rss feed blog search engine
 
Search rss blog search engine
 
Hard-Network  
Released:  12/7/2008 1:37:10 PM
RSS Link:  http://hard-network.blogspot.com/feeds/posts/default?alt=rss
Last View 11/19/2009 5:20:29 PM
Last Refresh 11/20/2009 11:23:29 PM
Page Views 251
Comments:  Read user comments (0)
Share



Description:


Hardware And Networking Solution


Contents:













Mobile Wallpapers 240-320
. How can Active Directory be installed?

Ans. Active Directory can be installed in one of two ways:

a) using the dcpromo.exe command.
b) By using the Configure the Server administrative tool.

2. How can Active Directory Installation be verified?

Ans. Active Directory installation can be Verify by checking for SRV and A records on the DNS server for the
new domain controller.

3. In Which mode the Active Directory is installed initially?

Ans. Active Directory is initially installed in mixed mode; if you want to change it to native mode,
you will have to do it manually.

4. Does the native mode support NT4 Domain Controller?

Ans. Once converted to native mode, a domain cannot revert to mixed mode to support NT 4 domain controllers.

5. How can Authoritative Restore be performed?

Ans. Authoritative restore can be Perform by booting the computer in Directory Services Repair Mode
and running ntdsutil.exe.

6. How can new sites be configured in Active Directory?

Ans. New sites are configured through Active Directory Sites and Services.
After creating a new site, the following tasks must be completed:

a. Add appropriate IP subnets to the site.
b. Install or move a domain controller or controllers into the site. Although a
domain controller is not required for a site, it is strongly recommended.
c. Connect the site to other sites with the appropriate site link.
d. Select a server to control and monitor licensing within the site.
e. All site links are bridged by default.
f. Site link bridges can be explicitly defined if a network is not fully routed.

7. How can Inbound Replication be configured?

Ans. Inbound replication can be configured through connection objects.


8. What is KCC and what is its function?

Ans. The KCC (Knowledge Consistency Checker) maintains schedules and settings for default site links
and bridges. Administrator-configured connection objects require manual configuration and maintenance.

9. When Cost is used?

Ans. Cost is used to determine which path to take between sites when multiple links exist.

10. What Information is kept in GC Servers?

Ans. Global Catalog (GC) servers maintain a read- only subset of information in the complete Active Directory database.

11. What is the Procedure of Configuring GC Server?

Ans. To configure a server as a GC server, use Active Directory Sites and Services. Select the desired domain controller, then right-click on NTDS settings and choose properties. Check the box for Global Catalog.

12. How can Backup of AD System state data be taken?

Ans. The AD system state data backup can be taken by using windows 2000 backup utility.

13. When Authoritative restore is used?

Ans. Authoritative restore is used when you want your restored settings to overwrite existing AD settings
on other domain controllers, such as if an object (OU, user account, and so on) are accidentally deleted from the database.

14. When Non-Authoritative restore is used?

Ans. Non-Authoritative restore is use when you are restoring out-of-date information and
want the restored data to be overwritten by newer data stored in Active Directory on other domain controllers.
For example, you would do this if you were recovering a DC from a failed hard drive and restored the server.

15. What is Kerberos Trust?

Ans. All domains in a tree automatically establish two way trust relationships called Kerberos trusts. Trust relationships between Windows 2000 domains and NT 4 domains must be configured manually, just as you would configure a trust relationship between two NT 4 domains.


16. Does the Caching Server store editable copy of database?

Ans. Caching servers do not store an editable copy of the zone database. Active directory integrated zones can reside only on domain controllers, not member servers or non-Windows 2000 servers of any kind (NT 4, Unix, and so on).

17. What should be checked if a user gets an error message Domain controller cannot be found while logging in?

Ans. If a user who is trying to log on gets an error that a Domain controller cannot be found, check for the presence of SRV records in the DNS database for domain controllers.

18. What is the function of secure dynamic updates?

Ans. Secure dynamic updates allow only computers and users who have been given permission to update their records into the DNS database. Secure dynamic update is supported only for Active Directory integrated zones.

19. How DNS Replication is accomplished?

Ans. DNS replication is accomplished through Active Directory replication for AD integrated zones and zone transfer for standard zones.

20. Why should a reverse lookup zone be configured?

Ans. A reverse lookup zone must be configured in order to perform reverse lookup queries. Installing AD through Configure Your Server does not create a reverse lookup zone in DNS.

When administering Windows Server 2008, one of the tools you’ll use most often is Active Directory Users And Computers. Here’s a quick guided tour of the tool and some of the changes that have occurred since Windows Server 2003.

—————————————————————–

Of the administrative tools used by Windows administrators, Active Directory Users and Computers is very likely to be near the top of the management arsenal. Present in Windows and Active Directory since the birth of Windows 2000, which jettisoned the old NT-style directory, Active Directory Users and Computers has made an unscathed transition to Windows Server 2008. Let’s look at the Active Directory Users and Computers tool in Windows Server 2008 and outline what it does, how it works, and how to perform common tasks in the tool.

What it does

Active Directory Users and Computers serves as the primary entry point for management of user, group, and computer objects in Active Directory. Active Directory objects contain the information necessary for the item including descriptions, file system rights, security identifiers, application rights, and directory information.

Active Directory Users and Computers allows you to create, modify, and delete objects in the directory. Objects in Active Directory do not–and usually are not–all thrown into one huge group. Instead, objects are nested inside groups called Organizational Units which, in turn, can house additional organizational units. As such, the directory really becomes a tree of sorts, with the organizational units as the limbs and the individual objects as leaves.

Often, organizations create Active Directory structures that mirror their organization structures. For example, an organization might have separate organization units for Sales and Engineering, with different policies for each and with structures that make the most sense for the department and for the security needs for each group. This allows you to design an Active Directory tree that mirrors an organization and to delegate authority to users or to other IT people in appropriate areas. For more information about how to design an Active Directory tree, see the article, Design your Active Directory tree with security in mind.

Some of the common tasks accomplished with Active Directory Users and Computers include:

  • Adding new users to Active Directory
  • Changing passwords
  • Granting rights to file servers
  • Allowing remote access to the network
  • Setting login and logout scripts
  • Controlling when users can use the network
  • Creating security groups - with either static or dynamic membership

Many applications, including Exchange Server, Terminal Services and System Center add capability to Active Directory. Sometimes, these applications add extensions to Active Directory Users and Computers to allow management of objects related to the new product. For example, if you add Terminal Services to your network, you can use Active Directory Users and Computers to control how long a user can stay connected to your Terminal Server.

With Exchange 2003 and below, Microsoft provided extensions for Active Directory Users and Computers that allowed some Exchange object management. With Exchange 2007, Microsoft has moved away from this management paradigm, but many products still work in this fashion.

How things are different in Windows Server 2008

You’ll experience the greatest culture shock if you’re moving from Windows NT directly to Windows Server 2008. Microsoft has made many changes to its administration utilities over the years. Active Directory Users and Computers does the job of two different Windows NT utilities. For user and group administration, Active Directory Users and Computers replaces User Manager For Domains. When it comes to controlling servers and member workstations, Active Directory Users and Computers replaces Server Manager.

The change isn’t so great when you move from Windows 2000 Server or Windows Server 2003 to Windows Server 2008. Active Directory Users and Computers does the same thing in all versions, but has undergone some enhancement over time. In addition, you’ll find a few new objects and properties available in Windows Server 2008 that weren’t available in earlier versions of Windows Server.

Most notably, Microsoft has added an Attribute Editor tab to every object that allows administrators an easy way to quickly change the value of any Active Directory object’s attributes. This is long overdue!

Finding your way around

There are a couple of ways to use Active Directory Users and Computers in Windows Server 2008. Regardless of the method you use to start the tool, you should log in to the server as an administrative user.

First, you can use the new Server Manager tool and Browse to Roles | Active Directory Domain Services | Active Directory Users and Computer. Figure A below shows you this tool in the context of Server Manager.

Figure A

Active Directory Users and Computers through Server Manager

The second method is to start Active Directory Users and Computers directly, which is how the tool was used in previous versions of Windows. To do so, click Start | All Programs | Administrative Tools | Active Directory Users and Computers. When you do, you’ll see the screen shown in Figure B. This article uses this method to manage Active Directory Users and Computers.

Figure B

Active Directory Users and Computers

If you’ve ever worked with Microsoft Management Console (MMC) before, the layout should be familiar. Across the top notice the set of pull-down menus. Beneath the menu bar is a button bar that provides quick access to frequently used procedures. Finally, you’ll see two panes. The left pane provides a tree view of your Active Directory structure. The right pane shows the objects for containers highlighted in the left pane.

Menu choices

Pull-down menus you can access include:

  • File: In the File menu lies the Options menu, which allows you to clean up console information. You can also quit Active Directory Users and Computers by clicking Exit.
  • Action: This menu allows you to perform different actions depending on which container object you’ve selected. For example, if you select the Users container, you might see the Delegate Control menu option and options that allow you to create new users and groups, but if you select a particular User object, you’ll see actions about what you can do to a user, such as resetting passwords and disabling accounts. When the domain object is selected, this menu contains options to raise the domain functional level and to modify the servers that are considered operations masters, such as the PDC emulator and the schema master.
  • View: This menu choice allows you to customize the appearance of Active Directory Users and Computers. You can change how objects appear, how many columns Active Directory Users and Computers displays, and filter out objects you don’t want to appear.
  • Window: This menu choice allows you to display multiple MMC windows and control how those windows appear on your server.
  • Help: As would be expected, this choice allows you to access Active Directory Users and Computers Help files.

The button bar

As in most MMCs, the button bar in Active Directory Users and Computers closely resembles a Web browser. Like browser buttons, these buttons are relatively self explanatory. Left to right, these buttons are:

  • Back to previous selection
  • Forward to next selection (if you previously used Back)
  • Move up one level in the Active Directory hierarchy
  • Show/Hide console tree
  • Paste
  • Get properties for current object
  • Refresh
  • Export List
  • Help
  • Show/Hide action pane
  • Create a new user object in the current container
  • Create a new group in the current container
  • Create a new organizational unit in the current container
  • Create a filter to see only specific types of objects
  • Find objects
  • Add selected objects to a group

You’ll notice that as you go from container to container in the left pane, buttons sometimes will become unavailable. For example, if you go to the Computers container, you can’t use the Create New Organizational Unit button.

Take special note of the Show/Hide action pane button. In most of their new products, Microsoft has moved to a screen layout that includes what they call an action pane. The action pane provides quick access to all of the functions available with regard to a particular object.

In Figure C below, note that the user object named Administrator is selected. In the Action pane on the right, there are two More Actions options. One is below the Users heading and provides shortcut access to the same options that would be available if you right-clicked Users container. Likewise, underneath the Administrator heading, the More Actions button provides quick access to the options that would be available if you were to right-click the Administrator user.

Figure C

The Action Pane provides quick access to the functions available to an object.

Before you proceed through the rest of this article, make sure you are looking at the Advanced view, which gives you a look at many more objects and containers. Of course, the more access you have, the easier it is to make a mistake, so be careful, too. Figure C above was taken when the Advanced view was active. To enable Advanced mode, choose View | Advanced Features.

The Console Tree

The left pane is called the Console Tree. This tree displays all of the container objects for Active Directory. Navigate through the Console Tree by clicking the plus signs to expand the various options/containers. As you expand the tree, you’ll start to get to Active Directory objects. The default objects you’ll find in Windows Server 2008’s Console Tree are:

  • Saved Queries: Allows you to store queries that perform actions on groups of objects. Saved queries give you a way to quickly access objects that you need to manage on a relatively regular basis.
  • Domain: In your own environment, the name of your Active Directory domain is listed here. This object is the main container for your Active Directory environment and contains all of the other container and organizational unit objects.
  • Builtin: Contains all of the default security groups that come with Windows Server 2008, which are listed below. The descriptions of what each group allows/denies is right from Active Directory Users and Computers:
    • Account Operators: Members can administer domain user and group accounts
    • Administrators: Administrators have complete and unrestricted access to the computer/domain
    • Backup Operators: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files



      • Home  
 



Link to us
RSS Feed of new blogs                                                   Home        Feed Map        Submit Feed      Link to Us       Contact