SlideShare a Scribd company logo

Active Directory

Download as DOC, PDF
proser tech
proser tech

Active Directory

Technology
1 of 5
Netmetric Solutions ( Meer Shahanawaz ) ( Abdullah Topics for FSMO • PDC Emulator • Infrastructure Master • Rid Master • Schema Master • Domain Naming Master • Troubleshooting FSMO • (Transfer FSMO Roles - Another page) PDC Emulator Of the 5 roles, this is the role that you will miss the soonest. Not only with NT 4.0 BDC's complain, but also there will be no time synchronization. Another problem is that you probably will not be able to change or troubleshoot group policies as the default setting is for the PDC emulator also to be the group policy master. Implications for Duplicates If the old PDC emulator returns, then it is not as serious as duplicates with some of the other roles. Quickly seize PDC role from another machine. RID Master One Domain Controller is responsible for giving all the rest of the Domain Controllers a pack of unique numbers so that no two new objects have the same GUID (Globally Unique Identifier). If you lose the RID master the chances are good that the existing Domain Controllers will have enough unused RIDs to last a week or so do not be in a hurry to seize. Implications for Duplicates You must not allow two RID masters, as the possibility of two objects with the same RID would be disastrous. So if the original is found it must be reformatted and reinstalled before re-joining the forest. Infrastructure Master The consequence for a missing Infrastructure master is that group memberships may be incomplete. If you only have one domain, then there will be no impact as the Infrastructure Master is responsible for updating your user's membership in other domains in the forest. Implications for Duplicates
No damage occurs if the old Infrastructure master returns, just check out the Roles and decide which machine should hold the role. Forest Wide Roles Schema Master If you lose the Schema Master, then long term it is serious because you cannot install Exchange 2003 or extend the schema. However, short term no-one will notice a missing Schema Master, so try and repair the old one rather than seize the role. Implications for Duplicates You must not allow two Schema Masters, so if the original is found or repaired, it must be completely rebuilt rather than allowed into the forest. Domain Naming Master This is a forest wide role that is responsible for adding child domains and new trees. Unless you are going to run DCPROMO, then you will not miss this FSMO role, so wait rather than seize the role. Implications for Duplicates You must not allow the original Domain Naming Master to return, rebuild before you let the machine back in the forest. Windows Server 2003 - Global Catalog Server Windows Server 2003 - Global Catalog Mastering Global Catalog will not only give your users a better network experience, but also teach you about Windows Server 2003's Active Directory. Global Catalogs are deceptive. The bigger your Active Directory forest the more important it is to configure Global Catalogs. If you have Exchange 2003, then there are extra reasons to position Global Catalogs close to the users. Topics for Windows Server 2003 Global Catalog • Global Catalog - From a Users Perspective • Global Catalog - Key Concepts • Configuring Global Catalog • No worries if you only have only one Domain • Global Catalog Servers Summary Global Catalog - From a Users Perspective Your average user want answers to questions such as, 'Where are you Domain Controller?' or 'Find this email address in the GAL'. Naturally people don't normally
vocalise these requests, however they logon to the domain, and they attempt to send email with outlook. The role of the Global Catalog Server is to answer requests for network resources, for example, LDAP queries to find a Domain Controller, or an Exchange 2003 Server. Global Catalog - Key Concepts Now we come to the key Global Catalog concepts. Surprisingly, not every domain controller is a global catalog server. The reason is that by default there is only global catalog server. Microsoft's thinking is that you may not want the extra overhead of being a global catalog server, and the more global catalog servers the more replication traffic on your network. Every Domain Controller knows about its own domain, after all, managing directory services is what a Domain Controller does. However, Domain Controllers that are also Global Catalog Servers know about other domains (key point). Microsoft's paranoia is that there may be restrictions on a Universal Group in another domain, therefore, before a user logs on the Domain Controller must be able to enumerate Universal Group membership, just in case a Universal Group and hence a user, has been denied access. Incidentally, you may have seen Universal Group Caching which neatly solves this latency. Universal Group Caching is one of the new features of Windows Server 2003. Configuring Global Catalog Configuring a Domain Controller as a Global Catalogs is a knack. Once you have drilled down, and checked the Global Catalog box you always remember that tortuous path. Let us begin at the Active Directory Sites and Services snap-in. Expand Sites, Default-First-Site-Name, Servers. Select your server and seek the NTDS Settings, right click and choose Properties. All that remains is to tick the Global Catalog box. (See Diagrams Opposite) With a Windows Server 2000 Server you have to reboot, eccentrically the interface does not tell you to reboot. All this nonsense is cured in Windows Server 2003, you do not have to reboot when you enable or disable Global Catalog. The only variation on these instructions is that your servers may be in different sites and not in the strangely named, Default-First-Site-Name. If you have firewall restrictions, LDAP uses port 389 for read and write operations and port 3268 for global catalog search operations. No worries if you only have only one Domain. To be honest, if you have only one domain then nothing bad will happen if you don't have a local Global Catalog server. However, if you have a forest then delays can be a problem - unless you place Global Catalog servers judiciously. The root of the problem is enumerating Universal Group membership. In a single domain it's pointless using Universal Groups, and even if you did, they will only be users in your domain. There are no other domains to check.
Global Catalog Servers Summary The key point with Active Directory is that Domain Controllers, which are not also Global Catalog Servers, cannot deduce Universal Groups in other domains. For security, until they contact a Global Catalog server Domain Controller cannot proceed with the logon request. As a result of this knowledge you can plan extra Global Catalog servers. However, if you only have one domain, there is no need for any more Global Catalog servers. Windows Server 2003 - Schema Introduction to Windows 2003's Schema The Windows Server 2003 Schema Snap-in is not available by default. There lies a clue that ordinary administrators are not meant to change the Schema. However, to complete your understanding of Active Directory take time to appreciate the object model that underpins Windows Server 2003. Topics for Windows Server 2003 Schema • What you need to know about the Schema. • Major changes compared with Windows 2000 • Getting Started • Recommendations What you need to know about the Schema. Object based Nature It us useful to understand the nature of the Schema. Active Directory is an object based system. The schema keeps a list of the definitions for each object such as Computer or User. The list is divided into Classes and Attributes and the Schema recycles attributes like location and applies an instance to the site, printer or computer object. Flexible Master The Schema is one of the five single master operations, this means that only one domain controller has a read / write copy of the schema. Take the time to find out which machine hold the Schema Master role. Right Click the Schema Snap-in, select Operations Master from the short cut menu. Modification by Exchange 2003 and Schema Admins Exchange 2003 relies on Active Directory for definitions of the users mailboxes. When you install Exchange 2003, firstly you have to be a member of the Schema
Admin Global group; secondly Exchange extends the schema to include these extra attributes like mailbox server. While it is possible to add attributes and classes yourself - resist. Modifying the schema affects the entire forest and in my opinion should only be done by a developer when there is a clear business need. Role of the Global Catalog The Global Catalog server keeps track of a subset of the most important attributes, and the Global Catalog replicates this information to other Global Catalog servers. Be aware that you can add extra attributes to the list, for example, information on department could be replicated. The benefit is you could search on department or any other attribute that you added. Major changes compared with Windows 2000 Deactivating attributes Active Directory will not allow you to delete classes or attributes but you can deactivate them if you are sure they will not be needed. Improved replication In Windows Server 2003, only changes in attributes are replicated, the benefit is less replication traffic and less change of a conflict. WINS Servers in Windows 2003 - The Basics WINS - The Basics of Name Resolution It goes without saying that you have to implement DNS, but that's another story. In this section I want to concentrate on WINS for those few occasions where NetBIOS name resolution is vital. While both WINS and DNS deal with mapping ComputerName to IP addresses, there are two important differences; DNS is hierarchical and can support up to 254 characters, WINS, on the other hand, is a flat-field database limited to 15 letters. One of the few advantages that WINS formerly had over DNS was that WINS is dynamic. Well, starting with Windows 2000, DNS is also dynamic, so the only point of WINS in the 21st century is specifically for NetBIOS name resolution. Keep in mind, especially when troubleshooting, the reason why we need databases such as WINS or DNS. The answer is name resolution. We humans prefer to remember friendly names like BigServer, whereas computers prefer IP addresses in dot decimal notation for example, 192.168.0.23. Name resolution started with two files called 'hosts' and LMHosts files. The hosts file evolved into DNS and WINS took over the name resolution provided by LMHosts. Every Microsoft machine is born with these files in the folder: %systemroot %system32driversetc. Here is a typical entry for LMHosts. 10.54.94.13 bigserver

Recommended

G สังคมไทย social3
G สังคมไทย social3G สังคมไทย social3
G สังคมไทย social3Princess Chulabhorn's College, Chiang Rai Thailand
 
04 righteousness of_god_not_law_but_christ
04 righteousness of_god_not_law_but_christ04 righteousness of_god_not_law_but_christ
04 righteousness of_god_not_law_but_christDon McClain
 
การเปลี่ยนแปลงสังคมไทย
การเปลี่ยนแปลงสังคมไทยการเปลี่ยนแปลงสังคมไทย
การเปลี่ยนแปลงสังคมไทยPrincess Chulabhorn's College, Chiang Rai Thailand
 
Designer-Engine LTD
Designer-Engine LTDDesigner-Engine LTD
Designer-Engine LTDChinDEEN
 
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศ
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศ
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศPrincess Chulabhorn's College, Chiang Rai Thailand
 
Excell shortcuts
Excell shortcutsExcell shortcuts
Excell shortcutsproser tech
 
eMarketing value + tips & tricks
eMarketing value + tips & trickseMarketing value + tips & tricks
eMarketing value + tips & tricksOttawa e-Commerce
 
90 51
90 5190 51
90 51jitramas kumdeeboon
 

Recommended

G สังคมไทย social3
G สังคมไทย social3G สังคมไทย social3
G สังคมไทย social3Princess Chulabhorn's College, Chiang Rai Thailand
 
04 righteousness of_god_not_law_but_christ
04 righteousness of_god_not_law_but_christ04 righteousness of_god_not_law_but_christ
04 righteousness of_god_not_law_but_christDon McClain
 
การเปลี่ยนแปลงสังคมไทย
การเปลี่ยนแปลงสังคมไทยการเปลี่ยนแปลงสังคมไทย
การเปลี่ยนแปลงสังคมไทยPrincess Chulabhorn's College, Chiang Rai Thailand
 
Designer-Engine LTD
Designer-Engine LTDDesigner-Engine LTD
Designer-Engine LTDChinDEEN
 
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศ
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศ
ความแตกต่างทางสังคมและวัฒนธรรมต่อการพัฒนาประเทศPrincess Chulabhorn's College, Chiang Rai Thailand
 
Excell shortcuts
Excell shortcutsExcell shortcuts
Excell shortcutsproser tech
 
eMarketing value + tips & tricks
eMarketing value + tips & trickseMarketing value + tips & tricks
eMarketing value + tips & tricksOttawa e-Commerce
 
90 51
90 5190 51
90 51jitramas kumdeeboon
 
San Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze TrackerSan Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze TrackerKalle
 
Weather Lesson Plans
Weather Lesson PlansWeather Lesson Plans
Weather Lesson Plansndwolfe
 
Työmuotojen tukeminen
Työmuotojen tukeminenTyömuotojen tukeminen
Työmuotojen tukeminenMarko Suomi
 
Oxycontin®
Oxycontin®Oxycontin®
Oxycontin®LeCoguicA
 
Hyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van WouterHyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van Wouterguest2f17d3
 
Ebtee Presentation
Ebtee PresentationEbtee Presentation
Ebtee Presentationsdemey
 
Digi Conv
Digi ConvDigi Conv
Digi ConvChauhan Saheb
 
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014Rami Karhu
 
Measuring social media
Measuring social mediaMeasuring social media
Measuring social mediaEmerson Povey
 
ลักษณะทางกายภาพ 2.3
ลักษณะทางกายภาพ 2.3ลักษณะทางกายภาพ 2.3
ลักษณะทางกายภาพ 2.3Princess Chulabhorn's College, Chiang Rai Thailand
 
FPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale ArchitecturesFPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale ArchitecturesCiprian Teodorov
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guideEl Alex Andrade
 
MobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear AndroidMobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear AndroidDaniel Passos
 
Homophones Lesson
Homophones LessonHomophones Lesson
Homophones Lessonjgd7971
 
ลักษณะภูมิอากาศ 2.1
ลักษณะภูมิอากาศ 2.1ลักษณะภูมิอากาศ 2.1
ลักษณะภูมิอากาศ 2.1Princess Chulabhorn's College, Chiang Rai Thailand
 
Syntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer managerSyntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer managerLieve Struyf
 
Movie it process
Movie it processMovie it process
Movie it processSana Samad
 
Plan igualdad lidl_052013
Plan igualdad lidl_052013Plan igualdad lidl_052013
Plan igualdad lidl_052013oscargaliza
 
Nmikpowerpoint
NmikpowerpointNmikpowerpoint
Nmikpowerpointnatalie
 
השגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאותהשגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאותhaimkarel
 
New search engine Alternative for Google..
New search engine Alternative for Google..New search engine Alternative for Google..
New search engine Alternative for Google..proser tech
 
Windows profile
Windows profileWindows profile
Windows profileproser tech
 

More Related Content

Viewers also liked

San Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze TrackerSan Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze TrackerKalle
 
Weather Lesson Plans
Weather Lesson PlansWeather Lesson Plans
Weather Lesson Plansndwolfe
 
Työmuotojen tukeminen
Työmuotojen tukeminenTyömuotojen tukeminen
Työmuotojen tukeminenMarko Suomi
 
Hyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van WouterHyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van Wouterguest2f17d3
 
Ebtee Presentation
Ebtee PresentationEbtee Presentation
Ebtee Presentationsdemey
 
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014Rami Karhu
 
Measuring social media
Measuring social mediaMeasuring social media
Measuring social mediaEmerson Povey
 
FPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale ArchitecturesFPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale ArchitecturesCiprian Teodorov
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guideEl Alex Andrade
 
MobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear AndroidMobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear AndroidDaniel Passos
 
Homophones Lesson
Homophones LessonHomophones Lesson
Homophones Lessonjgd7971
 
Syntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer managerSyntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer managerLieve Struyf
 
Movie it process
Movie it processMovie it process
Movie it processSana Samad
 
Plan igualdad lidl_052013
Plan igualdad lidl_052013Plan igualdad lidl_052013
Plan igualdad lidl_052013oscargaliza
 
Nmikpowerpoint
NmikpowerpointNmikpowerpoint
Nmikpowerpointnatalie
 
השגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאותהשגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאותhaimkarel
 

Viewers also liked (20)

San Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze TrackerSan Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
San Agustin Evaluation Of A Low Cost Open Source Gaze Tracker
 
Weather Lesson Plans
Weather Lesson PlansWeather Lesson Plans
Weather Lesson Plans
 
Työmuotojen tukeminen
Työmuotojen tukeminenTyömuotojen tukeminen
Työmuotojen tukeminen
 
Oxycontin®
Oxycontin®Oxycontin®
Oxycontin®
 
Hyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van WouterHyves Cbw Mitex Harry Van Wouter
Hyves Cbw Mitex Harry Van Wouter
 
Ebtee Presentation
Ebtee PresentationEbtee Presentation
Ebtee Presentation
 
Digi Conv
Digi ConvDigi Conv
Digi Conv
 
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
Työkaluviidakosta markkinoinnin mittaamiseen, DiViA 22.10.2014
 
Measuring social media
Measuring social mediaMeasuring social media
Measuring social media
 
ลักษณะทางกายภาพ 2.3
ลักษณะทางกายภาพ 2.3ลักษณะทางกายภาพ 2.3
ลักษณะทางกายภาพ 2.3
 
FPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale ArchitecturesFPGA SDK For Nanoscale Architectures
FPGA SDK For Nanoscale Architectures
 
02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide02.12.2012 ubuntu 12.1 server guide
02.12.2012 ubuntu 12.1 server guide
 
MobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear AndroidMobileConf 2013 - Aerogear Android
MobileConf 2013 - Aerogear Android
 
Homophones Lesson
Homophones LessonHomophones Lesson
Homophones Lesson
 
ลักษณะภูมิอากาศ 2.1
ลักษณะภูมิอากาศ 2.1ลักษณะภูมิอากาศ 2.1
ลักษณะภูมิอากาศ 2.1
 
Syntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer managerSyntra-AB KMO ondernemer manager
Syntra-AB KMO ondernemer manager
 
Movie it process
Movie it processMovie it process
Movie it process
 
Plan igualdad lidl_052013
Plan igualdad lidl_052013Plan igualdad lidl_052013
Plan igualdad lidl_052013
 
Nmikpowerpoint
NmikpowerpointNmikpowerpoint
Nmikpowerpoint
 
השגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאותהשגת רציפות טריטוריאלית במלחמת העצמאות
השגת רציפות טריטוריאלית במלחמת העצמאות
 

More from proser tech

New search engine Alternative for Google..
New search engine Alternative for Google..New search engine Alternative for Google..
New search engine Alternative for Google..proser tech
 
Windows xp services
Windows xp servicesWindows xp services
Windows xp servicesproser tech
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Active directory domain and trust
Active directory domain and trustActive directory domain and trust
Active directory domain and trustproser tech
 
Windows xp services
Windows xp servicesWindows xp services
Windows xp servicesproser tech
 
Windows profile how do i
Windows profile how do iWindows profile how do i
Windows profile how do iproser tech
 
A z index of the windows cmd command line
A z index of the windows cmd command lineA z index of the windows cmd command line
A z index of the windows cmd command lineproser tech
 
Difference between ntfs and fat32
Difference between ntfs and fat32Difference between ntfs and fat32
Difference between ntfs and fat32proser tech
 
Pavan Gadey Marriage Invitation Card
Pavan Gadey Marriage Invitation CardPavan Gadey Marriage Invitation Card
Pavan Gadey Marriage Invitation Cardproser tech
 
SpN corporate PPt
SpN corporate PPtSpN corporate PPt
SpN corporate PPtproser tech
 

More from proser tech (19)

New search engine Alternative for Google..
New search engine Alternative for Google..New search engine Alternative for Google..
New search engine Alternative for Google..
 
Windows profile
Windows profileWindows profile
Windows profile
 
Windows xp services
Windows xp servicesWindows xp services
Windows xp services
 
Outlook Express
Outlook ExpressOutlook Express
Outlook Express
 
Exchange server
Exchange serverExchange server
Exchange server
 
Double routing
Double routingDouble routing
Double routing
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Active directory domain and trust
Active directory domain and trustActive directory domain and trust
Active directory domain and trust
 
Vpn
VpnVpn
Vpn
 
Windows xp services
Windows xp servicesWindows xp services
Windows xp services
 
Windows profile
Windows profileWindows profile
Windows profile
 
Windows profile how do i
Windows profile how do iWindows profile how do i
Windows profile how do i
 
Network printer
Network printerNetwork printer
Network printer
 
A z index of the windows cmd command line
A z index of the windows cmd command lineA z index of the windows cmd command line
A z index of the windows cmd command line
 
Difference between ntfs and fat32
Difference between ntfs and fat32Difference between ntfs and fat32
Difference between ntfs and fat32
 
Windows xp tips
Windows xp tipsWindows xp tips
Windows xp tips
 
Xlshortcuts07
Xlshortcuts07Xlshortcuts07
Xlshortcuts07
 
Pavan Gadey Marriage Invitation Card
Pavan Gadey Marriage Invitation CardPavan Gadey Marriage Invitation Card
Pavan Gadey Marriage Invitation Card
 
SpN corporate PPt
SpN corporate PPtSpN corporate PPt
SpN corporate PPt
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Active Directory

  • 1. Netmetric Solutions ( Meer Shahanawaz ) ( Abdullah Topics for FSMO • PDC Emulator • Infrastructure Master • Rid Master • Schema Master • Domain Naming Master • Troubleshooting FSMO • (Transfer FSMO Roles - Another page) PDC Emulator Of the 5 roles, this is the role that you will miss the soonest. Not only with NT 4.0 BDC's complain, but also there will be no time synchronization. Another problem is that you probably will not be able to change or troubleshoot group policies as the default setting is for the PDC emulator also to be the group policy master. Implications for Duplicates If the old PDC emulator returns, then it is not as serious as duplicates with some of the other roles. Quickly seize PDC role from another machine. RID Master One Domain Controller is responsible for giving all the rest of the Domain Controllers a pack of unique numbers so that no two new objects have the same GUID (Globally Unique Identifier). If you lose the RID master the chances are good that the existing Domain Controllers will have enough unused RIDs to last a week or so do not be in a hurry to seize. Implications for Duplicates You must not allow two RID masters, as the possibility of two objects with the same RID would be disastrous. So if the original is found it must be reformatted and reinstalled before re-joining the forest. Infrastructure Master The consequence for a missing Infrastructure master is that group memberships may be incomplete. If you only have one domain, then there will be no impact as the Infrastructure Master is responsible for updating your user's membership in other domains in the forest. Implications for Duplicates
  • 2. No damage occurs if the old Infrastructure master returns, just check out the Roles and decide which machine should hold the role. Forest Wide Roles Schema Master If you lose the Schema Master, then long term it is serious because you cannot install Exchange 2003 or extend the schema. However, short term no-one will notice a missing Schema Master, so try and repair the old one rather than seize the role. Implications for Duplicates You must not allow two Schema Masters, so if the original is found or repaired, it must be completely rebuilt rather than allowed into the forest. Domain Naming Master This is a forest wide role that is responsible for adding child domains and new trees. Unless you are going to run DCPROMO, then you will not miss this FSMO role, so wait rather than seize the role. Implications for Duplicates You must not allow the original Domain Naming Master to return, rebuild before you let the machine back in the forest. Windows Server 2003 - Global Catalog Server Windows Server 2003 - Global Catalog Mastering Global Catalog will not only give your users a better network experience, but also teach you about Windows Server 2003's Active Directory. Global Catalogs are deceptive. The bigger your Active Directory forest the more important it is to configure Global Catalogs. If you have Exchange 2003, then there are extra reasons to position Global Catalogs close to the users. Topics for Windows Server 2003 Global Catalog • Global Catalog - From a Users Perspective • Global Catalog - Key Concepts • Configuring Global Catalog • No worries if you only have only one Domain • Global Catalog Servers Summary Global Catalog - From a Users Perspective Your average user want answers to questions such as, 'Where are you Domain Controller?' or 'Find this email address in the GAL'. Naturally people don't normally
  • 3. vocalise these requests, however they logon to the domain, and they attempt to send email with outlook. The role of the Global Catalog Server is to answer requests for network resources, for example, LDAP queries to find a Domain Controller, or an Exchange 2003 Server. Global Catalog - Key Concepts Now we come to the key Global Catalog concepts. Surprisingly, not every domain controller is a global catalog server. The reason is that by default there is only global catalog server. Microsoft's thinking is that you may not want the extra overhead of being a global catalog server, and the more global catalog servers the more replication traffic on your network. Every Domain Controller knows about its own domain, after all, managing directory services is what a Domain Controller does. However, Domain Controllers that are also Global Catalog Servers know about other domains (key point). Microsoft's paranoia is that there may be restrictions on a Universal Group in another domain, therefore, before a user logs on the Domain Controller must be able to enumerate Universal Group membership, just in case a Universal Group and hence a user, has been denied access. Incidentally, you may have seen Universal Group Caching which neatly solves this latency. Universal Group Caching is one of the new features of Windows Server 2003. Configuring Global Catalog Configuring a Domain Controller as a Global Catalogs is a knack. Once you have drilled down, and checked the Global Catalog box you always remember that tortuous path. Let us begin at the Active Directory Sites and Services snap-in. Expand Sites, Default-First-Site-Name, Servers. Select your server and seek the NTDS Settings, right click and choose Properties. All that remains is to tick the Global Catalog box. (See Diagrams Opposite) With a Windows Server 2000 Server you have to reboot, eccentrically the interface does not tell you to reboot. All this nonsense is cured in Windows Server 2003, you do not have to reboot when you enable or disable Global Catalog. The only variation on these instructions is that your servers may be in different sites and not in the strangely named, Default-First-Site-Name. If you have firewall restrictions, LDAP uses port 389 for read and write operations and port 3268 for global catalog search operations. No worries if you only have only one Domain. To be honest, if you have only one domain then nothing bad will happen if you don't have a local Global Catalog server. However, if you have a forest then delays can be a problem - unless you place Global Catalog servers judiciously. The root of the problem is enumerating Universal Group membership. In a single domain it's pointless using Universal Groups, and even if you did, they will only be users in your domain. There are no other domains to check.
  • 4. Global Catalog Servers Summary The key point with Active Directory is that Domain Controllers, which are not also Global Catalog Servers, cannot deduce Universal Groups in other domains. For security, until they contact a Global Catalog server Domain Controller cannot proceed with the logon request. As a result of this knowledge you can plan extra Global Catalog servers. However, if you only have one domain, there is no need for any more Global Catalog servers. Windows Server 2003 - Schema Introduction to Windows 2003's Schema The Windows Server 2003 Schema Snap-in is not available by default. There lies a clue that ordinary administrators are not meant to change the Schema. However, to complete your understanding of Active Directory take time to appreciate the object model that underpins Windows Server 2003. Topics for Windows Server 2003 Schema • What you need to know about the Schema. • Major changes compared with Windows 2000 • Getting Started • Recommendations What you need to know about the Schema. Object based Nature It us useful to understand the nature of the Schema. Active Directory is an object based system. The schema keeps a list of the definitions for each object such as Computer or User. The list is divided into Classes and Attributes and the Schema recycles attributes like location and applies an instance to the site, printer or computer object. Flexible Master The Schema is one of the five single master operations, this means that only one domain controller has a read / write copy of the schema. Take the time to find out which machine hold the Schema Master role. Right Click the Schema Snap-in, select Operations Master from the short cut menu. Modification by Exchange 2003 and Schema Admins Exchange 2003 relies on Active Directory for definitions of the users mailboxes. When you install Exchange 2003, firstly you have to be a member of the Schema
  • 5. Admin Global group; secondly Exchange extends the schema to include these extra attributes like mailbox server. While it is possible to add attributes and classes yourself - resist. Modifying the schema affects the entire forest and in my opinion should only be done by a developer when there is a clear business need. Role of the Global Catalog The Global Catalog server keeps track of a subset of the most important attributes, and the Global Catalog replicates this information to other Global Catalog servers. Be aware that you can add extra attributes to the list, for example, information on department could be replicated. The benefit is you could search on department or any other attribute that you added. Major changes compared with Windows 2000 Deactivating attributes Active Directory will not allow you to delete classes or attributes but you can deactivate them if you are sure they will not be needed. Improved replication In Windows Server 2003, only changes in attributes are replicated, the benefit is less replication traffic and less change of a conflict. WINS Servers in Windows 2003 - The Basics WINS - The Basics of Name Resolution It goes without saying that you have to implement DNS, but that's another story. In this section I want to concentrate on WINS for those few occasions where NetBIOS name resolution is vital. While both WINS and DNS deal with mapping ComputerName to IP addresses, there are two important differences; DNS is hierarchical and can support up to 254 characters, WINS, on the other hand, is a flat-field database limited to 15 letters. One of the few advantages that WINS formerly had over DNS was that WINS is dynamic. Well, starting with Windows 2000, DNS is also dynamic, so the only point of WINS in the 21st century is specifically for NetBIOS name resolution. Keep in mind, especially when troubleshooting, the reason why we need databases such as WINS or DNS. The answer is name resolution. We humans prefer to remember friendly names like BigServer, whereas computers prefer IP addresses in dot decimal notation for example, 192.168.0.23. Name resolution started with two files called 'hosts' and LMHosts files. The hosts file evolved into DNS and WINS took over the name resolution provided by LMHosts. Every Microsoft machine is born with these files in the folder: %systemroot %system32driversetc. Here is a typical entry for LMHosts. 10.54.94.13 bigserver