Provides centralized administration. Domain offers security and provides logon authentication. Suitable if security is criteria Requires an administrator. Desktop O. Network O. Win NT 3. IP version 4: offers IPs up to 4. IP version 6: bit size.
IP address is used for identifying the system and provides communication. IP address is of 32 bits divided in four octets. Each Octet is of 8 bits, separated by a. Numbers range between Organizations responsible for assigning IPs to clients. H The first bit of first octet is always 0. The first two bits of first octet are reserved as 10 Class C: The first three octets are reserved as network portions. The first three bits of first octet are reserved as Class D: Used for Multicasting.
The first four bits of first octet are reserved as Class D: Used for Experimentation. AD is a centralized hierarchical Directory Database. AD is a searchable Database. We have to install A. Domain Controller D. A server where A. Functionality of A. It provides single point of administration. Purpose of A. Provides user logon authentication services. Features of A. Fully integrated security system with the help of Kerberos.
Easy administration using group policy. Extensible modify the schema New features in 6. Cross —forest trust relationship. Site-to-Site replication is faster. It is directory access protocol. It runs on the port no. D: Requirements: Windows O. Components: Logical structure is useful for organizing the network.
Logical components cannot be seen Physical structure is useful for representing our organization for developing the organizational structure.
It reflects the organization mirrors Physical structure can be seen. TREE: A tree is a group of domains which share contiguous name space. If more than one domain exits we can combine the multiple domains into hierarchical tree structures. The first domain created is the root domain of the first tree.
Additional domains in the same domain tree are child domains. A domain immediately above another domain in the same domain tree is its parent. The two forest wide predefined groups — Enterprise. Administrators and schema administrators reside in this domain. Sites provide replication There are 2 types of replications 1. Intrasite replication 2. Intersite replication Intrasite Replication: It is a replication with in the same site.
Intersite Replication: It is a replication between two different sites. Intersite replication is implemented when the sites are away from each other. DIT C:windowsntdsntds. Directory Information Tree It is a file logically divided into four partitions. Schema partition 2. Configuration partition 3. Domain partition 4. Ad is constructed with the help of classes and attributes. Forms the database structures in which data is stored.
Collection of objects is called class. Piece of information about the object is called attribute. Configuration Partition: Logical partition in AD database. Domain Partition: Logical partition in AD database.
Collections of users, computers, groups etc. Units of replication. Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain.
DCs do not replicate domain partition information for other domains 4. Application Partition: It is a newly added partition in win It can be added or removed It can be replicated only to the specified DCs.
Schema master 2. Domain Naming master Domain wide master operation 3. PDC emulator 4. RID master 5. Infrastructure master Schema Master: Responsible for overall management of the entire schema in a forest.
The first DC installed acts as a schema master in the entire forest. It maintains the uniqueness of domain names. There can be only one DNM in the entire forest. If it is running in mixed mode PDC updates the password changes made by the users. It is also responsible for synchronizing the time. There can be only one PDC emulator per domain. It is divided into two parts. DID Domain Identifier 2. It also maintains universal group membership.
There can be only one infrastructure master per domain The term flexibility means we can transfer any of the 5 roles from DC to ADC. Transfer of Roles : We can transfer the roles for some temporary maintenance issues on to ADC and again we can transfer back the roles onto DC.
We can transfer the roles in two ways 1. Command mode 2. Graphical mode Global Catalog runs on the port number All types of queries are first heard on this port number and forward the query to port no.
Maintains the complete information about the objects within the same domain and partial information about other domains. GC communicates to infrastructure master. The primary functions of GC To maintain universal group membership information, to easily locate the objects with in the AD. Installing New Domain tree in an existing forest: Requirements: Forest initial domain controller or root domain controller On member server or stand-alone machine. Select Domain tree in an existing forest.
Functional Levels: 1. This mode supports older versions of win We can add NT, flavors in networks. Interim: This mode can have NT and Useful when we upgrade NT to Windows server: This mode supports only server family. External — one way non-transitive NTLM trusts.
