Operation Master Roles of Active Directory

In Windows NT 4.0-style domains, we have only one PDC (Primary Domain Controller) which has accepted any directory object modifications and any number of BDCs (Backup Domain Controllers)that held read-only copies of the accounts database.BDCs could authenticate users, but any changes to any attributes of domain accounts had to take place in direct communication with the PDC. Since the PDC pushed out copies of the accounts database, known as SAM database, to the BDCs for a domain, this sort of replication was known as Single-master replication.

Active Directory concepts in Windows 2000 Server and Windows Server 2003, changes the above drawbacks of NT 4.0 domains. Unless, your domain is functioning at the NT interim functional level, all domain controllers for a domain can accept changes for data in their domain, and domain controllers have peers to which, they can replicate changes to those objects. This type of setup is called as Multimaster Replication as each domain controller acts as a master, passing changes to other domain controllers until those changes are replicated fully.

Since some domain controllers need to have greater control over others, Microsoft took care of this problem by implementing special roles for some domain controllers in Active Directory, called Operations Master Roles (also know as Flexible Single master of Operation (FSMO). There are five specific operation master roles. They are:

1. Schema Master (one per forest)
2. Domain Naming Master (one per forest)
3. RID Emulator/Pool (one per domain)
4. PDC Emulator (one per domain)
5. Infrastructure Master (one per domain)

Note: The first domain controller in a forest assumes all five roles simultaneously. The first domain controller in the second domain of a forest assumes all three domain-specific roles simultaneously. Organizations with only one domain controller have all five roles on that one domain controller.

Schema Master:

The Schema Master in a forest ensures that changes to the schema, or to the actual structure of the Active directory database, are made in a consistent manner. The active directory and global catalog are tangelled. The global catalog contains a subset of information from all domains within a forest. If you will added new attributes to the schema and wanted to include those in the golbal catalog, all your domain controllers that act as global catalog servers will need to received the change.

For Windows 2000-based DCs, the entire global catalog must be flushed and rebuilt on each domain controller; however for Windows Server 2003-based domain controllers, only the changes needs to be propagated.

The Schema Master role is one of the forest-specific roles, that only one domain controller in the entire forest can have.

Domain Naming Master:

The Domain Naming Master role is one of the forest-specific roles, that only one domain controller in the entire forest can have. This role protects aganist the creation of identically named domains in the same forest. The Domain Naming Master role is designed to be placed on a global catalog server on Windows 2000 forest. This role uses some information contained in the GC (Global Catalog) to fulfill its responsibilities. However in the Windows Server 2003 forest functional level, this placement is unnecessary.

To change the domain-naming master role. you must be a member of the Enterprise Admins group. Use the Active Directory Domains and Trusts tool to change the domain-naming master role.

RID Master:

The RID Master role handles the assignment and distribution of the latter portion of SIDs for objects within Active Directory. Every object in Windows is assigned a unique SID. The SID comes in the form of S-1-5-21-A-B-C-RID, where the S-1-5-21 is common to all SIDs. The "A, B, and C" parts of the number randomly generated 32-bit numbers that are specific to a domain. The RID, or relative identifier, part of the SID is another 32-bit number that is the unique part of the SID and identifies a distinct object in the directory.

The domain controller with the RID master role distributes groups of 500 unique RIDs to its brother and sister domain controllers with the domain, so that they can create unique objects.No two DCs have the same groups of RIDs to assign.

PDC Emulator:

The PDC emulator performs one of the two different roles, depending on how AD is implemented:

When AD is configured to interact with Windows NT 4.0 BDCs, or to interact with computers that don't have Windows 2000 Directory Service Client software, AD is said to be operating in mixed-mode.When AD operates in mixed-mode, the PDC emulator acts as a Windows NT PDC. In this situation, the PDC emulator synchronizes with existing Windows NT BDCs. Users or administrators of computers must contact the PDC to make the desired changes, if they are not running the DS client software for Windows 2000.

When AD is configured to interact only with Windows 2000 domain controllers and computers that run Windows 2000 DS client software, AD is said to be operating in native-mode. When operating in native-mode, the PDC emulator receives password changes more quickly than other domain controllers in the domain.

There can be only one PDC emulator in each domain in a forest.

Infrastructure Master:

The infrastructure master helps to speed up propagation and replication of certain pieces of information among the domain controllers. The infrastructure master role is designed to not be on a domain controller functioning as a GC server, unless every domain controller in your domain is a GC server as well, or if you have only one domain.

There can be only one Infrastructure master in each domain in a forest.

SYSPREP Utility in Windows 2000

The System Preparation Tool (sysprep.exe), often called as Sysprep in Microsoft's world, is a Windows 2000/2003 deployment tool designed for large organizations and OEMs (Original Equipments Manufactures). Sysprep prepares a Windows 2000 computer's hard disk for duplication, thus making it possible for that computer's hard disk to be copied to other computers. This feature is useful to install Windows 2000 along with custom applications and other data on multiple computers.

The important point to be remembered in Sysprep is "Sysprep works on both Windows 2000 Professional and Server computers, however, it doesn't work on Windows 2000 Server domain controllers."

Sysprep.exe is located in the Windows installation cd (\SUPPORT\TOOLS). In this folder, you will find a file name Deploy.cab and you have to extract this file to find the sysprep.exe utility.

How Sysprep works?

• First, you have to install Windows 2000 and all required applications and services on a computer. This computer is also known as Master Computer.
• Then you have to prepare the master computer's hard disk for duplication by using Sysprep. Sysprep works by removing user-specific data from the original master computer and by placing a Mini-setup routine on the master computer's hard disk.
• Next, use a third party software like Norton Ghost to create an image of the hard disk to copy it on the target machine.
• Finally, when the target computer boots for the first time, a Mini-setup wizard runs to gather user specific information from the user and assigns the target computer with a unique SID.

This topic describe about the SYSPREP utility in Windows 2000 Server. Hope this will help you to recall some details about SYSPREP.

Creating New Ghost Image

Requirments for Creating New Ghost Image

The requirments for creating new ghost images are


a. A PC
b. An Operating System CD (Windows XP/2000 Professional)
c. Other Application CDs
d. A Windows 98 boot disk
e. A Norton Ghost v8.0 disk
f. A DVD writer
g. A blank DVD disk


Process to create New Ghost Image

The steps to create a new ghost image are as follows

1. Format the PC and reinstall the Operating System and all required applications on to it.
2. Connect the DVD writer to the PC and boot the computer with Windows 98 boot disk.
3. After the PC booted up, put the Norton Ghost v8.0 disk in the computer and start the utility using "ghost.exe".
4. Select the harddisk partition as 'Source' and the DVD disk as "Destination".
5. After the DVD burn, lableled the DVD with the desktop/server model number and OS.
6. Use this DVD along with Windows 98 boot disk and Norton Ghost disk to re-image the PC.

Use the above mentioned steps to create new ghost image of a PC.

BACKUP ON WINDOWS 2000 SERVER

The data on Windows 2000 network can be divided into two categories. They are:

• User Data
• System State Data

User data includes Application datas and folders, Operating system datas and folders, and user created datas and folders.

System state data includes various critical operating system files, floders, and databases.

Types of Backup in Windows 2000 Server

There are five types of Backup available in Windows 2000 Server. They are:

• Normal Backup
• Copy Backup
• Incremental Backup
• Differential Backup
• Daily Backup

Normal Backup

A Normal Backup backs up all selected files and folders. It removes the archive attributes from the backed up files and folders. A normal backup is a full, complete backup.

Copy Backup

A Copy Backup backs up all selected files and folders and it does not remove or affect the archive attributes.

Incermental Backup

An Incermental Backup backs up all the files and folders that have been changed since last Normal or Incremental Backup. An Incremental Backup removes the archive attributes from the files and folders. Because less data is backed up, and also takes less time to perform than a differential backup.

Differential Backup

A Differential BAckup backs up all selected files and folders that have changed since the last normal backup. A Differential backup does not remove the archive attribute from any files and folders. A Differential Backup is often used in between Normal backups, as it takes less time to backup the datas than Normal Backup.

Daily Backup

A Daily Backup backs up all selected files and folders that have changed during the day the backup is made. It does not remove or otherwise affect the archive attribute.

Hope, this will help you to recall the various types of backup

Microsoft's Network Load Balancing Service

Network Load Balancing (NLB)

Before we discuss about Microsoft Network Load Balancing Service (NLB), we should know what is NLB and why is it required?

