Windows Server 2003

Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group.

The multi-master replication system is responsible for propagating the data modifications made by each member to the rest of the group, and resolving any conflicts that might arise between concurrent changes made by different members.

Multi-master replication can be contrasted with master-slave replication, in which a single member of the group is designated as the "master" for a given piece of data and is the only node allowed to modify that data item. Other members wishing to modify the data item must first contact the master node. Allowing only a single master makes it easier to achieve consistency among the members of the group, but is less flexible than multi-master replication

Flexible Single Master of Operation or just single master operation or operations master, is a feature of Microsoft's Active Directory (AD).

FSMOs are specialized domain controller tasks, used where standard data transfer and update methods are inadequate. AD normally relies on multiple peer DCs, each with a copy of the AD database, being synchronized by multi-master replication. The tasks which are not suited to multi-master replication, and are viable only with a single-master database, are the FSMOs.

Once per domain they only replicate to all

The Relative ID Master allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.

The Infrastructure Master maintains security identifiers, GUIDs, and DN for objects referenced across domains. Most commonly it updates user and group links.This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed. Because of this, the hardware requirements for machines holding this role are relatively small.

The PDC Emulator operations master role processes all password changes in the domain. Failed authentication attempts due to a bad password at other domain controllers are forwarded to the PDC Emulator before rejection. This ensures that a user can immediately login following a password change from any domain controller, without having to wait several minutes for the change to be replicated. The PDC Emulator Operations Master role must be carefully sited in a location to best handle all password reset and failed-authentication forwarding traffic for the domain. The PDC emulator role holder retains the following functions:

1.Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.

2.Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.

3.Account lockout is processed on the PDC emulator.

4.backward compatibility,The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.

Once per forest

The Schema Master maintains all modifications to the schema of the forest. The schema determines the types of objects permitted in the forest and the attributes of those objects.

The Domain Naming Master tracks the names of all domains in the forest and is required to add new domains to the forest or delete existing domains from the forest. It is also responsible for group membership.

• Multi-master replication is a replication model in which any domain controller accepts and replicates directory changes to any other domain controller. Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.

• Single-master replication is a replication model in which one domain controller accepts and replicates directory changes to any other domain controller. This master domain controller is known as "Operation Master".

The GPMC is one of Microsoft's best new features in all of Windows Server 2003. Within the GPMC is a rich variety of tools for creating, editing, observing, modeling and reporting on all aspects of Group Policy.

The GPMC unifies Group Policy management across your Active Directory forest. Before the GPMC, administrators needed multiple tools to manage Group Policy; the Microsoft Active Directory Users and Computers, the Delegation Wizard, and the ACL Editor. Not only does the GPMC integrate the existing Group Policy tools, but also it brings the following exciting new capabilities:

• A user interface that makes it easier to create and edit each Group Policy.
• New WMI filtering means that you can apply policies to particular machine, or only if there is enough disk space.
• Interfaces to Backup, restore, import, and copy Group Policy Objects (GPOs).
• Simplified management of Group Policy-related security.
• Reporting for GPO settings and Resultant Set of Policy (RSoP) data.

In Server 2003 domian security policy helps you to set Password Protection..

1)Password length

2)Password Complexity

3)Password Age (min age & max age)

In Server 2003 domian security policy helps you to set Password Protection..

1)Password length

2)Password Complexity

3)Password Age (min age & max age)

Default and Recommended Password Policy Settings

===============================================

Policy Default Recommended Comments

Enforce password history

24 passwords remembered

(No change)

Prevents users from reusing passwords.

Maximum password age

42 days

(No change)

N/A

Minimum password age

1 day

(No change)

Prevents users from cycling through their password history to reuse passwords.

Minimum password length

7 characters

(No change)

Sets minimum password length.

Password must meet complexity requirements

Enabled

(No change)

For the definition of a complex password, see "Creating a Strong Administrator Password" in the Establishing Secure Domain Controller Build Practices section.

Store password using reversible encryption

Disabled

(No change)

N/A

Default and Recommended Account Lockout Policy Settings

======================================================

Policy Default Recommended Reason

Account lockout duration

Not defined

0 minutes

The value 0 means that after account lockout an Administrator is required to reenable the account before account lockout reset has expired.

Account lockout threshold

0 invalid logon attempts

20 invalid logon attempts

The value 0 means that failed password tries never cause account lockout.

Because an account lockout duration of 0 minutes (administrator reset) is recommended, a small number for this setting can result in frequent administrator interventions.

