Documente Academic
Documente Profesional
Documente Cultură
These are the records associated with each and every server in this world. A fact is that " DNS is the biggest
database in the world and that is the only one which gets updated every second " And this database is not
located at a single place, it is spread across the world in different places like, different companies, different ISP's,
different homes etc. And the name resolution process is explained in my previous post Understanding DNS. That
is the reason why, a DNS request goes to different location to get the correct answer.
In my next article related to DNS, i will discuss about HOW TO TROUBLESHOOT DNS PROBLEMS, KEEP
VISITING OR SUBSRCIBE NOW TO GET THE LATEST POST UPDATES.
Active Directory : Schema
WEDNESDAY, SEPTEMBER 22, 2010
Hi Guys,
Its very long time since my last windows related post. Today i
want to present you something about AD Schema. A very
important concept behind active directory. With out schema
there is no active directory.
What is Schema?
Schema is a collection of Objects , Object classes and their attributes. If you see in the image above Administrator
is a user object in Active Directory, and the properties of that user object are called as Attributes. Here Remote
control is an attribute, COM+ is an attribute. Further every attribute again has more attributes like Dial-in attribute
has Allow Access, Deny Access and so on.... This is simply what we call it as Schema.
This is good enough about Schema, and this schema is embedded with Active Directory. Whenever an object
created in Active Directory, its all attribute information is stored in AD it self. Now the question is...
Where this information Stored?
It is stored in DIT(Data Information Tree) file only, where as it is sub divided into partitions internally and
Schema Partition is one of them. Active Directory database contains 3 Partitions as follows..
Schema partition - Defines rules for object creation and modification for
all objects in the forest. Replicated to all domain controllers in the forest.
Replicated to all domain controllers in the forest, it is known as an
enterprise partition.
Configuration partition - Information about the forest directory
structure is defined including trees, domains, domain trust relationships,
and sites (TCP/IP subnet group). Replicated to all domain controllers in
the forest, it is known as an enterprise partition.
Domain partition - Has complete information about all domain objects
(Objects that are part of the domain including OUs, groups, users and others). Replicated only to domain
controllers in the same domain. Partial domain directory partition - Has a list of all objects in the directory with a
partial list of attributes for each object.
Well very nice another question is.....
What happens to schema whenever i install a new application like Exchange or SQL into my Active
Directory?
If you read the documentation for respective application, they will describe about extending the schema before
installing the specific application. That means, objects and their attributes related to that specific application will
be added to DIT file Schema Partition before going to install the application itself. So that there is a chance of
reducing functional errors of that application. This can be done simply using some switches like "Setup.exe
/ADprep" "Setup.exe /Forestprep" etc.
Super, Fantastic... one more last question is.....
How this Schema will be replicated ?
As mentioned above it is replicated to all DC's in
the forest. We can replicate only Schema Partition
using replmon tool. So that we can confirm each
and every object and its attribute is replicated to all
the DC's. If we get any errors in the replication,
then we will look into it to troubleshoot.
In the image beside notice there is a partion named
CN=Schema,CN=Configuration. It is Schema
Partition and the others are Domain, Configuration
and DNS partitions. You can individually replicate
them if you want by right clicking on each partition
to London and New York Sites.
How to Manage Schema?
By default there is no management console added
in the Administrative tools. If you want to have a
look at Schema, you need to register a dll first
using " regsvr32 schmmgmt.dll ", and then open a
blank microsoft management console from run prompt using "mmc" command. In the mmc, click on file menu,
select Add/Remove Snap-in. There you will find Schema Management option, select it and click on Add. Save the
console as Schema Management to your Administrative Tools folder or Desktop. That is your AD schema.
DHCP is an application which is either installed on Windows Server Operating system or on UNIX OS to service
an enterprise in the aspect of IP configuration and management. Its main goal is to provide & configure the client
computers with specific ip configuration to enable identification and communication in the network. Prior to
DHCP another protocol have been used, it is called BOOTP. BOOTP(Boot Protocol) has only one future that is
Reservation. So the administrators who are worked with BOOTP, need to get all the MAC addresses and write
them on a notepad to enable the use of BOOTP. After writing all the MAC addresses, the same need to be added to
BOOTP table with corresponding IP addresses. That makes lot of work for administrators, even though its an
automated process, but admin’s need to work a lot to get the MAC addresses of all the machines in the network.
Later it has gained lot of improvements to serve the network and became DHCP.
Active Directory Lightweight Directory Services (AD LDS) : This service is ideal if you are required to support
directory-enabled applications. AD LDS is a Lightweight Directory Access Protocol (LDAP) compliant directory
service.
Active Directory Rights Management Services (AD RMS) : This service augments an organization’s security
strategy by protecting information through persistent usage policies. The key to the service is that the right
management policies are bound to the information no matter where it resides or to where it is moved. AD RMS is
used to lock down documents, spreadsheets, e-mail, and so on from being infiltrated or ending up in the wrong
hands. AD RMS, for example, prevents e-mails from being accidentally forwarded to the wrong people.
The Application Server role : This role supports the deployment and operation of custom business applications
that are built with Microsoft .NET Framework. The Application Server role lets you choose services for
applications that require COM+, Message Queuing, Web services, and Distributed Coordinated Transactions.
DHCP and DNS : These two roles install these two critical network service services required for every network.
They support Active Directory integration and support IPv6.
Fax Server role : The fax server lets you set up a service to send and receive faxes over your network. The role
creates a fax server and installs the Fax Service Manager and the Fax service on the server.
File Server role : This role lets you set up all the bits, bells, and whistles that come with a Windows file server.
This role also lets you install Share and Storage Management, the Distributed File System (DFS), the File Server
Resource Manager application for managing file servers, Services for Network File System (NFS), Windows File
Services, which include stuff like the File Replication Service (FRS), and so on.
Network Policy and Access Services : This provides the following network connectivity solutions: Network
Access Protection (NAP), the client health policy creation, enforcement,and remediation technology; secure
wireless and wired access (802.1X), wireless access points, remote access solutions, virtual private network (VPN)
services, Radius, and more.
Print Management role : The print services provide a single interface that you use to manage multiple printers
and print servers on your network.
Terminal Services role : This service provides technologies that enable users to access Windows-based programs
that are installed on a terminal server. Users can execute applications remotely (they still run on the remote server)
or they can access the full Windowsdesktop on the target server.
Universal Description, Discovery, and Integration (UDDI) : UDDI Services provide capabilities for sharing
information about Web services. UDDI is used on the intranet, between entities participating on an extranet, or on
the Internet.
Web Server role : This role provides IIS 7.0, the Web server, ASP.NET, and the Windows Communication
Foundation (WCF).
Windows Deployment Services : These services are used for deployment of new computers in medium to large
organizations.
Hyper-V Role : A Hypervisor platform to host and manage virtual machines in an efficient way. Introduced in
Windows 2008.
Note : Windows 2008 available only in 64Bit for Production Environments. For demo purposes you can download
32bit version.
How to monitor replication between sites?
TSDAY, AUGUST 3, 2010
Hi Friends,
In the previous posts i discussed about Active Directory Replication. In this post i wan to talk about monitoring the
replication traffic between AD Sites.
Active Directory database is made up of 3 naming contexts or partitions.
1. Schema Partition :
The schema container defines the objects (such as users) and attributes (such as telephone numbers) that can be
created in the Active Directory, and the rules for creating and manipulating them. Schema information (which
attributes are mandatory for object creation, what additional attributes can be set, and what attribute data types are
used) is replicated to all domain controllers to ensure that objects are created and manipulated in accordance
with the rules.
2. Configuration Partition :
The configuration container includes information about the Active Directory as a whole—what domains exist,
what sites are available, what domain controllers are running in the particular sites and domains, and what
additional services are offered. All enterprise domain controllers need this information to make operational
decisions (such as choosing replication partners) so it is replicated to all of them.
3. Domain Partition :
A domain naming context holds objects such as users, groups, computers, and organizational units. A full domain
naming context replica contains a read-write replica of all information in the domain—all objects and attributes. A
domain controller holds a full replica of its domain naming context. A partial domain naming context replica
contains a read-only subset of the information in the domain—all objects, but only selected attributes. A domain
controller that's a global catalog (GC) server contains a partial replica of every other domain in the forest (and a
full replica of its own domain.)
There are some specific tools developed by Microsoft to Initiate, Monitor and Troubleshoot the replication Traffic.
• replmon - is a GUI tool, used to monitor replication in the partition level, you can run it from
Windows Resource Kit Tools / Windows Support Tools.
• repadmin - is a command line utility to initiate replication, find replicas, create site links etc, you can
run it from Windows Resource Kit Tools / Windows Support Tools.
• dcdiag – is a command line utility to diagnose communication problems between dc’s (sites)
• netdiag – is a command line utility to diagnose network problems in a domain environment.
How to join a
computer to the domain which is in different network(VLAN)?
Ensure that all the required firewall ports are open to enable communication between domain controller and client
which are in different networks.
How to reset TCP/IP in Windows or How to delete TCP/IP entries from Registry ?
FRIDAY, JULY 9, 2010
Resetting TCP/IP solves many problems. So how to reset it ?
Actually all the parameters of the TCP/IP for every interface is stored in Windows Registry Database. Its not
stored in a single location, but in many locations. So finding all the values and deleting them manually is not at all
possible. It may disturb our system configuration if you edit the registry manually. My sincere request is backup
your system registry before you modify anything, otherwise you will get lot of issues. :)
So to simplify this situation, we have a command in windows, which takes care of everything in resetting tcp/ip.
Finally the beautiful command is “netsh”. It really helps us in many conditions. And it can be available as a
download from microsoft.com for older machines.
5. Go and look at your tcp/ip properties tab, you will set to “Obtain Automatically Mode”, surprised!!!
6. This command is used in situations like follows….
sometimes DNS servers information will not erase from the registry
sometimes virtual ip settings also not erase from the registry
sometimes configuration changes doesn’t takes place