1)dsdbutil.

exe to take backup only of active directory lightweight directory services instance you want to take backup of

2) diskpart.exe to convert basic disks to dynamic disks,(like raid).

3) ntdsutil is a commandline utility that offers management facilities for active directory. it is stored in systemroot ,system32 folder.

4) when you need to prepare the active directory domain for the installation of domaincontrollers run the command adprep\domain and adprep\forest

5) to restore backup of active directory start the domain controller in the directory services restore mode (dsrm).

6)the block policy inheritence option avoids group policies of higher level active directory objects from pertaining to lower level objects on condition that the enforced option is is not set.

7)the five fsmo(flexible single master of operations), roles are pdc emulator,rid master ,infrastructure master ,schema master ,domain naming master.( the last two apply to the whole forest). The schema master role is responsible for making changes to the active directory schema like when installing a new application like exchange server . Domain naming master is responsible for adding or removing a domain ,renaming domains ,application partitions. Pdc emulator is responsible for logons and password changes.also for replication to windows nt4 bdcs.also for forest wide time synchronization.The rid (relative identifier), issues rid numbers to all the objects like users,groups etc.Infrastructure master role is responsible for updating cross domain ,group to user references.

8) the command line utility which aids administrators in diagnoising replication problems between domain controllers is REPADMIN.Type in powershell repadmin/replicate to fix replication issues with single partner or repadmin/syncall for all partners.

9)(Authoratitive restore)This method restores the DC directory to the state that it was in when the backup was made, then overwrites all the other DC's to match the restored DC, thereby removing any changes made since backup. (Nonauthoratitive restore)This method will restore an active directory to the server in question and will then receive all of the recent updates from its replication partners in the domain.

10) You can use Dnscmd.exe to view, manage, and update existing DNS server configurations or to set up and configure new DNS servers on your network. Type it in the powershell. To clear the cache use the command dnscmd /clearcache

11) to move the activedirectory database to a new volume you should move the ntds.dit file to the new volume by opening the files option in the ntdsutil utility

12)When resources are made available to users who reside in domains outside the forest foreign security principle objects are automatically created. These new objects are stored within the foreign security principles folder.

14)The global catalog is a distributed data repository that contains a searchable, partial

representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers. 15)Active directory -integrated dns:- When you configure a computer as a DNS server, zones are usually stored as text files on name servers that is, all of the zones required by DNS are stored in a text file on the server computer. These text files must be synchronized among DNS name servers by using a system that requires a separate replication topology and schedule called a zone transfer However, if you use Active Directoryintegrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an Active Directory object and is replicated as part of domain replication.

16) A forward lookup zone is a DNS zone in which hostname to IP address relations are stored. When a computer requests the IP address of a specific hostname, the forward lookup zone is queried and the result is returned.
A reverse lookup zone does just the opposite. When a computer requests thehostname of an IP

address, the reverse lookup zone is queried and the result is returned. To do a reverse lookup dns query type ping a 132.133.6.6 ,then you will get the servername .
17) A stub zone:- is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. 18)we check if the dns is functioning properly by giving the command nslookup. 19) to make a client machine do activedirectory tasks and do the delegated tasks to it install the adminpack in i386 folder found in the root of the installing cdor from the server. 20) while configuring dns reverse and forward lookup zone do rightclick and then do Select new pointer from the dropdown list.

21) Lightweight Directory access protocol. LDAP is a clientserver protocol for accessing a active directory 22) The active directory database is logically separated into directory partitions 1) Schema partition 2) Configuration partition 3) Domain partition 4) Application partition . Minimum two directory partitions are common among all domain

controllers in the same forest: the schema and configuration partitions. All domain controllers which are in the same domain, in addition, share a common domain partition. 23) type perfmon command in the start run , get to the performance monitor. 24) PhysicalDisk: Avg. Read Queue Length Should be less than 2

1. PhysicalDisk: Avg. Write Queue Length Should be less than 2 2. PhysicalDisk: % Disk Time more than 50% indicates a bottleneck

If processor is the bottleneck ,the % processor time would be above 80%. If memory was the bottleneck the available bytes would drop below 10mb. If memory is bottleneck pages/sec will be more than 20 . Less the paging ,better for the server.
25) To check or set Virtual Memory follow this path: Control Panel, System Properties, Advanced, Performance and Advanced. 26)Use following counters to check network bottlenecks. Network Interface\ Bytes Total/sec Network Interface\ Bytes Sent/sec Network Interface\ Bytes Received/sec Network Interface\ Current Bandwidth 27) System Volume (SYSVOL) is a shared directory that stores the server copy of the domain

public files (Policies and scripts) that must be shared for common access and replication throughout a domain. 28) Dhcp relay agents are machines that listen for lease requests from dhcp clients on their own subnet and forward these requests to a dhcp server located on a different subnet.They are configured using the routing and remote access service. 29) Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server
2003, and Windows 2000 Server that provides the following services: Dial-up remote access server Virtual private network (VPN) remote access server

Internet Protocol (IP) router for connecting subnets of a private network Network address translator (NAT) for connecting a private network to the Internet Dial-up and VPN site-to-site demand-dial router

30)Dns resource records. a) soa record each zone has one soa record that identifies which dns server is authoratative for domains and subdomains in the zone. b) a record a record is used to resolve the fqdn of a particular host into its associated ip address. c) cname record contains an alias for a host. d) ptr record opposite of a record ,a ptr record is used to resolve the ip address of a host into its fqdn. e) srv record an srv record is used by dns clients to locate a server that is running a particular service. f) Mx record an mx record points to one or more computers that process smtp mail flow for an organization or site. 31) dns serversPrimary name server ( primary zone) a name server that maintains the writable copy of the zone information for a zone . Secondary name server( secondary zone) a name server that has a read only copy of the zone information . A secondary name server gets its zone information from a master name server by a process called zone transfer. Caching only name server a name server that dosent have any zone information. Instead ,these servers cache the results of name queries and use this information to answerother queries. 32) a resolver is a software running on a client computer that enables the computer to communicate with name servers to resolve fqdns into ip addresses. 33) Universal groups differ from global groups in that they are available only in windows 2003 domains running in native mode,not mixed mode. 34) To set up account lockout and password policies go to computer configuration windows settings security settings

35) Cost- This is a number used to determine which site link will be preferred for replication when two sites are connected by multiple site links.the higher the cost number assigned to a site link ,the lower the priority of the link as far as replication is concerned. 36) Site-link bridge- This is a connection between two or more sites using multiple site links. 37) bridgehead server This is a single domain controller used in each site for replication with other sites. 38) APIPA(automatic private ip addressing ) ,allows client computers to be assigned ip addressing automatically without the need of a dhcp server. 39) Use gpresult /r to get the resultant set of group policies that are applied to a machine. 40) Security in ipsec is provided by two protocols 1) Authintacation header (Ah) 2) Encapsulating security payload (ESP).AH provides data authentication for the entire ip packet.ESP provides data encryption for the esp payload. 41) Use NETSTAT A B to determine which port an application listens to. 42) When a PXE-enabled computer that has no operating system boots, it contacts the PXE
server on your WDS server, obtains an IP address, and downloads the WDS client. The WDS client then displays a boot menu, which presents a list of operating systems that can be installed on The system. 43) A boot image is a Windows image (.wim) file you can use to boot a bare-metal client computer to begin the deployment of an operating system to the computer. When deploying images with WDS, you can use the default boot image from the \sources folder on the Windows Server 2008 DVD 44) An install image is an image of the Windows Vista or Windows Server 2008 operating system itself that you plan on deploying onto the client computer. The simplest way of using WDS is to deploy the default install image included in the \sources folder on your Windows Server 2008 product DVD. 45) A discover image is a boot image you can use to deploy an install image onto a computer that is not PXE enabled. 46) A hypervisor is a thin layer of software that runs beneath the parent operating system and that grants both parent and child operating systems equal access to the hardware. A hypervisor essentially turns all locally installed operating systems into virtual machines. 47) For Windows Vista and Windows Server 2008, two types of volume licenses are available: Multiple Access Key (MAK) licenses and Key Management Service (KMS) licenses. Each of these licenses is associated with a different method of activation. 48) You can use WDS to deploy Windows Vista or Windows Server 2008 to bare-metal computers. With WDS, a PXE-enabled computer contacts the WDS server and downloads a

menu of available operating systems. An end-user can then choose an operating system to install from this menu. 49) There are five types of dynamic volumes: simple, spanned, striped, mirrored, and RAID-5. 50) In general, disk storage occurs in three varieties: direct-attached storage (DAS), networkattached storage (NAS), and storage-area networks (SANs). Both DAS and SANs provide block-based access to data storage, and NAS provides file-based access. SANs provide the additional benefit of shared storage that you can easily move from server to server. 51)
Round-robin uses DNS to distribute the client request load between two or more servers. 52) Terminal services;TS CAP A TS CAP essentially is a policy that specifies which external users or computers

can connect to TS Gateway. 53) TS Gateway is an optional TS component that enables authorized Remote Desktop clients to establish Remote Desktop Protocol (RDP) sessions between the Internet and Terminal Services resources found behind a firewall on a private network. 54) TS RAP:- A TS RAP is a TS Gateway policy that specifies which users can connect to which Terminal Services resources in an organization. 55) To flush the dns resolver cache in the client machine ,type ipconfig /flushdns in the command prompt. 56) To clear the cache in the dns server ,type dnscmd /clearcache in the command prompt. 57) To access the schema management console ,type regsvr32 schmmgmt.dll in run and press enter. 58) The kcc(knowledge consistence checker) ,facilitates replication between two domain controllers by creating connection objects. 59) For tracking replication ,domain controllers use usn (update sequence number) and property version numbers.(used when object attribute is changed in another domain controller before replication takes place) 60) If a group policy is applied to a user and a computer ,then the computer policy will win ,since it is more specific. 61) DCDIAG is used to check windows replication errors . 62) Best practice 1) The schema master and domain naming master must be on the same server ,and that server should be the global catalog server . b) The infrastructure master and global catalog server should not be on the same server. 63) Use active directory users and computers to find pdc emulator , rid master and infrastructure master role and also to move these roles. 64) For viewing and changing domain naming master role go to directory domains and trusts . active

65) for viewing and changing schema master role need to install Microsoft support tools from the cd .

66) You can seize the fsmo roles by using ntdsutil command . 67) To manually force the domain controller to contact its replication partners and authenticate with them use the command repadmin /kcc or repadmin / showrepl. To force replication among replication partners use command repadmin /sync To force replication of one domain controller with another use the command Repadmin / replicate