server. For example, during the recursion process, the DNS server performing the recursive lookup obtains information about the DNS domain namespace. This information is cached by the server and can be used again to help speed the answering of subsequent queries that use or match it. Over time, this cached information can grow to occupy a significant portion of server memory resources, although it is cleared whenever the DNS service is cycled on and off. Alternate query responses The previous discussion of DNS queries assumes that the process ends with a positive response returned to the client. However, queries can return other answers as well. These are the most common: An authoritative answer A positive answer A referral answer A negative answer

An authoritative answer is a positive answer returned to the client and delivered with the authority bit set in the DNS message to indicate the answer was obtained from a server with direct authority for the queried name.

A positive response can consist of the queried RR or a list of RRs (also known as an RRset) that fits the queried DNS domain name and record type specified in the query message. A referral answer contains additional resource records not specified by name or type in the query. This type of answer is returned to the client if the recursion process is not supported. The records are meant to act as helpful reference answers that the client can use to continue the query using iteration. A referral answer contains additional data such as resource records (RRs) that are other than the type queried. For example, if the queried host name was "www" and no A RRs for this name were found in this zone but a CNAME RR for "www" was found instead, the DNS server can include that information when responding to the client. If the client is able to use iteration, it can make additional queries using the referral information in an attempt to fully resolve the name for itself. A negative response from the server can indicate that one of two possible results was encountered while the server attempted to process and recursively resolve the query fully and authoritatively: An authoritative server reported that the queried name does not exist in the DNS namespace. An authoritative server reported that the queried name exists but no records of the specified type exist for that name. The resolver passes the results of the query, in the form of either a positive or negative response, back to the requesting program and caches the response. Notes If the resultant answer to a query is too long to be sent and resolved in a single UDP message packet, the DNS server can initiate a failover response over TCP port 53 to answer the client fully in a TCP connected session. Disabling the use of recursion on a DNS server is generally done when DNS clients are being limited to resolving names to a specific DNS server, such as one located on your intranet. Recursion might also be disabled when the DNS server is incapable of resolving external DNS names, and clients are expected to fail over to another DNS server for resolution of these names. You can disable the use of recursion by configuring in the Advanced properties in the DNS console on the applicable server. For more information, see Disable recursion on the DNS server. If you disable recursion on the DNS server, you will not be able to use forwarders on the same server. By default, DNS servers use several default timings when performing a recursive query and contacting other DNS servers. These are: A recursion retry interval of 3 seconds. This is the length of time the DNS service waits before retrying a query made during a recursive lookup. A recursion time-out interval of 15 seconds. This is the length of time the DNS service waits before failing a recursive lookup that has been retried. Under most circumstances, these parameters do not need adjustment. However, if you are using recursive lookups over a slow-speed WAN link, you might be able to improve server performance and query completion by making slight adjustments to the settings. For more information, see Tuning advanced server parameters. How iteration works Iteration is the type of name resolution used between DNS clients and servers when the following conditions are in effect: The client requests the use of recursion, but recursion is disabled on the DNS server. The client does not request the use of recursion when querying the DNS server. An iterative request from a client tells the DNS server that the client expects the best answer the DNS server can provide immediately, without contacting other DNS servers. When iteration is used, a DNS server answers a client based on its own specific knowledge about the namespace with regard to the names data being queried. For example, if a DNS server on your intranet receives a query from a local client for "www.microsoft.com", it might return an answer from its names cache. If the queried name is not currently stored in the names cache of the server, the server might respond by providing a referral -- that is, a list of NS and A resource records for other DNS servers that are closer to the name queried by the client. When a referral is made, the DNS client assumes responsibility to continue making iterative queries to other configured DNS servers to resolve the name. For example, in the most involved case, the DNS client might expand its search as far as the root domain servers on the Internet in an effort to locate the DNS servers that are authoritative for the "com" domain. Once it contacts the Internet root servers, it can be given further iterative responses from these DNS servers that point to actual Internet DNS servers for the "microsoft.com"

