A directory service is a container that provides a hierarchical structure and allows to store objects for quick and easy access and manipulation. A directory service is like an electronic phone directory that lets you search for Name and retrieve the phone number, address, or other information without knowing where that person lives. Before directory services, If you needed a file, you needed to know the name of the file, the name of the server on which it is stored and its folder path. Now this works well on small network, but as the network grows it becomes challenging. Directory service is the means by which users and administrators can locate resources regardless of where those resources are located. Also earlier typical user could have more than one user account or password, and as the network grows and the number of username and password also increases, like one for File Server, one for email server, etc. Active Directory Active Directory is Microsofts answer to directory services and it does a lot more than just locating resources. Active Directory take care of this by using Kerberos Authentication and Single Sign-On (SSO). SSO means ability of Kerberos to provide a user with one set of credentials and grant them access across a range of resources and services with that same set of credentials. Kerberos authenticates the credentials and issues the user a ticket with which the user gains access to the resources and services that support Kerberos. Active Directory also makes user management more easier as it acts as a single repository for all of this user and computer related information. History of Directory Service Earlier to todays directory services is X.500 specification that emerged from the International Telecommunications Union (ITU), formerly the CCITT (Comit Consultatif International Tlphonique et Tlgraphique). X.500 sits at the Application layer in the OSI model. X.500 contain several component databases that work together as a single entity. The primary database is the Directory Information Base (DIB), which stores information about the objects. Major limitation was its lack of integration with Internet Protocol (IP). Protocol it used was Directory Access Protocol, or DAP. DAP offered more functionality than that is required for implementing directory services, so a scaled down version called Lightweight Directory Access Protocol (LDAP) was made. Later it was considered as a standard by Internet Engineering Task Force (IETF). Advantage of LDAP LDAP relies on the TCP/IP stack rather than the OSI stack Integrate with IP and enable IP clients to use LDAP to query directory services. LDAP can perform hyper-searches. Giving one directory the ability to defer to another to provide requested data. LDAPs API is C-based Like X.500, LDAP uses an inverted-tree hierarchical structure LDAP supports Kerberos authentication, Simple Authentication Security Layer (SASL), and Secure Sockets Layer (SSL) Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols.
Back to Active Directory AD is Microsofts answer to directory services and it does a lot more than just locating resources. 2
AD uses LDAP as its access protocol. AD relies on DNS as its locator service, enabling clients to locate domain controllers through DNS queries. Naming Conventions AD contains information about objects in your enterprise. These objects can be computers, users, printers etc. AD is a container with nested containers holding other containers or objects. And we name these container and objects so that its easy to query or search. AD supports several Naming Conventions. User Principal Names, or UPN LDAP names also known as Distinguished Name User Principal Names, or UPN This one youll probably find most familiar, is as per RFC 822 specification. This has the same format as your email address: Like ashwin@road2master.ms They take the form user@domain If you have a user named User01 under Active Directory domain Domain01.local, the UPN will be User01@Domain01.Local We will discuss more about AD domain later. In AD you can create custom UPNs too, which means you can also add User01@Domain01.com or User01@xyz.com as UPN for above mentioned object. More on these later.
LDAP names also known as Distinguished Name Typically it has this format cn=common name ou=organizational unit dc=domain for eg. cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms And query should look like this for the LDAP://R2MAD01.road2master.ms/cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms R2MAD01.road2master.ms is the FQDN of the Domain Controller. Requirement of DNS DNS Server must support Service resource (SRV) records Dynamic update protocol specified by RFC 2136 3
AD relies on DNS as its primary locator service, although its not the only mechanism for locating domain controllers (DCs). Domain Controller is the server which has Active Directory Installed. When a Domain Controller starts, It registers both its DNS name and NetBIOS name. More on NetBIOS name later. It add LDAP-specific SRV records in DNS to enable LDAP clients to locate DCs through LDAP queries. It also add Kerberos authentication protocol-specific SRV records to enable clients to locate servers running the Kerberos Key Distribution Center (KDC) service. Also each DC also adds an A record that enables clients that dont support SRV records to locate the DC through a simple host record lookup. You can disable this if required. Active Directory objects Objects in AD can be either containers for other objects or they can be leaf objects, which do not serve as containers. Objects in AD have attributes, and these attributes not only define the object but also store data. This defines the character of that Object. Some attributes and optional and some are mandatory. Optional : Phone Number Mandatory: Username When an Object is created AD assigns a GUID, which is a 128-bit number and no two objects in AD have the same GUID. And If an object is moved from AD, it doesn't delete its GUID. Objects in AD are protected by Access Control Lists (ACLs). More on Security later. Active Directory Database The ESE comprises of tables that define the structure of the directory. The Database Layer has three partition that define the contents of AD with an optional 4th table or partition. Schema Partition This stores Active Directory Schema. Active Directory Schema defines what are the types of objects that can be created in the directory How are those objects relate to one another, and what are the mandatory and optional attributes of each object. And how can one create such objects.
Configuration Partition This contains configuration of AD. Domain Partition This partition stores the objects. Application Partition 4
This is an optional 4th partition that an administrator can create. More on this later. More about Active Database in the upcomming parts. Active Directory Schema Active Directory Schema defines what are the types of objects that can be created in the directory How are those objects relate to one another, and what are the mandatory and optional attributes of each object. And how can one create such objects. Schema requires to updates whenever you need to create a new type of object or add anything that requires new attribute. Domain, Tree and Forest
AD Domain Objects that are made on AD are grouped into domains. The objects for a single domain are stored in a single database (which can be replicated).
AD Domain Tree A tree is a collection of one or more domains
AD Forest A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration.
<> What is Active Directory? An active directory (AD) is a centralised database system which performs variety of functions including organize different object like computers and users, allows administrator to apply different policy for those objects. Active directory is specially designed for distributed networking system.
<>What is domain controller? A Domain controller is a server which performs active directory server roles in a network. The idea of domain is to manage access to resources in a network including applications, printers and share folders. Here user can access network resources using their assigned user name and password.
<> What is LDAP? Lightweight Directory Access Protocol (LDAP) is a set of standard protocol to access directory information. It is useful for internet access.
<> Whats the major difference between FAT and NTFS on a local machine? FAT and FAT32 does not provide security for local users. On the other hand, NTFS provides security for local user as well as for domain users. Moreover, NTFS provides file level security which is impossible in FAT32. 5
<> What is domain? A domain is a group of network resources like applications, printers and shared folders. To access those resources users need to use their assigned username and password. DNS is a server level service which we will have to install during active directory installation. It is very difficult for human being to remember different IP address but they can remember domain name easily. A Domain Name Service resolves domain name to IP and IP to domain name. <>What is the replication folder? The SYSVOL is called the replication folder. It keeps all the public files of any domain. It replicates all policy and users level data after an interval.
<>Where is the Active Directory database file located? The Active Directory database file is stored in c:\windows\ntds\ntds.dit.
<>What is forest? A group of single or multiple domain trees which follow trust relationship and common logical structure among them. A forest is a complete instance of AD. The first domain of any forest is called root domain and the other child domains follow the root domain. The root domain in a forest must be included in Global Catalogue.
<>Whats the basic difference between guest accounts in Server 2008 R2 and other editions? Guest accounts in Server 2008 R2 are more restrictive than any other editions
<> Why it is not possible to restore a DC backed up 4 months ago? Because of the lifetime of backed up file is either 60 or 120 days.
<>What is GPO? Group Policy Object.
<>What is Site? A site represents physical network structure of Active Directory. It is an object in AD which represents geographic location that hosts networks. Moreover, it comprises of one or more subnets that are connect together with sufficient internet speed. <> What is the use of SYSVOL folder? The SYSVOL folder stores the servers copy of the domains public files. It is used to deliver the policy and logon scripts to domain members. Moreover, it replicates file-based data among domain controllers. The Sysvol folder is shared on an NTFS volume on all the domain controllers in a particular domain. All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition. <>What is the Global Catalog? The Global Catalog is a server that contains all of the information pertaining to objects within all domains in the Active Directory environment. It is something that each domain has, and it is used for authenticating the user on the network. Global Catalog is a database which maintains the information about multiple domains with trust relationship agreement. 6
<>What is the use of Group Policy? Group Policy is a feature of the Microsoft Windows NT family which gives you administrative control over users and computers in your network. It provides the working environment for server users and computers. In addition, it gives us the central management and configuration for windows operating systems and settings. Whats the difference between NTFS & FAT? NTFS is the current file system used by Windows Operating System. It provides security for local user as well as for domain users. It offers features like security permissions (to limit other users' access to folders), quotas (so one user can't fill up the disk), shadowing (backing up) and many other features that help Windows. On the other hand, FAT32 is the older Microsoft file system, primarily used by the Windows 9X line and Window could be installed on a FAT32 partition up to XP. In comparison, FAT32 offers none of what was mentioned above, and also has a maximum FILE (not folder) size of 4GB, which is kind of small these days, especially in regards to HD video. Why cannot you restore a DC that was backed up 4 months ago? When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old. The lifetime of backed up file is either 60 or 120 days. If attempt to you restore a backup that is expired, you may encounter problems because of lingering objects.
What is VLAN? VLAN Stand for Virtual Local Area Network. It is a logical grouping of network users and resources connected to administratively defined ports on a switch. Uses of VLAN are as follows:- 1. It is secured connection. 2. It reduces cost for any network. 3. It increases flexibility. 4. On a network, sensitive data may be broadcast. In such cases, it provides security only those users who have access to the data. 4. It creates separate broadcast domain. What is binding order? The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top. What do I do to look at the RID allocation table for a Domain Controller? Go to Command prompt and type C:\>dcdiag /test:ridmanager /s:<dcname> /v Here dcname is the name of our Domain Controller. What is the role of Proxy Server? A proxy server is a computer that acts as an intermediary between a local network and a larger-scale network such as the Internet. Proxy servers provide increased performance and security. In some cases, they monitor employees' use of outside resources. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. 7
What is CIDR? CIDR stands for classless inter domain routing. It was developed as a standard scheme for routing network traffic across the Internet. It helps in preventing the wasting of IP address and nowadays we are facing the shortage of the IP address. So this CIDR helps to prevent the waste of IP address.CIDR notation is a syntax of specifying IP addresses and their associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 192.168.1.0/24 What is difference between Frond end & Back End Server? A back end server is a computer resource that has not been exposed to the internet. For this the computing resource does not directly communicate with the internet user. It can also be described as a server whose main role is to store and retrieve all email messages. On the other hand, a frontend server is a computer resource that has exposed to the internet. What are the role Unicast, Multicast and Broadcast? Unicast is a kind of transmission in which data is sent from one host to another host. Unicast transmission is one-to- one communications. Unicast -> A transmission to a single port. Multicast is different from Unicast. Its a transmission where data can be sent to more host. Where information is sent to multiple receiver. On the other hand, In Broadcast data is sent by one host but received by all the hosted connected with it. DOMAIN CONTROLLER Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A Domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination. ---------------------------------------------------------------------------------------------------------------------------------------------------- What does Subnetting mean? Subnetting is the strategy used to partition a single physical network into more than one smaller logical sub-network (subnets).
An IP address includes a network segment and a host segment. Subnets are designed by accepting bits from the IP address's host part and using these bits to assign a number of smaller sub-networks inside the original network. Subnetting allows an organization to add sub-networks without the need to acquire a new network number via ISP. Subnetting helps to reduce the network traffic and conceals network complexity. Is essential when a single network number has to be allocated over numerous segments of a LAN.
Subnets were initially designed for solving the shortage of IP addresses over the Internet.
Each IP address consists of a subnet mask. All the class types, such as Class A, Class B and Class C include the subnet mask known as the default subnet mask. The subnet mask is intended for determining the type and 8
number of IP addresses required for a given local network. The firewall or router is called the default gateway. The default subnet mask is as follows: Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 The subnetting process allows the administrator to divide a single Class A, Class B, or Class C network number into smaller portions. The subnets can be subnetted again into sub-subnets.
Supernetting or Classless Inter-Domain Routing (CIDR) CIDR is a way to aggregate multiple Internet addresses of the same class. It helps in preventing the wasting of IP address and nowadays we are facing the shortage of the IP address. Supernetting, also called Classless Inter-Domain Routing (CIDR), The original Internet Protocol (IP) defines IP addresses in four major classes of address structure, Classes A through D. Each class allocates one portion of the 32-bit Internet address format to a network address and the remaining portion to the specific host machines within the network. Using supernetting, the network address 192.168.2.0/24 and an adjacent address 192.168.3.0/24 can be merged into 192.168.2.0/23. The "23" at the end of the address says that the first 23 bits are the network part of the address, leaving the remaining nine bits for specific host addresses. Supernetting is most often used to combine Class C network addresses and is the basis for most routing protocols currently used on the Internet. Supernetting was created as a way to solve the problem of routing tables growing beyond the ability of current software and people to manage and to provide a solution to the exhaustion of Class B network address space. Supernetting allows one routing table entry to represent an aggregation of networks much like one area code represents an aggregation of telephone numbers in an area.
What is IP scavenging ? The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.
For example, if a computer registers its own host (A) resource record at startup and is later improperly disconnected from the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this situation can occur frequently. If left unmanaged, the presence of stale resource records in zone data may cause some problems: If a large number of stale resource records remain in zones, they can eventually take up server disk space and cause unnecessarily long zone transfers. Domain Name System (DNS) servers that load zones that contain stale resource records might use outdated information to answer client queries, potentially causing the clients to experience name resolution problems on the network. The accumulation of stale resource records at the DNS server can degrade its performance and responsiveness. In some cases, the presence of a stale resource record in a zone can prevent a DNS domain name from being used by another computer or host device. To solve these problems, the DNS Server service has the following features: Time stamping, based on the current date and time that is set at the server computer, for any resource records that are added dynamically to primary-type zones. In addition, time stamps are recorded in standard primary zones where aging and scavenging is enabled. 9
For resource records that you add manually, a time-stamp value of zero is used, indicating that these records are not affected by the aging process and that they can remain without limitation in zone data unless you otherwise change their time stamp or delete them. Aging of resource records in local data, based on a specified refresh time period, for any eligible zones. Only primary-type zones that are loaded by the DNS Server service are eligible to participate in this process. Scavenging for any resource records that persist beyond the specified refresh period. When a DNS server performs a scavenging operation, it can determine that resource records have aged to the point of becoming stale and remove them from zone data. You can configure servers to perform recurring scavenging operations automatically, or you can initiate an immediate scavenging operation at the server.
-------------------------------------------------------------------------------------------- Reverse IP Look UP Reverse IP tries to fetch IP, it is not actual IP Say it can be used to hide IP
X.X.X.X is facebook IP y.y.y.y is used to do phony mapping
IP address lookup is the process of translating between IP addresses and Internet domain/computer names. Forward IP address lookup converts an Internet name to an address. Reverse IP address lookup converts the number to the name. --------------------------------------------------------------------------------------------
What is the role of DHCP? Say I will used DHCP when I dont want to manually assign IPs , I want free IPs to be automatically assigned Install DHCP server on server Resolves all the IP conflicts Dynamic Host Configuration Protocol (DHCP) is used for the DHCP servers, automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. The server knows nothing about the personal computers until they make a request for information. Usually the most common information sent is IP address and DHCP is used to make a large network administration easier. DHCP is also useful if an administrator wants to change the IP addresses of a large number of systems. Instead of reconfiguring all the systems, he can just edit one DHCP configuration file on the server for the new set of IP addresses. -------------------------------------------------------------------------------------------- What is DNS? why is it used?
