Tuesday, July 29, 2008

system admin FAQ with Answers

Download This doc:


1) While Active Directory is a distributed system, some servers only carry out specific roles. If something happens to this server or you need a more substantial server to handle a particular role, you must know which servers are handling each role.
There are five FSMO roles:•
PDC emulator (one per domain): This role allows Windows Server 2003 to act as a Windows NT primary domain controller (PDC), and it provides replication support for Windows NT-based backup domain controllers (BDCs). In addition, this role assists with time and group policy synchronization. •
Infrastructure master (one per domain): This role is responsible for updating the group-to-user references whenever the members of groups change or receive new names. •
Relative ID (RID) master (one per domain): This role ensures that every object created has a unique identification number. •
Schema master (one per forest): This role is responsible for maintaining and modifying the Active Directory schema. •
Domain naming master (one per forest): This role is responsible for the addition and deletion of domains in a forest.
How can you determine which servers hold these roles in an Active Directory forest?
To find the PDC emulator, the infrastructure master, and the RID master, follows these steps:
1. Go to Start Administrative Tools Active Directory Users and Computers.
2. Right-click the domain and select Operations Master. The resulting three tabs will show you which server holds each respective role.
To find the schema master, follow these steps:
1. Go to Start Run.
2. Enter regsvr32 schmmgmt.dll in the Open text box, and click OK.
3. Go to Start Run.
4. Enter mmc in the Open text box, and click OK.
5. Go to File Add/Remove Snap-In, and click Add.
6. Click Active Directory Schema, click Add, click Close, and click OK.
7. Right-click Active Directory Schema and select Operations Master from the shortcut menu.

To find the domain naming master, follow these steps:
1. Go to Start Administrative Tools Active Directory Domains and Trusts.
2. Right-click Active Directory Domains and Trusts, and select Operations Master from the list.

Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUITo Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.
3. Select the domain controller that will be the new role holder, the target, and press OK.
4. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
5. Select the appropriate tab for the role you wish to transfer and press the Change button.
6. Press OK to confirm the change.7. Press OK all the way out

1. Discover: The host will initially send a broadcast in an attempt to discover a DHCP server on the network.
2. Offer: The DHCP server will 'see' the workstation looking for the DHCP service and respond with an 'offer', which is an IP address.
3. Request: The client will receive the 'offer' and, in most cases, will accept it. This means it sends an 'official request' for the same IP address offered previously by the server.
4. Accept: The DHCP server will complete the transaction by sending an 'accept' message and marking the particular IP address for the specific host.

DHCP SERVER- Dynamic host configuration protocol is used to automatically assign TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS server. - Address

BOOTP- short for Bootstrap Protocol is a UDP network protocol used by a network client to obtain its IP address automatically. This is usually done during the bootstrap process when a computer is starting up. The BOOTP servers assign the IP address from a pool of addresses to each client.

BOOTP/DHCP differencesThere are significant differences in the way in which BOOTP and DHCP perform host configuration. The following table compares and contrasts the features of the two protocols that vary.

BOOTP DHCP Designed prior to DHCP. Designed after BOOTP.Intended to configure diskless workstations with limited boot capabilities. Intended to configure frequently relocated networked computers (such as portables) that have local hard drives and full boot capabilities.Dynamic BOOTP has default 30-day expiration on IP address leases. DHCP has default eight-day expiration on IP address leases.Supports a limited number of client configuration parameters called vendor extensions. Supports a larger and extensible set of client configuration parameters called options.Describes a two-phase bootstrap configuration process, as follows:• Clients contact BOOTP servers to perform address determination and boot file name selection.• Clients contact Trivial File Transfer Protocol (TFTP) servers to perform file transfer of their boot image. Describes a single-phase boot configuration process whereby a DHCP client negotiates with a DHCP server to determine its IP address and obtain any other initial configuration details it needs for network operation.BOOTP clients do not rebind or renew configuration with the BOOTP server except when the system restarts. DHCP clients do not require a system restart to rebind or renew configuration with the DHCP server. Instead, clients automatically enter a rebinding state at set timed intervals to renew their leased address allocation with the DHCP server. This process occurs in the background and is transparent to the user.

ARP (Address Resolution Protocol)Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address.

RARP (Reverse Address Resolution Protocol)Address Resolution Protocol (ARP) is a protocol for mapping a physical machine address to Internet Protocol address (IP address).

DHCP Relay AgentThe DHCP Relay Agent component is a Bootstrap Protocol (BOOTP) relay agent that relays Dynamic Host Configuration Protocol (DHCP) messages between DHCP clients and DHCP servers on different IP networks. The DHCP Relay Agent is compliant with RFC 1542. You cannot use the DHCP Relay Agent component on a computer running the DHCP service. BOOTP is a host configuration protocol developed before DHCP that was designed to configure diskless workstations with limited boot capabilities
RAID types
RAID-0: RAID-0 is called disk "striping". All the data is spread out in chunks across all the disks in the RAID set. RAID-0 has great performance, because you spread out the load of storing data onto more physical drives. There is no parity generated for RAID-0. Therefore there is no overhead to write data to RAID-0 disks. RAID-0 is only good for better performance, and not for high availability, since parity is not generated for RAID-0 disks. RAID-0 requires at least two physical disks.
RAID-1: RAID-1 is called disk mirroring. All the data is written to at least two separate physical disks. The disks are essentially mirror images of each other. If one of the disks fails, the other can be used to retrieve data. Disk mirroring is good for very fast read operations. It's slower when writing to the disks, since the data needs to be written twice. RAID-1 requires at least two physical disks.

RAID-5: RAID-5 uses disk striping with parity. The data is striped across all the disks in the RAID set, along with the parity information needed to reconstruct the data in case of disk failure. RAID-5 is the most common method used, since it achieves a good balance between performance and availability. RAID-5 requires at least three physical disks.

How do I Backup Active Directory?

Backing up Active Directory is essential to maintain an Active Directory database. You can back up Active Directory by using the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003 family provides.You frequently backup the system state data on domain controllers so that you can restore the most current data. By establishing a regular backup schedule, you have a better chance of recovering data when necessary.To ensure a good backup includes at least the system state data and contents of the system disk, you must be aware of the tombstone lifetime. By default, the tombstone is 60 days. Any backup older than 60 days is not a good backup. Plan to backup at least two domain controllers in each domain, one of at least one backup to enable an authoritative restore of the data when necessary.

System State Data
Several features in the windows server 2003 family make it easy to backup Active Directory. You can backup Active Directory while the server is online and other network function can continue to function.
System state data on a domain controller includes the following components:•
Active Directory system state data does not contain Active Directory unless the server, on which you are backing up the system state data, is a domain controller. Active Directory is present only on domain controllers. •
The SYSVOL shared folder:
This shared folder contains Group policy templates and logon scripts. The SYSVOL shared folder is present only on domain controllers. •
The Registry: This database repository contains information about the computer's configuration. • System startup files: Windows Server 2003 requires these files during its initial startup phase. They include the boot and system files that are under windows file protection and used by windows to load, configure, and run the operating system. •

The COM+ Class Registration database: The Class registration is a database of information about Component Services applications. •

The Certificate Services database: This database contains certificates that a server running Windows server 2003 uses to authenticate users. The Certificate Services database is present only if the server is operating as a certificate server. System state data contains most elements of a system's configuration, but it may not include all of the information that you require recovering data from a system failure. Therefore, be sure to backup all boot and system volumes, including the System State, when you back up your server.

BOOT PROCESS-XP, 2000, 2003
First is the POST, this stands for Power on Self Test, for the computer. This process tests memory as well as a number of other subsystems. You can usually monitor this as it runs each test. After that is complete the system will run POST for any device that has BIOS (Basic Input-Output System). An AGP has its own BIOS, as do some network cards and various other devices.Once the POST is complete and the BIOS is sure that everything is working properly, the BIOS will then attempt to read the MBR (Master Boot Record). This is the first sector of the first hard drive (called the Master or HD0). When the MBR takes over it means that Windows is now in control.The MBR looks at the BOOT SECTOR (the first sector of the active partition). That is where NTLDR is located; NTLDR is the BOOT LOADER for Windows XP. NTLDR will allow memory addressing, initiate the file system, read the boot.ini and load the boot menu. NTLDR has to be in the root of the active partition as do NTDETECT.COM, BOOT.INI, BOOTSECT.DOS (for multi-OS booting) and NTBOOTDD.SYS (if you have SCSI adapters)Once XP is selected from the Boot Menu, NTLDR will run NTDETECT.COM, BOOT.INI and BOOTSECT.DOS to get the proper OS selected and loaded. The system starts in 16-bit real mode and then moves into 32-bit protected mode.NTLDR will then load NTOSKRNL.EXE and HAL.DLL. Effectively, these two files are windows XP. They must be located in %SystemRoot%System32.NTLDR reads the registry, chooses a hardware profile and authorizes device drivers, in that exact order.At this point NTOSKRNL.EXE takes over. It starts WINLOGON.EXE that in turn starts LSASS.EXE; this is the program that displays the Logon screen so that you can logon.Sample Boot.ini File
This is a sample of a default Boot.ini file from a Windows XP Professional computer.

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fast detect
Standard Edition-4 processors with up to 4 GB RAM
Enterprise Edition-eight processors with up to 32 GB memory.
Datacenter Edition-32 processors with up to 64 GB RAM.
Web Edition-supports a maximum of 2 processors with support for a maximum of 2GB of RAM
The Five IP Address Classes
Class A networks have a beginning octet of 1 - 126.
Class B networks have a beginning octet of 128-191.
Class C networks have a beginning octet of 192 - 223.
Class D networks have a beginning octet of 224 – 239.
Class E networks have a beginning octet of -

What are the benefits of using DHCP?
A. DHCP provides the following benefits for administering your TCP/IP-based network:• Reliable configuration
DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP address being reused to configure a new computer on the network.•
Reduces configuration management
Using DHCP servers can greatly decrease time spent configuring and reconfiguring computers on your network. Servers can be configured to supply a full range of additional configuration values when assigning address leases. These values are assigned using DHCP options.

The DHCP lease renewal process helps assure that where client configurations need to be updated often (such as users with mobile or portable computers who change locations frequently), these changes can be made efficiently and automatically by clients communicating directly with DHCP servers.

What protocols and ports does DHCP traffic use?
All DHCP traffic uses the User Datagram Protocol (UDP). Messages from the DHCP client to the DHCP server use UDP source port 68 and UDP destination port 67. Messages from the DHCP server to the DHCP client use UDP source port 67 and UDP destination port 68.

Backing up the DHCP databaseMaintaining a backup of the DHCP database protects you from data loss if the DHCP database is lost (for example, due to hard disk failure) or becomes corrupted.

There are three backup methods supported by the DHCP Server service:•
Synchronous backups that occur automatically. The default backup interval is 60 minutes.• Asynchronous (manual) backups, performed by using the Backup command on the DHCP console. For more information about asynchronous backups, see back up the DHCP database. • Backups using Windows Backup (ntbackup.exe) or non-Microsoft backup software. For more information about Windows Backup, see Backup.To move a DHCP database to another serverThis topic provides details on how to move a DHCP database from one server computer (the source server) to another server computer (the destination server).

To back up the DHCP database (at the source server)
1. Open DHCP.
2. In the console tree, click the applicable DHCP server.
3. On the Action menu, click Backup.
4. In the Browse for Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.
5. Stop the DHCP server. This prevents the server from assigning new address leases to clients after the database has been backed up.For more information, see Start or stop a DHCP server.
6. Disable the DHCP Server service in the list of services. This prevents the DHCP server from starting after the database has been transferred. For more information, see Enable or disable a service for a hardware profile.
7. Copy the folder that contains the backup DHCP database to the destination

Group policy- is a feature of Microsoft Windows NT family of operating systems that provides centralized management and configuration of computers and remote users in an Active Directory environment

DNS Query Process

A DNS query is the process of a computer or networking device making an inquiry to get an IP address for a DNS name such as w3.org The client computer will send a DNS query to one of their internet service provider's DNS servers. The DNS server looks in it's DNS database to tell whether it can answer the query authoritatively. If the DNS server can answer authoritatively, the DNS server answers the query and the DNS query process is complete.
If the server cannot answer the query authoritatively it will look in its DNS cache of previous queries. If the DNS server finds a matching entry in its cache, it will answer the query with a non-authoritative answer based on the information in its cache and the DNS query process is complete.
If the ISP DNS server did not have the DNS information in its DNS database or its DNS cache the DNS query process will use recursion to complete the DNS query. The ISP DNS server will use its root hints file to find information to contact other DNS servers. The root hints file specified DNS servers that are authoritative for the DNS domain root and top level domains in the DNS system. This includes the .com, .org, .net, .gov and other domain types. If the query is for www.w3.org the ISP DNS server would contact an authorititative server for the top level "org" domain and send an iterative query to the org DNS server asking for information about the authoritative server for w3.org. The org domain DNS server responds with the the nameserver information including IP address of the nameserver for w3.org. Then the ISP DNS server sends a query to the w3.org DNS server asking for the IP address of www.w3c.org. The w3.org DNS server sends an authoritative answer back to the ISP DNS server which is cached in the ISP DNS server cache and also sent to the client computer.

If another client computer later does a request for information about www.w3.org the ISP DNS server has the information in its cache and will not neet to ask other DNS servers for additional information.


0 Responses to “system admin FAQ with Answers”