A Cluster is a group of independent servers that work together to run a common set of applications and provide the image of a single server to the clients connected to the cluster and the application. These servers are connected through cables and cluster software. These connections allow these servers to use problem-solving features like failover in Server Cluster and load balancing in Network Load Balancing Clusters.

The Clustering Service was introducing with Windows NT 4.0 Enterprise Server. However, the problems occurred while running Clustering Service in NT 4.0 ES (Enterprise Server), including slow performance when using Fiber Channel and usage of large amount of hard disk space, which stopped serving clients. NT Server 4.0 doesn’t support clustering however it supports load balancing. Windows NT 4.0 ES supports load balancing and can be clustered with two nodes.

Windows 2000 Advance Server support a two-node cluster and load balancing where as Windows 2000 Datacenter Server will support four-node cluster with load balancing. Microsoft offers four types of clustering services. They are:
· Microsoft Cluster Server (MSCS)
· Network Load Balancing (NLB)
· Component Load Balancing (CLB)
· Application Center 2000

Network Load Balancing (NLB):

Network Load Balancing is a clustering technology offered by Microsoft as part of all Windows 2000 Server and Windows Server 2003 family operating systems. NLB uses a distributed algorithm to load balance network traffic across a number of hosts, helping to enhance the scalability and availability of mission critical, IP-based services, such as Web, Virtual Private Networking, Streaming Media, Terminal Services, Proxy, etc. It also provides high availability by detecting host failures and automatically redistributing traffic to operational hosts.

Network Load Balancing (NLB) clusters dynamically distribute the flow of incoming TCP and UDP traffic among the cluster nodes according to a set of traffic-handling rules. NLB clusters provide a highly available and scalable platform for applications such as IIS, ISA server, etc. NLB is used for stateless applications; i.e. those that do not build any state as a result of a request.

NLB and server clusters compliment each other in complex architecture. NLB is used for load balancing between front-end Web Servers where as server clusters provide high availability for back-end databases.

In Windows 2000 Advanced Servers, NLB works in two different ways: They are:
· Active/Active Clustering
· IP Based Load Balancing

Active/Active Clustering:

Active/Active Clustering is the process where we want all servers in the cluster group to service clients and still be able to take up the load of a failed server in case of disaster. In Active/Active clustering, we have nodes in the cluster sharing the load, thus, when one node fails and the other nodes must take up the load. There may be little loss of using the server resources.

IP Based Load Balancing:

IP based load balancing is another form of load balancing, though, which if we have one IP address for an entire load-balanced cluster (with Windows 2000 Advanced Server, this scales to 32 nodes) and using an algorithm, each node in the cluster helps with the entire data-traffic load. We can also use third-party solutions for load balancing in this manner.
How NLB Works?

In Network Load Balancing (NLB), a driver is sit between the TCP/IP stack and the NIC card. This driver is installed when we apply the service on every node in the cluster. All nodes participate by using one IP address, which is call a Virtual IP Address (VIP). Only one node will respond each time, however this will be a different node within the cluster. An affinity feature is used to weight the balance of the load when we can configure NLB with Application Center 2000.

Benefits of NLB in Windows 2000:

Multiple benefits offered by NLB for using Windows 2000 load-balanced solutions are:
· Balancing the load
· Transparent Convergence
· Adding and Removing Servers as needed
· Specify how much load certain servers have
· Multicast-based messaging between nodes.

Convergence:

All NLB hosts exchanges heartbeat message to inform the default host that they’re still active in the cluster. When a host doesn’t send or respond to the heartbeat message, a process begins called Convergence.

During convergence, hosts that are still active are determined, as well as and whether they can accept loading. When a new host joins the cluster, it sends out heartbeat messages, is also trigger convergence to occur. Once all cluster hosts agree to the current status of the cluster, the loading is repartitioned and convergence ends.

