Make It Simple Systemadmin: 2014

Sunday 30 November 2014

DSQuery Commands

DSQuery

1) How to open DSQUERY GUI Window
rundll32 dsquery,OpenQueryWindow
2) To list all attributes for the specfic user
dsquery * -filter "samaccountname=vkr" -attr *
3) This command will list all DCs are associated with this site
dsquery server -o rdn -site SiteName
4) To List all users in the OU
dsquery user ou=test,dc=AP,DC=SSS,dc=com
5) To List all users and their home folder path in the OU.
dsquery user "ou=test,dc=ap,dc=sss,dc=com" | dsget user –hmdir
6) How to find all groups of a user is memberof without the DN's?
dsquery group -samid "groupname" | dsget group -members | dsget user -samid -c
"-c" will ignore the errors
7) User member of the group and their name
dsquery user -samid "admin" | dsget user -memberof -expand | dsget group -samid
8) How to find if the Domain Controller is a Global Catalog (GC) or not ?
dsquery server -name test1 | dsget server -isgc
9) How to find Schema version?
schupgr
10) How to find Site name by server name ?
dsquery server -name test1 | dsget server -site
11) How to find users logon name by their givenname for bulk users?
for /f %%x in (%1) do dsquery * domainroot -filter
(&(objectcategory=person)(objectclass=user)(givenName=%%x)) -attr sAMAccountName
Copy the above command to notepad save to bat file eg: User.bat
list the users givenname in txt file like user.txt run the bat file below
user.bat user.txt >> C:\report.txt
12) How to find subnet with associated site.
dsquery subnet -name 10.222.88.0/25 | dsget subnet
13) How to find SID of a user?
dsquery user -samid <bbiswas> | dsget user -sid
dsquery * -filter (samaccountname=santhosh) – attr sid
14)To get the members status from the active directory group
dsquery group -samid “Group Pre-Win2k Name” | dsget group -members | dsget user -disabled -display
15) Command to find all the subnets for the given site
dsquery subnet -o rdn -site <site name>
16) Command to find all DCs in the given site
dsquery server -o rdn -site <site name>
17) Command to find all DCs in the Forest
dsquery server -o rdn -forest
18) How to find all attributes for all users?
Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>output123.txt
19) Find Person name starting with Kum and his SAM Accountname
Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)(name=kum*)" -attr samaccountname
20) Show How Many Times wrong Password has been entered on a specified domain controller.
dsquery * -filter "(sAMAccountName=jsmith)" -s MyServer -attr givenName sn badPwdCount
21) Find out Account Expiry date
dsquery user -name * -limit 0 | dsget user -samid -acctexpires
22) The command displays the DNS host name, the site name, and whether the server is Global Catalog (GC) server for each domain controller
dsquery server | dsget server -dnsname -site -isgc
23) Get all the servers in the forest
dsquery server -forest -limit 0 | dsget server -dnsname -site -isgc
24) Extract the all groups from an OU with Group Scope & Group Type. Find the below snap for your reference.
dsquery group "ou=test,dc=gs,dc=com" -limit 0 | dsget group -samid -scope -secgrp
25) How to find particular user attribute using LDAP Filter?
dsquery * -filter (samaccountname=biz) -attr name whenchanged
26) Get user information doing input file
FOR /F %a IN (C:\file.csv) DO dsquery user -samid "%a" | dsget user -fn –ln >> C:\result.csv
FOR /F %a IN (C:\temp\user.txt) DO dsquery group -samid "%a" | dsget group -members | dsget user -samid >> C:\temp\a.txt
dsquery * domainroot -filter "((objectCategory=Person)(objectClass=User)(sAMAccountName=Jon*))
-attr sAMAccountName userPrincipalName department
27) Add set of groups to user
FOR /F %a IN (C:\group.txt) DO dsquery user -samid apple | dsmod group %a -addmbr
28) Find computers DN
FOR /F %a IN (C:\computer.txt) DO dsquery computer -name %a
29) To get the user home directory
FOR /F %a IN (C:\user.txt) DO dsquery user -samid %a | dsget user -hmdir >> a.txt
30) To export all users in domain
"dsquery * -limit 0 -filter ""(&(objectCategory=person)(objectClass=user)
(!userAccountControl:1.2.840.113556.1.4.803:=2))"" -attr sAMAccountName displayName >>
a.txt"

Sunday 15 June 2014

Add domain group to local system/server Remote Desktop users Group and remove existing user which is associated with that group.

