Active Directory

Active Directory is a centralized and standardized system that automates network management of user data, security and distributed resources and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.

Divisions in AD:
: The collection of every object, its attributes and attribute syntax in the Active Directory. Forest can contain numerous domains, each sharing a common schema. : A collection of computers that share a common set of policies, a name and a database of their members. units: Containers in which domains can be grouped. They create a hierarchy for the domain and create the structure of the Active Directory's company in geographical or organizational terms. : Physical groupings independent of the domain and OU structure. Sites distinguish between locations connected by low- and high-speed connections and are defined by one or more IP subnets.

Flexible Single Master of Operations
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

FSMO Roles Explained
Within Active Directory not all Domain Controllers are equal some have certain roles assigned to them, these roles need to be performed by a single Domain Controller. These roles are called the FSMO roles (Flexible Single Master Operations). There are 5 roles 2 of which are forest wide and the other 3 are domain wide roles.
The 5 roles are as follows:

Schema master (forest wide):
The Schema Master controls all updates to the Schema within the forest.

Domain Naming Master (forest wide):
The Domain Naming Master role is responsible for the creation and deletion of domains in the forest.

Microsoft provides a program snap-in that allows you to use the Group Policy Microsoft Management Console (MMC). which are then associated with Active Directory objects. individuals. and folder redirection options. It also acts as the domain master browser and maintains the latest password for all users within the domain.500. a standard for directory services in a network. . Group Policy Object (GPO) is a collection of settings that define what a system will look like and how it will behave for a defined group of users. security options. To transfer the FSMO role the administrator must be a member of the following group: FSMO Role Schema Domain Naming RID PDC Emulator Infrastructure Domain Admins Administrator must be a member of Schema Admins Enterprise Admins LDAP (Lightweight Directory Access Protocol) LDAP software protocol for enabling anyone to locate organizations. which is part of X. RID Master (domain wide): The RID Master manages the Security Identifier (SID) for every object within the domain. The MMC allows you to create a GPO that defines registry-based polices. Group Policy Group Policies in Microsoft Active Directory to define settings for users and computers throughout a network. These setting are configured and stored in what are called Group Policy Objects (GPOs).PDC Emulator (domain wide): The PDC emulator role provides backwards compatability for Windows NT backup domain controllers (BDCs). LDAP is lighter because in its initial version it did not include security features. the PDC emulator advertises itself as the primary domain controller for the domain. Infrastructure Master (domain wide): The Infrastructure Manager role is responsible for updating references from objects within its domain with objects in other domains. including domains and sites. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP). and other resources such as files and devices in a network. whether on the public Internet or on a corporate intranet. scripts options. software installation and maintenance options.

A range of class D addresses from 224. Multicasting can be used to send messages to a group of computers at the same time with only one copy of the message. therefore.255. . The DHCP server can assign these addresses to clients that are on several subnets.0 to 239. a DNS service must translate the name into the corresponding IP address.A range of IP addresses that span several subnets. an Internet service that translates domain names into IP addresses. Because domain names are alphabetic.0. DNS Domain Name System (or Service or Server). A multicast group is assigned to one IP address. Multicast scope . DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers. they're easier to remember.255. The Internet however. Superscope .DHCP: DHCP stands for "Dynamic Host Configuration Protocol". is really based on IP addresses. in particular.0. servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The Multicast Address Dynamic Client Allocation Protocol (MADCAP) is used to request a multicast address from a DHCP server.A range of IP addresses that the DHCP server can assign to clients that are on one subnet.255 that can be assigned to computers when they ask for them. Every time you use a domain name. The most significant piece of information distributed in this manner is the IP address DHCP Scopes    Scope .

it is sometimes shown as two empty quotation marks (""). which is a fictitious subdomain assigned by . ““microsoft.) or a period used at the end of a name. ““.DNS Domain Name Hierarchy Name Type Description Example Root domain This is the top of the tree. A single period (.) to designate that the name is located at the root or highest level of the domain hierarchy. indicating a null value. Subdomain Additional names that an organization can create that are derived from the registered second-level domain name.” Top-level domain A name used to indicate a country/region or the type of organization using a name. it is stated by a trailing period (. which is the second-level domain name registered to Microsoft by the Internet DNS domain name registrar. Secondlevel domain Variable-length names registered to an individual or organization for use on the Internet. representing an unnamed In this instance. ”.com. These names are always based on an appropriate top-level These include ““example. Names stated this way are FQDNs. the DNS domain name is considered to be complete and points to an exact location in the tree of names. which indicates a name registered to a business for commercial use on the Internet. ”. When used in a DNS domain name. such as “”. depending on the type of organization or geographic location where a name is

