Windows Questions (Desktop Engineer Questions + System Admin Question )
Q. What is the difference between Win2k Server and Win2k3? Answer : 1. We can’t rename domain in Win2k,u can rename in Win2k3 2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3 3. No Volume Shadow Copying in Win2k, its available in Win2k3 4. Active Directory Federation Systems in Win2k3 Like that some other security features added in Win2k3, main features are above

Q. TELL ME WHY WE R USEING EXCHANGE SERVER? Ans:- This is a mail server. we can use this Server to send mails in Intranet as well as outside. Q .What is DHCP? Ans:- To assign ip addresses automatically. Q. DHCP relay agent where to place it? Ans. DHCP Relay agent u need to place in Software Router. Q. what is forest? Ans. Is a collection of trees? Tree is nothing but collection domains which is having same name space. Domain contains domain controllers.. Forest — Tree — Domain – Don’t get confused.. Understand carefully. Q. what is GC? How many required for A Tree?

Ans :- Global Catalog server is a Searchable Index book. With this we can find out any object in the Active Directory. Also it works as logon authentication for Group memberships. We can have each domain controller in domain or only first domain controller in a domain.. Q. DNS zones, chronicle records what are they? Ans :- In Windows 2000 there are mainly 3 zones Standard Primary — zone information writes in Txt file Standard Secondary — copy of Primary Active Directory Integrated– Information stores in Active Directory in win2k3 one more zone is added that is Stub zone –Stub is like secondary but it contains only copy of SOA records, copy of NS records, copy of A records for that zone. No copy of MX, SRV records etc., With this Stub zone DNS traffic will be low Q. What is FSMO Roles? Ans :-Flexible Single Master Operation Roles 1. Domain Naming Master — Forest Wide Roles 2. Schema Master — Forest Wide Roles 3. RID Master — Domain Wide Roles 4. PDC Emulator — Domain Wide Roles 5. Infrastructure Master — Domain Wide Roles RID Master — It assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects upto RID pools are avialable in DCs) else u can’t create any object one its down PDC emulator : It works as a PDC to any NT Bdcs in your environment It works as Time Server (to maintain same time in your network) It works to change the passwords, lockout etc., Infrastructure Master: This works when we are renaming any group member ship object this role takes care.

Domain Naming Master : Adding / Changing / Deleting any Domain in a forest it takes care Schema Master : It maintains structure of the Active Directory in a forest Q. FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers? Ans:- FTP : 20, 21 (20 is for controlling, 21 is Transmitting) NNTP: 119 SMTP: 25 Kerberos: 88 DNS: 53 DHCP: 67, 68 Pop3: 110

Q DHCP PAT database path folder Ans, C:\WINDOWS\system32\dhcp Q. DNS Database path folder? Ans : - C:\WINDOWS\system32\dns Q. Working of ping, telnet, and gopher. Ans. ping is a computer network tool used to test whether a particular host is
reachable across an IP network. It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. ping estimates the round-trip time, generally in milliseconds, and records any packet loss, and prints a statistical summary when finished. TELNET (TELecommunication NETwork) is a network protocol used on the Internet or local area network (LAN) connections. It was developed in 1969 beginning with RFC 15 and standardized as IETF STD 8, one of the first Internet standards. The term telnet also refers to software which implements the client part of the protocol. TELNET clients have been available on most Unix systems for many years and are available for virtually all platforms. Most network equipment and OSs with a TCP/IP

stack support some kind of TELNET service server for their remote configuration (including ones based on Windows NT). Because of security issues with TELNET, its use has waned as it is replaced by the use of SSH for remote access. "To telnet" is also used as a verb meaning to establish or use a TELNET or other interactive TCP connection, as in, "To change your password, telnet to the server and run the passwd command". Most often, a user will be telneting to a Unix-like server system or a simple network device such as a switch. For example, a user might "telnet in from home to check his mail at school". In doing so, he would be using a telnet client to connect from his computer to one of his servers. Once the connection is established, he would then log in with his account information and execute operating system commands remotely on that computer, such as ls or cd. On many systems, the client may also be used to make interactive raw-TCP sessions, even when that option is not available, telnet sessions are equivalent to raw TCP as long as byte 255 never appears in the data. packet internet gopher (PING) Definition Method used in determining the response time of an internet connection. PING software sends a request to an website, and times the receipt of reply (echo) called pong. A part of the Internet Protocol, PING is not directly accessible to the user. packet internet gopher (PING) is in the Data Management, Communications, & Networks and Internet & World Wide Web subjects.

Q. What is RAID? Types of RAID Ans:- What is a RAID
Lets start with the basics. RAID Redundant Array of Independent Discs. In the old days it also used to mean Redundant Array of Inexpensive Discs. A RAID system is a collection of hard drives joined together using a RAID level definition ( see level below). There are many uses for RAID. First it can be used to stripe drives together to give more overall access speed (level 0). Second it can be used mirror drives (level 1). Third it can be used to increase uptime of your overall storage by striping drives together and then keeping parity data, if a drive should fail the system keeps operating (level 5). Most people use RAID level 5 for the uptime purposes and its ability to join together 16 drives, giving a large storage block. Read about RAID levels below and see which one suits you best. Hot Spares A hot spare is a stand by drive assigned to an array or assigned to a group of arrays (global spare). If a drive goes bad in an array the hot spare will take over for failed drive

automatically and your array will not suffer a performance degradation. Hot spares only make sense on levels 5, 5+0 , 0+5, 1+5 and 5+1. Hot Swap Hot swap is a term used to describe the condition in which drives are attached to the RAID controller. You always want hot swap drives so that if a drive goes bad it can be replaced on the fly without incurring downtime. Other features to avoid downtime Other features of professional RAIDs include Hot swap and redundant power supplies. Hot swap and redundant fans. In some more expensive RAID systems we even have hot swap and redundant RAID controllers. RAID Levels Configure and price a RAID system RAID 0 This is the simplest level of RAID, and it just involves striping. Data redundancy is not even present in this level, so it is not recommended for applications where data is critical. This level offers the highest level of performance out of any single RAID level. It also offers the lowest cost since no extra storage is involved. At least 2 hard drives are required, preferably identical, and the maximum depends on the RAID controller. None of the space is wasted as long as the hard drives used are identical. This level has become popular with the mainstream market for it's relatively low cost and high performance gain. This level is good for most people that don't need any data redundancy. There are many SCSI and IDE/ATA implementations available. Finally, it's important to note that if any of the hard drives in the array fails, you lose everything. Configure and price a RAID system RAID 1 This level is usually implemented as mirroring. Two identical copies of data are stored on two drives. When one drive fails, the other drive still has the data to keep the system going. Rebuilding a lost drive is very simple since you still have the second copy. This adds data redundancy to the system and provides some safety from failures. Some implementations add an extra RAID controller to increase the fault tolerance even more. It is ideal for applications that use critical data. Even though the performance benefits are not great, some might just be concerned with preserving their data. The relative simplicity and low cost of implementing this level has increased its popularity in mainstream RAID controllers. Most RAID controllers nowadays implement some form of RAID 1. Configure and price a RAID system

RAID 2 This level uses bit level striping with Hamming code ECC. The technique used here is somewhat similar to striping with parity but not really. The data is split at the bit level and spread over a number of data and ECC disks. When data is written to the array, the Hamming codes are calculated and written to the ECC disks. When the data is read from the array, Hamming codes are used to check whether errors have occurred since the data was written to the array. Single bit errors can be detected and corrected immediately. This is the only level that really deviates from the RAID concepts talked about earlier. The complicated and expensive RAID controller hardware needed and the minimum number of hard drives required, is the reason this level is not used today. Configure and price a RAID system RAID 3 This level uses byte level striping with dedicated parity. In other words, data is striped across the array at the byte level with one dedicated parity drive holding the redundancy information. The idea behind this level is that striping the data increasing performance and using dedicated parity takes care of redundancy. 3 hard drives are required. 2 for striping, and 1 as the dedicated parity drive. Although the performance is good, the added parity does slow down writes. The parity information has to be written to the parity drive whenever a write occurs. This increased computation calls for a hardware controller, so software implementations are not practical. RAID 3 is good for applications that deal with large files since the stripe size is small. Configure and price a RAID system RAID 4 This level is very similar to RAID 3. The only difference is that it uses block level striping instead of byte level striping. The advantage in that is that you can change the stripe size to suit application needs. This level is often seen as a mix between RAID 3 and RAID 5, having the dedicated parity of RAID 3 and the block level striping of RAID 5. Again, you'll probably need a hardware RAID controller for this level. Also, the dedicated parity drive continues to slow down performance in this level as well. Configure and price a RAID system RAID 5 RAID 5 uses block level striping and distributed parity. This level tries to remove the bottleneck of the dedicated parity drive. With the use of a distributed parity algorithm, this level writes the data and parity data across all the drives. Basically, the blocks of data are used to create the parity blocks which are then stored across the array. This removes the bottleneck of writing to just one parity drive. However, the parity information still has to be calculated and written whenever a write occurs, so the slowdown involved with that still applies. The fault tolerance is maintained by separating the parity information for a block from the actual data block. This way when one drive goes, all the data on that drive can be rebuilt from the data on the other drives. Recovery is more complicated than usual