domain. When the client is provided records for these DNS servers, it can send another iterative query to the external Microsoft DNS servers on the Internet, which can respond with a definitive and authoritative answer. When iteration is used, a DNS server can further assist in a name query resolution beyond giving its own best answer back to the client. For most iterative queries, a client uses its locally configured list of DNS servers to contact other name servers throughout the DNS namespace if its primary DNS server cannot resolve the query. How caching works As DNS servers process client queries using recursion or iteration, they discover and acquire a significant store of information about the DNS namespace. This information is then cached by the server. Caching provides a way to speed the performance of DNS resolution for subsequent queries of popular names, while substantially reducing DNS-related query traffic on the network. As DNS servers make recursive queries on behalf of clients, they temporarily cache resource records (RRs). Cached RRs contain information obtained from DNS servers that are authoritative for DNS domain names learned while making iterative queries to search and fully answer a recursive query performed on behalf of a client. Later, when other clients place new queries that request RR information matching cached RRs, the DNS server can use the cached RR information to answer them. When information is cached, a Time-To-Live (TTL) value applies to all cached RRs. As long as the TTL for a cached RR does not expire, a DNS server can continue to cache and use the RR again when answering queries by its clients that match these RRs. Caching TTL values used by RRs in most zone configurations are assigned the Minimum (default) TTL which is set used in the zone's start of authority (SOA) resource record. By default, the minimum TTL is 3,600 seconds (1 hour) but can be adjusted or, if needed, individual caching TTLs can be set at each RR. Notes You can install a DNS server as a caching-only server. For more information, see Using caching-only servers. By default, DNS servers use a root hints file, Cache.dns, that is stored in the systemroot\System32\Dns folder on the server computer. The contents of this file are preloaded into server memory when the service is started and contain pointer information to root servers for the DNS namespace where you are operating DNS servers. For more information about this file or how it is used, see DNS-related files.

Q. What are Resource Records ? Ans. Managing resource records After you create a zone, additional resource records need to be added to it. The most common resource records (RRs) to be added are: Host (A) For mapping a DNS domain name to an IP address used by a computer. Alias (CNAME) For mapping an alias DNS domain name to another primary or canonical name. Mail Exchanger (MX) For mapping a DNS domain name to the name of a computer that exchanges or forwards mail. Pointer (PTR) For mapping a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer. Service location (SRV) For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers. Other resource records as needed. Host (A) resource records Host (A) resource records are used in a zone to associate DNS domain names of computers (or hosts) to their IP addresses, and can be added to a zone in several ways: You can manually create an A resource record for a static TCP/IP client computer using the DNS console. Windows clients and servers use the DHCP Client service to dynamically register and update their own A resource records in DNS when an IP configuration change occurs. DHCP-enabled client computers running earlier versions of Microsoft operating systems can have their A resource records registered and updated by proxy if they obtain their IP lease from a qualified DHCP server (only the Windows 2000 and Windows Server 2003 DHCP Server service currently supports this feature). The host (A) resource record is not required for all computers, but is needed by computers that share resources on a network. Any computer that shares resources and needs to be identified by its DNS domain name, needs to use A resource records to provide DNS name resolution to the IP address for the computer. Most A RRs that are required in a zone can include other workstations or servers that share resources, other DNS

servers, mail servers, and Web servers. These resource records comprise the majority of resource records in a zone database. For more information, see Resource records reference. Alias (CNAME) resource records Alias (CNAME) resource records are also sometimes called canonical names. These records allow you to use more than one name to point to a single host, making it easy to do such things as host both an FTP server and a Web server on the same computer. For example, the well-known server names (ftp, www) are registered using CNAME RRs that map to the DNS host name, such as "server-1", for the server computer that hosts these services. CNAME RRs are recommended for use in the following scenarios: When a host specified in an A RR in the same zone needs to be renamed. When a generic name for a well-known server such as www needs to resolve to a group of individual computers (each with individual A RRs) that provide the same service. For example, a group of redundant Web servers. When renaming a computer with an existing A RR in the zone, you can use a CNAME RR temporarily, to allow a grace period for users and programs to switch from specifying the old computer name to using the new one. To do this, you need the following: For the new DNS domain name of the computer, a new A RR is added to the zone. For the old DNS domain name, a CNAME RR is added that points to the new A RR. The original A RR for the old DNS domain name (and its associated PTR RR if applicable) is removed from the zone. When using a CNAME RR for aliasing or renaming a computer, set a temporary limit on how long the record is used in the zone before removing it from DNS. If you forget to delete the CNAME RR and later its associated A RR is deleted, the CNAME RR can waste server resources by trying to resolve queries for a name no longer used on the network.

The most common or popular use of a CNAME RR is to provide a permanent DNS aliased domain name for generic name resolution of a service-based name, such as www.example.microsoft.com to more than one computer or one IP address used in a Web server. For example, the following shows the basic syntax of how a CNAME RR is used. alias_nameIN CNAMEprimary_canonical_name In this example, a computer named host-a.example.microsoft.com needs to function as both a Web server named "www.example.microsoft.com." and an FTP server named "ftp.example.microsoft.com." To achieve the intended use for naming this computer, you can add and use the following CNAME entries in the example.microsoft.com zone: host-a IN A 10.0.0.20 ftp IN CNAME host-a www IN CNAME host-a If you later decide to move the FTP server to another computer, separate from the Web server on "host-a", simply change the CNAME RR in the zone for ftp.example.microsoft.com and add an additional A RR to the zone for the new computer hosting the FTP server. Based on the earlier example, if the new computer were named "host-b.example.microsoft.com", the new and revised A and CNAME RRs would be as follows: host-a IN A 10.0.0.20 host-b IN A 10.0.0.21 ftp IN CNAME host-b www IN CNAME host-a For more information, see Resource records reference. Mail exchanger (MX) resource records The mail exchanger (MX) RR is used by e-mail applications to locate a mail server based on a DNS domain name used in the destination address for the e-mail recipient of a message. For example, a DNS query for the name "example.microsoft.com" could be used to find an MX RR, enabling an e-mail application to forward or exchange mail to a user with the e-mail address user@microsoft.com. The MX RR shows the DNS domain name for the computer or computers that process mail for a domain. If multiple MX RRs exist, the DNS Client service attempts to contact mail servers in the order of preference from lowest value (highest priority) to highest value (lowest priority). The following shows the basic syntax for use of

an MX RR. mail_domain_nameIN MXpreference mailserver_host By using the MX RRs shown below in the example.microsoft.com zone, mail addressed to user@example.microsoft.com is delivered to user@mailserver0.example.microsoft.com first if possible. If this server is unavailable, the resolver client can then use user@mailserver1.example.microsoft.com instead. @ IN MX 1 mailserver0 @ IN MX 2 mailserver1 Note that the use of the at sign (@) in the records indicates that the mailer DNS domain name is the same as the name of origin (example.microsoft.com) for the zone. For more information, see Resource records reference. Pointer (PTR) resource records Pointer (PTR) RRs are used to support the reverse lookup process, based on zones created and rooted in the inaddr.arpa domain. These records are used to locate a computer by its IP address and resolve this information to the DNS domain name for that computer. PTR RRs can be added to a zone in several ways: You can manually create a PTR RR for a static TCP/IP client computer using the DNS , either as a separate procedure or as part of the procedure for creating an A RR. Computers use the DHCP Client service to dynamically register and update their PTR RR in DNS when an IP configuration change occurs. All other DHCP-enabled client computers can have their PTR RRs registered and updated by the DHCP server if they obtain their IP lease from a qualified server. The Windows 2000 and Windows Server 2003 DHCP Server service provides this capability.

The pointer (PTR) resource record is used only in reverse lookup zones to support reverse lookup. For more information, see Resource records reference. Service location (SRV) resource records To locate Active Directory domain controllers, service location (SRV) RRs are required. Typically, you can avoid manual administration of the SRV RR when installing Active Directory. By default, the Active Directory installation wizard attempts to locate a DNS server based on the list of preferred or alternate DNS servers, configured in any of its TCP/IP client properties, for any of its active network connections. If a DNS server that can accept dynamic update of the SRV RR (and other RRs related to registering Active Directory as a service in DNS) is contacted, the configuration process is complete. If, during the installation, a DNS server that can accept updates for the DNS domain name used to name your Active Directory is not found, the wizard can install a DNS server locally and automatically configure it with a zone to support the Active Directory domain. For example, if the Active Directory domain that you chose for your first domain in the forest was example.microsoft.com, a zone rooted at the DNS domain name of example.microsoft.com would be added and configured to use with the DNS server running on the new domain controller. Whether or not you install the DNS Server service locally, a file (Netlogon.dns) is written and created during the Active Directory installation process that contains the SRV RRs and other RRs needed to support the use of Active Directory. This file is created in the systemroot\System32\Config folder. If you are using a DNS server that fits one of the following descriptions, you should use the records in Netlogon.dns to manually configure the primary zone on that server to support Active Directory. 1. The computer operating your DNS server is running on another platform, such as UNIX, and cannot accept or recognize dynamic updates. 2. A DNS server at this computer that is not the DNS Server service provided with the Windows Server 2003 family is authoritative for the primary zone corresponding to the DNS domain name for your Active Directory domain. 3. The DNS server supports the SRV RR, as defined in the Internet draft, "A DNS RR specifying the location of services (DNS SRV)", but does not support dynamic updates. For example, the DNS Server service provided with Windows NT Server 4.0, when updated to Service Pack 4 or later, fits this description. In the future, the SRV RR might also be used to register and lookup other well-known TCP/IP services on your