Realm — one or two way non-transitive Kerberos trusts. Establishing Trusts: The Domain where we have user accounts is called trusted domain. The domain where we have resource is called trusting domain. Trust between parent and child is two way transitive trusts. Ex; A trusts B, automatically B trusts A this is a two way trust. Trust between parent and Grandchild domain is called implicit trust.
One way out going trust: A is offering resources to B and B is getting resources from A Benefits of Domain Functional Level: Win server Level: The moment we raise the functional level, form mixed mode to win mode we get the following benefits.
Universal groups Group nesting Domain renaming tools. Benefits of Forest Functional Level: Win level We get complete benefits of when we raise the level from to win server.
We can implement forest trusts. Acceleration of global catalog replication information. Server, which is part of the Domain, is called Member Server. Member Servers are used Load balancing Load sharing form DCs A member server can be configured as any of the following servers. Domain User Accounts: These are created in the AD and they proved centralized management of users besides easy administration 2.
Local User Accounts: These can be created on the Local machines where the client works. XP prof. These accounts do not provide centralized management. Suitable only for smaller organizations where there is no server.
Creating a Domain User Accounts. Verify: On DC logon as a user Disabling password complexity policy: The moment we create a share on a server, server acts like a file server. Permissions Using permissions an administrator can either allow or deny access to a resource.
Resource can be a network resource or local resource Permissions are of two types 1. Share level 2. Share level permissions are not applied on the local machine where the resource is existing.
NTFS permissions are useful for securing locally available resources. Experiment2: Login as administrator on member server Create a folder Folder properties Security Advanced-uncheck the box allow inheritable permissions.. Remove Apply — ok. Add the users we have created along with the administrator Administrator -full control U1 — full control U2 — modify U3 — read — apply — ok Full control permissions This permission offers complete control i.
Users who have full control permission can take ownership of a resource The moment a user creates a folder he becomes an owner of a folder.
When a user logs in for the first time the user will be loaded with a default user profile. Default user profile is located under C:documents and settingsdefault user Types of profiles: Local profile Roaming profile Mandatory profile Local profile: It is a profile loaded for the user and saved in the local hard drive where the user works. And profile will be saved when a user logs off Local profiles are limited only to the machine where they are saved. A user with a local profile will not be loaded with a network profile when he logs on from another machine.
Verifying the type of the profile: My computer Properties Advanced User profile — settings Roaming Profile: It is a profile, which is saved in the shared folder on the server.
Hence available in the entire network. Mandatory Profile: Mandatory Profile is a profile used for controlling desktop environment setting especially used for restricting user from saving user data, setting, and configuration on the desktop.
It is a type of roaming profile but settings are not saved when a user logs off. Changes will be available only for the session where user is active. If the home folder is in the server an administrator can secure it and back-up. If the home folders are created in the local machine backing up is not that easy. Creating a user home folder in a server On member server Create a home folder for user1 Share it Permissions Remove everyone Add administrator and user1 Give full control for both DFS Distributed File System DFS allows administrators to make it easier for users to access and manage file that are physically distributed across a network.
With DFS, you can make files distributed across multiple servers. It may appear for users that files actually reside in one place computer on the network. Benefits of DFS 1. Easily access: users need not remember multiple locations form where they get data just by remembering one location they get access to the data. Load balancing: if all the DFS root servers and targets are working fine it leads to load balancing.
This is achieved by specifying locations for separate users. DFS Terminology: 1. DFS root 2. DFS links 3. DFS targets 4. Domain DFS root 5. Targets: the mapping destination of a DFS root or links, which corresponds to a physical folder that has been shared. And this can be scheduled. Quotas can be implemented in two ways On computer basis local machine User basis network resource Quotas can be implemented only on NTFS volumes. OUs are basically used for dividing a single domain into smaller portions for efficient management and organization of the resources Creation of OUs: On DC Assigning Delegate control for sub administrator.
Using group policy we can implement security, policies, software deployment, folder redirection, Internet explorer maintenance. Group policies enable the users either to access or to be denied of an object. GPO defines polices implemental for the objects. One group policy object can be linked with multiple objects like site, domains, DCs, OUs, etc… The order in which the group policy is applied. When user logs in Computer policy Eg: no shut down, no time setting User profile Eg.
Block policy inheritance: Block policy inheritance is useful for blocking the inheritance of the policy from its parent object Note: 1. Useful when we have to perform shorter administrative tasks. When there is conflict between two policies applied to the same object. We should notice control panel. No override: It is an option available from group policy useful when we want to override all the policies implemented on the child objects Implementing override On DC Open ADUC Select the parent OU We have created Properties Group policy Options select no over ride Note: No over ride is opposite to block policy inheritance; Important group policies User configuration Administration templates Windows components Windows explorer -Prevent access to drive -No entire network -Remove map drive Under user configuration Administrative templates Expand system -Run only allowed windows applications -Do not run specified applications Group policies are of two types.
It is a process of spreading out the software required onto the client machines when a user starts the computer. Software deployment is possible only when the software is with. Software deployment is possible only with. This is the product of Veritas Company. Phase — I Converting.
Acrobat Click on the dotted tab Browse. And takes the snap shot of the current condition of the OS. Phase- II Installation In this phase we have to install the software, which we want to convert to. Note: Using these three phases the Microsoft software installer can trouble- shoot or deploy the software. Users do not lose their data Implementing folder redirection: On DC Create a roaming profile for a user And convert it into mandatory Note: create a new OU at first and create a user in that and make that user profile as mandatory.
NT supported only one type of storage media, i. NTbackup utility Comes along with the OS. Provides minimum benefits could have optimum benefits. Back up Next Select 2nd option backup selected files.
It is used as a backup marker. Copy backup: Copy backs up all selected folders but does not remove archive bit after backing up.
Copy is used between normal backup and incremental backup. Removes the archive bit after back up. After backup does not remove the archive bit. It backs up all the files changed since normal back up. Recommended backup strategy: If we select incremental back up it is faster and restoration is slower.
If we go with differential backup, backup is slow, but restoration is fast i. SSD is a data store if we want to backup complete AD we can back up system state data from backup utility. Taking a back up of system state data: Start - run — ntbackup — click on advanced mode — backup — next Select 3rd one system state data — next — save in E drive - create a folder SSD in this folder create a file with filename. It does not increment the USN values of the objects after restoration.
It uses older USN values only. Authoritative restore: This is useful when we want to restore a specific object or specific object by incrementing the USN value. Object When we want to perform authoritative restore, we have to restart the system in directory services restore mode DSRM by pressing F8. While booting and selecting DSRM. Going to backup utility we can restore system state data on completion of the restoration system prompt us to restart the system.
Tombstone: It is an object deleted from AD but not removed. It remains in the AD for 90 days. Version 4. Version 6. Which are not changeable. DHCP: useful for extremely larger networks where we want to centralize the I. Case2: Useful for smaller networks where there are no administrators or administrator may not be comfortable with assigning IPs. IP leasing process: 1. Note: when we have multiple scopes only one scope can be active in order to enable all the scopes we have to merge all the scopes with super scope.
Creating super scope Requires multiple scopes Create 2 scopes. Microsoft Dynamics Dumps. Enterprise Mobility Suite Dumps. MCP-Windows 10 Dumps. License Management Dumps. Microsoft Certified Educator Dumps.
JavaScript Dumps. Microsoft Azure Dumps. Azure Solutions Architect Expert Dumps. Microsoft Dumps. Microsoft Windows 10 Release and later Dumps. Microsoft MOS Dumps. Microsoft Java 6 SE Dumps. Microsoft Azure Administrator Associate Dumps. Azure Security Engineer Associate Dumps.
Dynamics for Finance and Operations Dumps. Azure Data Engineer Associate Dumps.
0コメント