How to Add Trusted Sites into IE through Group Policy

How to Add Trust Sites into IE before IE10 through Group Policy

Create Registry value

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\test.com]

"Http"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\orange.com]

"Http"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\apple.com]

"Http"=dword:00000002

Save it to TrustedSites.reg

Create Regadd.cmd file

And type it below

Reg import trustedsites.reg

Save the file

Copy these two files to logon folder where you want to implement ex TEST OU Users – User Configuration-policies-windows settings-scripts-logon.

Friday 6 June 2014

User Account Lockouts Troubleshoot

User Account Lockouts:

1) Identify the user information which domain controller user NT Account belongs to.

2) Logon to the specific PDC server.

3) Filter the event id 644 (User account lock info & 675 bad password info).

4) Check if the user lockout information falls on the PDC, if user account locked out, you can see the information in the events and it will provide the Caller Machine Name, investigate the system which service is supplying bad password.

Typically the below reasons user passwords are getting locked out frequently.

Users Account Lockouts: Almost all User Account lockouts are due to a user changing their password and then encountering issues because the old password is still in use somewhere.

The user has been logged into another workstation or server from before the time they recently changed their password. Resolution: Logout, and then login with new password.
The user has a Terminal Service session opened with the previous password credentials. Resolution: Logon to the indicated server and close session or use Terminal Services Manager tool.
The user has a previously mapped a drive using the previous password credentials. Resolution: Recreate/Reset mapping with new credentials.
The user has a service running under the context of their user account with the previous password credentials. This service could be a standard service visible via the Services tool, or a scheduled job running via an AT job or Scheduled Jobs. Resolution: Find the service and update the credentials.
The indicated computer account has an application running that is utilizing the previous password.

When a local workstation is causing the lockouts, it may be necessary for the end-user to login while disconnected from the network and correct the issue. They may have to even use their previous password to gain access to the session.

Saturday 8 February 2014

Trouble Shooting Guide

User Temporary Profile issue

Your user profile was not loaded currently you have been logged on with a temporary profile, changes you make to this profile will be lost when you log off please see the event log for details or contact your administrator

Please refer this Microsoft article KB947242.

This something that normally happens in vista based system. When this happen you will see this following appear in your event logs.

Log name: application

Source: Microsoft windows user profile service

Event Id: 1511

Level: warning

Take this below option to solve this problem

Start

Run

Regedit

Hkey-Local-Machine + Software+ Microsoft+ Windows NT+ CurrentVersions+ ProfileList

Locate any subkeys named SID.BAK and delete them

Close regedit and reboot system.

User profiles troubleshoot?

If you are trying to determine why your user profile did not download properly, then you should activate USERENV.DLL’S logging feature and examine the log that it creates in

\windows\debug\usermode\userenv.log.

To enable USERENV.DLL logging, go to the sub key HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CurrentVersion\Winlogon and add a new entry called UserenvDebugLevel of type REG-DWORD. Set its Value to 3002 hex and reboot the system.

To diagnose the log please follow the below steps.

You will get log like below, chose the failed log to diagnose the issues.

USERENV(964.8d4) 13:14:39:557 ImpersonateUser: Failed to impersonate user with 5.

USERENV(964.8d4) 13:51:42:327 GetUserNameAndDomain Failed to impersonate user

Open Calc and change the View to Scientific. Change the type to Hex then enter 964 and hit the Decimal radio button. Now you will have a number, this is the PID for the process. Open Task Manager, go to View – Select Columns and put a check mark in the box for PID and hit OK and check the process name.

This way we will come to know the actual process getting failed.

NTLDR is missing file?

Boot Server using BOOT CD

Chose Repair Option

From the command prompt

Type [MAP] command, it will map your CD Drive. Go to CD Drive I386 folder. Copy that file into your C Drive.

Example: assume your CD Drive is E:

E:\I386\>copy ntldr c:\

Note:

Attrib –a –h –r –s ntldr

If you want to create a windows 2000 boot disk it should be contains the below files:

Ntldr

Ntdetect.com

Boot.ini

Ntbootdd.sys

Trouble Shooting Server Commands:

The process is simple:

Get to the windows recovery console for your particular windows installation navigate to the root letter of your installation (C: in most cases) issue eight commands called “Bootcfg / Rebuild” which is a complete diagnostic of the operating system loaded into the recovery console; the purpose of the command is to remove/replace/repair any system files that were preventing the operating system from loading correctly. Amongst the files it fixes are.