because of the distributed nature of the parity. Just as in RAID 4, the stripe size can be changed to suit the needs of the application. Also, using a hardware controller is probably the more practical solution. RAID 5 is one of the most popular RAID levels being used today. Many see it as the best combination of performance, redundancy, and storage efficiency. Configure and price a RAID system RAID 10 or 0+1 Combining Levels of RAID The single RAID levels don't address every application requirement that exist. So, to get more functionality, someone thought of the idea of combining RAID levels. What if you can combine two levels and get the advantages of both? Well that was the motivation behind creating these new levels. The main benefit of using multiple RAID levels is the increased performance. Usually combining RAID levels means using a hardware RAID controller. The increased level of complexity of these levels means that software solutions are not practical. RAID 0 has the best performance out of the single levels and it is the one most commonly being combined. Not all combinations of RAID levels exist. The most common combinations are RAID 0+1 and 1+0. The difference between 0+1 and 1+0 might seem subtle, and sometimes companies may use the terms interchangeably. However, the difference lies in the amount of fault tolerance. Both these levels require at least 4 hard drives to implement. Let's look at RAID 0+1 first. This combination uses RAID 0 for it's high performance and RAID 1 for it's high fault tolerance. I actually mentioned this level when I talked about adding striping to mirroring. Let's say you have 8 hard drives. You can split them into 2 arrays of 4 drives each, and apply RAID 0 to each array. Now you have 2 striped arrays. Then you would apply RAID 1 to the 2 striped arrays and have one array mirrored on the other. If a hard drive in one striped array fails, the entire array is lost. The other striped array is left, but contains no fault tolerance if any of the drives in it fail. RAID 1+0 applies RAID 1 first then RAID 0 to the drives. To apply RAID 1, you split the 8 drives into 4 sets of 2 drives each. Now each set is mirrored and has duplicate information. To apply RAID 0, you then stripe across the 4 sets. In essence, you have a striped array across a number of mirrored sets. This combination has better fault tolerance than RAID 0+1. As long as one drive in a mirrored set is active, the array can still function. So theoretically you can have up to half the drives fail before you lose everything, as opposed to only two drives in RAID 0+1. The popularity of RAID 0+1 and 1+0 stems from the fact that it's relatively simple to implement while providing high performance and good data redundancy. With the increased reduction of hard drive prices, the 4 hard drive minimum isn't unreasonable to the mainstream anymore. However, you still have the 50% waste in storage space whenever you are dealing with mirroring. Enterprise applications and servers are often

willing to sacrifice storage for increased performance and fault tolerance. Some other combinations of RAID levels that are used include, RAID 0+3, 3+0, 0+5, 5+0, 1+5, and 5+1. These levels are often complicated to implement and require expensive hardware. Not all of the combinations I mentioned above are used

Q. Types Of Active Directory Partitions?
Ans. Domain data The domain data holds information about objects within a domain. This is information such as e-mail contacts, user and computer account attributes, and published resources that are of interest to administrators and users. For example, when a user account is added to your network, a user account object and attribute data are stored in the domain data. When changes to your organization's directory objects occur, such as object creation, deletion, or attribute modification, this data is stored in the domain data. Configuration data The configuration data describes the topology of the directory. This configuration data includes a list of all domains, trees, and forests and the locations of the domain controllers and global catalogs. Schema data The schema is the formal definition of all object and attribute data that can be stored in the directory. Domain controllers running Windows Server 2003 include a default schema that defines many object types, such as user and computer accounts, groups, domains, organizational units, and security policies. Administrators and programmers can extend the schema by defining new object types and attributes or by adding new attributes for existing objects. Schema objects are protected by access control lists, ensuring that only authorized users can alter the schema Application data Data stored in the application directory partition is intended to satisfy cases where information needs to be replicated but not necessarily on a global scale. Application directory partitions are not part of the directory data store by default; they must be created, configured, and managed by the administrator.

Q. what is an organizational unit? In Active Directory,

Ans:- An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization's functional or business structure. Each domain can implement its own organizational unit hierarchy. If your organization contains several domains, you can create organizational unit structures in each domain that are independent of the structures in the other domains.

The term "organizational unit" is often shortened to "OU" in casual conversation. "Container" is also often applied in its place, even in Microsoft's own documentation. All terms are considered correct and interchangeable. At Indiana University, most OUs are organized first around campuses, and then around departments; sub-OUs are then individual divisions within departments. For example, the BL container represents the Bloomington campus; the BLUITS container is a subdivision that represents the University Information Technology Services (UITS) department, and there are subcontainers below that. This method of organization is not an enforced rule at IU; it is merely chosen for convenience, and there are exceptions. Some of this information was adapted from Microsoft's knowledge base. For more information about Active Directory structures, you can access Microsoft's knowledge base at:

Q.What are the requirements for installing AD on a new server?
• • • • • • • • •


An NTFS partition with enough free space An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows Server 2003 CD media (or at least the i386 folder)

Q. What is Kerberos? Which version is currently used by Windows? How does Kerberos work? Ans :- Kerberos is the user authentication used in Win2000 and Win2003 Active Directory servers Kerberos version in 5.0 Port is : 88 Its more secure and encrypted than NTLM (NT authentication) Q. Describe the lease process of the DHCP server.

Ans : A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. A typical server allows its administrator to set the lease time. Q. Disaster Recovery Plan? Ans: Deals with the restoration of computer system with all attendant software and connections to full functionality under a variety of damaging or interfering external condtions. Q.Which protocol is used for Public Folder ? ANS: SMTP Q.What is the use of NNTP with exchange ? ANS: This protocol is used the news group in exchange. Q.How will take backup of Active Directory ? Ans: Take the system state data backup. This will backup the active directory database. Microsoft recomend only Full backup of system state database What are the content of System State backup ? The cotents are Boot fles,system files Active directory (if its done on DC) Sysvol folder(if it done on DC) Cerficate service ( on a CA server) Cluster database ( on a clsture server) registry Performance couter configuration inormation Coponet services class registration database Q. What is the difference between windows server 2003... A) In 2000 we cannot rename domain whereas in 2003 we can rename Domain B) In 2000 it supports of 8 processors and 64 GB RAM (In 2000 Advance Server) whereas in 2003 supports up to 64 processors and max of 512GB RAM C)2000 Supports IIS 5.0 and 2003 Supports IIS6.0 D) 2000 doesn’t support Dot net whereas 2003 Supports Microsoft .NET 2.0

E) 2000 has Server and Advance Server editions whereas 2003 has Standard, Enterprise, Datacentre and Web server Editions. F) 2000 doesn’t have any 64 bit server operating system whereas 2003 has 64 bit server operating systems (Windows Server 2003 X64 Std and Enterprise Edition) G) 2000 has basic concept of DFS (Distributed File systems) with defined roots whereas 2003 has Enhanced DFS support with multiple roots. H) In 2000 there is complexality in administering Complex networks whereas 2003 is easy administration in all & Complex networks I) In 2000 we can create 1 million users and in 2003 we can create 1 billion users. J) In 2003 we have concept of Volume shadow copy service which is used to create hard disk snap shot which is used in Disaster recovery and 2000 doesn’t have this service. K) In 2000 we don’t have end user policy management, whereas in 2003 we have a End user policy management which is done in GPMC (Group policy management console). L) In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trust relationship. M) 2000 Supports 4-node clustering and 2003 supports 8-node clustering. N) 2003 has High HCL Support (Hardware Compatibility List) issued by Microsoft O) Code name of 2000 is Win NT 5.0 and Code name of 2003 is Win NT 5.1 P) 2003 has service called ADFS (Active Directory Federation Services) which is used to communicate between branches with safe authentication. Q) In 2003 their is improved storage management using service File Server Resource Manager (FSRM) R) 2003 has service called Windows Share point Services (It is an integrated portfolio of collaboration and communication services designed to connect people, information, processes, and systems both within and beyond the organizational firewall.) S) 2003 has Improved Print management compared to 2000 server T) 2003 has telnet sessions available. U) 2000 supports IPV4 whereas 2003 supports IPV4 and IPV6

Q. Difference between router and switch

Ans:- In those early days when router is router and switch is switch, these two are different in several ways:
• • • • • • • • •

Router understand IP head, and switch deal with MAC address Router has its own IP address(es), and switch don’t Router has an operating system running inside, and allow administrator to login into the system. You (network administrator) must configure routing table to make it works. Switch is usually ready to use. Router has routing software running inside, including route discovery protocol. Routing software know how to deal with different IP packet, such as ICMP and other IP option functionality. Switches don’t. Multiple routers can be connected together as a network. You can’t directly multiple switches together to form a large network.

Q. What's the difference between Windows 2000 and Windows XP?
Ans:- Windows 2000 and Windows XP are essentially the same operating system (known internally as Windows NT 5.0 and Windows NT 5.1, respectively.) Here are some considerations if you're trying to decide which version to use: Windows 2000 benefits • • • • Windows 2000 has lower system requirements, and has a simpler interface (no "Styles" to mess with). Windows 2000 is slightly less expensive, and has no product activation. Windows 2000 has been out for a while, and most of the common problems and security holes have been uncovered and fixed. Third-party software and hardware products that aren't yet XP-compatible may be compatible with Windows 2000; check the manufacturers of your devices and applications for XP support before you upgrade. Intended For Windows XP Windows 2000

Windows XP benefits • • • Windows XP is somewhat faster than Windows 2000, assuming you have a fast processor and tons of memory (although it will run fine with a 300Mhz Pentium II and 128MB of RAM). The new Windows XP interface is more cheerful and colorful than earlier versions, although the less-cartoony "Classic" interface can still be used if desired. Windows XP has more bells and whistles, such as the Windows Movie Maker, built-in CD writer support, the Internet Connection Firewall, and Remote Desktop Connection.

• • •

Windows XP has better support for games and comes with more games than Windows 2000. Windows XP is the latest OS - if you don't upgrade now, you'll probably end up migrating to XP eventually anyway, and we mere mortals can only take so many OS upgrades. Manufacturers of existing hardware and software products are more likely to add Windows XP compatibility now than Windows 2000 compatibility.

Q. What are the perquisite for installation of Exchange Server ? Ans. The pre requisite are IIS SMTP WWW service NNTP .NET Framework ASP.NET Then run Forest prep The run domain prep Q. Latest service pack windows2000Professional Ans. Windows 2000 Pro Service Pack 4 Ans . Windows XP Prof service Pack 2 Ans Windows 2000 Advance Server 4 Ans .Windows 2003 server service pack 2 Q. What is IP Address

IP address
Last modified: Thursday, August 12, 2004

An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The

format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, could be an IP address. Within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates.

