Explore topic-wise InterviewSolutions in .

The Boot.ini FILE is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default SETTINGS, USE the System OPTION in Control Panel from the ADVANCED tab and select Startup.

The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup.

When an application that RAN on an earlier LEGACY version of Windows cannot be loaded during the setup function or if it later malfunctions, you MUST RUN the compatibility mode function.

This is accomplished by right-clicking the application or setup program and selecting Properties -> Compatibility -> selecting the previously SUPPORTED operating system.

When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function.

This is accomplished by right-clicking the application or setup program and selecting Properties -> Compatibility -> selecting the previously supported operating system.

Win ME, Win 98, 2000, XP. 

Note, however, that you cannot upgrade from ME and 98 to WINDOWS SERVER 2003.

Win ME, Win 98, 2000, XP. 

Note, however, that you cannot upgrade from ME and 98 to Windows Server 2003.

Start -> CONTROL Panel -> NETWORK and INTERNET Connections -> Network Connections.

Start -> Control Panel -> Network and Internet Connections -> Network Connections.

Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next APPLICATION in the taskbar.

Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer.

Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M UNDOES MINIMIZATION. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.

Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar.

Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer.

Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.

The Active DIRECTORY replaces them. Now all DOMAIN controllers SHARE a multimaster peer-to-peer READ and write relationship that hosts COPIES of the Active Directory.

The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

Security-related modifications are replicated within a site immediately. These changes include ACCOUNT and individual user lockout POLICIES, changes to password policies, changes to computer account PASSWORDS, and modifications to the LOCAL Security AUTHORITY (LSA).

Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

When DC promotion occurs with an existing forest, the Active Directory INSTALLATION WIZARD contacts an existing DC to update the directory and REPLICATE from the DC the required portions of the directory.

If the wizard fails to LOCATE a DC, it performs debugging and reports what caused the failure and how to fix the PROBLEM. In order to be located on a network, every DC must register in DNS DC locator DNS records.

The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory.

If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records.

The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are ACQUIRED and naming continuity is desired.

Organizations form PARTNERSHIPS and joint ventures. While access to common resources is desired, a separately defined tree can enforce more DIRECT ADMINISTRATIVE and security restrictions.

Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired.

Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.

Four types of authentication are used ACROSS FORESTS: 

(1) Kerberos and NTLM network logon for remote ACCESS to a server in another forest; 
(2) Kerberos and NTLM interactive logon for physical logon outside the user's home forest; 
(3) Kerberos delegation to N-tier application in another forest; and 
(4) user principal name (UPN) CREDENTIALS.

Four types of authentication are used across forests: 

(1) Kerberos and NTLM network logon for remote access to a server in another forest; 
(2) Kerberos and NTLM interactive logon for physical logon outside the user's home forest; 
(3) Kerberos delegation to N-tier application in another forest; and 
(4) user principal name (UPN) credentials.

Active Directory Domains and Trusts Manager, Active Directory SITES and SERVICES Manager, Active Directory Users and Group Manager, Active Directory Replication (OPTIONAL, AVAILABLE from the RESOURCE Kit), Active Directory Schema Manager (optional, available from adminpak)

Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak)

Structural class:

The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are DEVELOPED from either the modification of an existing structural type or the USE of ONE or more abstract classes.

Abstract class:

Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.

Auxiliary class:

The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.

88 class:

The 88 class includes object classes defined prior to 1993, when the 1988 X.500 SPECIFICATION was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 ENVIRONMENTS.

Structural class:

The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.

Abstract class:

Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.

Auxiliary class:

The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.

88 class:

The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments.

Windows Server 2003 provides a command called Repadmin that provides the ability to DELETE lingering OBJECTS in the ACTIVE DIRECTORY.

Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.

The Global Catalog authentication network user LOGINS and fields inquiries about objects across a FOREST or tree. EVERY domain has at least one GC that is hosted on a domain controller. In WINDOWS 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

The Global Catalog authentication network user logins and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

When an ACCOUNT is created, it is given a UNIQUE ACCESS number known as a security identifier (SID). Every group to which the USER belongs has an associated SID.

The user and related group SIDs together form the user account's security token, which determines access levels to objects throughout the system and network.

SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.

When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID.

The user and related group SIDs together form the user account's security token, which determines access levels to objects throughout the system and network.

SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.

No. If you delete a USER ACCOUNT and attempt to recreate it with the same user name and PASSWORD, the SID will be different.

No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.

Credential Management feature of Windows SERVER 2003 PROVIDES a CONSISTENT single sign-on experience for users. This can be useful for roaming users who move between computer SYSTEMS. The Credential Management feature provides a secure store of user credentials that INCLUDES passwords and X.509 certificates.

Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure store of user credentials that includes passwords and X.509 certificates.

"Save password as encrypted clear TEXT" must be SELECTED on User PROPERTIES Account Tab Options, since the Macs only store their PASSWORDS that way.

"Save password as encrypted clear text" must be selected on User Properties Account Tab Options, since the Macs only store their passwords that way.

Dial-in, VPN, dial-in with CALLBACK.

Dial-in, VPN, dial-in with callback.

All the DOCUMENTS and environmental settings for the roaming USER are stored locally on the SYSTEM, and, when the user LOGS off, all changes to the locally stored profile are COPIED to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.

All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.

DOCUMENT and SETTINGS All USERS

Document and Settings All Users

JavaScript, VBSCRIPT, DOS BATCH FILES (.COM, .BAT, or even .exe)

JavaScript, VBScript, DOS batch files (.com, .bat, or even .exe)

A workgroup is an interconnection of a number of systems that share resources such as files &printers without a dedicated server .Each workgroup maintains a local DATABASE for USER accounts, SECURITY etc.

A domain, on the other hand is an interconnection of systems that share resources with one or more dedicated server, which can be used to control security and permissions for all users in the domain. Domain maintains a centralized database and hence a centralized management of user accounts, POLICIES etc are established.

If you have a user account on domain then you can LOG on to any system without user account on that particular system.

A workgroup is an interconnection of a number of systems that share resources such as files &printers without a dedicated server .Each workgroup maintains a local database for user accounts, security etc.

A domain, on the other hand is an interconnection of systems that share resources with one or more dedicated server, which can be used to control security and permissions for all users in the domain. Domain maintains a centralized database and hence a centralized management of user accounts, policies etc are established.

If you have a user account on domain then you can log on to any system without user account on that particular system.

To assign a domain user with local administrative right in any client of domain we should LOG in to the respected client SYSTEM then, Start->CONTROL panel->user accounts->give username, PASSWORD and name of domain->add->advanced->locations->find now->select others(in that select administrator user)->OK->next->ok.

To assign a domain user with local administrative right in any client of domain we should log in to the respected client system then, Start->control panel->user accounts->give username, password and name of domain->add->advanced->locations->find now->select others(in that select administrator user)->ok->next->ok.

Start->dsa.msc->double CLICK on users->right click on any users->properties->click on ACCOUNT->click on logon hours->logon DENIED->select time (by DRAGGING mouse)->click on logon permission->ok.

Start->dsa.msc->double click on users->right click on any users->properties->click on account->click on logon hours->logon denied->select time (by dragging mouse)->click on logon permission->ok.

The sysvol folder stores the SERVERS copy of the domains public files. The CONTENTS such as group policy, users ETC of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.

The sysvol folder stores the servers copy of the domains public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.

An object is a SET of attributes that represents a NETWORK resource, say a user, a computer, a group policy, etc and object attributes are characteristics of that object stored in the directory. Organizational units act as a container for objects. Objects can be arranged ACCORDING to security and administrative requirement in an organization. You can easily manage and locate objects after arranging them into organizational units. Administrator can delegate the authority to manage different organizational units and it can be nested to other organizational units. Create an OU if you want to:

► Create a COMPANY's structure and organization within a domain - Without OUs, all users are maintained and displayed in a single list, the Users container, regardless of a user's department, location, or role.

► Delegate administrative control - Grant administrative permissions to users or groups of users at the OU level.

► Accommodate potential changes in a company's organizational structure - Users can easily be reorganized between OUs, while reorganizing users between domains generally requires more time and effort.

► Group objects with similar network resources - This way it is easy to perform any administrative tasks. For example, all user accounts for temporary employees can be grouped in an OU.

► Restrict visibility - Users can view only the objects for which they have access.

An object is a set of attributes that represents a network resource, say a user, a computer, a group policy, etc and object attributes are characteristics of that object stored in the directory. Organizational units act as a container for objects. Objects can be arranged according to security and administrative requirement in an organization. You can easily manage and locate objects after arranging them into organizational units. Administrator can delegate the authority to manage different organizational units and it can be nested to other organizational units. Create an OU if you want to:

► Create a company's structure and organization within a domain - Without OUs, all users are maintained and displayed in a single list, the Users container, regardless of a user's department, location, or role.

► Delegate administrative control - Grant administrative permissions to users or groups of users at the OU level.

► Accommodate potential changes in a company's organizational structure - Users can easily be reorganized between OUs, while reorganizing users between domains generally requires more time and effort.

► Group objects with similar network resources - This way it is easy to perform any administrative tasks. For example, all user accounts for temporary employees can be grouped in an OU.

► Restrict visibility - Users can view only the objects for which they have access.

Windows Server 2003, Web Edition :- is mainly for building and hosting Web applications, Web pages, and XML Web Services.

Windows Server 2003, Standard Edition :- is aimed towards small to medium sized businesses. Flexible yet versatile, Standard Edition supports file and printer sharing, offers secure Internet connectivity, and allows centralized desktop application deployment

Windows Server 2003, Enterprise Edition :- is aimed towards medium to large businesses. It is a full-function server operating system that supports up to eight processors and provides enterprise-class features such as eight-node clustering using MICROSOFT Cluster Server (MSCS) SOFTWARE and support for up to 32 GB of memory.

Windows Server 2003, Datacenter Edition:- is the flagship of the Windows Server line and designed for immense infrastructures demanding high security and reliability.

Windows Server 2003, Compute Cluster Edition:- is designed for working with the most difficult computing problems that would require high performance computing clusters.

Windows Storage Server 2003:- is optimised to provide dedicated file and print sharing services. It is only available through OEMs when purchased pre-configured with network ATTACHED storage devices.

Windows Server 2003, Web Edition :- is mainly for building and hosting Web applications, Web pages, and XML Web Services.

Windows Server 2003, Standard Edition :- is aimed towards small to medium sized businesses. Flexible yet versatile, Standard Edition supports file and printer sharing, offers secure Internet connectivity, and allows centralized desktop application deployment

Windows Server 2003, Enterprise Edition :- is aimed towards medium to large businesses. It is a full-function server operating system that supports up to eight processors and provides enterprise-class features such as eight-node clustering using Microsoft Cluster Server (MSCS) software and support for up to 32 GB of memory.

Windows Server 2003, Datacenter Edition:- is the flagship of the Windows Server line and designed for immense infrastructures demanding high security and reliability.

Windows Server 2003, Compute Cluster Edition:- is designed for working with the most difficult computing problems that would require high performance computing clusters.

Windows Storage Server 2003:- is optimised to provide dedicated file and print sharing services. It is only available through OEMs when purchased pre-configured with network attached storage devices.

Domain Name System (or Service or Server), a service that resolves domain NAMES into IP addresses and vice versa. Because domain names are alphabetic, they're easier to remember.

The Internet however, is REALLY BASED on ip addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP ADDRESS. For example, the domain name www.example.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

Domain Name System (or Service or Server), a service that resolves domain names into IP addresses and vice versa. Because domain names are alphabetic, they're easier to remember.

The Internet however, is really based on ip addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

The KEY reason for integrating DNS and AD is efficiency. This is particularly true where you have lots of replication traffic. You can't resolve host names. You can't find SERVICES, like a domain controller.

The key reason for integrating DNS and AD is efficiency. This is particularly true where you have lots of replication traffic. You can't resolve host names. You can't find services, like a domain controller.

A (Host) record is used to RESOLVE NAME to IP address while PTR (POINTER) record is used to resolve ip address to name.

A (Host) record is used to resolve name to ip address while PTR (pointer) record is used to resolve ip address to name.

A DHCP server is the server that is responsible for assigning unique IP address to the computers on a network. No two computers (actually, no two network cards1 [even if two are in one computer]) can have the same IP address on a network at the same time or there will be CONFLICTS.

To that end, DHCP SERVERS will take a request from a computer that has just been added (or is renewing) to the network and assign it a unique IP address that is available. These assignments TYPICALLY only last for a limited time (an hour to a WEEK USUALLY) and so you are never guaranteed that the IP address for a particular computer will remain the same when using a DHCP (some DHCP servers allow you to specify that a computer gets the same address all the time however).

A DHCP server is the server that is responsible for assigning unique IP address to the computers on a network. No two computers (actually, no two network cards1 [even if two are in one computer]) can have the same IP address on a network at the same time or there will be conflicts.

To that end, DHCP servers will take a request from a computer that has just been added (or is renewing) to the network and assign it a unique IP address that is available. These assignments typically only last for a limited time (an hour to a week usually) and so you are never guaranteed that the IP address for a particular computer will remain the same when using a DHCP (some DHCP servers allow you to specify that a computer gets the same address all the time however).

A DHCP scope is a valid range of IP addresses which are AVAILABLE for assignments or lease to client COMPUTERS on a particular subnet. In a DHCP SERVER, you configure a scope to determine the address POOL of ip which the server can PROVIDE to DHCP clients.

Scopes determine which IP addresses are provided to the clients. Scopes should be defined and activated before DHCP clients use the DHCP server for its dynamic IP configuration. You can configure as many scopes on a DHCP server as is required in your network environment.

A DHCP scope is a valid range of IP addresses which are available for assignments or lease to client computers on a particular subnet. In a DHCP server, you configure a scope to determine the address pool of ip which the server can provide to DHCP clients.

Scopes determine which IP addresses are provided to the clients. Scopes should be defined and activated before DHCP clients use the DHCP server for its dynamic IP configuration. You can configure as many scopes on a DHCP server as is required in your network environment.

If you are using Active Directory-integrated DNS, then your DNS information is stored in Active Directory itself, and you'll NEED to BACK up the ENTIRE system state. If not, however, The Backup directory in the %SystemRoot%System32Dns folder contains backup information for the DNS CONFIGURATION and the DNS database.

If you are using Active Directory-integrated DNS, then your DNS information is stored in Active Directory itself, and you'll need to back up the entire system state. If not, however, The Backup directory in the %SystemRoot%System32Dns folder contains backup information for the DNS configuration and the DNS database.

The Backup directory in the %SystemRoot%System32DHCP folder contains backup information for the DHCP configuration and the DHCP database. By DEFAULT, the DHCP database is BACKED up EVERY 60 minutes automatically. To MANUALLY back up the DHCP database at any time, follow these steps:

1. In the DHCP console, right-click the server you want to back up, and then click Backup.
2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.

The Backup directory in the %SystemRoot%System32DHCP folder contains backup information for the DHCP configuration and the DHCP database. By default, the DHCP database is backed up every 60 minutes automatically. To manually back up the DHCP database at any time, follow these steps:

1. In the DHCP console, right-click the server you want to back up, and then click Backup.
2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.

Windows 2003 ACTIVE Directory data store, the ACTUAL database file, is %SystemRoot%ntdsNTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS.

The ESE has the capability to GROW to 16 terabytes which WOULD be large enough for 10 million objects.Only the Jet database can manipulate information within the AD DATASTORE.

Windows 2003 Active Directory data store, the actual database file, is %SystemRoot%ntdsNTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS.

The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects.Only the Jet database can manipulate information within the AD datastore.

Group policies are used by administrators to configure and control USER ENVIRONMENT settings. Group Policy OBJECTS (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs). Group policy MAY be blocked or set so it cannot be OVERRIDDEN. The default is for subobjects to inherit the policy of their parents. There is a maximum of 1000 applicable group policies.

Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs). Group policy may be blocked or set so it cannot be overridden. The default is for subobjects to inherit the policy of their parents. There is a maximum of 1000 applicable group policies.

The DEFAULT refresh INTERVAL for POLICIES is 90 MINUTES. The default refresh interval for domain controllers is 5 minutes. Group policy OBJECT's group policy refresh intervals may be changed in the group policy object.

The default refresh interval for policies is 90 minutes. The default refresh interval for domain controllers is 5 minutes. Group policy object's group policy refresh intervals may be changed in the group policy object.

Using hidden shares on your network is useful if you do not want a shared folder or drive on the network to be easily accessible. Hidden shares can add another layer of protection for shared files against unauthorized people connecting to your network.

Using hidden shares HELPS eliminate the chance for people to guess your password (or be LOGGED into an authorized Windows account) and then receive access to the shared RESOURCE.

Windows automatically shares hard DRIVES by default for administrative purposes. They are hidden shares named with the drive letter followed by a dollar sign (e.g., C$) and COMMENTED as Default Share.

Thus, certain networking and administrator functions and applications can work properly. Not that preventing Windows from creating these hidden or administrative shares by default each time your computer boots up takes a registry change.

Using hidden shares on your network is useful if you do not want a shared folder or drive on the network to be easily accessible. Hidden shares can add another layer of protection for shared files against unauthorized people connecting to your network.

Using hidden shares helps eliminate the chance for people to guess your password (or be logged into an authorized Windows account) and then receive access to the shared resource.

Windows automatically shares hard drives by default for administrative purposes. They are hidden shares named with the drive letter followed by a dollar sign (e.g., C$) and commented as Default Share.

Thus, certain networking and administrator functions and applications can work properly. Not that preventing Windows from creating these hidden or administrative shares by default each time your computer boots up takes a registry change.

RESERVATION USING MAC ADDRESS in DHCP.

Reservation using mac address in DHCP.

1. We can give easy name RESOLUTION to your clients.
2. By creating AD- integrated zone you can also TRACE hacker and spammer by creating reverse zone.
3. AD integrated zoned all for INCREMENTAL zone transfers which on transfer changes and not the ENTIRE zone. This reduces zone transfer traffic.
4. AD Integrated zones support both secure and dynamic updates.
5. AD integrated zones are STORED as part of the active directory and support domain-wide or forest-wide replication through application partitions in AD.

1. We can give easy name resolution to your clients.
2. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone.
3. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire zone. This reduces zone transfer traffic.
4. AD Integrated zones support both secure and dynamic updates.
5. AD integrated zones are stored as part of the active directory and support domain-wide or forest-wide replication through application partitions in AD.

You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003. Backing up the Active Directory is DONE on one or more of your Active Directory domain Controllers, and is PERFORMED by backing up the System State on those servers. The System State contains the local Registry, COM+ Class Registration Database, the System Boot FILES, certificates from Certificate Server (if it's installed), Cluster database (if it's installed), NTDS.DIT, and the SYSVOL folder. the TOMBSTONE is 60 days (Windows 2000/2003 DCs), or 180 days (Windows Server 2003 SP1 DCs).

You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.

Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.

Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.

Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version RECENTLY changed data on other domain controllers does not overwrite System State data during replication.

You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003. Backing up the Active Directory is done on one or more of your Active Directory domain Controllers, and is performed by backing up the System State on those servers. The System State contains the local Registry, COM+ Class Registration Database, the System Boot Files, certificates from Certificate Server (if it's installed), Cluster database (if it's installed), NTDS.DIT, and the SYSVOL folder. the tombstone is 60 days (Windows 2000/2003 DCs), or 180 days (Windows Server 2003 SP1 DCs).

You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.

Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.

Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.

Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version recently changed data on other domain controllers does not overwrite System State data during replication.

Microsoft Windows 2000 uses the Setpwd utility to RESET the DS RESTORE Mode password. In Microsoft Windows Server 2003, that functionality has been INTEGRATED into the NTDSUTIL tool. Note that you cannot use the PROCEDURE if the target server is running in DSRM.

Microsoft Windows 2000 uses the Setpwd utility to reset the DS Restore Mode password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure if the target server is running in DSRM.

In RUN USE the COMMAND ->dcpromo /forceremoval

In run use the command ->dcpromo /forceremoval

If your DNS SERVER fails, you can't resolve host names. You can't resolve DOMAIN controller IP Address.

If your DNS server fails, you can't resolve host names. You can't resolve domain controller IP Address.

The SYSVOL FOLDER stores the server's COPY of the DOMAIN's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.

The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.

The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict RUNNING certain applications on a machine. For Windows XP COMPUTERS that are not participating in a domain, you can USE the Local Security Settings snap-in to ACCESS Software Restriction Policies.

The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies.

START->RUN->DCPROMO

Start->Run->DCPROMO

Navigate DOMAIN USER PROPERTIES->give PATH in PROFILE tab in the format servernamesharename.

Navigate domain user properties->give path in profile tab in the format servernamesharename.

Disk Quota is a feature or service of NTFS which HELPS to restrict or manage the disk USAGE from the normal user. It can be implemented PER user user per volume basis.By default it is disabled. ADMINISTRATIVE privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.

Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis.By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.