Windows hardware abstraction layer (HAL)

Corrupt registry Hives (\\Windows\system32\config\xxx)

Invalid boot.ini files

A corrupt ntoskrnl.exe

A missing NT Loader (NTLDR)

C:\CD

C:\attrib –h c:\boot.ini

C:\attrib –s c:\boot.ini

C:\attrib –r c:\boot.ini

C:\del boot.ini

C:\bootcfg /rebuild

C:\chkdsk /r /f

C:\fixboot

System Admin Tools

Tools Name	Description
Expart Utility	Dell expart utility we can extend the server drives (ex c )drive and application drives, without reboot. http://support.dell.com/support/downloads/download.aspx?c=us&cs=19&l=en&s=dhs&releaseid=R64398&formatcnt=2&fileid=83929
ERD Commander	we can change the administrator password if we forget and etc
Acronics	we can extend the drives etc
File Filler	File Filler it's tool for creating dummy file with amount of big file size. This tool we can use for network speed testing purpose. for transfering file between one location to another location and we can check the network speed overther.
Ultrasound	Ultrasound is a powerful tool that measures the functioning of FRS replica sets by providing health ratings and historical information of these sets. The Ultrasound tool is a sophisticated monitoring system that uses Windows Management Instrumentation (WMI) providers, a data collection service, a Microsoft SQL Server Desktop Engine (MSDE) database, and a powerful user interface. To download this program, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?FamilyID=61acb9b9-c354-4f98-a823-24cc0da73b50&DisplayLang=en
Robocopy	Robocopy is designed for reliable copy or mirroring of entire folders of any size, and in the copying process, ensure that all NTFS ACLS, attributes, owner information, alternate data streams, auditing information, timestamps and properties are copied except security information unless explicitly requested with /COPYALL switch. Robocopy Examples To use Robocopy is simple, just like how you would use Copy and Xcopy commands. For example, to copy entire folder of C:\Users to C:\UserBackup, simply type: Robocopy C:\Users C:\UserBackup
DumpACL	Please generate a report for the Active Directory security group NA\DPYUSWAUnigraphics. Query all folders/directories on the server DPYUSWAFPC03N2 where the security group has been granted access. Use DumpACL to get this report
DCGPOFIX	If you are implementing changer to your policy structure and would like to revert these polices to their original settings, you can use the DCGPOFIX utility to do so.

Windows Event IDs

Event ID	Descriptions
1076	Hot shutdown server event ID for windows server 2008.
6013	System up time information
1074	The process winlogon.exe has initiated the restart of computer
1280	Nic Agents
6008	Unexpected Reboot
11728	Microsoft Operations Manager 2005 Agent -- Configuration completed successfully.
644	Account locked out. Event id
675	Bad password information
1119	Global Catalog Event Viewer may show event ID 1119 in the Directory Service log. The Description for this event ID states that the computer is now advertising itself as a global catalog server.
1419	Infrastructure Master Rule Event Id 1419 will be logged in event viewer when the two rules exist in the same domain controller
560, 4663	One of the file has deleted in your file server, you need to check which user has been deleted that file and which system. How do you check the event viewer? In windows 2003 Event id is = 560 In windows 2008 Event id is = 4663

DHCP

Describe the lease process of the DHCP server?

DHCP Server leases the IP addresses to the clients as follows:

DORA

D (Discover): DHCP Client sends broadcast packets to identify the DHCP server; this packet will contain the source MAC.

O (Offer): Once the packet is received by the DHCP server, the server will send the packet containing Source IP and Source MAC.

R (Request): Client will now contact the DHCP server directly and request for the IP address.

A (Acknowledge): DHCP server will send an acknowledge packet which contains the IP address.

What is the DHCP Relay agent?

If you have routers separating some of your DHCP clients from the DHCP server you may have problems if they are not RFC compliant. This can be solved by placing a

DHCP relay agent on the local network area which is not actually a DHCP server which communicates on behalf of the DHCP Server. (The Relay agent component is live on windows 2003 Routing and Remote Access tool)

Why we want to use the conflict detection attempt our network?