The Domain Name System (DNS) is a system used to convert a computer's host name into an IP address on the Internet. The Domain Name System (aka DNS) is used to resolve human-readable hostnames like www.xyz.com into machine-readable IP addresses like 204.13.248.115. Computers address each other with numbers called IP addresses. But remembering IP addresses is not an easy task we prefer to give things named. DNS is a system that ties names to IP addresses.
When you enter a domain name, (e.g. google.com) your computer will find your nearest DNS server and ask it what the correct IP address is for that name. DNS will return the IP address and your computer can then address the relevant machine. 10
-------------------------------------------------------------------------------------------- GROUP POLICIES - Handled by admins - Helps set security on users, machines, objects, computers, printers - Password size, length, expiration is set on group policies - Apply group policies on OU (Organizational Unit) OU can be group of computers, objects and users
PROCESS 1. Creae a OU( Organizational Unit ) 2. Create Group or Policy Object 3. Create Group Policy set ( Enable/ Disable Setting )
Where are group policies available? -Default policy is set on installation -Responsibility of admin to create group policy on OU
SYSVOL LOGS location: ( system volume folder ) c:\windows\SYSVOL Group policy can also be saved here Group Policies are saved on Organizational Unit
----------------------------------------------------------------------------------------------------- The interval replicate every minute is set to 15 minutes increments on the general tab in sit link properties in AD sites and services
NS LOOK UP Used for querying the domain name system to obtain domain or IP address mapping for any other specific DNS record. How to use Nslookup to verify DNS configuration Nslookup xyz.com
At a command prompt, type Nslookup, and then press ENTER. Type server <IP address>, where IP address is the IP address of your external DNS server. Type set q=MX, and then press ENTER. Type <domain name>, where domain name is the name of an external mail domain, and then press ENTER. The mail exchanger (MX) resource record for the domain that you entered should be displayed. If the MX record is not displayed, DNS is not configured to resolve external domain names. -----------------------------------------------------------------------------------------------------
Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. It will list all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from router to router takes Tracert www.xyz.com Pinging is a command which tells you if the connection between your computer and a particular domain is working correctly. Ping xyz.com Netstat Netstat -a 11
In computing, netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. [1] As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. Packet capture is the process of intercepting and logging traffic. \\ Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, [3] tcpdump is free software COMMON PORT NUMBERS 20 & 21: File Transfer Protocol (FTP) 22: Secure Shell (SSH) 23: Telnet remote login service 25: Simple Mail Transfer Protocol (SMTP) 53: Domain Name System (DNS) service 80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web 110: Post Office Protocol (POP3) 119: Network News Transfer Protocol (NNTP) 143: Internet Message Access Protocol (IMAP) 161: Simple Network Management Protocol (SNMP) 194: Internet Relay Chat (IRC) 443: HTTP Secure (HTTPS) 465: SMTP Secure (SMTPS)
>What is KCC? KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intra-site replication. Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP. Where is the AD database held? What other folders are related to AD? The AD data base is store in c:\windows\ntds\NTDS.DIT. What is LSDOU? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units 12
How many passwords by default are remembered when you check Enforce Password History Remembered? Users last 6 passwords. > Can GC Server and Infrastructure place in single server? No, As Infrastructure master does the same job as the GC. It does not work together. > Which is service in your windows is responsible for replication of Domain controller to another domain controller. KCC generates the replication topology. Use SMTP / RPC to replicate changes.
> What is lost & found folder in ADS? Its the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didnt find the OU then it will put that in Lost & Found Folder.
> What is Garbage collection? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.
> What System State data contains? Contains Startup files, Registry Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder