1

What's a directory service?

A directory service is a container that provides a hierarchical structure and allows to store objects for quick and easy
access and manipulation. A directory service is like an electronic phone directory that lets you search for Name and
retrieve the phone number, address, or other information without knowing where that person lives.
Before directory services, If you needed a file, you needed to know the name of the file, the name of the server on
which it is stored and its folder path. Now this works well on small network, but as the network grows it becomes
challenging.
Directory service is the means by which users and administrators can locate resources regardless of where those
resources are located.
Also earlier typical user could have more than one user account or password, and as the network grows and the
number of username and password also increases, like one for File Server, one for email server, etc.
Active Directory
Active Directory is Microsofts answer to directory services and it does a lot more than just locating resources.
Active Directory take care of this by using Kerberos Authentication and Single Sign-On (SSO). SSO means ability of
Kerberos to provide a user with one set of credentials and grant them access across a range of resources and
services with that same set of credentials. Kerberos authenticates the credentials and issues the user a ticket with
which the user gains access to the resources and services that support Kerberos.
Active Directory also makes user management more easier as it acts as a single repository for all of this user and
computer related information.
History of Directory Service
Earlier to todays directory services is X.500 specification that emerged from the International Telecommunications
Union (ITU), formerly the CCITT (Comit Consultatif International Tlphonique et Tlgraphique).
X.500 sits at the Application layer in the OSI model. X.500 contain several component databases that work together
as a single entity.
The primary database is the Directory Information Base (DIB), which stores information about the objects. Major
limitation was its lack of integration with Internet Protocol (IP).
Protocol it used was Directory Access Protocol, or DAP. DAP offered more functionality than that is required for
implementing directory services, so a scaled down version called Lightweight Directory Access Protocol (LDAP) was
made. Later it was considered as a standard by Internet Engineering Task Force (IETF).
Advantage of LDAP
LDAP relies on the TCP/IP stack rather than the OSI stack
Integrate with IP and enable IP clients to use LDAP to query directory services.
LDAP can perform hyper-searches. Giving one directory the ability to defer to another to provide requested data.
LDAPs API is C-based
Like X.500, LDAP uses an inverted-tree hierarchical structure
LDAP supports Kerberos authentication, Simple Authentication Security Layer (SASL), and Secure Sockets Layer
(SSL)
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet
protocols.

Back to Active Directory
AD is Microsofts answer to directory services and it does a lot more than just locating resources.
2

AD uses LDAP as its access protocol.
AD relies on DNS as its locator service, enabling clients to locate domain controllers through DNS queries.
Naming Conventions
AD contains information about objects in your enterprise.
These objects can be computers, users, printers etc.
AD is a container with nested containers holding other containers or objects.
And we name these container and objects so that its easy to query or search.
AD supports several Naming Conventions.
User Principal Names, or UPN
LDAP names also known as Distinguished Name
User Principal Names, or UPN
This one youll probably find most familiar, is as per RFC 822 specification.
This has the same format as your email address: Like ashwin@road2master.ms
They take the form user@domain
If you have a user named User01 under Active Directory domain Domain01.local, the UPN will be
User01@Domain01.Local
We will discuss more about AD domain later.
In AD you can create custom UPNs too, which means you can also add User01@Domain01.com or User01@xyz.com
as UPN for above mentioned object.
More on these later.

LDAP names also known as Distinguished Name
Typically it has this format
cn=common name
ou=organizational unit
dc=domain
for eg. cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms
And query should look like this for the
LDAP://R2MAD01.road2master.ms/cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms
R2MAD01.road2master.ms is the FQDN of the Domain Controller.
Requirement of DNS
DNS Server must support
Service resource (SRV) records
Dynamic update protocol specified by RFC 2136
3