The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC -- assign Internet addresses from

the following three classes. Class A - supports 16 million hosts on each of 126 networks Class B - supports 65,000 hosts on each of 16,000 networks Class C - supports 254 hosts on each of 2 million networks The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6. Also see Understanding IP Addressing in the Did You Know . . .? section of Webopedia.
Q. What is getaway?
Ans. A gateway is a network point that acts as an entrance to another network. On the

Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes. Can transcode or allow different protocols to talk to each other. Q. Types Of User Profiles
Ans . Local User Profile

This profile is automatically created the first time a user logs on to the computer, and it is stored on the computer's local hard drive. Any changes made to the local user profile are specific to the computer where the change was made. Roaming User Profile You, as the administrator, create this profile, and

store it on a network server. This profile is available when a user logs on to any computer on the network. Any changes made to roaming user profiles are automatically updated on the server when the user logs off. Mandatory User Profile Mandatory user profiles are stored on a network server and are downloaded each time the user logs on. This profile does not update when the user logs off. It is useful for situations where consistent or job-specific settings are needed Only administrators can make changes to mandatory user profiles. If the mandatory user profile is unavailable, the user cannot log on. Types of event viewer logs

System Event Viewer Tips By Nino Bilic Although Event Viewer is a Microsoft® Windows® operating system tool, and not a Microsoft Exchange Server tool, Event Viewer is useful when troubleshooting Exchange Server problems. This article describes Event Viewer basic concepts and new helpful features.
• •

Definitions. Overview
o o

Types of Logs Found in Event Viewer Types of Events Logged

• • • •

Event Anatomy What Format to Save In? How So You Know It Opened Properly? Event Viewer Differences Between Windows Server 2003, Windows XP, Windows 2000 Server, and Windows NT Server 4.0

o o o o o

Increasing the Log File Size Filtering Events Searching for Keywords If on Windows XP, Use New Functionality Get All Logs that You Might Need

For More Information Definitions

The following terms and definitions are used in this article:


Any significant occurrence in the system or an application

that requires users to be notified or an entry to be added to a log.

Event log service

A service that records events in the System,

Security, and Application logs.

Event logging

The process of recording an audit entry in the audit

trail whenever certain events occur, such as services starting and stopping, or users logging on, logging off, and accessing resources.

Event Viewer

A component you can use to view and manage event

logs, gather information about hardware and software problems, and monitor security events. Event Viewer maintains logs about program, security, and system events. Overview Using the event logs in Event Viewer, you can gather information about hardware, software, and system problems, and you can monitor Windows operating system security events. Types of Logs Found in Event Viewer Microsoft Windows Server™ 2003, Windows XP, Windows 2000 Server, and Windows NT® record events in three kinds of logs:

Application log

The Application log contains events logged by

applications or programs. For example, a database program might record a file error in the Application log. The program developer decides which events to record.

System log

The System log contains events logged by the Windows

operating system components. For example, the failure of a driver or other system component to load during startup is recorded in the System log. The event types logged by system components are predetermined by the Windows operating system.

Security log

The Security log can record security events such as

valid and invalid logon attempts as well as events related to resource

use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the Security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the Security log. Servers running Windows Server 2003 and Windows 2000 Server that are domain controllers might have the following additional logs in Event Viewer:

Directory Service log

Windows Server 2003 and Windows 2000

Server directory service logs events in the Directory Service log. This includes any information regarding the Active Directory® directory service and Active Directory database maintenance.

File Replication Service log

File Replication Service (FRS) logs its

events in this log. This service is used for replication of files, such as domain policies, between domain controllers.

DNS Server service log

This log includes events related to the

Domain Name System (DNS) Server service running on Windows Server 2003 and Windows 2000 Server. This will show only on DNS servers running Windows Server 2003 and Windows 2000 Server. Types of Events Logged The icon on the left side of the Event Viewer screen describes the classification of the event by the Windows operating system. Event Viewer displays these types of events:


A significant problem, such as loss of data or loss of

functionality. For example, if a service fails to load during startup, an error will be logged.


An event that is not necessarily significant, but may

indicate a possible future problem. For example, when disk space is low, a warning will be logged.


An event that describes the successful operation of an

application, driver, or service. For example, when a network driver loads successfully, an information event will be logged.

Success Audit

An audited security access attempt that succeeds.

For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.

Failure Audit

An audited security access attempt that fails. For

example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event. Event Anatomy The main event components are as follows:


The software that logged the event, which can be either an

application name, such as Microsoft SQL Server™, or a component of the system or of a large application, such as MSExchangeIS, which is the Microsoft Exchange Information Store service.


A classification of the event by the event source. For

example, the security categories include Logon and Logoff, Policy Change, Privilege Use, System Event, Object Access, Detailed Tracking, and Account Management.
• •

Event ID User

A unique number for each source to identify the event.

The user name for the user who was logged on and working

when the event occurred. N/A indicates that the entry did not specify a user.

Computer occurred.

The computer name for the computer where the event


This field provides the actual text of the event, or how

the application that logged the event explains what has happened.


Displays binary data generated by the event in hexadecimal

(bytes) or DWORDS (words) format. Not all events generate binary data. Programmers and support professionals familiar with source application can interpret this information. What Format to Save In?

Generally, you want to use the Event Log (.evt) format only. This is the easiest format to read and search through, because it can be opened with Event Viewer on your server. When you want to see events for services that you do not have installed on your computer, such as Cluster service or third-party services, save logs in .csv format. The .csv files can be opened in Microsoft Office Excel. The least desirable format that you can save logs in is .txt file format. Text files are searchable, but they can be cluttered with information, and it is easy to miss critical events. Use .txt format only when necessary. How Do You Know It Opened Properly?

The following is an example of an event that does not show information properly. Event Type : I n fo rmat i on Event Source : MSExchange IS Pr i va te Event Category: (30) Event ID: 2003 Date: 8/16/2001 Time: 1:47:02 PM User: N/A Computer: SERVERNAME Description: The description for Event ID ( 2003 ) in Source ( MSExchangeIS Private ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:

The following is the same event displayed properly. Event Type: Information Event Source: MSExchangeIS Private Event Category: Transport Sending Event ID: 2003 Date: 8/16/2001 Time: 1:47:02 PM

User : N/A Co mpute r : SERVERNAME Description: There are no messages ready to send. The send thread is sleeping. The first event example is the event as it appeared when opened on a computer without Exchange Server. The second example is that same event log entry when opened on a computer running Exchange Server. If you want to open an event log and see event descriptions properly, you must open the log on the computer that has those applications or services installed. If you need to display the event log for events that were created by a third-party application on another computer, you might want to save the log in .csv format to see what those events say. There will always be some events that you will not see properly, such as third-party services, hardware drivers, audio visual software, and backup software, but at least you will see Exchange Server events as they should appear, if you open the log on the Exchange server. Event Viewer Differences Between Windows Server 2003, Windows XP, Windows 2000 Server, and Windows NT Server 4.0 In Event Viewer, when you press the COPY button, the whole text recorded in the event is copied to the Clipboard. You can then paste the information anywhere you need it. In Windows Server 2003 and Windows XP, you can direct Event Viewer to look up registry entries on some other computer when you are opening the log. For example, on a computer running Windows XP Professional, you can create additional shortcuts for launching Event Viewer. Each of the shortcuts can point to another computer, one for Exchange Server version 5.5, another for Exchange 2000 Server, and a third one for Cluster service, so you can open the associated event logs on your workstation computer.

You can open event logs created on Windows Server 2003, Windows 2000 Server, and Windows NT Server 4.0. In almost all cases, all events will appear properly. There might be a case when Windows NT Server 4.0 events will appear as something totally different when viewed on Windows Server 2003 or Windows 2000 Server. For information, see Microsoft Knowledge Base article 312216, "Detailed Usage of the Event Viewer /AUXSOURCE Switch Option." Tips The following sections provide information that can help you when troubleshooting Exchange Server. Increasing the Log File Size By default, the log file size is 512 kilobytes (KB), which is not enough if you want to see activity over several days. On a busy application server, with some diagnostics logging, 512 KB can be filled with information within a few hours. Consider increasing the log file size. A log file size of 10 megabytes (MB) or larger will in most cases give you enough history to show a few days of information. Event logs compress well. It is common for a 90 MB Application log to compress to a 2 MB file. Filtering Events If you are looking for a specific event ID in the log, or you want to see just errors, warnings, or events logged by a specific component, use filtering. On Windows NT Server 4.0, click View, and then click Filter Events. On Windows Server 2003 or Windows 2000 Server, select the log you want to filter, click View, and then click Filter. This is a useful feature when viewing large event logs. Searching for Keywords Consider that you want to search all events in a particular event log that mention one specific user or server. In Event Viewer, click View, and then

click Find. Type a word that you want to find in any event in the Description field, or you can search for specific information, such as event IDs or source. If on Windows XP, Use New Functionality As mentioned previously, there is new functionality in Windows Server 2003 and Windows XP. You can redirect Event Viewer to look up registry settings and DLLs on another computer. This is a useful and timesaving feature. It allows you to view event logs for any type of application that you might have installed on any servers in your environment, from your computer running Windows XP. For more information, see Microsoft Knowledge Base Article 312216, "Detailed Usage of the Event Viewer /AUXSOURCE Switch Option." Get All Logs that You Might Need In most cases, you should look at the Application log when troubleshooting Exchange Server. However, with Exchange Server 2003 and Exchange 2000 Server, you should always also check the System log, because of the interrelationship between Exchange, Active Directory, and DNS. Consider getting both logs at the same time. Reviewing both might show you errors on the Windows operating system level that might explain the Exchange Server behavior.

Windows Server 2003 Active Directory and Security questions

Windows interview questions 1. What’s the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. 2. I am trying to create a new universal user group. Why can’t I? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. 3. What is LSDOU? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.

4. Why doesn’t LSDOU work under Windows NT? If the NTConfig.pol file exists, it has the highest priority among the numerous policies. 5. Where are group policies stored? %SystemRoot%System32\GroupPolicy 6. What is GPT and GPC? Group policy template and group policy container. 7. Where is GPT stored? %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID 8. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority? The computer settings take priority. 9. You want to set up remote installation procedure, but do not want the user to gain access over it. What do you do? gponame–> User Configuration–> Windows Settings–> Remote Installation Services–> Choice Options is your friend. 10. What’s contained in administrative template conf.adm? Microsoft NetMeeting policies 11. How can you restrict running certain applications on a machine? Via group policy, security settings for the group, then Software Restriction Policies. 12. You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer. 13. What’s the difference between Software Installer and Windows Installer? The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files. 14. What can be restricted on Windows Server 2003 that wasn’t there in previous products? Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters. 15. How frequently is the client policy refreshed? 90 minutes give or take. 16. Where is secedit? It’s now gpupdate. 17. You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among the options when creating the policy. 18. What is "tattooing" the Registry? The user can view and modify user preferences that are not stored in maintained portions of the Registry. If the group policy is removed or changed, the user preference will persist in the Registry. 19. How do you fight tattooing in NT/2000 installations? You can’t. 20. How do you fight tattooing in 2003 installations? User Configuration Administrative Templates - System - Group Policy - enable - Enforce Show Policies Only. 21. What does IntelliMirror do? It helps to reconcile desktop settings, applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline. 22. What’s the major difference between FAT and NTFS on a local machine? FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.

23. How do FAT and NTFS differ in approach to user shares? They don’t, both have support for sharing. 24. Explan the List Folder Contents permission on the folder in NTFS. Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission. 25. I have a file to which the user has access, but he has no folder permission to read it. Can he access it? It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can’t drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run… window. 26. For a user in several groups, are Allow permissions restrictive or permissive? Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission. 27. For a user in several groups, are Deny permissions restrictive or permissive? Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions. 28. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL. 29. What’s the difference between standalone and fault-tolerant DFS (Distributed File System) installations? The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders. 30. We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares. 31. Where exactly do fault-tolerant DFS shares store information in Active Directory? In Partition Knowledge Table, which is then replicated to other domain controllers. 32. Can you use Start->Search with DFS shares? Yes. 33. What problems can you have with DFS installed? Two users opening the redundant copies of the file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated through DFS. 34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah, you can’t. Install a standalone one. 35. Is Kerberos encryption symmetric or asymmetric? Symmetric. 36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line? Time stamp is attached to the initial client request, encrypted with the shared key.

37. What hashing algorithms are used in Windows 2003 Server? RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash. 38. What third-party certificate exchange protocols are used by Windows 2003 Server? Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with thirdparty certificate authorities. 39. What’s the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group. 40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists, specifically the ones using NTLMv1? A cracker would launch a dictionary attack by hashing every imaginable term used for password and then compare the hashes. 41. What’s the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. 42. How many passwords by default are remembered when you check "Enforce Password History Remembered"? User’s last 6 passwords.

Windows Server 2003 IIS and Scripting interview questions

Windows interview questions 1. What is presentation layer responsible for in the OSI model? The presentation layer establishes the data format prior to passing it along to the network application’s interface. TCP/IP networks perform this task at the application layer. 2. Does Windows Server 2003 support IPv6? Yes, run ipv6.exe from command line to disable it. 3. Can Windows Server 2003 function as a bridge? Yes, and it’s a new feature for the 2003 product. You can combine several networks and devices connected via several adapters by enabling IP routing. 4. What’s the difference between the basic disk and dynamic disk? The basic type contains partitions, extended partitions, logical drivers, and an assortment of static volumes; the dynamic type does not use partitions but dynamically manages volumes and provides advanced storage options 5. What’s a media pool? It is any compilation of disks or tapes with the same administrative properties. 6. How do you install recovery console? C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C. 7. What’s new in Terminal Services for Windows 2003 Server? Supports audio transmissions as well, although prepare for heavy network load. 8. What scripts ship with IIS 6.0? iisweb.vsb to create, delete, start, stop, and list Web sites, iisftp.vsb to create, delete, start, stop, and list FTP sites, iisdir.vsb to

create, delete, start, stop, and display virtual directories, iisftpdr.vsb to create, delete, start, stop, and display virtual directories under an FTP root, iiscnfg.vbs to export and import IIS configuration to an XML file. 9. What’s the name of the user who connects to the Web site anonymously? IUSR_computername 10. What secure authentication and encryption mechanisms are supported by IIS 6.0? Basic authentication, Digest authentication, Advanced digest authentication, Certificate-based Web transactions that use PKCS #7/PKCS #10, Fortezza, SSL, Server-Gated Cryptography, Transport Layer Security 11. What’s the relation between SSL and TLS? Transport Layer Security (TLS) extends SSL by providing cryptographic authentication. 12. What’s the role of http.sys in IIS? It is the point of contact for all incoming HTTP requests. It listens for requests and queues them until they are all processed, no more queues are available, or the Web server is shut down. 13. Where’s ASP cache located on IIS 6.0? On disk, as opposed to memory, as it used to be in IIS 5. 14. What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. More than one application can use a given socket. 15. Describe the process of clustering with Windows 2003 Server when a new node is added. As a node goes online, it searches for other nodes to join by polling the designated internal network. In this way, all nodes are notified of the new node’s existence. If other nodes cannot be found on a preexisting cluster, the new node takes control of the quorum resources residing on the shared disk that contains state and configuration data. 16. What applications are not capable of performing in Windows 2003 Server clusters? The ones written exclusively for NetBEUI and IPX. 17. What’s a heartbeat? Communication processes between the nodes designed to ensure node’s health. 18. What’s a threshold in clustered environment? The number of times a restart is attempted, when the node fails. 19. You need to change and admin password on a clustered Windows box, but that requires rebooting the cluster, doesn’t it? No, it doesn’t. In 2003 environment you can do that via cluster.exe utility which does not require rebooting the entire cluster. 20. For the document of size 1 MB, what size would you expect the index to be with Indexing Service? 150-300 KB, 15-30% is a reasonable expectation. 21. Doesn’t the Indexing Service introduce a security flaw when allowing access to the index? No, because users can only view the indices of documents and folders that they have permissions for. 22. What’s the typical size of the index? Less then 100K documents - up to 128 MB. More than that - 256+ MB. 23. Which characters should be enclosed in quotes when searching the index? &, @, $, #, ^, ( ), and |. 24. How would you search for C++? Just enter C++, since + is not a special character (and neither is C). 25. What about Barnes&Noble? Should be searched for as Barnes’&’Noble.

26. Are the searches case-sensitive? No. 27. What’s the order of precedence of Boolean operators in Microsoft Windows 2003 Server Indexing Service? NOT, AND, NEAR, OR. 28. What’s a vector space query? A multiple-word query where the weight can be assigned to each of the search words. For example, if you want to fight information on ‘black hole’, but would prefer to give more weight to the word hole, you can enter black[1] hole[20] into the search window. 29. What’s a response queue? It’s the message queue that holds response messages sent from the receiving application to the sender. 30. What’s MQPing used for? Testing Microsoft Message Queue services between the nodes on a network. 31. Which add-on package for Windows 2003 Server would you use to monitor the installed software and license compliance? SMS (System Management Server). 32. Which service do you use to set up various alerts? MOM (Microsoft Operations Manager). 33. What languages does Windows Scripting Host support? VB, VBScript, JScript.
Windows Admin Interview Questions

1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement. 2. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing). 3. We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it. The server must be authorized first with the Active Directory.
Windows Server 2003 Interview and Certification Questions

1. How do you double-boot a Win 2003 server box? The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup. 2. What do you do if earlier application doesn’t run on Windows Server 2003? When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function. This is accomplished by right-clicking the application or setup program and selecting Properties –> Compatibility –> selecting the previously supported operating system.

Windows Server 2003 Interview and Certification Questions II

1. What snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak) 2. What types of classes exist in Windows Server 2003 Active Directory? o Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Windows Server 2003 Active Directory and Security questions

1. What’s the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. 2. I am trying to create a new universal user group. Why can’t I? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. 3. What is LSDOU? It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.
Windows Server 2003 Active Directory and Security questions II

1. How can you restrict running certain applications on a machine? Via group policy, security settings for the group, then Software Restriction Policies. 2. You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer. 3. What’s the difference between Software Installer and Windows Installer? The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.
Networking questions

1. What is a default gateway? - The exit-point from one network and entry-way into another network, often the router of the network. 2. How do you set a default route on an IOS Cisco router? - ip route x.x.x.x [where x.x.x.x represents the destination address] 3. What is the difference between a domain local group and a global group? Domain local groups grant permissions to objects within the domain in which the

4. 5. 6. 7.

reside. Global groups contain grant permissions tree or forest wide for any objects within the Active Directory. What is LDAP used for? - LDAP is a set of protocol used for providing access to information directories. What tool have you used to create and analyze packet captures? - Network Monitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by Fluke Networks). How does HSRP work? What is the significance of the IP address - The limited broadcast address is utilized when an IP node must perform a one-to-everyone delivery on the local network but the network ID is unknown.

Windows sysadmin interview questions

1. What are the required components of Windows Server 2003 for installing Exchange 2003? - ASP.NET, SMTP, NNTP, W3SVC 2. What must be done to an AD forest before Exchange can be deployed? Setup /forestprep 3. What Exchange process is responsible for communication with AD? DSACCESS 4. What 3 types of domain controller does Exchange access? - Normal Domain Controller, Global Catalog, Configuration Domain Controller 5. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address 6. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini 7. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers. 8. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space. 9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268 10. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE 11. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs. 12. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup.

Q. What is TCP/IP Ans. Transmission Control Protocol/Internet Protocol A protocol for communication between computers, used as a standard for transmitting data over networks and as the basis for standard Internet protocols. Or Transmission Control Protocol/Internet Protocol. Communication protocol suite and standard for all Internet-connected machines.

Types of backup

The Backup utility supports five methods of backing up data on your computer or network.
Copy backup

A copy backup copies all the files you select, but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.
Daily backup

A daily backup copies all the files that you select that have been modified on the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).
Differential backup

A differential backup copies files that have been created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup.
Incremental backup

An incremental backup backs up only those files that have been created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and

incremental backups, you will need to have the last normal backup set as well as all incremental backup sets to restore your data.
Normal backup

A normal backup copies all the files you select and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set. Backing up your data using a combination of normal backups and incremental backups requires the least amount of storage space and is the quickest backup method. However, recovering files can be timeconsuming and difficult because the backup set might be stored on several disks or tapes. Backing up your data using a combination of normal backups and differential backups is more time-consuming, especially if your data changes frequently, but it is easier to restore the data because the backup set is usually stored on only a few disks or tapes. Q. Difference between DNS and WINS
Ans:- WINS = Windows Internet Name Service "Windows" being key word.

WINS resolves netbios computer names to IP address. DNS resolves hostnames to an ip address. If you go through your network settings for the TCP/IP protocol, you will notice you can use a different "hostname" from "computername". WINS = MyComputer = DNS = MyComputer.MyDomain.Com = DNS is primarily used to resolve domain names to the IP addresses that are held in Domain Name Servers. Without DNS servers, you would have to type and IP address to get to a web site. Servers use WINs to resolve Netbios 15 letter names to IP addresses. WINS is generally used on LANS, and not WANS. DNS is primarily used on WANS.


The OSI Model

The IEEE formed the 802 committee in February 1980 with the aim of standardizing the LAN architectures by defining the Open System Interconnection (OSI) model. Of the OSI model, the Data Link layer was split into two, the Media Access Control (MAC) sub-layer and the 802.2 Logical Link Control (LLC) sub-layer.

You can make up expressions to remember the order of the 7 layers, for example, 'Angus Prefers Sausages To Nibbling Dried Pork' or 'A Pretty Silly Trick Never Does Please'. I remember it best using the natty expression 'Application, Presentation, Session, Transport, Network, Data link, Physical'. It just rolls off the tongue!

The OSI protocol set is rarely used today, however the model that was developed serves as a useful guide to refer other protocol stacks such as ATM, TCP/IP and SPX/IPX.

Application Layer 7
It is employed in software packages which implement client-server software. When an application on one computer starts communicating with another computer, then the Application layer is used. The header contains parameters that are agreed between applications. This header is often only

sent at the beginning of an application operation. Examples of services within the application layer include: • • • • • • • • • • • FTP DNS SNMP SMTP gateways Web browser Network File System (NFS) Telnet and Remote Login (rlogin) X.400 FTAM Database software Print Server Software

Presentation Layer 6
This provides function call exchange between host operating systems and software layers. It defines the format of data being sent and any encryption that may be used. Examples of services used are listed below: • • • • • • • MIDI HTML GIF TIFF JPEG ASCII EBCDIC

Session Layer 5
The Session layer defines how data conversations are started, controlled and finished. The messages may be bidirectional and there may be many of them, the session layer manages these conversations and creates notifications if some messages fail. Indications show whether a packet is in the middle of a conversation flow or at the end. Only after a completed conversation will the data be passed up to layer 6. Examples of Session layer protocols are listed below: • • • • • RPC SQL NetBIOS names Appletalk ASP DECnet SCP

Transport Layer 4
This layer is resonsible for the ordering and reassembly of packets that may have been broken up to travel across certain media. Some protocols in this layer also perform error recovery. After error recovery and reordering the data part is passed up to layer 5. Examples are: • • • TCP UDP SPX

Network Layer 3
This layer is responsible for the delivery of packets end to end and implements a logical addressing scheme to help accomplish this. Routing packets through a network is also defined at this layer plus a method to fragment large packets into smaller ones depending on MTUs for

different media (Packet Switching). Once the data from layer 2 has been received, layer 3 examines the destination address and if it is the address of its own end station, it passes the data after the layer 3 header to layer 4. Examples of Layer 3 protocols include: • • • Appletalk DDP IP IPX

Data Link Layer 2
This layer deals with getting data across a specific medium and individual links by providing one or more data link connections between two network entities. End points are specifically identified, if required by the Network layer Sequencing. The frames are maintained in the correct sequence and there are facilities for Flow control and Quality of Service parameters such as Throughput, Service Availability and Transit Delay.

Examples include: • • • • • • • • IEEE 802.2 IEEE 802.3 802.5 - Token Ring HDLC Frame Relay FDDI ATM PPP

The Data link layer performs the error check using the Frame Check Sequence (FCS) in the trailer and discards the frame if an error is detected. It then looks at the addresses to see if it needs to process the rest of the frame itself or whether to pass it on to another host. The data

between the header and the trailer is passed to layer 3. The MAC layer concerns itself with the access control method and determines how use of the physical transmission is controlled and provides the token ring protocols that define how a token ring operates. The LLC shields the higher level layers from concerns with the specific LAN implementation.

Physical Layer 1
This layer deals with the physical aspects of the media being used to transmit the data. This defines things like pinouts, electrical characteristics, modulation and encoding of data bits on carrier signals. It ensures bit synchronisation and places the binary pattern that it receives into a receive buffer. Once it decodes the bit stream, the physical layer notifies the data link layer that a frame has been received and passes it up. Examples of specifications include: • • • • • • • • • • • V.24 V.35 EIA/TIA-232 EIA/TIA-449 FDDI 802.3 802.5 Ethernet RJ45 NRZ NRZI

You will notice that some protocols span a number of layers (e.g. NFS, 802.3 etc.). A benefit of the seven layer model is that software can be written in a modular way to deal specifically with one or two layers only, this is often called Modular Engineering.

Each layer has its own header containing information relevant to its role. This header is passed down to the layer below which in turn adds its own header (encapsulates) until eventually the Physical layer adds the layer 2 information for passage to the next device which understands the layer 2 information and can then strip each of the layers' headers in turn to get at the data in the right location. Each layer within an end station communicates at the same layer within another end station.

OSI Model Layers
Application | Presentation | Session | Transport Network | Data Link | Physical

Layer Application
User Interface

• • • • used for applications specifically written to run over the network allows access to network services that support applications; directly represents the services that directly support user applications handles network access, flow control and error recovery Example apps are file transfer,e-mail, NetBIOSbased applications Translates from application to network format and vice-versa all different formats from all sources are made into a common uniform format that the rest of the OSI model can understand responsible for protocol conversion, character conversion,data encryption / decryption, expanding graphics commands, data compression sets standards for different systems to provide seamless communication from multiple protocol stacks


Network Components



• •

Gateway Redirector

"syncs and sessions"

• •

not always implemented in a network protocol establishes, maintains and ends NetBIOS sessions across the network responsible for name Names Pipes recognition (identification) so only the designated parties can Mail Slots participate in the session provides synchronization RPC services by planning check points in the data stream => if session fails, only data after the most recent checkpoint need be transmitted manages who can transmit data at a certain time and for how long Examples are interactive login


Windows sysadmin interview questions

1. What are the required components of Windows Server 2003 for installing Exchange 2003? - ASP.NET, SMTP, NNTP, W3SVC 2. What must be done to an AD forest before Exchange can be deployed? Setup /forestprep 3. What Exchange process is responsible for communication with AD? DSACCESS 4. What 3 types of domain controller does Exchange access? - Normal Domain Controller, Global Catalog, Configuration Domain Controller 5. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address 6. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini 7. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers. 8. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space. 9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268 10. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE 11. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs. 12. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup.
Networking questions

1. What is a default gateway? - The exit-point from one network and entry-way into another network, often the router of the network. 2. How do you set a default route on an IOS Cisco router? - ip route x.x.x.x [where x.x.x.x represents the destination address] 3. What is the difference between a domain local group and a global group? Domain local groups grant permissions to objects within the domain in which the reside. Global groups contain grant permissions tree or forest wide for any objects within the Active Directory. 4. What is LDAP used for? - LDAP is a set of protocol used for providing access to information directories.

5. What tool have you used to create and analyze packet captures? - Network Monitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by Fluke Networks). 6. How does HSRP work? 7. What is the significance of the IP address - The limited broadcast address is utilized when an IP node must perform a one-to-everyone delivery on the local network but the network ID is unknown. Q. What is the default domain functional level in Windows Server 2003 Ans. Default Domain functional level Mix mode

Domain Functional Level
Domain functionality activates features that affect the whole domain and that domain only. The four domain functional levels, their corresponding features, and supported domain controllers are as follows:
Windows 2000 mixed (default)
Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003 Activated features: local and global groups, global catalog support

Windows 2000 native

Supported domain controllers: Windows 2000, Windows Server 2003 • Activated features: group nesting, universal groups, SidHistory, converting groups between security groups and distribution groups, you can raise domain levels by
increasing the forest level settings

Features of Exchange server 2007
Ans. Anti-spam and Antivirus
Feature New or Description Updated in SP1

Edge Transport server role

This server role is for perimeter network deployment. It supports Simple Mail Transfer Protocol (SMTP) routing, provides antispam filtering technologies and support for antivirus extensibility. The Edge Transport server should be isolated from the Active Directory directory services, but can still leverage Active Directory for recipient filtering by using Active Directory Application Mode (ADAM). EdgeSync in Exchange Server 2007 publishes pertinent organization information, encrypted, to the Edge Transport server for use in robust recipient filtering and respects Microsoft Outlook safe sender lists on the Edge. Communications between the Edge Transport server and the


New or Description Updated in SP1

internal network in an Exchange Server 2007 organization are encrypted by default. Edge Transport includes anti-spam technologies that protect at many layers.
Anti-spam: Connection Filtering Exchange Server 2007 provides an integrated, IP based block-and-allow list based on sender reputation. Lists are automatically updated as new versions become available. Administrators can establish additional IP allow-or-deny lists as needed. Anti-spam: Sender and Recipient Filtering Sender reputation is dynamically analyzed and updated. When the Edge Transport server spots specific trends from a given domain, it can impose certain actions to either quarantine or reject incoming messages. Sender ID is also used to verify that each e-mail message originates from the Internet domain from which it claims to come from based on the sender's SMTP server IP address. Once a Sender ID record has been verified, the results can be cross-referenced to past traffic patterns and sender reputation, creating an associate weight into the domain reputation. Finally, recipients are validated, and administrators have the ability to block messages sent to non-existent user accounts or internal-only distribution lists Anti-spam: Safe Sender List Aggregation Anti-spam: Sender ID Via EdgeSync, the Edge Transport server respects Outlook 2003 and Outlook 2007 safe sender lists to help reduce false positives. Exchange Server 2007 embeds support for Sender ID, an e-mail industry initiative designed to verify that each e-mail message originates from the Internet domain from which it claims to come based on the sender's SMTP server IP address. Sender ID helps prevent domain spoofing and protect legitimate senders’ domain names and reputation and helps recipients more effectively identify and filter junk e-mail and phishing scams. Anti-spam: Content Filtering Content is analyzed using the Intelligent Message Filter (IMF), Exchange Server's implementation of Microsoft SmartScreen content filtering technology. SmartScreen is based on Microsoft Research's patented machine-learning technology. Anti-phishing capabilities are also built-in to the IMF to help detect fraudulent links or spoofed domains and protect users from these types of online scams. When used with Outlook 2007, a phishing warning or block appears in the user interface. Customers are protected from emerging spam attacks through the automatic filter updates for Exchange Server 2007, which are published


New or Description Updated in SP1 on a frequent basis. Should the administrator require additional control, the Edge Transport server enables customization, including the ability to add words or phrases to the filter.

Anti-spam: Outlook E-Mail Postmark

Exchange 2007 verifies Outlook E-mail Postmarks attached to messages sent from Outlook 2007. The Outlook E-mail Postmark can reduce false positives for messages from legitimate senders that have little to no reputation.