the leftmost label of a DNS domain name identifies a specific computer on the network.example. where the first label (“host-a”) is the DNS host name for a specific computer on the network DNS Domain Name com Type of Organization Commercial organizations edu Educational institutions org Non-profit organizations net Networks (the backbone of the Internet) gov Non-military government organizations mil Military government organizations arpa Reverse DNS “xx” Two-letter country code (for example. Typically. it is used to look up the IP address of computer based on its host name.names added to grow the DNS tree of names in an organization and divide it into departments or geographic locations. ““host-a. au. For example. fr) . Host or resource name Names that represent a leaf in the DNS tree of names and identify a specific Microsoft for use in documentation example names. if a name at this level is used in a host (A) resource record. us.”.

For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service. Other resource records as needed.Data FTP -.Name Host (A) Alias (CNAME) Mail Exchanger (MX) Pointer (PTR) Service location (SRV) Description For mapping a DNS domain name to an IP address used by a computer. For mapping an alias DNS domain name to another primary or canonical name. such as Active Directory domain controllers. Port Number 1 5 7 18 20 21 22 23 25 29 37 42 Description TCP Port Service Multiplexer (TCPMUX) Remote Job Entry (RJE) ECHO Message Send Protocol (MSP) FTP -. name to the name of a computer that exchanges or forwards mail. For mapping a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer. For mapping a DNS domain.Control SSH Remote Login Protocol Telnet Simple Mail Transfer Protocol (SMTP) MSG ICP Time Host Name Server (Nameserv) .

43 49 53 69 70 79 80 103 108 109 110 115 118 119 137 139 143 150 156 161 179 190 WhoIs Login Host Protocol (Login) Domain Name System (DNS) Trivial File Transfer Protocol (TFTP) Gopher Services Finger HTTP X.400 Standard SNA Gateway Access Server POP2 POP3 Simple File Transfer Protocol (SFTP) SQL Services Newsgroup (NNTP) NetBIOS Name Service NetBIOS Datagram Service Interim Mail Access Protocol (IMAP) NetBIOS Session Service SQL Server SNMP Border Gateway Protocol (BGP) Gateway Access Control Protocol (GACP) .

194 197 389 396 443 444 445 458 546 547 563 569 1080 Internet Relay Chat (IRC) Directory Location Service (DLS) Lightweight Directory Access Protocol (LDAP) Novell Netware over IP HTTPS Simple Network Paging Protocol (SNPP) Microsoft-DS Apple QuickTime DHCP Client DHCP Server SNEWS MSN Socks .

Think of this as your 'reference set'. Session Segment/Datagram Packet Media layers Frame 4. Should be performed at regular intervals. provides for more efficient restoration than incremental backups. Transport 3. A backup of those files which have changed since the last backup of any type. Network 2. makes it easy to locate files which need restoring.Backup Type full backup Description A complete set of all files you wish to back up. differential backup A backup of those files which have changes since the last full backup. lets you back up multiple versions of the same file. Data Link Function Network process to application Data representation and encryption Interhost communication End-to-end connections and reliability Path determination and logical addressing Physical addressing (MAC & LLC) Media. Takes up less time and space than a full backup. incremental backup Uses the lease time and space as only those files changed since the last backup are copied. Pros Provides a complete copy of all your data. signal and binary transmission. Physical . OSI Model Data unit Layer 7. Presentation 5. Application Host layers Data 6. bits on a wire (0s and 1s) Bit 1. You only need perform a full backup occasionally.

which is used to identify the status of other servers in cluster . and retry intervals in this record. This cluster will not provide any high availability. data) it can also be used as a distribution groups. In Windows we can configure two types of clusters NLB (network load balancing) cluster for balancing load between servers. which controls the startup behavior of DNS. We can configure TTL. refresh. which can only available in Enterprise Edition and Data center edition. which is used to provide High Availability for mission critical applications. When the original server backs we need to FAILBACK the application Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs. What is Clustering? Briefly define & explain it Clustering is a technology. This can also be used for maintaining distribution list Distribution group: Do not provide security. Usually preferable at edge servers like web or proxy. This is very important if Quorum disk fails entire cluster will fails Heartbeat: Heartbeat is a private connectivity between the servers in the cluster. In 2 node active-passive cluster one node will be active and one node will be stand by.Groups are useful for setting common privileges or type of access to a group of users. Server Cluster: This provides High availability by configuring active-active or active-passive cluster. which is a first record in DNS. Security Groups: These are used for setting permissions on the objects (printer. When active server fails the application will FAILOVER to stand by server automatically. SOA: is a Start of Authority record. used for e-mails.