AD relies on DNS as its primary locator service, although its not the only mechanism for locating domain controllers
(DCs).
Domain Controller is the server which has Active Directory Installed.
When a Domain Controller starts,
It registers both its DNS name and NetBIOS name. More on NetBIOS name later.
It add LDAP-specific SRV records in DNS to enable LDAP clients to locate DCs through LDAP queries.
It also add Kerberos authentication protocol-specific SRV records to enable clients to locate servers running the
Kerberos Key Distribution Center (KDC) service.
Also each DC also adds an A record that enables clients that dont support SRV records to locate the DC through a
simple host record lookup. You can disable this if required.
Active Directory objects
Objects in AD can be either containers for other objects or they can be leaf objects, which do not serve as containers.
Objects in AD have attributes, and these attributes not only define the object but also store data. This defines the
character of that Object.
Some attributes and optional and some are mandatory.
Optional : Phone Number
Mandatory: Username
When an Object is created AD assigns a GUID, which is a 128-bit number and no two objects in AD have the same
GUID.
And If an object is moved from AD, it doesn't delete its GUID.
Objects in AD are protected by Access Control Lists (ACLs).
More on Security later.
Active Directory Database
The ESE comprises of tables that define the structure of the directory.
The Database Layer has three partition that define the contents of AD with an optional 4th table or partition.
Schema Partition
This stores Active Directory Schema.
Active Directory Schema defines what are the types of objects that can be created in the directory
How are those objects relate to one another, and what are the mandatory and optional attributes of each object.
And how can one create such objects.

Configuration Partition
This contains configuration of AD.
Domain Partition
This partition stores the objects.
Application Partition
4

This is an optional 4th partition that an administrator can create.
More on this later.
More about Active Database in the upcomming parts.
Active Directory Schema
Active Directory Schema defines what are the types of objects that can be created in the directory
How are those objects relate to one another, and what are the mandatory and optional attributes of each object.
And how can one create such objects.
Schema requires to updates whenever you need to create a new type of object or add anything that requires new
attribute.
Domain, Tree and Forest

AD Domain
Objects that are made on AD are grouped into domains.
The objects for a single domain are stored in a single database (which can be replicated).

AD Domain Tree
A tree is a collection of one or more domains

AD Forest
A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory
configuration.

<> What is Active Directory?
An active directory (AD) is a centralised database system which performs variety of functions including organize
different object like computers and users, allows administrator to apply different policy for those objects. Active
directory is specially designed for distributed networking system.

<>What is domain controller?
A Domain controller is a server which performs active directory server roles in a network. The idea of domain is to
manage access to resources in a network including applications, printers and share folders. Here user can access
network resources using their assigned user name and password.

<> What is LDAP?
Lightweight Directory Access Protocol (LDAP) is a set of standard protocol to access directory information. It is
useful for internet access.

<> Whats the major difference between FAT and NTFS on a local machine?
FAT and FAT32 does not provide security for local users. On the other hand, NTFS provides security for local user
as well as for domain users. Moreover, NTFS provides file level security which is impossible in FAT32.
5


<> What is domain?
A domain is a group of network resources like applications, printers and shared folders. To access those resources
users need to use their assigned username and password. DNS is a server level service which we will have to
install during active directory installation. It is very difficult for human being to remember different IP address but
they can remember domain name easily. A Domain Name Service resolves domain name to IP and IP to domain
name.
<>What is the replication folder?
The SYSVOL is called the replication folder. It keeps all the public files of any domain. It replicates all policy and
users level data after an interval.

<>Where is the Active Directory database file located?
The Active Directory database file is stored in c:\windows\ntds\ntds.dit.

<>What is forest?
A group of single or multiple domain trees which follow trust relationship and common logical structure among them.
A forest is a complete instance of AD. The first domain of any forest is called root domain and the other child
domains follow the root domain. The root domain in a forest must be included in Global Catalogue.

<>Whats the basic difference between guest accounts in Server 2008 R2 and other editions?
Guest accounts in Server 2008 R2 are more restrictive than any other editions

<> Why it is not possible to restore a DC backed up 4 months ago?
Because of the lifetime of backed up file is either 60 or 120 days.

<>What is GPO?
Group Policy Object.

<>What is Site?
A site represents physical network structure of Active Directory. It is an object in AD which represents geographic
location that hosts networks. Moreover, it comprises of one or more subnets that are connect together with sufficient
internet speed.
<> What is the use of SYSVOL folder?
The SYSVOL folder stores the servers copy of the domains public files. It is used to deliver the policy and logon
scripts to domain members. Moreover, it replicates file-based data among domain controllers. The Sysvol folder is
shared on an NTFS volume on all the domain controllers in a particular domain. All active directory data base
security related information store in SYSVOL folder and its only created on NTFS partition.
<>What is the Global Catalog?
The Global Catalog is a server that contains all of the information pertaining to objects within all domains in the
Active Directory environment. It is something that each domain has, and it is used for authenticating the user on the
network. Global Catalog is a database which maintains the information about multiple domains with trust relationship
agreement.
6