Configure the DHCP server conflict detection attempts to 1

Explanation: when conflict detection attempts are set, the DHCP server uses the Packet Internet Groper (PING) process to test available scope IP addresses before including these addresses in DHCP lease offers to clients. A successful ping means the IP address is in use on the network. This results in the DHCP server not offering

To lease the address to A client.

If the ping request fails and times out, it indicates that the IP address is not in use on the network. In this case, the DHCP server offers to lease the address to a client. Each additional conflict detection attempt delays the DHCP server response by a second while for the ping request to time our. This in turn increases the load on the server. A value of no greater than two (2) is recommended for ping attempts

What is difference between scope and server options?

DHCP will manage multiple scope, each scope have different set of IP address and subnet and DNS and Gateway. If we want to supply unique DNS or WINS in our Network we can use Server Option the settings will be deploy all scope. If the scope does not require these settings, scope can use their own settings. If conflict occurs then scope settings will be take presidency.

Backup

What is the Archive Bit?

The archive bit is a small flag at the beginning of a file which indicates

Whether the file has changed since it was created. It’s most often used for backup programs which run on an incremental basis if the archive bit is set; the file has changed and so will be backed up. Once the file's been backed up, the archive bit is reset until you next open and change the file (for example, adding something to a Word document).

If the Archive bit is set -> the file has changed and so will be backed up.

Once the file is backed up -> the Archive bit is reset until next open and change the file.

For example: My backup plan (Sunday Normal and Monday to Saturday Differential)

1) Sunday I am running Normal back up in my network once the files are backed up the Archive Bit is cleared which state the file has been backed up.

2) The next to 6 days I am running differential backup (Differential backup copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared).

3) If I need to restore the Wednesday deleted files on Thursday I need last normal back tape and Monday to Wednesday Differential back tape.

How many types backup are there in windows?

The Backup utility supports five methods of backing up data on your computer or network.

Normal backup Copies all selected files and then resets the archive bit.

A normal backup copies all selected files and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you need only the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set.

Backing up your data using a combination of normal backups and incremental backups requires the least amount of storage space and is the quickest backup method. However, recovering files can be time-consuming and difficult because the backup set can be stored on several disks or tapes.

Backing up your data using a combination of normal backups and differential backups is more time-consuming, especially if your data changes frequently, but it is easier to restore the data because the backup set is usually stored on only a few disks or tapes.

Incremental backup Copies all selected files with the archive bit set and resets bit.

An incremental backup backs up only those files created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets in order to restore your data.

Differential backup Copies all selected files with the archive bit set but does not reset the bit.

Differential backup copies files created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup.

Copy backup Copies all selected files but does not rest the archive bit.

A copy backup copies all selected files but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

Daily backup Copies all selected files that were edited the day the backup was performed.

A daily backup copies all selected files that have been modified on the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).

How many backup features are there in windows 2008 server?

1) Windows GUI backup

2) Wbadmin command line backup

3) IFM backup using Ntdsutil

NTDSUTIL

Activate Instance NTDS

IFM

Create sysvol full F:\IFM (the vol will contains Active Directory, Registry, Sysvol) we can use him when we are promoting new DC.

Sysvol

What is the SYSVOL Folder?

FRS Service is responsible for SYSVOL and DFS Replication.

The SYSVOL folder stores the server’s copy of the domain public files. The folder contains such as group policy, users etc of the sysvol folder are replicated to all domain controller in the domain. The sysvol folder must be located on the NTFS Volume.

Junction point:

Is a physical location on a hard disk that points to data that is located elsewhere on the hard disk or on another storage device? Junction points look like folders and behave like folders but they are not folders. A junction point contains a link to another folder. When a program opens it, the junction point automatically redirects the program to the folder to which the junction point is linked

Staging Folder:

Whenever you change the GPO settings the corresponding policy folder in SYSVOL get updated and this change needs to be replicated to other replication members (Domain controller) how it’s happens? Staging folder acts like a queue for changed files and folders to be replicated to downstream partners.

FRS creates a file in staging folder by using APIs (backup application programming interfaces) based on the change and replicates to the downstream partners, downstream partners use restore APIs to reconstruct the staging files in the preinstall folder, full file get copied from staging folder to preinstall folder.

Preinstall folder :

Preinstall folder is nothing but the DO_NOT_REMOVE_NtFrs_PreInstall_Directory. Folder located under the replica root (Domain folder). Files and folders are replicated from the upstream partner staging folder. After the file or folder is completely replicated, it is renamed to its target location in the replica tree. So that partially constructed files are not visible in the replica tree

Pre-existing folder:

The pre-existing folder, named NtFrs_PreExisting___See EventLog, is an optional folder that is located under the replica root (Domain folder). It may not be available by default like others folders, If pre-existing folder is present on a replica member then mostly one of the below reasons.

• Active Directory Restore:

• SYSVOL Non-authoritative restore (also called D2):

• Server was pre-staged before it was added to the replica set

Mostly FRS moves existing data in the replica tree to the pre-existing folder and then receives the updated replica tree from one of the upstream partners and deletes the files inside the pre-existing folder after the successful completion of replication.

Policies Folder:

Policy folder contains the list of folders for each policy, if you create a new Group Policy it will create a Group policy templates folder on SYSVOL share under policy, it will contain the group policy setting related to that policy, GPT folder name would be Globally Unique Identifier (GUID) of the GPO that you created.

Scripts Folder:

Script Folder contains all the logon/logoff scripts which is used by the various policies

Monitoring Tool:

Ultrasound

Ultrasound is a powerful tool that measures the functioning of FRS replica sets by providing health ratings and historical information of these sets. The Ultrasound tool is a sophisticated monitoring system that uses Windows Management Instrumentation (WMI) providers, a data collection service, a Microsoft SQL Server Desktop Engine (MSDE) database, and a powerful user interface.

Rebuild SYSVOL using D4 and D2

How to force an authoritative (D4) good DC and non-authoritative (D2) bad DC synchronization

How to rebuild/recreate Active Directory SYSVOL and NETLOGON share... After domain controller migration from old to new you may face this problem..

Before proceed with this guide first check the health of DC by running dcdiag /q and repadmin /replsummary. If errors are not reported then proceed.

Before you begin, keep a backup of SYSVOL & NETLOGON on working DC.

Log on to working Domain Controller and Stop the File Replication Service.

Then open Registry editor (Regedit) and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup path and modify BurFlags attribute value to D4

And Start File Replication Service

Wait for File Replication event ID 13516

Event Descriptions

"The File Replication Service is no longer preventing the comptuer DCNAME from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL."

Now log in to problematic domain controller and stop the File Replication Service.

Go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" path and modify BurFlags attribute and change the value to D2

Start File Replication Service

And wait for File Replication event ID 13516

How To Know The Primary Member of A SYSVOL Replica Set?

This article explains how to determine the Primary Member of a SYSVOL Replica Set in an Active Directory domain.

The Primary Member is used by all the domain controllers to sync the SYSVOL Replica Set. The first DC in a domain is always the FRS Primary Member. This is useful when you want to perform a D4 operation on SYSVOL Replica Set.

Steps:

§ Log on to a DC.

§ Use ADSIEdit.msc snap-in

§ Navigate to the following location:

Domain NC > CN=System > CN=File Replication Service > CN=Domain System Volume (SYSVOL share) Properties

§ Go to Attribute Editor and check the attribute by name: fRSPrimaryMember

The above attribute will have the DC name on which the FRS was initially started and created the SYSVOL folder. If you ever encounter any problem and want to initate a D4/D2 operation on SYSVOL Replica Set then always use this DC as the Primary DC for D4 and other Domain Controllers as the D2. When you restart FRS, the D2 DCs will sync from the D4 DC.

What is the schema version

ü Windows Server 2012 56

ü Windows 2008 R2 47

ü Windows 2008 44

ü Windows 2003 R2 31

ü Windows 2003 30

ü Windows 2000 13

DNS 2

DNS Round Robin

DNS Round Robin is used to provide more than one IP address to a single hostname.

Each IP address represents a different physical host, and requests will be sent to each of the host in a rotation order.

Reverse NAME Resolution

Sometimes a computer needs to convert an IP address to DNS name. This conversion process is known as reverse name resolution.

The developers of the DNS created a special domain called in-addr.arpa that is specially designed for reverse name resolution.

ZONE TYPES

In windows 2003 supports 3 zones

ü Primary zone

ü Secondary zone

ü Stub zone

Primary Zone:

A primary zone contains the master copy of the zone database. The database is stored in the stored in the Active Directory database.

Secondary Zone:

A secondary zone a duplicate of a primary zone on another server contains a backup copy of the primary master zone database file stored as an identical text file on the local drive. You cannot modify the resource records in a secondary zone manually you can only update them by replicating the primary master zone database file using a process called a zone transfer. You should always create at least one secondary zone from each file based primary zone in your name space to provide fault tolerance and load balance the DNS traffic load.

Stub Zone:

A stub zone is a copy of a primary zone that contains SOA and NS resource records plus the HOST (A) resource records that identify the authoritative servers for the zone

Using Active Directory Integrated Zones?

When you are running the DNS server Service on a computer that is an Active Directory domain controller and you select the zone in active directory check box when creating a zone using the new zone wizard the server does not create a zone database file instead it stores the DNS resource records for the zone in the Active Directory database.

Aging and Scavenging:

The process that can be used by window server 2003 DNS to clean up the DNS to clean up the DNS database when resource records no longer required by default it is disabled.

How to verify SRV Records?

Verifying SRV records with NSLOOKUP.

CMD > NSLOOKUP

LS –T SRV domain

LS –T A Domain

WINS – Windows Internet Name Service?

It converts NETBIOS name to IP Addresses.

DNS server converts Host name to IP address.

NetBIOS name is 16 characters

15 character – system name

1 character – service name (DNS, DHCP, DC)

Command to check a system’s NetBIOS Name

Nbtstat – N

Ipconfig –all

WINS server uses LMHOST file which contains all systems NetBIOS name and its IP addresses.

Path – C:\windows\system32\drivers\etc\lmhost.sam

When a new system is added in the network, the LMHost file should be manually updated by the system administrator. It should be created in all systems.

But DNS server is using Dynamic DNS method, when a new system is added it will update host name and IP address automatically.

What is DDNS and why do I need it?

Dynamic DNS allows servers to dynamically update and create records in DNS.

NetBIOS name max length?

The NetBIOS naming convention allows for 16 characters in a NetBIOS name.

Microsoft however limits NetBIOS names to 15 characters and uses the 16 character as a NetBIOS suffix. The NetBIOS is used by Microsoft Networking software to identify functionality on the registered device.

Windows NT is using NetBIOS? True or false details?

Yes because Microsoft networking services running on Windows NT –based computer are identified by using NetBIOS names.

Windows 2000 supports NetBIOS or not?

Yes using WINS it allows a NetBIOS name to be converted to an IP address. Therefore computers using WINS must be using NBT (NetBIOS over TCP/IP). The purpose of WINS is to allow NetBIOS name to be converted to an IP address. Therefore using wins must be using NBT (NetBIOS over TCP/IP).

What is a Zone?

Zone is collection of records.

Types of zones

Forward lookup zone (Name to IP)

(A to PTR)

Reverse lookup zone (IP to Name)

(PTR to A)

Zone types

Active directory integrated

Primary zone

(Which store their zone information in a writable text file on the name Server?)

Secondary zone

(Which store their zone information in a read-only text file on the name server?)

Is there any option in windows 2000 stub zone?

NO, stub zone is introduced on windows 2003 server

Net BIOS Name:

The naming mechanism that was used to refer to a computer or domain in earlier versions of windows. It consists of a 15-character name and a sixteenth character that references a service. It usually matches the DNS name.

DNS Records short notes

Host A: A record resolves form a hostname to IP address.

Pointer (PTR): PTR records resolve from an IP address to a hostname.

Start of Authority (SOA): SOA resource record specifies the information required for replication.

Service Record (SRV): A SRV records resolves from a service name to a hostname and port.

Name Server (NS): NS record resolves from a domain name to hostname.

Mail Exchange (MX): it indicates the presence of a SMTP email server.

Your network contains of a single active directory domain named contoso.com. You have a server named server1 that runs custom network applications. Server1 has the following IP address:

192.168.15.10

192.168.15.11

You need to ensure that a client computer resolves server1.contoso.com to only the 192.168.15.11 IP address. What should you do from the computer?

Edit the hosts file.

Differences between the HOSTS and LMHOSTS files in Windows NT.

In Windows NT, the HOSTS file is for TCP/IP utilities and the LMHOSTS file is for LAN manager NET utilities. If you cannot ping another computer (using friendly name), check the hosts file. If you cannot NET VIEW a server using only the tcp/ip protocol, check the LMHOSTS file.

Hosts file

The hosts file is a common way to resolve a host name to an ip address through a locally stored text file that contains ip-address-to-host-name mappings. On most unix-based computers, this file is /etc/hosts. On windows based computers, this file is the host file in the systemroot\system32\drivers\etc folder.

The following describes the attributes of the host file for windows.

1) A single entry consists of an IP (IPV4 or IPV6) address and one or more host names.

2) The hosts file is dynamically loaded into the DNS client resolver cache, which windows sockets applications use to resolve a host name to an ip address on both local and remote subnets.

3) When you create entries in the hosts file and save it, its contents are automatically loaded into the DNS client resolver cache.

4) The hosts file can be edited with any text editor.

5) Each host name is limited to 255 characters

6) Entries in the hosts file for windows based computers are not case sensitive.

The advantage of using a hosts file is that users can customize it for themselves. Each user can create whatever entries they want, including easy-to-remember nicknames for frequently access resources. However the individual maintenance required for the hosts file does not scale well to storing large numbers of FQDN mappings or reflecting changes to ip address for servers and network resources. The solution for the large-scale storage and maintenance of FQDN mappings is DNS. The solution for the maintenance of FQDN mappings for changing IP address is DNS dynamic update.

Not LMHOSTS file.

The lmhosts file is a local text file that maps IP addresses to NetBios names of remote servers with which you want to communicate over the TCP/IP protocol. Windows recognizes names instead of IP addresses for network requests and name discovery process is used to correctly route network requests with tcp/ip. Because the name discovery process is generally not routed by an ip router, the lmhosts file allows windows machines to communicate using tcp/ip across a subnet.

1) LMHOSTS contains IP addresses to “NetBIOS over TCP/IP” name translations.

2) LMHOSTS is only used by the NBT (NetBIOS over TCP/IP) interface.

3) LMHOSTS file contains some valuable additions to the LAN manager and windows for workgroups LMHOSTS file, such as the ability to support routed domain logon validation.

4) LMHOSTS contains static information about TCP/IP addresses , but using logon scripts and or the replicator service, the “master” file can be distributed transparently across all stations.

5) By default the lmhosts file should be located in the directory %systemroor%\system32\drivers\etc (using c:\winnt\system32\drivers\etc)…

DNS (Domain Name System)

Note

Integrating a DNS Server Running Berkeley Internet Name Domain (BIND)

If you want to use a BIND DNS server to support Active Directory. It must be running version 8.12 or latter of the BIND software. Previous versions of BIND do not support the requirement for active directory.

How many root DNS servers are available in the world?

13 Root Servers are there.

What is DNS?

DNS stands for Domain Name System; this service is responsible for providing the hostname to IP address and IP address to hostname. DNS also interact with the AD for locate the servers that are providing the particular service to the clients.

What is the difference between DNS/WINS?

WINS and DNS are both name resolution Services.

DNS maps Hostnames to IP Address

Wins maps NetBIOS names to IP Address.

Hostnames can upto 255 characters in length by definition, while a NetBIOS name

Is a 16 byte address, the first 15 characters of your hostname plus an additional Character to identify a service?

DNS is the primary name resolution method in an Active Directory domain (2000 and

2003). Clients are configured with the address of a DNS server in their TCP/IP properties (manually or through DHCP). The clients then register their host names and IP addresses with this server, and domain controllers also register a list of the

Services that they offer (service records).Clients can then query DNS for a list of available domain controllers, or they can query DNS for the name or IP address of a PC to facilitate making a connection to it. You cannot install Active Directory without having DNS. DNS is that important...

WINS was the primary name resolution method before the introduction of Active Directory and Windows 2000. So networks that include older clients, find that they may still need to setup a WINS server on their network.

Resolving Host Names:-

On a computer running windows 2000 the table is named hosts, and it is located in the %System Root%\system32\drivers\etc folder.

What is Start of Authority (SOA)?

The SOA resource record identifies which name server is the authoritative source of information for data within this domain.
Name Server (NS):

The NS resource record identifies the name server that is the authority for the particular zone or domain.