Reset account lockout counter after

Not defined

30 minutes

This setting protects against a sustained dictionary attack by imposing a nontrivial delay after 20 unsuccessful attempts.

Default and Recommended Kerberos Policy Settings

================================================

Policy Default Recommended Comments

Enforce user logon restrictions

Enabled

(No change)

N/A

Maximum lifetime for service ticket

600 minutes

(No change)

N/A

Maximum lifetime for user ticket

10 hours

(No change)

N/A

Maximum lifetime for user ticket renewal

7 days

(No change)

N/A

Maximum tolerance for computer clock synchronization

5 minutes

(No change)

Maximum tolerance between the client's and server's clocks.

• Primary zone: This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary zone.

• Secondary zone: A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.

• Active Directory-integrated zone: An Active Directory-integrated zone is a zone that stores its zone data in Active Directory. DNS zone files are not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security features of Active Directory.

• Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to identify the authoritative DNS servers for the master zone.

as well underscore zone _msdcs

• Integrated Addressing System: TCP/IP includes within it (as part of the Internet Protocol, primarily) a system for identifying and addressing devices on both small and large networks. The addressing system is designed to allow devices to be addressed regardless of the lower-level details of how each constituent network is constructed. Over time, the mechanisms for addressing in TCP/IP have improved, to meet the needs of growing networks, especially the Internet. The addressing system also includes a centralized administration capability for the Internet, to ensure that each device has a unique address.
• Design For Routing: Unlike some network-layer protocols, TCP/IP is specifically designed to facilitate the routing of information over a network of arbitrary complexity. In fact, TCP/IP is conceptually concerned more with the connection of networks, than with the connection of devices. TCP/IP routers enable data to be delivered between devices on different networks by moving it one step at a time from one network to the next. A number of support protocols are also included in TCP/IP to allow routers to exchange critical information and manage the efficient flow of information from one network to another.
• Underlying Network Independence: TCP/IP operates primarily at layers three and above, and includes provisions to allow it to function on almost any lower-layer technology, including LANs, wireless LANs and WANs of various sorts. This flexibility means that one can mix and match a variety of different underlying networks and connect them all using TCP/IP.
• Scalability: One of the most amazing characteristics of TCP/IP is how scalable its protocols have proven to be. Over the decades it has proven its mettle as the Internet has grown from a small network with just a few machines to a huge internetwork with millions of hosts. While some changes have been required periodically to support this growth, these changes have taken place as part of the TCP/IP development process, and the core of TCP/IP is basically the same as it was 25 years ago.
• Open Standards and Development Process: The TCP/IP standards are not proprietary, but open standards freely available to the public. Furthermore, the process used to develop TCP/IP standards is also completely open. TCP/IP standards and protocols are developed and modified using the unique, democratic "RFC" process, with all interested parties invited to participate. This ensures that anyone with an interest in the TCP/IP protocols is given a chance to provide input into their development, and also ensures the world-wide acceptance of the protocol suite.
• Universality: Everyone uses TCP/IP because everyone uses it!

This last point is, perhaps ironically, arguably the most important. Not only is TCP/IP the "underlying language of the Internet", it is also used in most private networks today. Even former "competitors" to TCP/IP such as NetWare now use TCP/IP to carry traffic. The Internet continues to grow, and so do the capabilities and functions of TCP/IP. Preparation for the future continues, with the move to the new IP version 6 protocol in its early stages. It is likely that TCP/IP will remain a big part of internetworking for the foreseeable future.

How many different driver signing options does windows server 2003 support? 1. Ignore 2. Warn 3. Block Answer: Microsoft uses digital signatures for device drivers to let users know that drivers are compatible with Microsoft Windows XP, Windows Server 2003, Windows 2000, and Windows Me. A driver's digital signature indicates that the driver was tested with Windows for compatibility and has not been altered since testing. Microsoft requires digital signatures for all devices provided in systems that carry the "Designed for Windows" logo. For Windows XP, certain limited application files can also receive digital signatures.

There are three different options for driver signing. The option you select will tell Windows what to do when it detects an unsigned driver (this is a driver that has not been tested with Windows). You can configure the driver signing options from the System Properties dialog box. The different options include: Ignore- Install the software anyway and don't ask for my approval. Selecting this option means that any unsigned drivers will be installed on your computer and could cause instability.

Warn - Prompt me each time to choose an action. If this option is selected, Windows will present a warning when you attempt to install an unsigned driver. Block - Never install unsigned driver software. By selecting this option, no unsigned drivers will be installed on the computer.