<>What is the use of Group Policy?
Group Policy is a feature of the Microsoft Windows NT family which gives you administrative control over users
and computers in your network. It provides the working environment for server users and computers. In addition, it
gives us the central management and configuration for windows operating systems and settings.
Whats the difference between NTFS & FAT?
NTFS is the current file system used by Windows Operating System. It provides security for local user as well as for
domain users. It offers features like security permissions (to limit other users' access to folders), quotas (so one user
can't fill up the disk), shadowing (backing up) and many other features that help Windows. On the other hand,
FAT32 is the older Microsoft file system, primarily used by the Windows 9X line and Window could be installed on a
FAT32 partition up to XP. In comparison, FAT32 offers none of what was mentioned above, and also has a
maximum FILE (not folder) size of 4GB, which is kind of small these days, especially in regards to HD video.
Why cannot you restore a DC that was backed up 4 months ago?
When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old.
The lifetime of backed up file is either 60 or 120 days. If attempt to you restore a backup that is expired, you may
encounter problems because of lingering objects.

What is VLAN?
VLAN Stand for Virtual Local Area Network. It is a logical grouping of network users and resources connected to
administratively defined ports on a switch.
Uses of VLAN are as follows:-
1. It is secured connection.
2. It reduces cost for any network.
3. It increases flexibility.
4. On a network, sensitive data may be broadcast. In such cases, it provides security only those users who have
access to the data.
4. It creates separate broadcast domain.
What is binding order?
The order by which the network protocols are used for client-server communications. The most frequently used
protocols should be at the top.
What do I do to look at the RID allocation table for a Domain Controller?
Go to Command prompt and type
C:\>dcdiag /test:ridmanager /s:<dcname> /v
Here dcname is the name of our Domain Controller.
What is the role of Proxy Server?
A proxy server is a computer that acts as an intermediary between a local network and a larger-scale network such
as the Internet. Proxy servers provide increased performance and security. In some cases, they monitor employees'
use of outside resources. A proxy server is associated with or part of a gateway server that separates the enterprise
network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
7

What is CIDR?
CIDR stands for classless inter domain routing. It was developed as a standard scheme for routing network traffic
across the Internet. It helps in preventing the wasting of IP address and nowadays we are facing the shortage of the
IP address. So this CIDR helps to prevent the waste of IP address.CIDR notation is a syntax of specifying IP
addresses and their associated routing prefix. It appends a slash character to the address and the decimal number
of leading bits of the routing prefix, e.g., 192.168.1.0/24
What is difference between Frond end & Back End Server?
A back end server is a computer resource that has not been exposed to the internet. For this the computing
resource does not directly communicate with the internet user. It can also be described as a server whose main role
is to store and retrieve all email messages. On the other hand, a frontend server is a computer resource that has
exposed to the internet.
What are the role Unicast, Multicast and Broadcast?
Unicast is a kind of transmission in which data is sent from one host to another host. Unicast transmission is one-to-
one communications.
Unicast -> A transmission to a single port.
Multicast is different from Unicast. Its a transmission where data can be sent to more host. Where information is
sent to multiple receiver.
On the other hand, In Broadcast data is sent by one host but received by all the hosted connected with it.
DOMAIN CONTROLLER
Domain controller (DC) is a server that responds to security authentication requests (logging in, checking
permissions, etc.) within the Windows Server domain.
A Domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer
resources with the use of a single username and password combination.
----------------------------------------------------------------------------------------------------------------------------------------------------
What does Subnetting mean?
Subnetting is the strategy used to partition a single physical network into more than one smaller logical
sub-network (subnets).

An IP address includes a network segment and a host segment.
Subnets are designed by accepting bits from the IP address's host part and using these bits to assign a
number of smaller sub-networks inside the original network.
Subnetting allows an organization to add sub-networks without the need to acquire a new network number
via ISP.
Subnetting helps to reduce the network traffic and conceals network complexity.
Is essential when a single network number has to be allocated over numerous segments of a LAN.

Subnets were initially designed for solving the shortage of IP addresses over the Internet.