Host (A):

The A resource records is the fundamental data unit of the DNS. This resource record has a single address field that contains the IP address associated with the system identified in the Name Field. Host resource records provide the name to IP mappings that DNS name servers use to perform name resolution.

Alias (CNAME)

The canonical name (CNAME) resource record is used to specify an alias or alternative name for the system specified in the name field. The resource record contains a single CNAME field that holds another name in the standard DNS naming format. You create CNAME resource records to use more than one name to point to a single IP address. For example you can host a file Transfer Protocol (FTP) server such as ftp.test.com and a web server such as a www.test.com on the same computer by creating an A record in the test.com domain for the host name www and a CNAME record equating the host name FTP with the A record for www.

Host Information (HINFO)

The HINFO resource record contains two fields called CPU and OS which contains values identifying the processor type and operating system used by the listed host. You can use this record type as a low-cast resource tracking tool.

Mail Exchange (MX):

A secondary but crucial function of the DNS is the direction of e-mail message to the appropriate mail server. The resource records in general use for e-mail transmission in the MX record.

The resource records contains two fields

Called Preference

The Preference field contains an integer value that indicates the relative priority of the resource records compared to other of the same type and class in the same domain the lower value higher priority.

Exchange

The Exchange field contains the name of a computer that is capable of acting as an

E-mail server for the domain specified in the name field.

MX Record is the Main Exchanger Record. This is a service record which specifies where the mails for a particular domain are to be delivered. There can be more than one MX record for a given Domain. This is to have one or more backup servers to which the mails can be delivered in the event the default server has failed for some reason. The MX records have a field for Priority number. This is mainly to specify which is the first server to which a Domains emails should be delivered and which falls next in the queue in the event the 1st server is down and thereon. The server which has the lowest priority number will be the default server to which the mail is delivered. The next lower priority server will be the 1st backup and the next the 2nd backup server and so on. CNAME Syntax: Itsyourip.com. IN MX 0 mail.pcsupport.x-host.uni.cc Where, IN indicates Internet MX indicates the Mail Exchanger Record The above indicates that mails for itsyourip.com are being delivered to the server mail.pcsupport.x-host.uni.cc. Wilcards can be used in the MX records to allow mails for all the hosts to be delivered to a particular host. For example, *. Itsyourip.com. IN MX 0 mail.pcsupport.x-host.uni.cc indicates that all emails for all the hosts (or sub domains) of itsyourip.com will be delivered to mail.pcsupport.x-host.uni.cc

Pointer (PTR)

The PTR resource record is the functional opposite of the A record providing an IP to Name mapping for the system identified in the name field using the in-addr-arpa domain name.

The PTR resource record contains a single PTR Name field which contains the FQDN of the system identified by the IP address in the name field.

When you create the appropriate reverse lookup zone on your DNS server you can create PTR resource records automatically with you’re A records.

Service (SRV)

The service resource (SRV) record enables clients to locate servers that are providing a particular service.

Name Caching

The other mechanism that speeds up the DNS name resolution process is name caching. Most DNS server implementation a cache of information they receive from other DNS servers.

Recursive vs. Iterative Queries

Contrasting Iterative and Recursive Queries:

To help explain the difference between these methods, let’s take a slide trip to a real world case. Suppose you are trying to find phone number of your old friend carol, with whom you have not spoken in years, you call your friend Joe; he does not have carol’s number, but he gives you John’s number, suggesting you call him. So you dial up john; he does not have the information but he knows the number of carol’s best friend, Debbie, and gives that to you. You call Debbie and she gives you carol’s information. This is an example of an Iterative process. In contrast, suppose you called Joe and Joe said,” I’ don’t know, but I think I know how to find out”. He called John and Debbie and called you back with phone number. That would be like Recursive Resolution.

Key Concept:-

The two method of Name resolution in DNS are Iterative resolution and recursive resolution in Iterative resolution. If a client sends a request to a name server that does not have the information the client needs, the server returns a pointer to a different name server and the client sends a new request to that server.

In recursive resolution, if a client sends as request to a server that does not have the requested information, that server takes on the responsibility for sending requests to other servers to find the necessary records the returns them to the client. A server doing this takes on the role client for its requests to other servers.

Recursive query

Ask server to get answer for you

E.g., request 1 and response 8

Iterative query

Ask server who to ask next

E.g., all other request-response pairs