network if applications implement and support DNS name queries that specify this record type. For more information, see Resource records reference.

Q. What is hardware raid and software raid ? Ans. The distribution of data across multiple drives can be managed either by dedicated hardware or by software. Additionally, there are hybrid RAIDs that are partially software and hardware-based solutions. Software RAID Software implementations are now provided by many operating systems. A software layer sits above the (generally block based) disk device drivers and provides an abstraction layer between the logical drives (RAID arrays) and physical drives. Software RAID is typically limited to RAID 0 (striping across multiple drives for increased space and performance), RAID 1 (mirroring two drives) and RAID 5 (data striping with parity). In a multi-threaded operating system (such as Linux, FreeBSD, Mac OS X, Windows NT/2000/XP/Vista and Novell NetWare) the operating system can perform overlapped I/O, allowing multiple read or write requests to be initiated without waiting for completion on each request. This is the capability that makes RAID 0/1 possible in an operating system. However, most operating systems do not support RAID 0/1 striping or mirroring with parity, due to the substantial processing demands of calculating parity[citation needed]. Since the software must run on a host server attached to storage, the processor (as mentioned above) on that host must dedicate processing time to run the RAID software. Like hardware-based RAID, if the server experiences a hardware failure, the attached storage could be inaccessible for a period of time. Software implementations can allow RAID arrays to be created from partitions rather than entire physical drives.

Hardware RAID A hardware implementation of RAID requires at a minimum a special-purpose RAID controller. On a desktop system, this may be a PCI expansion card, or might be a capability built in to the motherboard. In industrial applications the controller and drives are provided as a stand alone enclosure. The drives may be IDE/ATA, SATA, SCSI, SSA, Fibre Channel, or any combination thereof. The using system can be directly attached to the controller or, more commonly, connected via a SAN. The controller hardware handles the management of the drives, and performs any parity calculations required by the chosen RAID level. Most hardware implementations provide a read/write cache which, depending on the I/O workload, will improve performance. Cached RAID controllers are most commonly used in industrial applications. Sometimes write cache is non-volatile, so pending writes are not lost on power failure. Hardware implementations provide guaranteed performance, add no overhead to the local CPU complex and can support many operating systems, as the controller simply presents a logical disk to the operating system. Hardware implementations also typically support hot swapping, allowing failed drives to be replaced while the system is running. Hybrid RAID Hybrid RAID implementations have become very popular with the introduction of inexpensive RAID controllers, implemented using a standard disk controller and then implementing the RAID in the controllers BIOS extension (for early boot-up/real mode operation) and the operating system driver (for after the system switches to protected mode). Since these controllers actually do all calculations typically proprietary to a given RAID controller manufacturer and typically cannot span multiple controllers. The only advantages over software RAID are that the BIOS can boot from them, and the tighter integration with the device driver may offer better error handling. Both hardware and software implementations may support the use of hot spare drives, a pre-installed drive which is used to immediately (and almost always automatically) replace a drive that has failed. This reduces the mean time to repair period during which a second drive failure in the same RAID redundancy group can result in loss of data. It also prevents data loss when multiple drives fail in a short period of time, as is common when all drives in an array have undergone very similar use patterns, and experience wear-out failures.

Q. Explain VirtualCenter can manage an inventory of ESX Server, GSX Server and Workstation hosts. Ans. Vmware GSX Server Old server and now it is not used. In this first OS needs to be installed and then we need to install GSX as application. Vmware ESX Server Currently used and it installs as OS directly on hardware. No OS required in installing.

Q. What Is DFS? Ans. DFS provides the ability to create a single logical directory tree from different areas of data. The data included in a DFS tree can be in any location accessible from the computer acting as the DFS root. In other words, the data can be on the same partition, disk, or server, or on a completely different server. As far as DFS is concerned, it makes no difference. A DFS tree appears as one contiguous directory structure, regardless of the logical or physical location of the data. After the DFS root is created, links to directories can be added or removed to construct the single logical directory structure. The DFS tree can be navigated using standard file utilities such as Windows Explorer. Unless users are made aware of the fact that the data is being accessed from different locations, they will not realize that they are using a DFS system at all. DFS trees can be used with both FAT and NTFS partitions. If you do use NTFS, the inclusion of a file or directory in a DFS structure has no effect on security permissions. There are two types of DFS: Stand-alone DFS--Refers to a DFS tree that is hosted on a single physical server, and is accessed by connecting to a DFS share point on that server. DFS configuration information is stored in the server's Registry. Stand-alone DFS provides no fault tolerance. If the server hosting the DFS root should go down, users will no longer be able to access their data unless they explicitly know where the data is stored. Domain DFS--Provides more functionality, including features such as replication and load-balancing capabilities. Domain DFS information is stored in Active Directory. A domain member server must act as the host for the DFS tree. By storing the domain DFS configuration in Active Directory, the server-centric nature of stand-alone DFS is removed, enabling the administrator to create DFS root replicas. If a server were to go down, users would be redirected to a DFS root replica and could continue to access the DFS tree

Q. What is Global Namespace ?

Ans. Implementing a Global Namespace is the key to effective, efficient management of distributed file storage: it essentially does for file storage what DNS does for networking. A Global Namespace allows clients to access files without knowing their location (just as they access Web sites without knowing the IP addresses). It also enables administrators to aggregate file storage across heterogeneous, geographically distributed storage devices and to view and manage it as a single file system. Brocade StorageX makes it easy to create and manage Global Namespaces of any size. A Brocade StorageX Global Namespace provides an ideal platform on which to build business-critical storage management solutions, including file sharing, disaster recovery, data migration, server consolidation, load-balancing, storage optimization, and data lifecycle management.

Q. What is the Difference between Windows 2000 and 2003 Server ? Ans. Same structure; new capabilities Unlike the transformation in the directory service architecture that took place between Windows NT and Windows 2000, the changes you see between Windows 2000 and Windows Server 2003 are much more incremental in nature. Windows Server 2003 is grounded in the same Active Directory structure in Windows 2000 where each domain controller holds a read-write copy of the AD database, relying on multi-master replication to keep everything up-to-date. In the Windows Server 2003 Active Directory Users & Computers MMC snap-in, you can now move an object from one location in the directory tree to another by using the familiar drag-and-drop method, rather than being forced to right-click the object and select "Move", as was the case in Windows 2000. You can also now select multiple objects simultaneously for editing or deletion, and save commonly-used queries within the ADUC

console window. Although really, if you're going to be working with more than one object at a time, I would recommend that you get out of the MMC console anyway and use command-line tools or scripts to take away some of your administrative burdens. New command-line tools Windows Server 2003 includes a number of built-in command-line tools that were not available in Windows 2000, including: dsadd -- allows you to create objects from the command line dsmove -- moves an object from one OU or container to another within the same domain dsrm -- will delete an object from Active Directory dsquery -- will return an object or list of objects that matches criteria that you specify dsget -- will return one or more attributes of a particular Active Directory object

Added feature promotes new domain controllers into a domain Another new feature is the "Install from Media" option for promoting new domain controllers into a domain. In Windows 2000, if you needed to install a domain controller at a remote location, you had one of two options: 1. Travel to the remote site to running dcpromo and allow the entire AD database to replicate across a slow (and often expensive) WAN link, or 2. Configure the database at your corporate headquarters, and then ship the DC to the remote site; this is often an expensive process and one that runs the risk of damaging expensive computer hardware in transit. Enter the "Install From Media" feature. In Windows Server 2003 you can initially populate the Active Directory database using a System State backup from an existing DC, saving you both WAN traffic and shipping costs. For those of us who run extremely decentralized environments, this is one of those "Where has this been all my life?" kinds of features. Enhanced replication capabilities Another significant change, particularly for larger environments, is a replication enhancement called linked-value replication for objects such as Active Directory group objects. In Windows 2000, a group's membership list was replicated as one single block of information. This led to a number of potential problems, such as the following: Inconsistent replication. Consider this: you have a group called DOMAIN\Finance. From Domain Controller A, you add the jsmith user to the Finance group. What happens if, at precisely the same nanosecond, your junior admin removed the bthomas user from the Finance group while connected to Domain Controller B? Without linked-value replication, this would create a replication conflict, which would either lead to jsmith being added to the group and bthomas not being removed, or vice versa. Replication delays. In Windows 2000, Microsoft published a size limitation where you could not place more than 5,000 members in a single group object; more than this created significant replication delays since the membership list was replicated as a single block. Linked-value replication solves these problems by replicating these multi-valued attributes separately. In our first example above, the addition of jsmith and the removal of bthomas would be replicated as two separate transactions, allowing both updates to be applied without causing a replication conflict. In our second example, only the individual changes to the group membership will be replicated, greatly streamlining the replication process and removing the 5000-member limitation on Active Directory groups. Tombstone: 60 days with Windows 2000 180 with Windows 2003 SP1 Group Policy Windows 2000 you can configure upto 620 GPO Windows 2003 you can configure upto 720 GPO GPO once removed cannot be restored in 2000 but in 2003 it can be restored. Q. If one object is deleted from Active directory can it be restored immediately? If yes how and if no can we create another object with the same attributes?

Ans. When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a "tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented online or offline, which generally happens twice a day (once around noon, and once around midnight). Normally, doing a manual undelete of tombstoned object is a bit of a hassle; it often involves performing an authoritative backup restore, which is not a trivial operation. Thankfully, Mark Russinovich at Sysinternals has created a little command-line freeware application called AdRestore 1.1. AdRestore enumerates all of the currently-tombstoned objects in a domain and allows you to restore them selectively. To add a little selectivity to the restore operation, you can run AdRestore with a parameter to narrow down the search. For instance: adrestore -r Serdar would search for all objects with "Serdar" as part of its name. The -r switch forces the program to prompt the user for each restoration; otherwise, all the objects found matching said criteria will be automatically restored. The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored. Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these objects from deleted status will not automatically restore them to their respective OUs; this will need to be done manually. Q. Extra with Windows server 2003 SP1 with Tombstone, Backup etc. ? Ans. Changes to the default tombstone lifetime Several changes in Service Pack 1 have to do with the way Active Directory handles "tombstoned" objects. Just like in Windows 2000, when you delete an AD object, it is not immediately deleted; instead, it's marked as a tombstoned object. This allows the deletion to be replicated properly to other domain controllers. Once an object has been in this tombstoned state for a certain amount of time, it is finally deleted outright. In Windows 2000, the default tombstone lifetime was 60 days. However, in Windows Server 2003, Microsoft changed it to 180 days, effectively tripling the amount of time that a deletion had to be communicated to all of the domain controllers in your environment. There are two crucial caveats to keep in mind concerning this tombstone lifetime value: If you have already installed Active Directory using either Windows 2000 or the original Windows Server 2003 media, the default tombstone lifetime will not automatically change when you upgrade to Windows Server 2003 SP1. You will only receive the 180-day tombstone lifetime value automatically by building a pristine 2003 SP1 Active Directory forest. Several months ago, Microsoft Active Directory MVP Joe Richards discovered that the version of Dcpromo that comes with Windows Server 2003 R2 will revert this value back to its original setting of 60 days. Therefore, if you build a brand-new Active Directory forest using Windows Server 2003 R2 media, you will still receive the original 60-day default tombstone lifetime. SID History added to tombstoned object attributes In addition to modifying the tombstone lifetime for new Active Directory installations, 2003 Service Pack 1 added the SID History attribute to the list of attributes that are retained when an object is tombstoned. When an Active Directory object is tombstoned, it is stripped of most of its attributes, so the tombstoned object only takes up a fraction of the size of the original object within the Active Directory database. Each user, group and computer object within Active Directory is assigned a numeric security identifier, or SID. SIDs are unique within the domain and do not change, even if the security principal is renamed or moved to another container within the same domain. Note: The SID is not retained if an object is deleted and re-created with the same display name; the re-created object would be a brand new object with a completely different SID. All access control lists (ACLs) on files, folders or AD objects use the SID to determine whether a particular user or computer should be granted or denied access. The notion of SIDs can become problematic, though, when you begin migrating from Windows NT domains into new Active Directory environments. If you migrate a user object from a legacy NT domain into a new Active

Directory domain, a new SID will be created for the migrated user that corresponds to the new domain. If this migrated user still requires access to resources in the old NT domain, however, an issue will crop up in which the new Active Directory SID would not match the old NT4 SID. To prevent this from happening, Windows 2000 introduced a feature called SID History, which allows migrated user objects to retain records of any old SIDs they once possessed. This allows a migrated user to continue to access a resource that used his old SID in its Access Control List. If the user attempted to access the resource with his current SID and was denied, Windows would check the SID History attribute to see if any previous SIDs would fit the bill and allow access. Prior to Windows Server 2003 SP1, one of the attributes that was stripped when an object was tombstoned was this SID History attribute, which meant that if you restored an object, any previous SIDs that were recorded in its SID History were lost. Fortunately, Windows Server 2003 SP1 includes SID History among the attributes retained when an object is deleted. SP1 offers simpler AD troubleshooting Service Pack 1 also made changes in the types of Active Directory information that are logged in the Event Viewer on a domain controller, thus allowing for more proactive monitoring and easier troubleshooting. One such update is Event ID 2089, which is recorded in the Directory Service event log if any directory partition has not been backed up for a significant length of time (half of the tombstone lifetime or more). The event is logged whether the partition is the Schema, Configuration, or domain partitions -- or any application partitions or ADAM partitions that are hosted on the DC in question. Service Pack 1 also created an event in the Directory Services log if it attempts to perform an action that requires a particular Flexible Single Master Operation (FSMO), and that FSMO can't be contacted. For example, if an administrator attempts to add a new domain to Active Directory, but the DC cannot locate or contact the Domain Naming Master, an event would be logged in the Directory Services log if any of the FSMO role holders: A) don't exist B) can't be contacted, or C) have not replicated recently with the DC in question. Using virtualization technology with AD Ever since SP1, administrators can run domain controllers using virtualization technology such as Microsoft Virtual Server 2005. That allows you to run multiple domains or forests on a single machine or to use virtualization to reduce the attack footprint of a physical server by separating its roles onto multiple virtual machines. Running DCs in a virtual environment is not without its own considerations, however, and you should consult the Microsoft white paper Running Domain Controllers in Virtual Server 2005 before deploying this configuration in a production environment, as well as this article by Gary Olsen: Is domain controller virtualization really a good idea? SP1 improves AD backups and restores Backups, restores and disaster recovery measures for AD domain controllers also improved with Service Pack 1 by the inclusion of the following features: The Install From Media feature allows you to populate application directory partitions when installing a DC from backup media. This saves you from needing to replicate the whole of the DomainDNSZones and ForestDNSZones partitions across a slow or expensive WAN link. The authoritative restore process provides a much cleaner option for restoring group memberships of authoritatively restored users, groups and computer objects by generating an LDIF file that contains any backlink references for restored objects. The Ntdsutil utility has a greatly simplified syntax to remove extinct server metadata from the AD database. Extinct server metadata is created when a domain controller suffers an irretrievable hardware failure or is otherwise removed from the directory without using the Dcpromo tool. The metadata must be removed manually from the directory. Microsoft provides the simplified syntax in KB 216498.

Q. What is Distributed File System (DFS)? Ans. Distributed File System (DFS) allows administrators to group shared folders located on different servers and present them to users as a virtual tree of folders known as a namespace. A namespace provides numerous benefits, including increased availability of data, load sharing, and simplified data migration. Q. What are the DFS size limits and recommendations for Windows Server 2003? Ans. The following table describes the DFS size limits and recommendations for Windows Server 2003

Microsoft Supported DFS, Offline Files, and FRS Deployments

Description Limit or Recommendation* Explanation Win32 application programming interfaces (APIs) have a maximum path limit of 260 characters. Applications fail when trying to access a namespace that goes beyond that limit. If the path length of a DFS namespace exceeds the Win32 API limit of 260 characters, users must map part of the namespace to a drive letter and access the longer namespace through the mapped drive letter. Windows Server 2003 Standard Edition, is limited to one root per server. To create multiple domain-based namespaces on a server running Windows Server 2003 Standard Edition, install the hotfix described in article 903651 in the Microsoft Knowledge Base on the Microsoft Web site. There is no limit to the number of DFS roots you can create on a server running Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition. However, as you increase the number of roots per server, the DFS service takes longer to start and uses more memory. If you do not enable root scalability mode, we recommend using 16 or fewer root targets to limit traffic to the server acting as the primary domain controller (PDC) emulator master. When the number of links exceeds the recommended limit, you might experience performance degradation when making changes to the DFS configuration. For standalone DFS, namespace initialization after server startup might also be delayed. The size of the DFS Active Directory object

Number of characters Fewer than 260 characters in path limit

Number of DFS roots One, unless a hotfix is installed per server running Windows Server 2003 Standard Edition

Number of DFS roots Varies per server running Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition Number of root targets No fixed limit per domain-based DFS root

Number of links per DFS namespace

5,000 for domain-based DFS 50,000 links for stand-alone DFS

Size of each DFS

5 megabytes (MB)

Microsoft Supported DFS, Offline Files, and FRS Deployments

Description Active Directory object (applies to domain-based DFS namespaces only) Limit or Recommendation* Explanation is determined by the number and path length of roots, links, comments, and targets in the namespace. We recommend using no more than 5,000 links in a domain-based namespace to prevent the DFS Active Directory object from exceeding 5 MB. Limiting the size of the Active Directory object is important because large domainbased DFS configurations can cause significantly increased network traffic originating from updates made to those roots, links, and targets. It is important that you review the FRS design guidelines before enabling replication. See the chapter "Designing and Deploying File Servers," in the Microsoft Windows Server 2003 Deployment Kit. Doing so will help you optimally deploy and configure FRS for your environment

Maximum amount of See recommended limits at data that the File http://support.microsoft.com/default.aspx?scid=kb;enReplication service us;840675. (FRS) can replicate in a domain-based DFS namespace

Q. How do I back up and restore a DFS namespace or move a DFS namespace from one server to another? Ans. Two Command line tools Dfscmd.exe The Dfscmd.exe command-line tool is available in Windows Server 2003. Use Dfscmd.exe for basic DFS tasks, such as creating links, adding and removing link targets, and viewing the namespace. For more information about Dfscmd.exe, in Help and Support Center for Windows Server 2003 click Tools, and then click Commandline reference A-Z. Dfsutil.exe The Dfsutil.exe command-line tool is a Windows Support Tool. You can install Dfsutil.exe from the \Support\Tools folder on the Windows Server 2003 operating system CD. Dfsutil.exe provides extensive features for configuring and managing DFS, including those that are not available in the Distributed File System snap-in, such as root scalability mode and least expensive target selection (site-costing). You can use Dfsutil.exe to export the namespace from the source server, and then optionally restore the namespace to a destination server. In the following example, an administrator wants to migrate the following namespaces on different servers to a single server running Windows Server 2003 Enterprise Edition: \\NT4SVR\Marketing (a stand-alone DFS root on a server running Windows NT Server 4.0) \\W2KSVR\Public (a stand-alone DFS root on a server running Windows 2000 Server) First, the administrator creates the following stand-alone DFS roots on the server running Windows Server 2003 Enterprise Edition: \\2003SVR\Marketing \\2003SVR\Public Next, the administrator installs Windows Support Tools from the Windows Server 2003 operating system CD, and then uses the Dfsutil.exe tool to run the following commands: Dfsutil /Root:\\NT4SVR\Marketing /export:Nt4.txt Dfsutil /Root:\\W2KSVR\Public /export:w2k.txt Finally, the administrator runs the following commands to import the namespaces onto the server running Windows Server 2003 Enterprise Edition:

 Dfsutil /Root:\\2003SVR\Marketing /import:Nt4.txt /set Dfsutil /Root:\\2003SVR\Public /import:w2k.txt /set

Q.