Anti-spam: Spam Assessment

In addition to scanning message content, the IMF consolidates guidance from Connection, Sender/Recipient, Sender Reputation, Sender ID verification, and Outlook E-mail Postmark validation to apply a Spam Confidence Level (SCL) rating to a given message. Administrators can preconfigure actions on the message based on this SCL rating. Actions may include deliver to the inbox or junk mail folder, deliver to the spam quarantine, or reject outright and no deliver.

Anti-spam: Service Resilience

The Edge Transport server role controls the inbound SMTP message receipt rate for increased availability. This control, coupled with the ability to detect open proxy machines, can aid in preventing denial of service attacks. Tar pitting is supported to slow the server response for certain SMTP communication patterns, minimizing exposure to directory harvest attacks.

Anti-spam: Anti-spam Stamp

Messages filtered by the Edge Transport server role are stamped with information, including why the message was considered spam and which combination of filters and reputation services (IP, domain, sender, recipient, content) determined its spam assessment. Administrators may use this information in an aggregate way to understand the effectiveness of filtering across their multilayered approach and tune appropriately.

Anti-spam: Two-Tiered Spam Quarantine

The Exchange Server 2007 environment enables two-tiered spam quarantine. First, administrators have access to a Spam Quarantine housed in the perimeter network. Using Outlook, administrators can access the Spam Quarantine to search for messages, release to the recipient, or reject and delete. Messages with borderline SCL ratings (borderline definition configured by the administrator) may be released to the end user's junk mail folder in Outlook, and are converted to plain text for further protection.

Anti-spam: Consolidated Management

Management of the Edge Transport Server role and corresponding rules is consistent with the rest of the Exchange environment and can be performed using the Exchange Management Console graphical interface


New or Description Updated in SP1 or the Exchange Management Shell for automation. Finally, the administrator can leverage notifications through Microsoft Operations Manager (MOM) or reports within Exchange to analyze the effectiveness of their anti-spam filters.

Antivirus Extensibility:Attachment Filtering Antivirus Extensibility: Edge Protocol Rules

To effectively protect against worms delivered via e-mail, the administrator can strip attachments based on their size, content or file type. Zip file manifests can be examined as well for offending file types. As a reactive defense mechanism, protocol rules provide a layer of protection before antivirus signature updates become available. Administrators can filter on known text patterns in malware carriers and drop the connection.

Antivirus Extensibility: Antivirus Stamp

Messages scanned in the Exchange environment can be assigned an antivirus stamp. This stamp identifies which engine did the scanning, which signature was used, and when the message was last scanned.

Antivirus Extensibility: Deep Integration for Antivirus Scanning

Antivirus solutions can be more tightly integrated in the Exchange Server 2007 environment. Antivirus solutions have access to the Multipurpose Internet Mail Extensions (MIME) parsers and can scan the message stream in transport (on Edge Transport or Hub Transport servers). Catching viruses in transport helps prevent their delivery and storage in Exchange mailboxes.

Hosted Filtering Integration

Exchange Server 2007 provides integration with Exchange Hosted Services, offering off-site protection against spam and viruses.

Confidential Messaging
Feature New or Updated in SP1 Description

Intra-Org Encryption

All mail traveling within an Exchange Server 2007 organization is encrypted by default. Transport Layer Security (TLS) is used for server-to-server traffic, Remote Procedure Call (RPC) is used for Outlook connections, and Secure Socket Layers (SSL) is used for Client Access traffic (Outlook Web Access, Exchange ActiveSync, and Web Services). This prevents spoofing and provides confidentiality messages in transit.

SSL Certificates Automatically Installed Opportunistic TLS

SSL certificates are installed by default in Exchange Server 2007, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers.

If the destination SMTP server supports TLS (via the “STARTTLS” SMTP command) when sending outbound e-mail from Exchange Server 2007, Exchange Server will


New or Updated in SP1



automatically encrypt the outbound content using TLS. In addition, inbound e-mail sent to Exchange Server 2007 from the internet will be encrypted if the sending server supports TLS (Exchange Server 2007 automatically installs SSL certificates).

S/MIME Support


Secure Multipurpose Internet Mail Extensions (S/MIME) enables users to send signed and encrypted e-mail to one another from a variety of devices, including Outlook, Outlook Web Access, and Windows Mobile 6.0 using Exchange ActiveSync.

Feature New or Updated in SP1 Yes Description

Transport Rules

Exchange Server 2007 includes a policy engine based on rules that execute on Hub Transport servers. With Transport Rules, administrators and compliance officers can establish and enforce regulatory or corporate policies on internal or outbound e-mail, voice mail, or fax. For example, using a wizard in the Exchange Management Console or the command line in Exchange Management Shell, rules can be written that would prohibit communication between members of distinct distribution lists, append a disclaimer to any message being sent externally, or BCC the compliance officer anytime a specific phrase appears in the subject or content of a message.

Messaging Records Management

Various corporate retention policies exist for e-mail, voice mail, and fax communications. With Managed Folders, a user can organize messages into Outlook folders that are provisioned and managed by the administrator. An automated process scans the inbox and these folders to retain, expire, or journal communications based on compliance requirements.

Flexible Journaling

Journaling is flexible in Exchange Server 2007. Journaling can be triggered per database, per distribution list, or per user. All messages can be journaled, or just those sent internally or externally.

MultiMailbox Search

Using the Microsoft standard search technology, content in Exchange Server 2007 mailboxes is fully indexed and searchable using a variety of criteria. If compliance or legal requirements require information discovery, administrators can search across multiple mailboxes within an organization with a single query, routing the results to a Microsoft Windows SharePoint Services site, a new or existing local PST file, or mailbox that can be made available via Outlook to HR, compliance officers, or others.

Archive Integration

Journaled messages can be archived to any SMTP address, including an Exchange mailbox or Windows SharePoint Services site.

Business Continuity


New or Updated in SP1


Local Continuous Replication

Availability can be increased using continuous replication of data across multiple disks on a single server. This establishes a second copy of the production database on the local server that is kept up-to-date automatically. In the event of a disk failure or data corruption, switching over to the copy database provides a less costly and less complex recovery solution for the administrator.

Cluster Continuous Replication

Availability can be increased using replication in an active/passive cluster. Data recorded on the active server node is copied to the passive server node, enabling a copy of not only server configuration and settings but data as well. By not requiring shared storage, the active node and passive node can be located in separate geographical locations without the performance impact of synchronous replication solutions. Automated failover to the passive server node is transparent to the end user, dramatically reducing the risk of data loss by relying on logs and queues and providing a less costly and less complex recovery solution for the administrator.

Standby Continuous Replication


Availability can be increased using replication between geographically dispersed data centers in combination with LCR and CCR. Data recorded on the source server node is copied to a destination server node (the standby server) and multiple destination servers can be created for a single source server. In the event of a disk failure, data corruption, or complete site failure, the administrator can switch to the standby server preventing data loss and enabling a seamless transition for users, providing a less costly and less complex recovery solution for the administrator.

Fast and Fewer Backups

Backups can be run against the copy of the production database on either the local server or passive server node, decreasing the performance impact on production. Continuous Replication also reduces the frequency of costly, full disk or tape backups currently used for disaster recovery.

Database Portability

In the case of a complete server failure, an empty dial tone mailbox database can be created on a new server, enabling users to send and receive e-mail while recovery is underway. A backup of the mailbox database can then be recovered into the dial tone database even though the original database in the backup was created on a different server.

Top of page

Anywhere Access

Exchange Server 2007 offers features that allow you and your employees anywhere access to e-mail, calendaring, and more. See what features are included with Exchange Server 2007 for anywhere access in the table below.


New or Updated in SP1


Calendar Attendant

The Calendar Attendant reduces scheduling conflicts by limiting calendar items (request, declines, accepts) in the inbox to the latest version. The Calendar Attendant also marks meeting requests as tentative on recipient calendars until users can act on the request and relies on the Exchange Server 2007 free/busy Web service for always up-to-date availability information.

Resource Booking Attendant

The Resource Booking Attendant enables resources, including meeting rooms or other equipment, to be automatically managed. Resources can auto-accept requests when available or decline and provide details explaining the decline. Administrators can set granular policies on resources, including available hours or scheduling permissions.

Scheduling Assistant

The Scheduling Assistant helps users efficiently schedule meetings by providing visual guidance on the best and worst dates and times to meet based on meeting invitees and required resources.

Schedulable Out of Office

Out of Office (OOF) messages can now be scheduled to begin and end on specific dates and times, reducing the likelihood of a user’s out of OOF not being set. A separate out of office message can be sent to external recipients, a capability the administrator can enable or disable. Out of Office messages can also be set or unset from a mobile device.

Mobile Messaging
Feature New or Updated in SP1 Description


Information can be quickly found from a mobile device using the search capability of Exchange ActiveSync. When executing a search from a mobile device, both the local device store and the user’s entire Exchange mailbox are queried. Results found through the over-the-air search of the Exchange mailbox can be rapidly retrieved to the device. This capability enables access to information sent or received days, weeks, or even months before, regardless of the storage limitations of the mobile device.

Direct Push

Mobile devices incorporating Exchange ActiveSync maintain a secure connection with Exchange Server 2007, receiving new or updated e-mail, calendar, contacts, and tasks as soon as they arrive on the server. This push method optimizes bandwidth usage while keeping users up-to-date.

Rich Experience on a Breadth of Devices

Users can get a familiar experience on a range of mobile devices without requiring the organization to deploy expensive third-party software or services. The Exchange Server 2007 ActiveSync protocol is licensed for use by Windows Mobile, Nokia, Symbian, Motorola, Sony Ericsson, Palm, and DataViz. Given the breadth of partners, device choice continues to expand.



Administrators may choose to enforce policies on devices used in their organizations


New or Updated in SP1


Security and Management

including requiring PINs of varying length and strength and enforcing a device wipe of data and applications, should the device be lost or stolen. These controls become granular with Exchange Server 2007, allowing per-user policies. Device usage can be tracked and managed centrally within the Exchange Server environment. Service Pack 1 (SP1) includes 28 new policies across device, network, application, and security control.


When a user receives a link to a Windows SharePoint Services site or file share while using a mobile device, Exchange Server 2007 uses LinkAccess to retrieve and display the document, no VPN or tunnel required.

Calendaring and Out of Office

With Exchange Server 2007, users have many new options when accessing their calendar from a mobile device using Exchange ActiveSync. They can reply to a meeting invitation with a message, forward the invitation to another person, and view acceptance tracking for meeting attendees. Out of Office messages can also be set from the mobile device.

Web-based Messaging
Feature New or Updated in SP1 Yes Description

Outlook 2007 Experience

Outlook Web Access, an AJAX application since its first release with Exchange Server 5.5, provides a rich, Outlook like experience in a browser. New features in Outlook Web Access 2007 enable users to:


New or Updated in SP1


• • • • • • • • • • •
Access Security

Schedule Out of Office messages and send to internal and/or external recipients Use the Scheduling Assistant to efficiently book meetings Access SharePoint documents without a VPN or tunnel using LinkAccess Use WebReady Document Viewing to read attachments in HTML even if the application that created the document is not installed locally Access RSS subscriptions View content in Managed E-mail Folders Retrieve voice mail or fax messages through Unified Messaging integration Search the Global Address List Edit and manage server-side mailbox rules Send and receive S/MIME messages Access to Public Folder items

Outlook Web Access 2007 security is improved. Two-factor authentication is supported, and administrators can enforce HTML-only document viewing to avoid information being left behind on public kiosks.

SelfService Support


The Outlook Web Access 2007 Options menu allows users to quickly and easily resolve many of the most common sources of helpdesk calls on their own. OWA users can request a Unified Messaging voice mail PIN reset, issue a remote wipe request to their mobile device should it be lost or stolen, and add senders to their safe or block list all within Outlook Web Access. Service Pack 1 (SP1) includes a confirmation from Exchange when the remote wipe request is successfully completed.

Outlook Web Access Light Search


Outlook Web Access Light provides a rich Outlook Web Access experience over slow connections and enables many of the new features in Outlook Web Access 2007, including schedulable Out of Office messages (internal and external), Really Simple Syndication (RSS) subscriptions, and Managed E-Mail Folder access. Exchange Server 2007 mailboxes are fully indexed by default, allowing users to quickly search for information from Outlook Web Access. Re-indexing is significantly faster than Exchange Server 2003, and search spans both content within the e-mail itself and data contained in attachments.


New or Updated in SP1


Remote Document Access: LinkAccess Remote Document Access: WebReady Document Viewing Yes

When a user receives a link to a Windows SharePoint Services site or file share while working remotely using Outlook Web Access, Exchange Server 2007 uses LinkAccess to retrieve and display the document, no virtual private network (VPN) or tunnel required. Outlook Web Access 2007 can transcode a variety of document types – including Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and PDF files – from their native format into HTML so that they can be viewed in a client browser even if the application that created the document is not installed on the client. This allows users to be productive from almost any machine and keeps viewed documents safe, even on kiosk machines, since HTML documents are purged by Outlook Web Access at logoff or session timeout. Service Pack 1 (SP1) includes support for Microsoft Office 2007 file formats.

Unified Messaging
Feature New or Updated in SP1 Description

Voice Messaging System

Voice mail can now be stored in the mailbox and accessed from a unified inbox in Outlook, Outlook Web Access, on a mobile device, or from a standard telephone. This unification improves employee productivity by simplifying access to the most common types of communications. It also dramatically reduces cost by removing the need for a standalone voice mail system and by taking advantage of any existing investments in Active Directory. Exchange Server 2007 Unified Messaging can be connected with a legacy private branch exchange (PBX) infrastructure through an IP gateway, or can be directly connected with certain IP PBX installations.

Fax Messaging System SpeechEnabled Automated Attendant SelfService Voice Mail Support Outlook Voice Access

Faxes can now be stored in the mailbox and accessed from the user’s unified inbox in Outlook, Outlook Web Access, or their mobile device. Unified Messaging centralizes the management of inbound fax services within the Exchange infrastructure. The Attendant answers calls using an automated operator, with customizable menus (e.g. “press 1 for sales”), and global address list directory lookups (e.g. “who would you like to contact?”). Callers can interact with the Automated Attendant through touch tone menus or their voice using speech recognition. Using Outlook Web Access, users can request a reset of their voice mail PIN, set their voice mail greeting, record their out-of-office voice message, and specify mailbox folders to access when calling in by phone to hear e-mail messages through text-to-speech translation. Users can access their Exchange mailbox using a standard telephone, available anywhere. Through touch tone or speech-enabled menus, they can hear and act on their calendar, listen to e-mail messages (translated from text to speech), listen to


New or Updated in SP1


voice mail messages, call their contacts, or call users listed in the directory. Play on Phone Exchange Unified Messaging allows users to playback voice messages received in their Exchange inbox on a designated phone. This feature is useful when a user is in a public place and does not want to play the voice mail over their computer speakers. Play on Phone routes the voice mail to a cell phone, desk phone, or other number specified by the user. New Voice Mail Alerts Yes When combined with Office Communication Server 2007 (OCS), users can get an indicator on their Office Communicator client or OC-enabled desktop phone that a new voice mail message is in their inbox. Direct Dial Yes into Outlook Voice Access
Top of page

Using Office Communicator, users can dial into Outlook Voice Access with a single click, without the need to input their extension or PIN.

Operational Efficiency

Exchange Server 2007 helps IT professionals administer, automate, and deploy more efficiently. See what features are included with Exchange Server 2007 for operational efficiency in the table below.
Administration and Automation
Feature New or Updated in SP1 Yes Description

Exchange Management Console

Improves the graphical user interface for management. Management actions are easily discovered through the action pane, and the navigation tree is simplified to three levels deep. Exchange management and troubleshooting tools are integrated in the toolbox. The Exchange Management Console is built upon the Exchange Management Shell; actions taken in the Console are also available, and visible, through the command line shell.

Exchange Management Shell


The Exchange Management Shell, based on Microsoft Windows PowerShell, is a highly extensible and flexible management environment that complements the graphical interface available through the Exchange Management Console. It enables rapid management through a scriptable command line for automation, batching, and reporting and integrates with


New or Updated in SP1


Active Directory. To help administrators quickly learn the syntax of the Exchange Management Shell and build custom scripts, wizards in the graphical Exchange Management Console display the command line syntax for each action the administrator has specified via the wizard. This text can be cut and pasted directly into the Exchange Management Shell or into a script file. Extended Integration with Active Directory Use of Active Directory sites helps automate new server discovery and configuration within the organization. The topology of an Exchange Server 2007 environment is defined and managed through Active Directory, alongside other servers in the infrastructure. Exchange Management Pack for Microsoft Operations Manager Manual configuration for synthetic transactions has been dramatically reduced or eliminated. All synthetic transactions are now accessible from the Exchange Management Shell. Rules directly align with Exchange Server 2007 server roles. New reports are introduced for Exchange ActiveSync, unified messaging service availability, message hygiene features, and server performance. Exchange Best Practices Analyzer (ExBPA) integration features are also included. Exchange Troubleshooting Tools In addition to the deep integration of Exchange Best Practices Analyzer, Exchange Server 2007 provides several troubleshooting tools within the toolbox in the Exchange Management Console. These tools are kept up-to-date with the latest information and capabilities through integration with Microsoft Update. Included in the toolbox are the Exchange Mail Flow Troubleshooter, Exchange Database Troubleshooter, and the Exchange Performance Troubleshooter. The Exchange Mail Flow Troubleshooter can diagnose and help remediate inbound and outbound e-mail failures. The Exchange Database Troubleshooter isolates database mounting failures, is used to manage recovery storage groups, and walks the administrator through dial tone recovery. Finally, the Exchange Performance Troubleshooter identifies the cause of Outlook or Exchange performance problems and advises on remediation. Public Folder Management Console Yes In addition to Exchange Management Shell, the Public Folder Management Console will enable administrators to quickly manage public folders, including creation, deletion, and replication configuration of individual folders.


New or Updated in SP1


Flexible Permission Model

Permissions become more granular and straightforward to manage in the Exchange Server 2007 environment. The permissions model enables a set of new, predefined administrator “roles.”

Automatic Server Updates

Automates Exchange Server updating and patching using either Microsoft Update on the Web, Windows Update Server on-site, or Microsoft Systems Management Server, soon to be released as System Center Configuration Manager.

Feature New or Updated in SP1 Description

Server Roles

Exchange Server 2007 is a modular system of five server roles– Edge Transport, Hub Transport, Mailbox, Client Access, and Unified Messaging – that reduces the time required for installation; minimizes manual, post-install configuration by the administrator; and limits the surface area available for attack to increase security. Administrators also gain the flexibility to deploy only the features and services necessary on a given server and manage accordingly. All server roles, with the exception of Edge Transport, can be deployed on a single server, and only the Hub Transport and Mailbox server roles are required for Exchange Server 2007 installation.



A new setup process goes from installation to configuration and reduces complexity by incorporating the modular, server role architecture of Exchange Server 2007 into the process. Microsoft Windows Installer technology provides distinct installation packages and smart default settings. Exchange Best Practices Analyzer (ExBPA) is integrated with a setup process to perform prerequisite checking and identify potential deployment errors. To ease deployments in large environments, Exchange Management Shell scripts can be used to automate server installation and provisioning. The Exchange Server 2007 SP1 installation is slipstreamed, enabling a straightforward, integrated setup if you’re deploying Exchange Server 2007 SP1 for the first time or upgrading from an existing Exchange Server 2007 deployment.

Exchange Best

Embedded in the Exchange Server 2007 setup process and available through the Exchange Management Console toolbox,


New or Updated in SP1


Practices Analyzer

the Exchange Best Practices Analyzer can be used to proactively examine the topology and individual servers for configuration discrepancies that may lead to service outages and reliability problems in the future. The Analyzer surfaces warnings or error messages to the administrator and information on how to address the warning or error. It is recommended that the Exchange Best Practice Analyzer be run periodically against an Exchange environment to ensure optimal configuration.


Configuring Outlook 2007 to connect with Exchange is easier than ever before. If logged on to the network, Exchange Server 2007 automatically completes all inputs required for the user to initiate the connection. Even for users not logged on to the network, connecting Outlook 2007 to Exchange Server 2007 using Outlook Anywhere (formerly known as RPC over HTTP or RPC/HTTP) requires only the user name, e-mail address, and password; no Exchange server name is required. In the event of a mailbox move, migration or disaster, Autodiscover eliminates the need for users to change their settings by automatically detecting the new server and reconfiguring the connection.

Single Migration Engine

Exchange Server 2007 provides a single, comprehensive tool for administrators to perform intra or inter-organizational migrations, minimizing migration complexity.

