IMPORTANT POINTS

A/D New Feature in Win 2003 1. Rename the Domain (use redom.exe & gpfixup.exe) 2. Rename Domain Controllers 3. Modify common Properties for multiple users at once. Use the SHIFT & CONTROL Key 4. Drag n Drop AD objects within the AD users & Computers Tool. 5. Ability to disable the default administrator account 6. Universal Group Membership Cashing (cutting down on the need for GCs) 7. Cross Forest Trusts 8. Group Policy Management Console ------------------------------------------Promoting the Computer to Domain Controller will disable or remove the Local User and Group, the New User and Group can be created through A/D Users and Computers. ------------------------------------------Command to Convert File System (i.e. Partition) from FAT to NTFS. Convert c: /fs:ntfs -------------------------------------------

DNS DOMAIN NAME SERVER (Resolution of Name to IP) 1. FORWARD LOOKUP ZONE 2. REVERSE LOOKUP ZONE DNS UPDATES Non-Secure and Secure Updates Secure Updates (Work with the Active Directory) ------------------------------------------Command to Force the DNS Registration CMD ipconfig /registerdns Command to FLUSH the cache DNS CMD ipconfig /flushdns ZONE TRANFER In Server 2000 the setting was to transfer zone to ANY SERVER by default.

In Server 20003 the setting is to transfer zone to Server Listed in the Name server Tab SCAVEGING/AGING The term used to determine the time period to delete the DNS Entry if the entry is no longer been used. It can be set at the DNS Level and then at the ZONE level. By Default the cumulative period is of 21 days. START OF AUTHORITY (SOA) The Serial Number in SOA Tab specifies the number of times the DNS Server is updated. Its on incremental basis. PRIMARY & SECONDARY ZONE In the DNS Server there can only be one primary zone and other secondary zone (Read Only Copy). In case of more than one primary zone in DNS the entry in one Zone will not get updated in the other zone (i.e. if both zones are primary) unless the Zone Transfer is enabled between them.

DNS SERVER DATABASE DIRECTORY C:\Windows\System32\DNS ------------------------------------------An Alias (CNAME) are used when We want a particular record to pointing to same IP. For E.g. If the NS1 (NAME SERVER) is configured with IP 69.28.129.221 and we want www.abc.com to point to same IP. We can create a CNAME Record i.e. (www) that is pointing to NS1 which in turn points to the IP (69.28.129.221) ------------------------------------------IIS SERVER In IIS Server the Host Header Value differentiates which website to be display from the Web Server. We can configure the HOST HEADER through the WEBSITE TAB then the Advance Button and then putting the IP and the Host Header Value. Through this HOST HEADER VALUE the web server knows which website to display to the user. SECURING WEBSITE To secure a website there are 3 different methods under the DIRECTORY SECURITY TAB 1. Authentication and Access Contol Under this Method there are 4 Access Control Methods: o Integrated Windows Authentication Method

o Digest Authentication for Windows Domain Servers o Basic Authentication (Password is sent as clear text) o . NET Password Authentication. 2. IP Address and DOMAIN NAME RESTRICTION 3. SECURE COMMUNICATION using the CERTIFICATE from CERTIFICATE AUTHORITY. We can also limit the access to the particular pages of the website through NTFS Permission. -------------------------------------------

DHCP SERVER IN Window 2000 & 2003 we need to authorize our DHCP Server first. IN DHCP Server we need to add the Scope of the IP Address through New Scope Wizard and also define the Exclusion IP range which we dont want to be assigned through DHCP. Lease Duration specifies how long a Client Computer uses a particular IP (Default 8 Days) Command to Release the IP Cmd ipconfig /release Command to Renew the IP from DHCP Server Cmd ipconfig /renew

------------------------------------------VPN SERVER The Routing and Remote Access Server is used for VPN Server. RAS Routing Access Services IAS Internet Authentication Services. In Active Directory there is a group under the USERS RAS and IAS Servers. The Server acting as VPN Server has be a member of this group.

MS-CHAP-V2 and MS-CHAP are the Remote Authentication protocol used for remote authentication of client. CHAP is also the authentication protocol used for NON WINDOWS client like UNIX, LINUX, MAC and other Operating system i.e. basically Non-Windows Products etc. PPTP: - Point to Point Tunneling Protocol L2TP: - Layer 2 Tunneling Protocol L2TP is more secure then PPTP. L2TP is supported in both WIN 2003 and WIN XP. NAT COMPATIBILITY is available in WIN 2003 L2TP and not available in WIN 2000 L2TP VPN. CERTIFICATE AUTHORITY (CERTIFICATE SERVICES) Prove your Identity to Remote Computer Ensure the Identity of a Remote Computer

We can CHANGE THE FUNCTIONALITY level of domain through A/D DOMAIN AND TRUST and then raising the Domain Level. In Win2000 MIXED MODE the option Control Access through Remote Access Policy is not there in the Dial In Tab of the User Profile. In Win2000 NATIVE MODE the option Control Access through Remote Access Policy is present there in the Dial In Tab of the User Profile.

DEMAND DIAL INTERFACE is Specific for Site to Site VPN Connection.

-------------------------------------------

CISCO ROUTING OSI Model 7 Layers Transmission Mode Data Layers Application Function End User Interaction. Telnet, Authentication

Data

Presentation

Data Segments

Session Transport

Packets Frames Bits

Network Data Link Physical

also takes place at this layer. Protocol that work on this layer are WWW, Telnet, SMTP, POP3, FTP This determines how the data is presented. Data Formatting, Data Encryption, Compression and Translation happen at this layer. File Extension used at this layer are JPEG, GIF, ASCII and TIFF Construction and Teardown of connection between two end points. Segments Data and Transmit the Segments, Two methods for transporting data, TCP and UDP. Routing is performed (IP addresses are used) Switching (MAC Address are used) Transmit Data in bits (Its all Ones and Zeros) Cables, Hubs, Repeaters work at this layer.

Layer 3 Switches It is a Switch but also can run the Routing Protocol. TCP vs UDP TCP (In TCP 3 Way Handshake Take Place) Guaranteed Delivery Connection Oriented Flow Control Windowing UDP Connection Less Best Effort Delivery, No Flow Control No Windowing UDP has no underlying connection it just starts transmitting segments.

TCP has Guaranteed Delivery, UDP has Best Effort Delivery UDP has no mechanism for Guaranteed Delivery. WINDOWING Allows us to raise the number of segments the sender can transmit before an Acknowledgement must be received. TCP has Flow Control, UDP has no Flow Control.

Flow Control allows the receiver to adjust the Flow of the segments being transmitted to it. Both TCP and UDP have Source Port, Destination Port and Checksum Fields. TCP Over head is much larger than UDP. Which Protocols run on TCP and the one which run on UDP TCP: - POP3, SMTP, FTP (Require Authentication), HTTP, DNS UDP: - TFTP (It does not require Authentication), DHCP, SNMP (simple network mgmt Protocol) and DNS (mostly work on TCP but uses UDP also sometimes)

OSI MODEL Vs TCP/IP MODEL OSI MODEL Application Presentation Session Transport Network Data Link Physical CISCO 3 Layer Hierarchical Model. 1. Core Consist of Switches 2. Distribution Consists of Routers 3. Access Control Access to Network Resources Vs TCP/IP Application Transport Internetwork (ing) Network Interface

Cables Types: Straight Cables Same Configuration is used at both ends (W/O, O, W/G, Bl, W/Bl, G, W/Br, Br) Cross Cables In Cross Cable the cable Pin 1 & 3 and 2 & 6 are switched at other end. Roll Over Cables All the wires are roll over from one side to another. Used to Connect PC or Laptop directly to the Router. (Connect on the CONSOLE Port of the ROUTER) Ethernet Vs Fast Ethernet

Ethernet - Half Duplex Mode Send or Receive, but cannot do the both at the same time. Fast Ethernet Full Duplex Mode Send and Receive Simultaneously. First Ethernet Standards 10Base5, 10Base2 Cable Distance Limits 10B5 500 Meters, 10B2 185 Meters Attenuation Gradual weakening of Electric Signal. Repeaters (Layer 1 Device) Used to Increase the Signal Strength. Repeats an Electrical Signal, but does not break up a collision domain. Hubs (Layer 1 Device) Multiport Repeater. Hub do not break up collision domains either. Switch (Layer 2 Device) Break up the collision Domains First Octet Class A 1-126 (127 Loopbacks) 128 191 192 223 224 239 240 254 Network Bits 8 Host Bits 24 Network Mask 255.0.0.0 (/8)

Class B Class C Class D Class E

16 24

255.255.0.0 (/16) 255.255.255.0 (/24) Multicasting

16 8

Experimental, Reserved for Future use.

MAC ADDRESS The MAC Address is divided into 2 parts: First part is referred to as Organizationally Unique Identifier (OUI). The OUIs is assigned to hardware vendors by IEEE. A Given OUI is assigned to one and only one vendor. Second part of the MAC Address is a value not yet used by that particular vendor. For E.g.

MAC ADDRESS: - aa-bb-cc-11-22-33

The OUI is aa-bb-cc

The Vendor has not yet used the 11-22-33 with the particular OUI, so the vendor is doing so now.

The Broadcast MAC address is all Fs address: ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as case does not matter in hexadecimal) There is range for MULTICAST Addresses, and the first half of a multicast MAC address is always 0100.5e. The second half of a multicast MAC address will fall in the range 00-00-00 throu 7F-FF-FF. Watch that 7!