Adding and Removing Servers:

With Windows 2000 load balancing, we can easily add and removes nodes to the cluster. Windows 2000 Advanced Server allows for up to 32 nodes, so that we can start off with 8 nodes and increases that number when necessary.
Difference between Windows 2000 Server and Windows Server 2003 Clustering and Load-Balancing:

The enhanced clustering features of Windows Server 2003 are:
Windows Server Enterprise version will allow for four-node cluster where as Windows 2000 Advanced Server supports up to a two-node cluster.
Windows Server 2003 Datacenter Edition supports eight nodes cluster where as the Windows 2000 Datacenter server supports four nodes.
All versions of Windows Server 2003 supports load balancing.
Windows Server 2003 is capable of NLB, where as Windows 2000 Server is incapable of NLB.
In Windows Server 2003, Cluster Service is added to Active Directory, where, a virtual object is created, which allows applications to use Kerberos Authentication, as well as delegation.

The enhanced load-balancing features of Windows Server 2003 are:
Virtual Clusters, we can configure clustering like switch-based VLANs.
Supports IGMP (Internet Group Membership Protocol), which is to have multicast grouping configured for NLB clusters.
Inception of Bidirectional Affinity in which we need to implement to have server publishing while using ISA Server 2000.
Central Management utility to manage the NLB Clusters (Network Load Balancing Manager). Using NLB Manager (nlbmgr.exe), we can easily perform the most common NLB Cluster control and configuration options from an easy to use GUI mode.

Features of Network Load Balance (NLB):

Some of the benefits/features of NLB are:
Runs on the device to be load-balanced, rather than a separate device.
Presents a Virtual Internet Protocol (VIP) TCP/IP address to the clients.
Distributes incoming TCP connections and User Datagram Protocol (UDP) datagrams among up to 32 servers, scaling performance of the cluster.
Detects hosts that have become unavailable and automatically redistributes traffic within eight seconds, ensuring high availability.
Permits full remote control from any Microsoft Windows NT 4.0 based, Microsoft Windows 2000-based or Microsoft Windows Server 2003-based computer.
Inherently supports Secure Sockets Layer (SSL) sessions.

Features unavailable in Network Load Balance:

Features unavailable in NLB are:
Replicate data among servers. However this function can be accomplished by using Microsoft Content Replication System (CRS) or a third-party software.
Load-balance or provide fault tolerance to multiple database servers (unless we are using read-only databases). To do so, we can use Cluster Server.
Start or stop programs on the servers.
Detect services that are not working correctly. We can use the HTTPMon tool that is included with the Windows 2000 Resource Kit or third-party software.
Globally distributed network traffic or globally load balance. We can perform this feature by using the Round-Robin concept of DNS or by using third-party product.
Perform protocol-specified request routing or load balancing.
Provide a true virtual (cluster) NetBIOS computer name.
Page, send e-mail messages, or alert operators about a computer problem.

Pro’s of NLB Service:
The pro’s of NLB Service are:

• With the proper level of load balancing on our server, we ensure consistent level of web services; this would be a pro in properly implementing NLB.

Con’s of NLB Service:

• The cost of the hardware requirements is one of the con’s in Network Load Balance Service.

Basics of Windows Server 2003

Q. Does Windows 2003 support IPv6?
Ans: Yes. Configure ipv6.exe to disable it.

Q. Can Windows 2003 function as a bridge?
Ans: yes. It’s a new feature for the 2003 product. You can combine several networks and devices connected via several adapters by enabling IP routing.

Q. What’s the difference between the basic disk and dynamic disk?
Ans: The basic type contains primary partitions, extended partitions, logical drivers and an assortment of static volumes; the dynamic type does not use partitions but dynamically manages volumes and provides advanced storage options.

Q. Explain Hidden shares?
Ans: Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browser list.

Q. How do the permissions work in Windows 2000? What permissions does folder inherit from the parent?
Ans: When you combine NTFS permissions based on users and their group memberships, the least restrictive permissions take precedence. However, explicit Deny entries always override Allow entries.

Q. Why can’t I encrypt a compressed file on Windows 2000?
Ans: You can either compress a file or encrypt it, however not both.

Q. What are the accessibility features in Windows 2000?
Ans: StickyKeys, FilterKeys, Narrator, Magnifier, and On-screen Keyboard.

Q. Why can’t I get to the Fax Service Management console?
Ans: You can only see the fax Service Management console if a fax had been installed.

Q. What do I need to ensure before deploying an application via a Group Policy?
Ans: Make sure it’s wither an MSI file, or contains a ZAP file for Group Policy.

Q. Can you configure mandatory profile on Local profile?
Ans: No, to enable mandatory profile, roaming profile should be enabled. Once the roaming profile is enabled, rename the file “ntuser.dat” to “ntuser.man”.

Q. What is APIPA?
Ans: APIPA stands for Auto Private IP Addressing. APIPA takes effect on Windows 2000 Professional computers if no DHCP server can be connected. APIPA assigns the computer an IP address within the range of 169.254.0.0 through 192.254.254.254 with a subnet mask of 255.255.0.0.

Q. How does Internet Connection Sharing work on Windows 2000?
Ans: Internet Connection Sharing (ICS) uses the DHCP Allocator service to assign dynamic IP addresses to clients on the LAN within the range of 192.168.0.2 through 192.168.0.254. In addition, the DNS Proxy service becomes enabled when you implement ICS.

Q. Which is the command, used to remove active directory from a domain controller?
Ans: The command, which is used to remove the active directory from a domain controller, is dcpromo.

Q. What is RAID 0?
Ans: RAID’s are of 2 types H/W and S/W RAID. RAID 0 is basically a type of S/W RAID that ships with Windows Server. IT is a highly performance striped volume without parity. The data is distributed into different parts and the placed over different volumes and hence improving the response time. You can use this with 2 to 32 disks. You can not mirror a striped volume rather you can make fault tolerant by backing it up.

Q. What is striping?
Ans: A technique for spreading data over multiple disk drives. Disk striping can speed up operations that retrieve data from disk storage. The computer system breaks a body of data into units and spreads these units across the available disks. Systems that implement disk striping generally allow the user to select the data unit size or stripe width.
Disk striping is available in two types. Single user striping uses relatively large data units, and improves performance on a single- user workstation by allowing parallel transfers from different disks. Multi-user striping uses environment by allowing simultaneous read operations on multiple disk drives.

Q. What is a Firewall?
Ans: Firewalls are of two types: Hardware Firewall and Software Firewall. Firewall in simple manner is basically the utility to provide the security over the network. These are the security measures that prevents the network’s in and out traffic to pass through the specific Security filters so that the unwanted and unsecured data can be stopped from entering into the network. As a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and URL filtering which type of firewall should be used and where to put it.

Q. Describe DHCP lease process?
Ans: It’s a four-step process consisting of (a) IP Request, (b) IP Offer, (c) IP Selection and (d) Acknowledgement.

Q. On ipconfig, my network address is 192.254.*.*. What happened?
Ans: The 192.168.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA.

Q. We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases of it.
Ans: The server must be authorized first with the DHCP Server, before the DHCP leases IP Addresses to the client PCs.

Q. What authentication options do Windows 2000 Servers have for remote client?
Ans: PAP, SPAP, CHAP, MS-CHAP and EAP.

Q. What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP?
Ans: NWLink (Novell), NetBEUI, Apple Talk (Apple)

Q. What is data link layer in the OSI reference model responsible for?
Ans: Data link layer is located above the Physical layer, but below Network layer. It takes the raw data bits and packaging them into frames. The Network layer will be responsible for addressing the frames, while the Physical layer is responsible for retrieving and sending raw data bits.

Q. What is Binding order?
Ans: The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.

Q. How do cryptography-based keys ensure the validity of data transferred across the network?
Ans: Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.

Q. Should we deploy IPSEC-based security or certificate-based security?
Ans: They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers.

Q. What is LMHOSTS file?
Ans: It’s a file stored on a host machine that is used to resolve NetBIOS name to specific IP Addresses.

Q. What’s the difference between forward lookup and reverse lookup in DNS?
Ans: Forward lookup zone resolves the name to IP Address and the reverse-lookup zone resolves IP Address to Host name.

Q. How can you recover a file encrypted using EFS?
Ans: Use the domain recovery agent.

Welcome to IntroToIT

Hello,

Welcome to IntroToIT.

This website is designed to prepare a knowledge base which can be used by any IT Professional.

I request all IT Professional to come forward and assist each other to achieve individual targets.

I will put all the interview questions which I have faced so far and with appropriate answers.

However, I am also unable to answer every questions.

So, I request everyone to come forward and enrich this as a valuable resources.

All the Best for your future.

Thanks and Regards,
Sudeepta.