Each IP address consists of a subnet mask. All the class types, such as Class A, Class B and Class C include
the subnet mask known as the default subnet mask. The subnet mask is intended for determining the type and
8

number of IP addresses required for a given local network. The firewall or router is called the default gateway.
The default subnet mask is as follows:
Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0
The subnetting process allows the administrator to divide a single Class A, Class B, or Class C network
number into smaller portions. The subnets can be subnetted again into sub-subnets.

Supernetting or Classless Inter-Domain Routing (CIDR)
CIDR is a way to aggregate multiple Internet addresses of the same class.
It helps in preventing the wasting of IP address and nowadays we are facing the shortage of the IP address.
Supernetting, also called Classless Inter-Domain Routing (CIDR),
The original Internet Protocol (IP) defines IP addresses in four major classes of address structure, Classes A
through D. Each class allocates one portion of the 32-bit Internet address format to a network address and the
remaining portion to the specific host machines within the network.
Using supernetting, the network address 192.168.2.0/24 and an adjacent address 192.168.3.0/24 can be
merged into 192.168.2.0/23. The "23" at the end of the address says that the first 23 bits are the network
part of the address, leaving the remaining nine bits for specific host addresses.
Supernetting is most often used to combine Class C network addresses and is the basis for most routing
protocols currently used on the Internet.
Supernetting was created as a way to solve the problem of routing tables growing beyond the ability of
current software and people to manage and to provide a solution to the exhaustion of Class B network
address space. Supernetting allows one routing table entry to represent an aggregation of networks much
like one area code represents an aggregation of telephone numbers in an area.


What is IP scavenging ?
The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for
performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

For example, if a computer registers its own host (A) resource record at startup and is later improperly disconnected from
the network, its host (A) resource record might not be deleted. If your network has mobile users and computers, this
situation can occur frequently.
If left unmanaged, the presence of stale resource records in zone data may cause some problems:
If a large number of stale resource records remain in zones, they can eventually take up server disk space and cause
unnecessarily long zone transfers.
Domain Name System (DNS) servers that load zones that contain stale resource records might use outdated
information to answer client queries, potentially causing the clients to experience name resolution problems on the
network.
The accumulation of stale resource records at the DNS server can degrade its performance and responsiveness.
In some cases, the presence of a stale resource record in a zone can prevent a DNS domain name from being used by
another computer or host device.
To solve these problems, the DNS Server service has the following features:
Time stamping, based on the current date and time that is set at the server computer, for any resource records that
are added dynamically to primary-type zones. In addition, time stamps are recorded in standard primary zones where
aging and scavenging is enabled.
9


For resource records that you add manually, a time-stamp value of zero is used, indicating that these records are not
affected by the aging process and that they can remain without limitation in zone data unless you otherwise change
their time stamp or delete them.
Aging of resource records in local data, based on a specified refresh time period, for any eligible zones.
Only primary-type zones that are loaded by the DNS Server service are eligible to participate in this process.
Scavenging for any resource records that persist beyond the specified refresh period.
When a DNS server performs a scavenging operation, it can determine that resource records have aged to the point of
becoming stale and remove them from zone data. You can configure servers to perform recurring scavenging
operations automatically, or you can initiate an immediate scavenging operation at the server.

--------------------------------------------------------------------------------------------
Reverse IP Look UP
Reverse IP tries to fetch IP, it is not actual IP
Say it can be used to hide IP

X.X.X.X is facebook IP
y.y.y.y is used to do phony mapping

IP address lookup is the process of translating between IP addresses and Internet domain/computer names.
Forward IP address lookup converts an Internet name to an address.
Reverse IP address lookup converts the number to the name.
--------------------------------------------------------------------------------------------

What is the role of DHCP?
Say I will used DHCP when I dont want to manually assign IPs , I want free IPs to be automatically
assigned
Install DHCP server on server
Resolves all the IP conflicts
Dynamic Host Configuration Protocol (DHCP) is used for the DHCP servers, automatically provides an Internet
Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and
default gateway. The server knows nothing about the personal computers until they make a request for information.
Usually the most common information sent is IP address and DHCP is used to make a large network administration
easier. DHCP is also useful if an administrator wants to change the IP addresses of a large number of systems.
Instead of reconfiguring all the systems, he can just edit one DHCP configuration file on the server for the new set of
IP addresses.
--------------------------------------------------------------------------------------------
What is DNS? why is it used?

The Domain Name System (DNS) is a system used to convert a computer's host name into an IP address on the
Internet.
The Domain Name System (aka DNS) is used to resolve human-readable hostnames like www.xyz.com into
machine-readable IP addresses like 204.13.248.115.
Computers address each other with numbers called IP addresses. But remembering IP addresses is not an easy task we
prefer to give things named. DNS is a system that ties names to IP addresses.

When you enter a domain name, (e.g. google.com) your computer will find your nearest DNS server and ask it what the
correct IP address is for that name. DNS will return the IP address and your computer can then address the relevant
machine.
10


--------------------------------------------------------------------------------------------
GROUP POLICIES
- Handled by admins
- Helps set security on users, machines, objects, computers, printers
- Password size, length, expiration is set on group policies
- Apply group policies on OU (Organizational Unit)
OU can be group of computers, objects and users

PROCESS
1. Creae a OU( Organizational Unit )
2. Create Group or Policy Object
3. Create Group Policy set ( Enable/ Disable Setting )

Where are group policies available?
-Default policy is set on installation
-Responsibility of admin to create group policy on OU

SYSVOL LOGS location: ( system volume folder ) c:\windows\SYSVOL
Group policy can also be saved here
Group Policies are saved on Organizational Unit

-----------------------------------------------------------------------------------------------------
The interval replicate every minute is set to 15 minutes increments on the general tab in sit link properties in AD sites and
services

NS LOOK UP
Used for querying the domain name system to obtain domain or IP address mapping for any other specific DNS record.
How to use Nslookup to verify DNS configuration
Nslookup xyz.com

At a command prompt, type Nslookup, and then press ENTER.
Type server <IP address>, where IP address is the IP address of your external DNS server.
Type set q=MX, and then press ENTER.
Type <domain name>, where domain name is the name of an external mail domain, and then press ENTER. The mail
exchanger (MX) resource record for the domain that you entered should be displayed. If the MX record is not displayed,
DNS is not configured to resolve external domain names.
-----------------------------------------------------------------------------------------------------

Traceroute is a command which can show you the path a packet of information takes from your computer to one you
specify. It will list all the routers it passes through until it reaches its destination, or fails to and is discarded. In addition to
this, it will tell you how long each 'hop' from router to router takes
Tracert www.xyz.com
Pinging is a command which tells you if the connection between your computer and a particular domain is working
correctly. Ping xyz.com
Netstat
Netstat -a
11

In computing, netstat (network statistics) is a command-line tool that displays network connections (both
incoming and outgoing), routing tables, and a number of network interface (network interface controller or
software-defined network interface) and network protocol statistics.
It is used for finding problems in the network and to determine the amount of traffic on the network as a
performance measurement.
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular
types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer
hardware that can intercept and log traffic passing over a digital network or part of a network.
[1]
As data streams
flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing
the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other
specifications.
Packet capture is the process of intercepting and logging traffic.
\\
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and
communications protocol development, and education.
tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and
display TCP/IP and other packets being transmitted or received over a network to which the computer is
attached. Distributed under the BSD license,
[3]
tcpdump is free software
COMMON PORT NUMBERS
20 & 21: File Transfer Protocol (FTP)
22: Secure Shell (SSH)
23: Telnet remote login service
25: Simple Mail Transfer Protocol (SMTP)
53: Domain Name System (DNS) service
80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110: Post Office Protocol (POP3)
119: Network News Transfer Protocol (NNTP)
143: Internet Message Access Protocol (IMAP)
161: Simple Network Management Protocol (SNMP)
194: Internet Relay Chat (IRC)
443: HTTP Secure (HTTPS)
465: SMTP Secure (SMTPS)

>What is KCC?
KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intra-site replication.
Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.
Where is the AD database held? What other folders are related to AD?
The AD data base is store in c:\windows\ntds\NTDS.DIT.
What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units
12

How many passwords by default are remembered when you check Enforce Password History Remembered?
Users last 6 passwords.
> Can GC Server and Infrastructure place in single server?
No, As Infrastructure master does the same job as the GC. It does not work together.
> Which is service in your windows is responsible for replication of Domain controller to another domain
controller.
KCC generates the replication topology.
Use SMTP / RPC to replicate changes.

> What is lost & found folder in ADS?
Its the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didnt find the OU then it will put that in Lost
& Found Folder.

> What is Garbage collection?
Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.

> What System State data contains?
Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder