Escolar Documentos
Profissional Documentos
Cultura Documentos
IP ADDRESSING
IP Address
TCP/IP is unique in that the network portion of the address has not been allocated a
fixed address space. The number of bits that the network portion may use depends on the
number of network that needs to be identified. Although a governing body allocates an
original address, the network portion of the address can be extended. To identify how many of
the address bits have been extended in the network portion of the address, a subnet mask is
used.
Class A
Class B
Class C
1
Class D
Class E
Total Networks =
Total Hosts =
The 1st valid IP Address is 128.0.0.1 to 128.0.255.254 in a single network (255 is reserved for
broadcasting)
Total Networks =
Total Networks =
The 1st valid IP Address is 192.0.0.1 to 192.0.0.254 in a single network (255 is reserved for
broadcasting)
2
Rule: The rule of Class D is the first 4 bits of octet are reserved as ‘1’, ‘1’, ‘1’&‘0’
* Class D is reserved for News Groups & News agencies. Multicasting (one to group).
3
TOPOLOGY
5 Types of Topologies
1). Bus 2) Mesh 3) Ring 4) Star & 5) Tree
BUS Topology:
In bus topology all the PCs in the network are arranged in serial order. And all the PCs in the
network are connected to a single cable called as ‘Backbone’.
At the end of the network Terminators are used.
Coaxial cables, British Novell Connectors (BNC) & ‘T’ connectors are used.
Disadvantages: Even if a single PC fails the entire network goes down. It is very difficult to
rectify the problem.
CSMA/CD – Carrier Sense Multiple Access / Collision Detection
CSMA/CA – Carrier Sense Multiple Access / Collision Avoidance
MESH Topology:
In Mesh topology all the PCs in the network are directly connected to each other. In such a
case huge amount of traffic is created.
Advantages: Even a single PC fails, it doesn’t affect the network.
Disadvantages: Requires huge amount of investment.
Twisted pair cable & RJ 45 connectors are used.
RING Topology:
In Ring topology all the PCs in the network are logically connected in a circular format. Only
one PC at a point of time can transmit the data over the network and only when it receives the
token.
Advantages: For each and every data transmission over the network an acknowledgement is
given.
Disadvantages: If even a single PC fails the entire network goes down.
Coaxial cable & BNC connectors are used.
STAR Topology:
In Star topology all the PCs in the network are connected to a centralised device
(Hub/Switch). Differentiation of servers & clients can be quickly down. If any client machine
fails doesn’t effect to the network at all. Rectification of problems over the network can be
easily solved. It is an ease for the network administrator.
Twisted pair cables & RJ 45 connectors are used.
TREE Topology:
Combination of more then one topologies is called Tree topology.
Tree Topology is also called as Hybrid Topology.
4
WORKGROUP:
In workgroup model all the PCs in the network are independent. Where there is no centralised
database and centralised control.
There is no concept of server & client relationship.
There is lack of security.
The administrative job is too high.
DOMAIN:
In domain model each PC is dependent in the network. Where there is centralised control &
centralised database.
There is a concept of server & client relationship.
There is huge amount of security.
The administrative job is too easy.
5
ACTIVE DIRECTORY
Active Directory is a Directory service that contains information regarding User Accounts,
Computers and resources, resources are optional. Active Directory is a centralized database
and maintains hierarchical structure of Domains. Before 1974 each vendor were using their
own Protocols to design the software. In such case communication between the vendors was
not possible. NT 4.0 has a database size of 40 MB i.e. SAM database (Security Account
Manager). Each user created occupies 1KB of information in SAM. A maximum of 40,000
change users can be created in a single PDC. More than 40,000 change users can be created
on a single PDC, but the server performance goes down. Because the SAM database size is
fixed.
Windows 2000 as well as 2003 database size of Active Directory (NTDS.DIT) has 16 and 12
• Trust relationship between the domains with in the Forest accepts. But cross forest
relationship is not possible in Win 2000 (trust). Between two forests.
• Windows 2003 supports cross forest trust relationship.
6
Select 1st option & click next.
Displays 3 options
Create a new DC in the New Forest Create a Child DC Create a new Domain in the
existing forest
7
Displays the path for Sysvol folder (* All the replication information done with the help of
sysvol. * Sysvol folder will exists only on NTFS partition Ver 5.0)
Next – OK
Displays 3 options
Perform the DNS Diagnostic Install DNS & Config Install DNS & don’t config
8
Click the Next button.
Displays the summary
RESTART
Typical setup of Domain Controllers
Domain Controller (DC)
-Preferred DNS same as IP Address
192.168.1.1
255.255.255.0
PreDNS 192.168.1.1
192.168.1.2
9
255.255.255.0
PreDNS 192.168.1.1
192.168.1.3
255.255.255.0
PreDNS 192.168.1.1
192.168.1.4
255.255.255.0
PreDNS 192.168.1.1
AddiDNS 192.168.1.4
1. Domain Naming Operation Master (DNOM): It maintains the uniqueness of domain name
in the entire forest. By default the DNOM is present on the root.
At any point of time there can be only one DNOM in the entire forest.
2. Global Catalogue Server (GCS) : It maintains the total information of its Domain and
partial information of the other domains in the entire forest. By default the GCS is available
on the root (DC).
There can be more than one GCS in the entire forest.
10
To view GCS
Start Prog Files Admin tools Active Directory Sites & Services
Open sites (folder) Default First Site Name Open Servers Open Computer
Name Right click on NTDS Settings. Go to properties.
Displays the G.C. with check box.
3. Schema Master (SM) : It maintains the total information of classes and attributes in the
entire forest. By default the schema master is available on the root (DC).
At any point of time there can be only one schema master in the entire forest.
To view SM
Start Run and type ‘regsvr32 schmmgmt.dll’ - press enter
Go to Start Run type ‘mmc’ (Microsoft Management Console)
The console window opens
Click the file option
Select Add & Remove snapin.
A Window appears – Click the Add button.
In the list select AD Schema.
Click ADD button and click the close button OK button and OK again.
4. Relative Identifier Master (RID): Relative Identifier consist of pool of addresses. For every
newly created object an address will be specified by the RID master.
SID = RID + DID
(Security Identifier) (Domain Identifier)
5. Primary Domain Controller Immolator (PDCI): It immolates BDC as PDC through the
domain controller when it is Mixed Mode (Pre windows 2000 mode). PDCI also takes care of
password changes made by the users.
At any point of time there can be only one PDCI in the entire domain. (Parent / Child).
6. Infrastructure Master (IM): It maintains the updations that are done to groups. Any user
added, deleted or moved the updation is going to be maintained by IM.
At any point of time there can be one IM in the entire domain. (Parent / Child).
11
Day 5
FUNCTIONAL LEVELS
Windows
2003
2000 NT
12
13
b) Window 2000 Native Mode
Windows
2003
2000 2000
Windows
2003
2003 NT
Windows
2003
2003 2003
14
Forest Function Level Domain Controller Supported
Windows 2000 (Default) Win NT 4.0, 2000, 2003 Server
Windows Server 2003 Interim Win NT 4.0, 2003 Server
Windows Server 2003 Server Family Win Server 2003 Family
Function Levels are important when you are planning to upgrade the operating system or for
establishing trust relationship.
TRUST RELATIONSHIP
CISCO.COM (Trusting)
CHILD.CISCO.COM (Trusted)
15
Transitive Trust: In Transitive trust relationship Domain A trust Domain B, In the same way
Domain B trust Domain C and in the same way Domain C trust Domain A. This is called
Transitive Trust.
B C
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B trusts
Domain C but Domain C will not trust Domain A. It is known as Non Transitive Trust
Relationship.
B C
A1 Incoming
A2
A3 DatabaseServer
A4
Zoom.com Yahoo.com
Types of Trust:
16
- Only between Forest Roots
- Creates transitive domain relationship
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX MIT
Kerberos Realms.
Satyam.com SBI.com
2. To Raise the function levels domains as well as forest open the console
4. Right Click on the Domain ( for Example: select the domain SBI.com and raise
domain function level from the list as Window Server 2003)
5. To raise forest function level right click on Active Directory Domains a& Forest Raise
forest function Level
7. Follow the same in other domain even to raise the function levels.
8. To establish a trust between two different forest for example in SBI.com open the
console Active Directory Domains & Trusts
17
12. Assign the DNS name of other domain for example satyam.com
15. Check “Both this domain and specified Domain” > Next
19. Next
20. Next
21. Next
24. Finish.
External Trust
18
REALM
It is used to communicate between windows 2003 server to Non Windows Operating system.
FLEXIBILITY
DAY 6
PHYSICAL COMPONENTS
Physical Components:
Domain Controllers
Sites
Domain Controller is a system which is loaded with Active Directory Services in Windows
2000 or Windows 2003 server operating system.
Sites are areas of good connectivity it is one of the Physical component of the Active
Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP Network.
19
A Site can span multiple domains. A domain can span multiple sites.
INDIA USA
Servers Servers
DC WAN LINK DC
Clients Clients
REPLICATION TOPOLOGY
Inter Site Replication: The Replication which is taking place between 2 different sites is
called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information from one
Domain Controller. So that it can replicate to another Domain Controller (ADC)
By Default DC & ADC serves will get updated in default first site name. In site by default
one site link also configured.
Configuring Sites:
20
11. Select and move from the list select new site
12. OK
13. Create one more site by following the same steps
1. Select IP Folder
2. Double click newly created site link
3. Click on change schedule
4. set the schedule
NTDS
NTDS.DIT
Active Directory Service Database is stored in NTDS.DIT. This database further logically
divided into four partitions.
1. Schema Partition
2. Configuration Partition
3. Domain Partition
4. Application Partition
21
2. Configuration Partition: It is one of the logical partition which maintains the
information about structure of the forest. It contains information like Domain
Controller, Sites, Sites Links and Trust relationship.
Configuration partition is the road map of Active Directory because of which users are
easily able to locate network objects. It is also called forest wide replication.
3. Domain Partition: Will maintain the information about domains specific objects. It is a
domain wide replication
4. Application Partition: It is configurable partition either it can be forest wide
replication or Domain wide replication. It maintains the information about the DNS.
22
Active Directory Users & Groups
There are 2 types of users
1. Local User: Local users are created on the client machines as well as on Member
Server. A local user cannot access all the resources in the network. A local user cannot
login onto multiple systems. He can login where account exists. A local user account
is also called as the temporary account.
2. Domain User: The domain users are created on the domain controller. The domain
user account can access any resources on the entire network. A domain user account
can be created even on a Member Server, by login as Domain Administrator. To create
– Start Run dsa.msc A Domain User and Client window appears. Now you can
create user accounts.
23
To create a Domain User Account
Login as Administrator on the Domain Controller.
Start Programs Admin Tools Active Directory Users and Computers
Right click on the user folder
Select new option and select new user.
24
To create Domain User Accounts on Windows 2003 server. The minimum requirement is the
password is must and should be minimum of 7 characters, which includes alphabets, special
characters and numeric numbers).
1) Domain Local Group: Users and groups of the domain can be added as well as users and
groups of the other domains also can be added but resources of the domain only can be
accessed.
2) Global Groups: This is the default group. Users and groups of the domain can only be
added into the Global Group but can access any resources in the entire forest.
3) Universal Group: Users and groups of the domain can be added as well as users and
groups of the other domain can also be added into the Universal Group and also can access
any resources any in the entire forest. The Universal Group is available in Windows 2000 and
Windows 2003 Servers only.
2 Types of Groups
1) Security Group & 2) Distribution Group
1) Security Group: To a security group Permissions can be applied, in such a case certain
mailing services will not function properly.
Permissions
Permissions are of 2 types.
Shared Permissions are the permissions that are applied over the network.
Security permissions are the permissions that are applied within a local machine.
Out of both these permissions Security plays major role. The permissions are of 2
‘Allow’ and ‘Deny’. Deny has highest priority rather than ‘Allow’.
The Default Permissions in Windows 2003 Server is everyone with Read only
permission in both Security and sharing permission.
The combination of permissions that are applied in both Sharing and Security will take
effect over the network. For example if Read and Write Permission are given in
Security and Read Permission are given sharing then only Read Permission will apply
over the network.
25
The permissions that are present in Sharing are:
Access Deny
Full Control
Change
Read
Access Deny
Full Control
Modify
List of Contents
Read
Write
Assigning shares on FAT & NTFS partition
1. Select a folder
26
Assigning SHARE permissions on FAT & NTFS partition
2. Click Add.
3. From the list Select the Users/Groups you want to assign Permissions
Click Add Click OK
27
3. Deselect the check box at the bottom of the windows “Allow inheritable
permissions from parent to propagate to this object” and select
“Remove”
4. Click Add
PROFILES
Profile is nothing but user personal information which consists of Desktop, Start menu,
Application Data, My Documents etc.
By default even an administrator can’t view it on certain profile (Roaming Profile).
1. Local Profile: By default each and every user has a local profile automatically created. A
local profile will be saved on the local Hard disk of the PC. A local profile user can’t carry his
profile where ever he logs in the entire network. A profile will be available on the particular
system itself.
* A Local Profile can be upgraded to Roaming Profile user. A Local Profile can not be
upgraded to Mandatory Profile directly.
28
2. Roaming Profile: A roaming profile user can carry his profile wherever he logs in the
entire network. Because the profile is saved on the server. Whenever the user login on a
particular machine in the network the profile is downloaded from the server.
* A Roaming Profile user can be degraded back to Local Profile user.
* Roaming Profile user can be upgraded to Mandatory Profile user.
3. Mandatory Profile: A mandatory profile user can’t save any information in his profile.
Because this profile has read-only permission.
* A Mandatory Profile user can be converted to Local Profile user.
* A Mandatory Profile user can be converted back to Roaming Profile user.
Log in as user on the client side to view the profile. Right click on the ‘My Computer’
properties. In the options select Advance and click settings button in the user profile. Displays
the type of profile.
• The profile will be updated only when the user logs off.
29
Go back to the shared folder. Right click Properties. Select the security option. Click on
‘Advance’ button and check the box ‘Allow Inherit permission to all child……….
Click Apply, OK.
This step-by step guide describes how to use the Dfs Administrator snap-in. Installation of the
Dfs service takes place automatically during Windows 2003 Server Setup. How ever, You
must configure Dfs in order for a Dfs share to be accessible to be accessible to clients.
To create a Root
2. Select Distributed file system Right Click Distributed File System and
select New Root
30
3. On the Dfs Root Wizard Click Next
4. Select the type of Dfs Root you want to create (Domain / Standalone)
click Next(The Steps are based on Selecting the Domain Based Dfs).
5. Select the Host Domain for the Dfs Root Click Next
6. Enter the Server Name that will Host the Dfs Root in the Domain Click Next
7. Specify the Dfs Root Name and Click Next
8. Enter the full path of the Shared Folder that is created and Click Next
9. Click Finish
To create Link
1. Click Start Programs Administrative tools Distributed file system
3. In “New Link” window Enter the Name of the Link that appears to user
6. Specify the time until which the REFERRAL (Original location) of the link is
cached by the client computer click OK
31
To create the Root Targets (on DC)
1. Click Start Programs Administrative tools Distributed file system
2. Right Click On the Existing Dfs Root Select New Root Target
3. On the “ Host Server” page, verify that your Server’s name is listed and click
NEXT.
4. On the “Specify the DFS root share” page, click Create a new Share.
5. In the path to Share box, type the path for the shared folder you want to
create. And click NEXT.( A message appears indicating that the folder does not
exist) click Yes to create the folder.
6. In the “share name” box, type the share name you want and then click Finish.
2. Right Click On the Dfs link for which you want to create a new replica, and then
click New Replica
32
3. In the “Add a New Replica” dialog box, Click Browse to select the shared folder
for the new replica and click OK (Note: Each Dfs link can have upto 32 replicas).
Steps:
1. Open Distributed File System.
2. Right-click a Dfs root or Dfs link, and then click Configure Replication.
3. A Wizard appires click Next Select the Root path for the root and Link path
for the link Click Next Select the Topology Click Finish.
33
GROUP POLICIES
Group Policies are nothing but allowing / denying policies to the users. There are more than
1000 policies that can be given to a single. These policies are divided in to 1) Computer
configuration and 2) User configuration.
34
Go to Computer configuration open Windows Settings Security settings
Accounts Policies Password Policy
Select the policy with the name ‘ Minimum Password length’. Right click and go to
Properties, change the value to ‘0’. Click apply and OK.
Select another policy with the name ‘password must meet the complexity
requirement’.
Right click and go to Properties. Select ‘Disable’ option. Apply. OK.
Start Run gpupdate
Folder Redirection:
Folder Redirection used to redirect a part of the users profile to the server.
Scripts
35
Scripts are used to intimate the users what tasks should be performed at regular intervals.
These scripts can be given not only to users but also to systems.
The scripts that are given to users are – Login & Logoff scripts.
The scripts that are given to computers are – Start up & Shutdown scripts.
To create a script:
Open Notepad and type
Wscript.echo “Welcome to ….”
Save the file as *.vbs (Generally save the file in drives)
Right click on the file and select copy.
Start Programs Admin Tools Active Directory Users and Computers
Right click on Organisational Unit and go to Properties.
In the options select Group Policy.
Create a new policy and give appropriate name and click on Edit button.
Group Policy edit window appears.
User Configuration Windows Settings open Scripts folder
Select Login and go to Properties
Click add button a window appears to open/select the script file.
Click on browse in the open window paste the copied script file.
Ok Apply, OK.
Software Deployment
Software Deployment is used to deploy the software over the network through the server.
Group policy doesn’t support .exe extension software’s over the network. Because if an
application is installed through an exe on a particular system each and every user in the
network access the application. To deploy the software over the network through group policy
the software extensions must be either .zap or .msi (Microsoft Installation). Through group
policy the software’s can be deployed in 2 ways. 1. Publish and 2. Assign. There is also an
additional option called as advanced. Through this option only service packs and patches can
be deployed to already deployed software. Through advanced option new software’s cannot
be deployed.
36
The Group policy edit window appears.
In User Configuration Software Settings.
Right click on software installation select option ‘New package’
Select the .zap extension file through the network path. Click Ok
3 options will be shown. By default Publish will be selected. Click OK
The entry will be available in the Software Installation file.
To convert .exe to .msi is applications a third party tool is required. i.e. ‘winstillle’ (Veritas).
Select the .msi extension file through the network path. Click Ok
3 options will be shown.
Select ‘Assign’. Click OK
The entry will be available in the Software Installation file
37
To Change the Shutdown Event:
Start Run gpedit.msc
Computer Configuration Administrative Templates System
Edit: Display Shutdown Event ……… (On the right side)
Printer
A printer device is an equipment that generates hardcopy from the softcopy. Printer device
has become an essential equipment in the network. There are generally three flowers of
printer devices available in the market they are
1. Local Printer Device: These are connected to the PC directly and PC is connected to
the network. That means the local printer devices are system dependent. A local
printer devices are easily portable. These are easy to install and configure. These
printers are connected through two ports of the machine, LPT/USB. The buffer size in
the local printer device is less, around 2 to 8 MB.
2. Network Printer Device: These are directly connected the Hub/Switch. Because
these printer devices have inbuilt NIC card. That means they are system independent.
The network printer devices are very huge in size, and they are difficult in order to
transport. But the performance of these printers is excellent. The network printer
devices are too costly. And they are difficult in installation and configuration. The
buffer size in a Network Printer Device is huge, around 32MB, 64MB, 128MB.
Separator Page:
38
The separator page gives an identity that the printout belongs to a particular department. And
all the printer devices doesn’t support separator page, only certain versions of printer devices
supports. By default the separator Pages are available in the following path
C:\Windows\system32\pcl.sep and more.
For each and every printer device only one separator page can be set.
For each Printer Device only one Priority Level can be set.
There are three different types of Printouts that can be taken through a Printer Device they are
1) Local Printout
2) Network Printout
3) Internet Printout
1. Local Printout: Local printouts are taken on the printer device to which the system is
connected locally. To take a local printout there is no need of a Network.
BACKUP
Backup is nothing but creating copies for the existing data. This backup varies depending
upon the organisations. Backups can be taken not only on folders and files but even of Active
Directory. The general media that is used and specifically designed for backup is Tape Drives.
In Windows NT 4.0 backups can be taken only on tape drives, where there is no alternatives
39
to take backup. This problem is solved in Windows 2000 and 2003 backups, where backup
can be taken on any media. Eg: CD, HDD, Tape Drive, Pen Drive, Zip Drive etc.
1). Normal Backup: Through Normal Backup it takes each and every file as backup. Even
though the files are already been taken backup takes all files. Once the normal backup is taken
it uncheck the Archive bits for the files. Normal backup is a time consuming backup as well
as restoring also. Generally the normal backups are taken either on the 1st day of the week or
the 1st day of the month.
2). Incremental Backup: Though Incremental Backup it takes newly created files and
modified files only. The incremental backup is generally used by the banking & financial
sector where the accounts closed at the end of the day. These backups are taken every day
separately. Incremental backup is not a time consuming process. Restoring multiple
incremental backup is a time consuming process. Once the incremental backup is taken it
unchecked the Archive bits for the file.
3). Differential Backup: Through differential backups newly created files, modified files and
previous differential backup files are taken. Taking differential backup is a time consuming
process as duration exceeds (day by day). But the restore is done faster. Differential backup is
generally used by general sector where they close their accounts at the end of the month.
Differential backup is used when multiple copies exists in the last backup. Once the
differential backup is taken it doesn’t uncheck the Archive bit.
System state backup is backup of Active Directory. Taking system state backup is as same as
the previous topics. The difference is restoring in system state backup.
40
If you click Yes button indicated that it is a Non-authoritative and by clicking No button
indicates that it is authoritative mode.
After clicking No button, go to command prompt.
Start Run type cmd
:ntdsutil
:authoritative restore
:restore subtree cn=username,ou=Organisation Name,dc=Domain Name,dc=com
Asks for the confirmation whether to authoritative or not.
Click Yes button
Finally gives the confirmation, one entry is successfully updated.
OR
To restore entire database for Active Directory
:restore database
Click Yes & restart.
NETWORK ADMINISTRATION
DHCP (Dynamic Host Configuration Protocol)
DHCP server is used to assign dynamic IP address to the client machine (not to servers).
Assigning multiple systems with static IP addresses, the 4 major problems are:
1) IP Conflict
2) Different network IP address
3) Not assigning IP address to a client machine
4) Time
DHCP server is also present in Windows NT 4.0, but the major drawback of security feature
in Windows NT 4.0 DHCP is no authorisation concept. As this concept is used in Windows
2000 and 2003 DHCP server. Only the root administrator can do the authorisation in DHCP
server. Without authorising the DHCP severs it cannot issue the DHCP IP address.
Scope: Scope consists range of IP addresses belonging to a single network. A scope cannot
have multiple network IP addresses. We can have multiple scopes in DHCP servers.
Range: Range is nothing but pool of IP addresses.
Super Scope: Clubbing more than one scope into a super scope such that different network IP
address can be issued.
Multicast Scope: Multicast Scope is used to assign to a range of IP addresses from Class D
networks.
Reservations: Reservations are nothing but assigning dynamically static IP addresses. To do
the Reservations in DHCP we require the clients NIC card’s MAC (Media Access Control)
address.
41
To assign the Reservations.
Start Programs Administrative tools DHCP
Open the scope. Right click on Reservations and select New Reservations.
Specify the name to the Reservations.
Specify an IP address.
Specify the default option. Click Next. (0. both 0. 0. )
Finish.
Scope & Server Options: Specifying the information of the servers present in the network. It
is specified for a particular scope it called as Scope Option. If it should specified to entire
DHCP specify it in the server options.
DHCP Backup & Restore: The configurations that are done to DHCP can be taken as
backup through the DHCP server itself and also it can be restored through the DHCP server
itself.
Right click on the Computer Name (in DHCP). Select Backup option
To authorise DHCP:
Start Programs Administrative Tools DHCP
Right click on the Computer Name and Select Authorise.
Arrow in upward in Red in color is not authorise
Arrow in upward in Green in color is authorise
To configure Scope:
Start Programs Administrative Tools DHCP
Right click on Computer name and Select Scope.
A wizard appears, Click Next.
Specify a name to Scope and Click Next
Specify a range of IP addresses with a single network, Click Next.
Specify an exclusion range if required, Click Next.
Displays the least period with duration of 8 days, Click Next.
Gives 2 options.
To Configure scope options Now To Configure scope options Later
Select the default Click Next.
Specify the Router information if present, Click Next.
Specify the DNS server information, Click Next.
Specify the WINS servers information if required, Click Next.
Displays 2 options.
Activate Scope Now Activate Scope Later
42
Select the default Click Next. & Finish
Root
ROOT
ISP - DNS
Com Org Net
TOP
LEVEL
DOMAINS
Local - DNS
Yahoo Sify
SECOND LEVEL DOMAINS
User Browser
Mail Chat
SUB DOMAINS
DNS is used to resolve the host name to IP addresses and IP addresses back to host name.
DNS servers has 2 types of zones.
1) Forward Lookup Zone & 2) Reverse Lookup Zone
Forward Lookup Zone: It is used to resolve the host name to IP addresses. There can be
multiple Forward Lookup Zones on a single IP address. Forward Lookup Zone consists of
SOA (Start of Authority), NS (Naming System), Host, Alias etc. (And resource records are
available only on the domain zone)
Service Records: Service records consist of LADP, Kerberos, Global Catalogue,
Domain Name, TCP, UDP etc. (6 folders in 2003). These resource records are
available only for the domain zones.
43
Reverse Lookup Zone: It is used to resolve IP addresses back to host names. There can be
only one Reverse Lookup Zone to the entire network. But it can consist of multiple pointers.
Forward Lookup Zone: There are 3 types of zones in Forward Lookup Zone.
1) Primary Zone 2) Secondary Zone & 3) Stub Zone.
Secondary Zone: Secondary Zone is a copy (backup) and is used to copy the Primary zone.
There can be multiple Secondary Zones to a single Primary Zone, but the Secondary Zone
must not exist where Primary zone already exists. Secondary Zone maintains the total
information of the Primary zone.
Stub Zone: Stub Zone is also a copy of Primary zone but Stub Zone maintains only 3 records
information of the Domain zone or 2 records of the other zones. The 3 records are 1) SOA, 2)
NS and 3) Host. Stub Zone is available only in windows 2003 DNS server.
To Install DNS:
Start Control Panel Add / Remove Programs Add/Remove Windows components.
Scroll down the list and Select Networking components.
Select details and Check DNS …OK
(Insert Windows 2003 Server CD, when prompted. - Finish)
44
Start Programs Administrative Tools Services (need to restart 2 services)
1) Net logon 2) DNS server service
Now you can find 6 Folders / Service Records
If the Domain Zone is created without Active Directory integrated. (DC system)
Open ‘My Computer’ C (where the OS is existing) Windows System32 open
‘Config’ folder.
Select and open ‘netlog.dns’ file in the Notepad. Copy the entire content and close Notepad.
To get the Resource Records of the Domain Zone on the Member Server.
First share the ‘Config’ Folder in the DC.
Restart the ‘Net logon’ service on Dc & DNS server service on the Member server.
45
Six Important Roles of DNS:
1) Disable Recursion: If a query is passed on to the DNS server, the DNS server tries to
resolve the query by searching multiple number of times. By default this option is
unchecked. If this option is checked then the DNS server tries to resolve the query
once.
2) Bind Secondary: If a query is passed on to the primary zone, if it is unable to solve it
sends the query to the secondary zone. On certain circumstances if this option is
unchecked, it doesn’t even allow to create a secondary zone. By default this option is
checked.
3) Secure Cache against Pollution: When a website is visited we find multiple link sites
getting opened. By default DNS cache saves all the information where pollution is
created. And also if a website is visited enough it saves the information in C:. After
certain duration the same site is visited again, in such a case the NS makes 2 entries
where pollution is created. To solve this problem check the option.
4) Round robin: When there are multiple web servers with a single host name but
different IP addresses. The DNS server send the query to all the web serves till any
one of the server resolves the query. By default this option is checked. If the option is
unchecked sends the query to the 1st web severs only.
5) Enable Net mask ordering: If a single sever have multiple network adaptors then the
DNS sends the query to the respective NIC card only. Because by default this option is
checked. If this option is unchecked then it functions in Round robin format.
6) Fail on Load if bad zone data: If a zone has multiple records if any one of the record
is bad, it doesn’t stop the functioning of the zone. Because by default this option is
unchecked. If this option is checked if any one of the zone file is bad then it disables
the entire zone itself.
46
An Active Directory-integrated zone can be defined as an improved version of a primary DNS
zone because it can use multi-master replication and the security features of Active Directory.
The zone data of Active Directory-integrated zones are stored in Active Directory. Active
Directory-integrated zones are authoritative primary zones.
A few advantages that Active Directory-integrated zone implementations have over standard
primary zone implementations are:
• Active Directory replication is faster, which means that the time needed to transfer
zone data between zones is far less.
• The Active Directory replication topology is used for Active Directory replication, and
for Active Directory-integrated zone replication. There is no longer a need for DNS
replication when DNS and Active Directory are integrated.
• Active Directory-integrated zones can enjoy the security features of Active Directory.
• The need to manage your Active Directory domains and DNS namespaces as separate
entities is eliminated. This in turn reduces administrative overhead.
• When DNS and Active Directory are integrated; the Active Directory-integrated zones
are replicated, and stored on any new domain controllers automatically.
Synchronization takes place automatically when new domain controllers are deployed.
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. In the console tree, select the DNS server that you want to create a new DNS zone.
3. From the Action menu, click the New Zone option.
4. On the initial page of the New Zone Wizard, click Next.
5. Select the zone type that you want to create. The options are Primary, to create a new
standard primary zone; Secondary, to create a copy of the primary zone; and Stub, to
create a copy of zone but for only the NS record, SOA record, and the glue A record.
6. Select the default selected option - Primary zone.
7. To integrate the new zone with Active Directory, and if the DNS server is a domain
controller; then you can select the Store the zone in Active Directory (available only if
DNS server is a domain controller) checkbox.
8. Click Next.
9. On the Active Directory Zone Replication Scope page, accept the default setting for
DNS replication: To all domain controllers in the Active Directory domain. Click
Next.
10. Select the Forward lookup zone option on the following page which is displayed by
the New Zone Wizard, and then click Next. 1
11. Enter a zone name for the new zone. Click Next. 1
12. The options that you can select on the following page pertain to dynamic updates. The
Allow only secure dynamic updates (recommended for Active Directory) option is
only available if you are using Active Directory-integrated zones. Click Next. 1
13. Click Finish to add the new zone to your DNS server.
Primary zone: This is the only zone type that can be edited or updated because the
data in the zone is the original source of the data for all domains in the zone. Updates
made to the primary zone are made by the DNS server that is authoritative for the
47
specific primary zone. You can also back up data from a primary zone to a secondary
zone.
Secondary zone: A secondary zone is a read-only copy of the zone that was copied
from the master server during zone transfer.
Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only
contain those resource records necessary to identify the authoritative DNS servers for
the master zone.
IIS v 6.0
Kernel Mode: Kernel Mode is a mediator between the user mode and hardware. A kernel
mode is directly interactive with hardware.
IIS v 6.0 is Kernel Mode.
IIS server is user to host Websites and FTP sites generally. IIS server in Windows 2003
comes with version 6.0. Whereas in Windows 200 IIS v. 5.0. Rather in Windows NT 4.0 IIS
by default is 2.0 and if install Service pack 6.0 IIS server is 4.0. IIS v 6.0 works on directly on
Kernel Mode. Where as previous versions work on the User mode. As IIS 6.0 works on
Kernel Mode it is faster to host websites.
Websites can be hosted in a windows 98 operating system also by using PWS (personal web
server). But there are lot of disadvantages compare to IIS v. 6.0 on server. IIS is installed by
default in Windows 2000 server. Whereas in 2003 IIS server is not installed by default. We
call IIS as ISM (Internet Service Manager) in Windows 2003 server. Whereas in Windows
2000 we call as IISM (Internet Information Service Manager).
Websites: We can be hosted on a IIS server by using the default port number 80. Website on
an IIS server can be configured using a different port also. There are a total 65,535 ports out
of that 1023 ports are reserved.
FTP: File Transfer Protocol is specifically used for uploads and downloads. FTP site can be
configured on IIS server with a default port number 21. In Windows 2003 IIS by default the
administrator is allowed to download and denied to upload. The only one user can do both of
them, i.e. the Power User of IIS. He is calls as iuser (Internet). The administrator has to take
permission by himself in order to upload any data through the FTP site.
Once IIS server is configured the DNS server should be configured with zones. IIS is totally
integrated with DNS server.
By default in Window 200 IIS server there are 2 default websites. 1) Default website and 2)
Administrative Website.
Default website consists of help regarding IIS server. Administrative website is not available
in Windows 2003 IIS server.
48
Requirements for IIS server to host:
1. Standalone Sever (Can be installed in Domain Controller, Member Server or Work
Group).
2. Member server is recommended
3. Static IP Address
4. Windows 2003 server CD
5. DNS Server
6. Web content (html files).
49
Create Host and Alias for the Sub Domain.
Now go to Command Prompt and ping (www.mail.yahoo.com)
1) A maximum of 13 Sub Domains can be created and configured.
www.mail.yahoo.com
www.yahoo.com/ Virtual Directory.
Giving the right to the Administrator to upload the information in to the FTP site:
Right Click on the FTP site which is created.
Go to properties select the 2nd option.
It displays the iuser account.
Change to Administrator by clicking the Browse button. Apply. OK.
Refresh for 1/2 minutes.
Software Router
Router is used to establish connectivity between 2 different networks.
192.168.1.1 192.168.2.1
Router
192.168.2.2
192.168.1.2
50
There are 2 types of Routers:
2) Software Router and
3) Hardware Router.
Software Router: A software router is used to establish connectivity between 2 different
networks within a local LAN (preferred).
Hardware Router: A hardware router is used to establish connectivity between 2 different
geographical locations. Eg: WAN.
Differences between a Software Router & Hardware Router:
Sl Hardware Router Software Router
1 A Hardware Router has one task to A Software Router can be used to perform
perform i.e. Routing multiple tasks
2 It can be configured only by It can be configured by any person with a
professional simple knowledge
3 There are fixed series of routers are There are no fixed series in software routers
available in hardware routers
4 It is easily portable It is difficult for portable
5 It is costlier It is cheaper
6 It is required a third party devices No need to use any third party devices for
for connectivity and configuring. software routers.
Eg: Transceiver, DB9
192.168.1.1 NAT
192.168.2.1
Router
192.168.2.2
192.168.1.2
DHCP Relay Agent:
DHCP Relay Agent is used to assign different network IP addresses dynamically of one
network to another. The DHCP Relay Agent takes the request from the client machine passes
through router and delivers at to the DHCP server present on the other network. Takes the IP
addresses from the DHCP server passes through the router and assign the dynamic IP address
to client.
4) Without configuring the DHCP Relay Agent on the router the DHCP server cannot
assign a dynamic IP address to a different network. Once the DHCP Relay Agent is
configured on the router no need to configure any Super Scope in the DHCP server.
DHCP
192.168.1.1 Relay 192.168.2.1
Agent
(Router)
192.168.2.2
192.168.1.2
51
The routers information must & should be specified in the scope options for the
server options on the DHCP server.
• Each and every interface of the router must & should be configured with a different
network IP addresses.
52
To Configure:
Right Click on DHCP Relay Agent and Select New Interface.
In the Interfaces Select an Interface and Click OK button.
Select the default options & OK
Add the other Interface also in the same procedure.
o Right click on the DHCP Relay Agent, go to Properties.
o Specify the DHCP servers IP Address, Click OK.
A network is called as secured network because data travel in an encrypted format over the
network and will be decrypted only at the destination end.
• By default 2 single unsecured networks (dial-up) a maximum of 5 VPN connections
can be established using PPTP protocol.
53
Point to Point Over Ethernet (PPPOE): To have a huge bandwidth over point to point
connection has Ethernet technology a protocol is used on the RAS server is called as PPPOE.
Microsoft Remote Access Service Protocol (MRASP): When there are multiple RAS
servers able to communicate each other then MRASP protocol is used to establish that
connectivity.
54
To Configure the VPN Connection: (On the Client Side Only)
Start Settings Network Connections. Double click ‘Make new connection’
A Wizard appear, Click Next
In the options select ‘Connect the network to the Workplace’, Click Next
Select ‘VPN’ option, Click Next
Select the ‘Unsecured network Connection’ option, Click Next
Specify the RAS servers PPP adaptors IP Address, Click Next
2 options appear: (Everyone & only myself) select any one option Click Next & Finish
By default the Administrator himself is denied to use the Dial-up connection. To make his
account Allow access:
Start Programs Administrative Tools Active Directory Users & Computers.
In the users folder, Right Click on the Administrator account, go to Properties. In the options
select ‘Dial in’ and click Allow option. Click Apply & OK. The same applies ever for the user
also.
Terminal Service
Terminal Service is used to deploy the server environment on to the client machine. The
applications that are installed on the server can be accessed from the client machine with
lesser configuration by using Terminal Service. Eg: 3D Max, Maya etc.
Terminal Services are very widely used in the software designing and corporate sectors. One
of the other reasons why Terminal Services are used is to reduce the infrastructure cost.
Terminal Service in Windows NT 4.0 is not integrated with operating system. Where as in
Windows 2000 and Windows 2003 the Terminal Service is integrated. To have Terminal
Service in Windows NT 4.0 a separate edition should purchased called as Windows NT
Terminal Service server. Terminal Service uses a protocol called as RDP (Remote Desktop
Protocol). Windows 2000 Terminal Service has 2 modes: 1) Remote Administrative Mode 2)
Application Service Mode.
1) Remote Administrative Mode: Through Remote Administrative
Mode only Administrator allowed to login. The administrator can’t access any
applications in this mode, but can configure the Terminal service.
2) Application Service Mode: Through Application Service Mode both
users and administrator are allowed to login. Both of them can access any application
on Terminal Service. The administrator can even configure the Terminal Service.
In Windows 2003 Terminal Service are 2 models: 1. Full Security Mode & 2. Relaxed
Security Mode.
1. Full Security Mode: Through Full Security Mode by default only administrators are
allowed to login by giving permissions to users in Terminal Service even the users can
login in this mode. In Full Security Mode certain application will not work properly
and also critical registry options can’t be changed nor modified in this particular
mode.
2. Relaxed Security Mode: Through this mode by default only administrators are allowed
to login by giving permissions to users in Terminal Service even the users can login in
this mode. In this particular mode all applications will work and also critical registry
options can be changed or modified. By default the Terminal Service will be running
on Windows server 2003 in this particular mode.
Terminal Service has 2 important features: 1) Remote Control & 2) Environment.
55
1) Remote Control: Through Remote Control option the administrator can view the users
terminal service session. There are 2 modes in Remote Control option. 1) View Mode
& 2) Interactive Mode. In View Mode the administrator can view the user’s Terminal
Service session. Trough Interactive Mode the Administrator can interact with the use
through this particular mode. There is an option is checked once the Remote Control is
applied to the user’s Terminal Service either to accept or deny. If this option is
unchecked once the Remote Control is applied to a user and no intimation will be sent
to him and forcibly takes the user’s Terminal Session.
2) Environment: Through Environment option only one application can be deployed to
the user when the user in the Terminal Service. If we need to deploy more than one
application, create a .bat file. Open Notepad type the applications that are required on
the other and save it in the drive with some name.
In Windows 2000 Terminal Service a user can open multiple Terminal Service sessions. But
in 2003 Terminal Service a user can login / open only one Terminal Service session.
By default Relaxed Security Mode will be installed with Operating System itself.
But in Windows 200 Terminal Service should be manually selected in Control
Panel.
56
Open folders “My Computer C: Windows System32 Clients TSclients
Win32” folder. Share ‘Win32’ folder.
On client side open the share folder (on Server) and installed the application.
RIS
RIS Service is used to deploy the Operating System from the server to the client system
directly. This service is been introduced in Windows 2000 Server and also available in
Windows 2003 Server. To do this deployment we require either Hardware support or
Software support on the client system. Through RIS we can deploy certain Operating Systems
like Windows 2000(P), Windows 2000(S), Windows XP (P), and Windows 2003(S) but can
not deploy Windows 95, Windows 98, Windows ME, Windows NT 4.0 and Datacenter
Servers of Windows 2000 and 2003 will not work. RIS Services reduces the work load of an
administrator by automatically installing the Operating System from the server to the client.
To install the Operating System we require the installation CD of the Operating System, CD-
Rom on each and every system and also the administrator as to manually answer each and
every question to complete the installation process. Through the RIS Services there is no need
to have CD-Rom on each and every system, no need to have the installation CD of the
Operating System and the administrator job is also less compared to the installation Process.
There are two methods in RIS Service through which we can deploy the Operating
System they are
1. Attended Installation
2. Un Attended Installation
1) Attended Installation: The default processor in RIS is the Attended Installation. Through
this process the administrator has to answer certain question while the installation is going on
like 25 digit product key, organisation name, etc.
2) Un Attended Installation: Through this process the installation is done totally automatic.
No question will be asked while the installation is going on. To do this process the
administrator has to modify the “.sif”.
The hardware requirement on the client system is the PXE (Preboot Execution Environment)
Boot Room. The PXE Boot Rom is available on the client NIC cards. But Windows 2003 RIS
service supports only 10 vendors NIC cards with PXE Boot Rom, in Windows 2000 RIS
service it supports 3 Vendors NIC cards with PXE Boot Rom. If the Hardware is not available
we can use the Software Process. We can use the RIS Bootable CD or Floppy to start the RIS
installation Process.
57
58