0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
What is role in active directory?
The role refers to the service or services that the server is providing, such as DHCP, DNS, HTTP, etc.
yes DHCP require the authorization of the dhcp server before IP addresses can be allocated because until we authorize DHCP server the network does not know who is the dhcp server for the subnet. The DHCP server broadcasts the information to all.
Which windows server 2008 edition does not support the server core installation?
Windows Server 2008 for Itanium based System doess not provide server core installation
How do you find FSMO roles in domain?
try this command
netdom query fsmo (it will show FSMO roles in current Domain)
netdom query fsmo /d:Domain FQDN (It will show FSMO roles in other domain mentioned after /d:
What major tasks are required to create an Active Directory site in Windows Server 2008?
Prepare your infrastructure with the right IP addresses and subnets, configure a new subnet and site on the active directory sites and services
What is loopback policy in active directory?
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
To set user configuration per computer, follow these steps:
1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.
This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers where you must modify the user policy based on the computer that is being used. For example, computers in public areas, in laboratories, and in classrooms.
Note Loopback is supported only in an Active Directory environment. Both the computer account and the user account must be in Active Directory. If a Microsoft Windows NT 4.0 based domain controller manages either account, the loopback does not function. The client computer must be a running one of the following operating systems:
* Windows XP Professional
* Windows 2000 Professional
* Windows 2000 Server
* Windows 2000 Advanced Server
* Windows Server 2003
When users work on their own workstations, you may want Group Policy settings applied based on the location of the user object. Therefore, we recommend that you configure policy settings based on the organizational unit in which the user account resides. However, there may be instances when a computer object resides in a specific organizational unit, and the user settings of a policy should be applied based on the location of the computer object instead of the user object.
Note You cannot filter the user settings that are applied by denying or removing the AGP and Read rights from the computer object specified for the loopback policy.
Normal user Group Policy processing specifies that computers located in their organizational unit have the GPOs applied in order during computer startup. Users in their organizational unit have GPOs applied in order during logon, regardless of which computer they log on to.
In some cases, this processing order may not be appropriate. For example, when you do not want applications that have been assigned or published to the users in their organizational unit to be installed when the user is logged on to a computer in a specific organizational unit. With the Group Policy loopback support feature, you can specify two other ways to retrieve the list of GPOs for any user of the computers in this specific organizational unit:
* Merge Mode
In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.
* Replace Mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
look on google gosh
Difference between active site and binding site?
Binding site is anywhere which something (such as a protein) can bind to. An example would be the upper flanking regions which contain binding sites thattranscription factors bond with during transcription.
The active site is more specific to enzymes and refers to the site where the enzyme functions. It is the specific contours of this active site which give the enzyme its specific function (see how enzymes are substrate specific).
What is the role of drop shippers?
Drop shippers arrange for shipments directly from the factory to the customer; although they do not physically handle the product, they do take title and responsibility for all the risks associated with the transport of goods.
How do you apply group policy on an OU?
Firstly download the Microsoft Group Policy Management Console from Microsoft. Expand your domain, right click on an OU, select "Create and Link GPO Here ..." to create a new GPO and link it, or "Link an Existing GPO" and select an already created GPO.
Local
How can I get RCA EasyRip Media Software installer?
Link to download latest version of RCA easyRip:
http://voxrightnow.custhelp.com/cgi-bin/voxrightnow.cfg/php/enduser/std_adp.php?p_faqid=2253
this is a discontinued link. use:
http://www.rcaaudiovideo.com/downloads/?sku=M4208RD
for sku put in your model number.
What Active Directory object is used to divide network users into manageable categories?
Do you Mean so you can divide users into seperate groups, say in a business environment you could divide marketing from human resources?
Active Directory
What it is if you have a modem they should have a reset button or also called a lag switch or standby button. You jus press that down and it willstandby then when you press it again the connection should come back on but if held in long enough it could lagg you out or lose connection
What is function of raid in server?
Data is stored Physically on Hard disk drives & Other forms of storage media. Failure or Data Corruption on Disks results in Loss of DATA & can result in Complete Failure of the System.
RAID (Redundant Array of Independent Disks) is a Disk Subsystem Storage that improves performance & provides redundancy to the System attached.
Disadvantage of liberalisation?
Trade reforms, even if beneficial for a country overall, may negatively affect some industries or some jobs and many commentators worry about negative effects on the environment. The solution to these problems is not to restrict trade. They should be tackled directly at source through labour, education and environmental policies.
Generally in an organization how many server are using?
IT purely depends on the Size of the organization, users and the work they are doing.
The servers could be print server, file share, ad servers,sharepoint server,database servers etc..
What is domain name control panel?
It is a web interface which allows a domain registration holder to manage the account. This is commonly called as CPanel. This helps to mange the name servers, domain contacts, password for the registered domain and the renewal status of domain.
What editions of Windows 7 can be added to an Active Directory domain?
I really get sick of this website and in fact I am now going to start avoiding this website on my Google search results. I come here for an answer to a basic question and instead I get asked the same question. This website is a flop and is disgraceful to what the internet is about(the flow of information).
What is secondary zone in active directory?
Secondary zone
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.
What is the file that's responsible for keeping all Active Directory databases?
Windows 2000 Active Directory data store, the actual database file, is \ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects. Back to the real world. Only the Jet database can maniuplate information within the AD datastore.
For information on domain controller configuration to optimize Active Directory, see Optimize Active Directory Disk Performance
The Active Directory ESE database, NTDS.DIT, consists of the following tables:
- Schema table
the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table.
- Link table
contains linked attributes, which contain values referring to other objects in the Active Directory. Take the MemberOf attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table.
- Data table
users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as GivenName.
From a different perspective, Active Directory has three types of data
- Schema information
definitional details about objects and attributes that one CAN store in the AD. Replicates to all domain controllers. Static in nature.
- Configuration information
configuration data about forest and trees. Replicates to all domain controllers. Static as your forest is.
- Domain information
object information for a domain. Replicates to all domain controllers within a domain. The object portion becomes part of Global Catalog. The attribute values (the actual bulk of data) only replicates within the domain.
Although GUIDs are unique, they are large. AD uses distinguished name tag ( DNT ). DNT is a 4-byte DWORD value which is incremented when a new object is created in the store. The DNT represents the object's database row number. It is an example of a fixed column. Each object's parent relationship is stored as a parent distinguished name tag ( PDNT ). Resolution of parent-child relationships is optimized because the DNT and PDNT are indexed fields in the database. For more technical info on the AD datastore and its organization, a good starting point is the Active Directory Database Sizing document.
The size of ntds.dit will often be different sizes across the domain controllers in a domain. Remember that Active Directory is a multi-master independent model where updates are occuring in each of the ADs with the changes being replicated over time to the other domain controllers. The changed data is replicated between domain controllers, not the database, so there is no guarantee that the files are going to be the same size across all domain controllers.
Active Directory routinely performs online database defragmentation, but this is limited to the disposal of tombstoned objects. The database file cannot be compacted while Active Directory is mounted. An ntds.dit file that has been defragmented offline ( compacted ), can be much smaller than the ntds.dit file on its peers. To defrag ntds.dit offline:
- Back up the Active Directory using Windows 2000 Backup. W2K backup natively supports backing up Active Directory while online. This occurs automatically when you select the option to back up everything on the computer in the Backup Wizard, or independently by selecting to back upSystem State in the backup wizard.
- Reboot
- Select the appropriate installation from the boot menu, and press F8 to display the Windows 2000 Advanced Options menu.
- Choose Directory Services Restore Mode and press ENTER. Press ENTER again to start the boot process.
- Logon using the password defined for the local Administrator account in the offline SAM.
- Click Start, Programs, Accessories, and then click Command Prompt.
- At the command prompt, run the ntdsutil command.
- When ntdsutil has started
- Type files and press ENTER.
- Type info and then press ENTER. This will display current information about the path and size of the Active Directory database and its log files.
- Type compact to drive:\directory, and press ENTER. Be sure that the drive specified has enough drive space for the compacted database to be created. I know, you don't know how big the compacted version will be, but if there is enough space for the uncompacted version, you should be OK. A gotcha!: You must specify a directory path and if the path name has spaces, the command will not work unless you use quotation marks
compact to "c:\my new folder"
- Type quit and press Enter.
- Type quit and press Enter to return to the command prompt. A new compacted database named Ntds.dit can be found in the folder you specified.
- Copy the new ntds.dit file over the old ntds.dit file. You have successfully compacted the Active Directory database. If you believe in belts and suspenders, I would copy the old uncompacted database somewhere else before I overwrote it with the new compacted version.
- Reboot and see if all is normal.
This is a server by server task. Monitor the size of ntds.dit and if it starts growing and performance is slow and you can not see why either situation should apply, consider offline defrags.
If ntds.dit gets corrupted or deleted or is missing ( can happen if the promotion process to domain controller goes bad ), you have to manually recover it using Windows 2000 Backup. Now you did do W2K backups right?:
- Reboot the domain controller and press F8 to display the Windows 2000 Advanced Options menu.
- Select Directory Services Restore Mode and then press ENTER.
- Select the correct installation, and then press ENTER to start the boot process.
- Logon using the administrator account and password you specified during the promotion process. When you ran Dcpromo.exe to install Active Directory, it requested a password to be used for the Administrator password for Active Directory Restore Mode. This password is not stored in Active Directory. It is stored in an NT4-style SAM file and is the only account available when the AD is corrupted.
- Click OK. This acknowledges the warning message that you are using Safe mode.
- Click Start, Programs, Accessories, System Tools, and then click Backup.
- Select the Restore tab.
- Click the + symbol next to the following items to expand them:
- File
- Media Created
- System Drive
- Winnt
- NTDS
- Click the NTDS folder to display the files in the folder.
- Click to select the ntds.dit check box.
- Leave the Restore files to box set to Original Location. This check box provides the option to restore to an alternative location. If you restore to an alternative location, you will have to copy the ntds.dit file into the\ntds folder.
- Click Start Restore.
To move a database or log file :
- Reboot the domain controller and press F8 to display the Windows 2000 Advanced Options menu.
- Select Directory Services Restore Mode and then press ENTER.
- Select the correct installation, and then press ENTER to start the boot process.
- Logon using the administrator account and password you specified during the promotion process. When you ran Dcpromo.exe to install Active Directory, it requested a password to be used for the Administrator password for Active Directory Restore Mode. This password is not stored in Active Directory. It is stored in an NT4-style SAM file and is the only account available when the AD is corrupted.
- Start a command prompt, and then type ntdsutil.exe .
- At a Ntdsutil prompt, type files.
- At the File Maintenance prompt
- To move a database, type move db to %s
where %s is the drive and folder where you want the database moved.
- To move log files, type move logs to %s
where %s is the drive and folder where you want the log files moved.
- To view the log files or database, type info.
- To verify the integrity of the database at its new location, type integrity.
- Type quit
- Type quit to return to a command prompt.
- To move a database, type move db to %s
- Restart the computer in Normal mode.
When you move the database and log files, you must back up the domain controller.