Scalability and Performance
Feature New or Updated in SP1 Description

Native x64

As a native 64-bit application, Exchange can access more memory, ensuring high performance and reliability as mailbox sizes and the number of user accounts per server increase.

Windows Server 2008 Support


Windows Server 2008 support provides added security features as well as deployment and administrative experience benefits to administrators while enabling Exchange to run on the newest Windows Server platform.

Storage Optimization

With reduced input/output (I/O) requirements (up to 75 percent reduction in I/O per second) enabled by the larger memory caches available on x64 systems, Exchange Server 2007 makes better use of existing storage systems and also allows administrators to use low-cost options like Direct Attached


New or Updated in SP1


Storage, even in demanding, enterprise environments. Optimized Browser Access Outlook Web Access (OWA) 2007 delivers improved performance and decreased latency. Increased client caching reduces server roundtrips, thereby reducing bandwidth usage and providing an optimal user experience when accessing over slow connections. Simplified Routing and Optimized Bandwidth Message routing is automatically determined, and mail is delivered using the most direct route by default. Administrators can also configure schedule and priority to optimize bandwidth usage.

Extensibility and Programmability
Feature New or Updated in SP1 Description

Web Services Yes Application Programming Interface (API) OWA Web Parts

Developers now have a simple way to embed information from the Exchange Server 2007 mailbox or calendar within line-ofbusiness or other custom applications. The Exchange Web Services API provides a single, documented, standards-based API to be called from any client, language, or platform. Developers can easily embed Outlook Web Access functionality into their custom portals and portal applications using OWA Web Parts.

Free/Busy Web Service

The Free/Busy Web Service offers a flexible, extensible way to access free/busy information in Exchange Server 2007. Used by clients such as Outlook, Outlook Web Access, and mobile devices based on Exchange ActiveSync, the Free/Busy Web Service allows developers to embed free/busy information in line-ofbusiness or custom applications

.NET Integration

Commands or scripts used in the Exchange Management Shell can be called from managed code such as C# or VB.NET. This allows developers to build custom applications which organizations may use to execute common management tasks in the messaging environment.

Networking interview questions What is FSMO

Takeaway: Know the placement of server roles within the forest and domain and how to go about moving those roles to other domain controllers, either by transferring them or seizing them. Windows administrators know that one of the most important aspects involved with managing Active Directory is understanding the various roles that servers need to play. Previously, I discussed the functions of the five flexible single-master operations (FSMO) roles in Active Directory. Now I'm going to talk about the placement of those roles within the forest and domain, and explain how to go about moving those roles to other domain controllers, either by transferring them or seizing them. Placing FSMO roles in the network As I mentioned in the first article, the two forest-level roles—schema master and domain naming master—are installed by default on the first domain controller in the forest. The three domain-level roles—RID master, PDC emulator, and infrastructure master—are all installed by default in the first domain controller in the domain. In a small office with one domain, it is very likely that all five roles are found on a single domain controller. But in a large enterprise network, you should not allow that to happen. It's best to make sure that the two forest-level roles are located in their own domain controller, with domain-level roles separate from them. If you choose to install the roles on more than one domain controller, those DCs should be replication partners. At the same time, you can't ignore the domain controllers that host the global catalog. Remember that the domain-naming master must be on a DC hosting the global catalog. Not only that, but the infrastructure master must not be on a DC hosting the global catalog. (The only exception to that is if all the DCs are global catalog servers, which should not be the case in an enterprise network.) There are numerous ways you may decide to place your FSMO roles. Figure A shows one example. Figure A

Transferring roles There are two basic reasons for moving an FSMO role from one DC to another. One reason is because you want to. That is, the movement is planned for some reason, such as decommissioning a server that holds one or more of the FSMO roles. When you are carrying out a planned move, it is called transferring the role. The other reason to move a role is because you have to. For instance, you might be forced to move a role when a server that holds one or more FSMO roles has suffered catastrophic hardware failure. When you carry out an unplanned move, it is called seizing the role. You should never seize a role unless you absolutely have to. Transferring a role can be done either through the graphic user interface (GUI) or through the command line interface (CLI), while seizing a role can only be carried out via the command line. Whether done through the GUI or the CLI, moving a role is done in two steps: 1. Connect to a domain controller 2. Transfer or seize the role Let's first look at transferring a role through the GUI. After that, I'll show you how it's done using the CLI. Using the GUI

To change a domain-level role, click on Start | Administrative Tools | Active Directory Users And Computers. Next, as shown in Figure B, right-click on the domain and then select Connect To Domain Controller… Figure B

Next, you will see a dialog box in which you can specify to which DC you want to connect (see Figure C). Figure C

Once you have connected to the domain controller to which you will transfer a role, rightclick once again on the domain and select "Operations Masters…" This will bring up the dialog box you see in Figure D. Figure D

This dialog box will allow you to transfer a domain-level role from one DC to another, provided that you have already connected to that DC. If you have not connected to the DC, the same name will appear in both boxes. To change a forest-level role, click on Start | Administrative Tools | Active Directory Domains and Trusts. Next, as shown in Figure E, right-click on Domains and Trusts, and then select Connect To Domain Controller… Figure E

Once you have connected to the other DC, right-click once again on Active Directory Domains And Trusts, and select Operations Master… This will bring up a dialog box (see Figure F) similar to the one you used to transfer a domain-level role. Figure F

Using the command line interface You can perform all of these same operations from the command line, using the Active Directory Diagnostic Tool, ntdsutil.exe. This tool is interactive, in that, when you invoke it, you have several submenus at your disposal. In this case, since I am talking about transferring and seizing roles, I will use the "Roles" submenu. To do that, type "ntdsutil" at the command line. The prompt will then change to reflect the current level of the menu. In this case, at the "ntdsutil" prompt, you would type "roles." The command prompt will then change to FSMO Maintenance (as you'll see

below in Figure G). The commands available from the Roles submenu are:
• • • • • • • • • • • •

Connections Seize domain naming master Seize infrastructure master Seize PDC Seize RID master Seize schema master Select operation target Transfer domain naming master Transfer infrastructure master Transfer PDC Transfer RID master Transfer schema master

Figure G illustrates using the tool to make a connection to another domain controller. Figure G

Figure H illustrates using ntdsutil to transfer a role. Figure H

Seizing a role Transferring can only be done if the original DC is alive on the network. If a domain

controller hosting a single operations master role is no longer available (possibly due to catastrophic failure), you will not be able to transfer that role to another domain controller. If that is the case, then you can move that role to another DC by seizing the role. Seizing a role can only be done through the command line interface using ntdsutil.exe. It is extremely important to remember two things about seizing FSMO roles: 1. Never seize a role unless it is your last resort. If a DC hosting a role is only going to be down temporarily, don't worry about it. Your network will survive a short time without it. 2. If either the schema master, domain naming master, or RID master role is seized from a domain controller, that domain controller must never be allowed to come back online. Take FSMO roles seriously Networks using Active Directory still tend to be relatively young, so in all likelihood there has been very little need for administrators to concern themselves much with FSMO roles up until now. But as the network ages and it comes time for servers to be replaced, great care will need to be taken to preserve the integrity of those roles. At some point, domain controllers hosting FSMO roles will need to be replaced. Admins will need to understand where the roles are located and how to transfer the roles if an outage is planned, or how to seize a role if the outage is unplanned.
Disadvantages of FAT16

Disadvantages of FAT16 are:

Advantages of FAT32

• The root folder can manage a maximum of 512 entries. The use of long file names can
significantly reduce the number of available entries.

• FAT16 is limited to 65,536 clusters, but because certain clusters are reserved, it has a

practical limit of 65,524. Each cluster is fixed in size relative to the logical drive. If both the maximum number of clusters and their maximum size (32 KB) are reached, the largest drive is limited to 4 GB on Windows 2000. To maintain compatibility with MS-DOS, Windows 95, and Windows 98, a FAT16 volume should not be larger than 2 GB.

• The boot sector is not backed up. • There is no built-in file system security or file compression with FAT16. • FAT16 can waste file storage space in larger drives as the size of the cluster increases.
The space allocated for storing a file is based on the size of the cluster allocation granularity, not the file size. A 10-KB file stored in a 32-KB cluster wastes 22 KB of disk space. FAT32 allocates disk space much more efficiently than previous versions of FAT. Depending on the size of your files, there is a potential for tens and even hundreds of megabytes more free disk space on larger hard disk drives. In addition, FAT32 provides the following enhancements:

• •

The root folder on a FAT32 drive is now an ordinary cluster chain, so it can be located anywhere on the volume. For this reason, FAT32 does not restrict the number of entries in the root folder. It uses space more efficiently than FAT16. FAT32 uses smaller clusters (4 KB for drives up to 8 GB), resulting in 10 to 15 percent more efficient use of disk space relative to large FAT16 drives. FAT32 also reduces the resources necessary for the computer to operate.

FAT32 is more robust than FAT16. FAT32 has the ability to relocate the root directory and use the backup copy of the FAT instead of the default copy. In addition, the boot record on FAT32 drives has been expanded to include a backup of critical data structures. This means that FAT32 volumes are less susceptible to a single point of failure than FAT16 volumes.
Top of page

Disadvantages of FAT32

Disadvantages of FAT32 include:

FAT32 volumes are not accessible from any other operating systems other than Windows 95 OSR2 and Windows 98.

The boot sector is not backed up.

There is no built-in file system security or compression with FAT32.

File Systems Exposed (Part 1)
By Mohammad Yousef | August 2004 What is a file system? You might've noticed it in your drives' properties. A file system is an operating system's overall structure in which files are named, stored, and organized. If you're a Windows XP user, you've got 3 choices for a file system: NTFS, FAT, and FAT32. But what's the difference between them? Read on as I give you a detailed review of the file systems and tell you (what I think is) your best choice. Following are Microsoft's Windows Glossary definitions for each of the 3 file systems: 1. File Allocation Table (FAT): A file system used by MS-DOS and other Windows-based operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. Windows stores information about each file in the FAT so that it can retrieve the file later.

2. FAT32: A derivative of the File Allocation Table (FAT) file system. FAT32 supports smaller
cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes.

3. NTFS: An advanced file system that provides performance, security, reliability, and advanced
features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression. As it might seem obvious from the definitions, NTFS is your best option. Wait for my sequel where I'll demonstrate more in-depth info that will assure you whether NTFS is apt for you.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.