Active Directory

Replication between two sites is known as Intersite Replication. Since bandwidth two different sites is usually very limited, so intersite replication is used to manage and control replication traffic.

The server holding the PDC emulator role will cause the most problems if it is unavailable. This would be most noticeable in a mixed mode domain where you are still running NT 4 BDCs and if you are using downlevel clients (NT and Win9x). Since the PDC emulator acts as a NT 4 PDC, then any actions that depend on the PDC would be affected (User Manager for Domains, Server Manager, changing passwords, browsing and BDC replication).

In a native mode domain the failure of the PDC emulator isn't as critical because other domain controllers can assume most of the responsibilities of the PDC emulator.

Windows Server 2003 introduced the DomainDNSZones application partition, which is replicated to all DCs running the DNS service within a domain (so each domain has its own version of the DomainDNSZones partition) and the ForestDNSZones application partition, which is replicated to all DCs running the DNS service within the entire forest. To determine which directory partitions a DC running DNS is registered as part of the replica set, run the command dnscmd /enumdirectorypartitions which on my system resulted in the following output: Enumerated directory partition list: Directory partition count = 2 DomainDnsZones.savilltech.com Enlisted Auto Domain ForestDnsZones.savilltech.com Enlisted Auto Forest Command completed successfully. This example shows that the DC is enlisted in both the domain (DomainDNSZones) and forest (ForestDNSZones) application partitions. Alternatively, the status could show as "Not-Enlisted Auto Domain/Forest". To add the server to a partition's replica set, use the /enlistdirectorypartition parameter, as this example shows dnscmd /enlistdirectorypartition domaindnszones.savilltech.com Running this command displays the following output: DNS Server . enlisted directory partition: domaindnszones.savilltech.com Command completed successfully. To view all the members of the replica set of a partition, use the ntdsutil command as shown below (enter the commands in bold): ntdsutil ntdsutil: domain management domain management: connection server connections: connect to server savdaldc01 Binding to savdaldc01 ... Connected to savdaldc01 using credentials of locally logged on user. server connections: quit domain management: list Note: Directory partition names with International/Unicode characters will display correctly only if appropriate fonts and language support are loaded Found 6 Naming Context(s) 0 - CN=Configuration,DC=savilltech,DC=com 1 - DC=savilltech,DC=com 2 - CN=Schema,CN=Configuration,DC=savilltech,DC=com 3 - DC=DomainDnsZones,DC=savilltech,DC=com 4 - DC=ForestDnsZones,DC=savilltech,DC=com 5 - DC=child,DC=savilltech,DC=com domain management: list nc replica dc=forestdnszones,dc=savilltech,dc=com The application directory partition dc=forestdnszones,dc=savilltech,dc=com's Replicas are: CN=NTDS Settings,CN=VPC2003ROOTDC2,CN=Servers,CN=Smallville,CN=Sites,CN=Configuration,DC=savilltech,DC=com CN=NTDS Settings,CN=SAVDALDC02,CN=Servers,CN=Smallville,CN=Sites,CN=Configuration,DC=savilltech,DC=com * CN=NTDS Settings,CN=SAVDALDC01,CN=Servers,CN=Smallville,CN=Sites,CN=Configuration,DC=savilltech,DC=com The *'ed items are currently uninstantiated replicas. domain management: list nc replica dc=domaindnszones,dc=savilltech,dc=com The application directory partition dc=domaindnszones,dc=savilltech,dc=com's Replicas are: CN=NTDS Settings,CN=VPC2003ROOTDC2,CN=Servers,CN=Smallville,CN=Sites,CN=Configuration,DC=savilltech,DC=com CN=NTDS Settings,CN=SAVDALDC01,CN=Servers,CN=Smallville,CN=Sites,CN=Configuration,DC=savilltech,DC=com domain management: quit ntdsutil: quit Disconnecting from savdaldc01... The sample code and output first shows starting the domain management functions of the NTDSUTIL command, then connecting to a DC. Next you use the list command to tell ntdsutil to show all the partitions that exist, then to display the members of the forestdnszones replica set and the domaindnszones replica set (for the savilltech.com domain). If the output shows any DCs listed as uninstantiated replicas, it means no replication object is configured to allow the replication of the information. You can force the Knowledge Consistency Checker (KCC) to run to create the replication objects, as needed. To do so, type the command repadmin /kcc and then force replication by running the command repadmin /syncall

Windows 2000 Active Directory data store, the actual database file, is %SystemRoot%\ntds\NTDS.DIT

TO ADD OR CREATE

Dsadd is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsadd, you must run the dsadd command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Dsadd computer:Adds a single computer to the directory

Dsadd contact:Adds a single contact to the directory

Dsadd group:Adds a single group to the directory.

Dsadd ou:Adds a single organizational unit to the directory.

Dsadd user:Adds a single user to the directory

Dsadd quota:Adds a quota specification to a directory partition.

TO MODIFY

Dsmod is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsmod, you must run the dsmod command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Dsmod computer:Modifies attributes of one or more existing computers in the directory.

Dsmod contact:Modifies attributes of one or more existing contacts in the directory.

Dsmod group:Modifies attributes of one or more existing groups in the directory.

Dsmod ou:Modifies attributes of one or more existing organizational units (OUs) in the directory.

Dsmod server:Modifies properties of a domain controller.

Dsmod user:Modifies attributes of one or more existing users in the directory.

Dsmod quota:Modifies attributes of one or more existing quota specifications in the directory.

Dsmod partition:Modifies attributes of one or more existing partitions in the directory.

Adding items to the Schema, also called "extending the Schema", or even modifying existing objects can be a tricky business, and if done without proper knowledge, can be very destructive to your existing Active Directory infrastructure. This is because the Schema is a forest-wide setting, and any additions or changes to the Schema will be immediately replicated to each and every Domain Controller in each and every domain in your AD Forest. You cannot make any changes to the Schema and yet keep it within your domain's boundaries. Furthermore, changing existing attributes (such as configuring an attribute to replicate itself to the Global Catalog) will cause a forest-wide replication of all the attributes and objects, even if your change was just made on one attribute. Note that this behavior was changed in Windows Server 2003, but even so, you might unintentionally cause a major network load and a lot of overhead by simply clicking one one small checkbox on one small attribute.

1.Open the Run command and type:regsvr32 schmmgmt.dll

You should get a confirmation message.

2.Next, open Run and type mmc.exe. Press Enter.

3.In the new MMC window, click File > Add/Remove Snap-in.

4.Click Add, then, in the Add Standalone Snap-in window, select the Active Directory Schema snap-in from the list. Next click Add again.

5.Click Ok.

Windows 2000 only - Enable write operations to the Schema

If you're running Windows 2000-based AD, you'll probably need to allow the Schema to be written. To do so follow these guidelines (only required for W2K-based DC):

1.In the MC window from the previous procedure, under the Console Root, double-click on the Active Directory Schema snap-in and let it load (you'll know when it has loaded when you will see 2 nodes under the root - Classes and Attributes)

2.Right-click Active Directory Schema (your domain controller name) and

Adding 3 new attributes to the Schema

One method of creating new attributes in the Schema is by using the Active Directory Schema snap-in from an MMC.

In order to use this snap-in you must first register it with the command:regsvr32 schmmgmt.dll

Connecting the new attributes to the User Object Class

One method of creating new attributes in the Schema is by using the Active Directory Schema snap-in from an MMC.

In order to use this snap-in you must first register it with the command:regsvr32 schmmgmt.dll

The results

After adding the new attributes we now need to verify their existence and functionality.

What now?

After the new attributes were successfully added to the Schema and we've verified their functionality, we would now like to begin working with these attributes and begin populating their values.

A very simple way to avoid damaging or costly schema mistakes in your production forest is to first test your schema extensions on a test forest. By using a test environment, you can identify any potential problems in your plan before they affect your users and your production environment.

The default link name is Default first site

This is really simple. There are probably hundreds of places on the net that tell you how to do this, but the simplest way is to ensure that all of the computers have ethernet cards. Have all of the computers connect to a hub, including the server. Go into the control panel, then networking and setup all of the ethernet cards to support Netbeui. From there, on the server, right click on the folder you want to share and give it a share name. Then right click on my computer on each workstation and select map network drive and use the following pattern to map your drives: \\servername\sharename.

Read this for a more step by step explanation: http://www.hardwarecentral.com/hardwarecentral/tutorials/3/1/

First we understand the concept. windows 2000 proffessional is not the server OS. this is the client OS. for client server technology server must be the server OS like windows 2000 server or NT server. client may be any OS. If u configure windows 2000 professional and win98, this is as the workgroup model. this not the client server technology. this is normal networking in LAN.

Each RODC will have an analagous group that will prevent users passwords from being stored only on a single DC. Members of the purpose group are not eligible to have their passwords stored on any RODC in the domain

One of the really exciting new ones is the concept of the read-only domain controller. Before with AD, as compared with NT 4.0 in particular, every domain controller has a writable copy of your directory. You can make a change anywhere and it will propagate throughout the environment. At the same time, all of [the domain controllers] have secrets like your password. Right now with Windows Server 2003, if that server security is physically compromised and gets stolen and it's not secure, then you have a huge security issue in that all the password for that domain are in the DNCs. So the only approach you can take is to make everyone change their password. That's a big deal if you have 100,000 people on that domain.

With the new read-only domain controller feature, this change is two-fold. First you can now define which passwords are stored locally. Now if the server gets stolen, you only have to have 100 people change their passwords versus 100,000.

Second, you can't make any changes on that domain controller (DC), because it's read only.

1.we can install windows 2008 server either in full version(install all services& applications) or server core(only install minimal required services), but in 2003 we can only install fully O.S.

2.Windows server 2008 use Hyper-V application & Roles concept for better productivity but server 2003 does not have such features.

1)2008 is combination of vista and windows 2003r2. Some new services are introduced in it

1. RODC one new domain controller introduced in it

[Read-only Domain controllers.]

2. WDS (windows deployment services) instead of RIS in 2003 server

3. shadow copy for each and every folders

4.boot sequence is changed

5.installation is 32 bit where as 2003 it is 16 as well as 32 bit, that's why installation of 2008 is faster

6.services are known as role in it

7. Group policy editor is a separate option in ads

2) The main difference between 2003 and 2008 is Virtualization, management.

2008 has more inbuilt components and updated third party drivers Microsoft introduces new feature with 2k8 that is Hyper-V Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. More and more companies are seeing this as a way of reducing hardware costs by running several 'virtual' servers on one physical machine. If you like this exciting technology, make sure that you buy an edition of Windows Server 2008 that includes Hyper-V, then launch the Server Manger, add Roles.

3) In Windows Server 2008, Microsoft is introducing new features and technologies, some of which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to reduce the power consumption of server and client operating systems, minimize environmental byproducts, and increase server efficiency.

Microsoft Windows Server 2008 has been designed with energy efficiency in mind, to provide customers with ready and convenient access to a number of new power-saving features. It includes updated support for Advanced Configuration and Power Interface (ACPI) processor power management (PPM) features, including support for processor performance states (P-states) and processor idle sleep states on multiprocessor systems. These features simplify power management in Windows Server 2008 (WS08) and can be managed easily across servers and clients using Group Policies

Its is recommended just because in case of one fails other server can take over the roles and the network does not crash down.

A conditional forwarder will forward DNS queries to different servers based on domain name.

Ywus

mx

Routing algorithms that are restricted to only work within the domain are referred as intera-domain routing algorithms and if they are not restricted only within the domains then they are inter-domain algorithms.

The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

The sysvol folder must be located on an NTFS volume The article describes how to use the Burflags registry entry to rebuild each domain controller's copy of the system volume (SYSVOL) tree on all domain controllers in a common Active Directory directory service domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS).

Network clients access the contents of the SYSVOL tree by using the following shared folders: