Windows Server 2003 for Interview
Home⇒Computer Exam⇒ Windows Server 2003
IMP Port Number
15 – Netstat 21 – FTP 23 – Telnet 25 – SMTP 42 – WINS
53 – DNS 67 – Bootp 68 – DHCP 80 – HTTP 88 – Kerberos
101 – HOSTNAME 110 – POP3 119 – NNTP 123 – NTP (Network time protocol)
139 – NetBIOS 161 – SNMP 180 – RIS 389 – LDAP (Lightweight Directory Access
Protocol) 443 – HTTPS (HTTP over SSL/TLS) 520 – RIP 3389 – Terminal services
443 – SSL (https) (http protocol over TLS/SSL) 220 – IMAP3 3268 – AD Global Catalog
3269 – AD Global Catalog over SSL 500 – Internet Key Exchange, IKE (IPSec) (UDP 500)
Type of Backup- Normal, incremental, differential, copy, daily
Difference between Windows Server 2000 and Windows Server 2003
1) Domain rename is not possible in windows 2000
2) Windows 2k - IE 5 and Windows 2k3 - IE6
3) Terminal service are enhanced in win2k3
4) Windows 2k doesn't have 64 bit version
5) DNS Stub zone has introduced in win2k3.
6) Volume Shadow copying has introduced.
7) Schema version has changed from ver.13 to ver.30.
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.
Active Directory schema
One of the defining elements of a forest is a common schema. The schema is a definition of the types of objects that are allowed within a directory and the attributes that are associated with those objects. These definitions must be consistent across domains in order for the security policies and access rights to function correctly. There are two types of definitions within the schema: attributes and classes, also known as schema objects and metadata. Attributes are defined only once, and then can be applied to multiple classes as needed. The object classes, or metadata, are used to define objects. For example, the Users class requires certain attributes such as user name, password, groups, and so on. A particular user account is simply an Active Directory object that has those attributes defined. A class is simply a generic framework for objects. It is a collection of attributes, such as Logon Name and Home Directory for user accounts or Description and Network Address for computer accounts. Active Directory comes standard with a predefined set of attributes and classes that fit the needs for many network environments. In addition, network administrators can extend the schema by defining additional attributes and extending the classes within the directory.
Global Catalog Server
Domain controllers keep a complete copy of the Active Directory database for a domain, so that information about each object in the domain is readily available to users and services. This works well within a domain but poses problems when crossing domain trees. Active Directory solves this issue with a special limited database known as the global catalog. The global catalog stores partial replicas of the directories of other domains. The catalog is stored on domain controllers that have been designated as global catalog servers. These servers also maintain the normal database for their domain.
Within a multi domain environment that is running in Windows 2000 Native mode or the Windows Server 2003 functional level, a global catalog is required for logging on to the network. The global catalog provides universal group membership information for the user account that is attempting to log on to the network. If the global catalog is not available during the logon attempt and the user account is external to the local domain, the user will only be allowed to log on to the local machine.
When you add a global catalog server to a site, the Knowledge Consistency Checker (KCC) updates the replication topology, after which replication of partial domain directory partitions that are available within the site begins. Replication of partial domain directory partitions that are available only from other sites begins at the next scheduled interval.
Components that comprise the system state on a domain controller include:
· System Start-up Files (boot files). These are the files required for Windows 2000 Server to start.
· System registry.
· Class registration database of Component Services. The Component Object Model (COM) is a binary standard for writing component software in a distributed systems environment.
· SYSVOL. The system volume provides a default Active Directory location for files that must be shared for common access throughout a domain. The SYSVOL folder on a domain controller contains:
o NETLOGON shared folders. These usually host user logon scripts and Group Policy objects (GPOs) for non-Windows 2000based network clients.
o User logon scripts for Windows 2000 Professional based clients and clients that are running Windows 95, Windows 98, or Windows NT 4.0.
o Windows 2000 GPOs.
o File system junctions.
o File Replication service (FRS) staging directories and files that are required to be available and synchronized between domain controllers.
· Active Directory. Active Directory Database includes:
· Ntds.dit (Windows NT Directory Service): The Active Directory database.
o Edb.chk: The checkpoint file.
o Edb*.log: The transaction logs, each 10 megabytes (MB) in size.
o Res1.log and Res2.log: Reserved transaction logs.
Non-authoritative restore of Active Directory
A non-authoritative restore returns the domain controller to its state at the time of backup, then allows normal replication to overwrite that state with any changes that have occurred after the backup was taken. After you restore the system state, the domain controller queries its replication partners. The replication partners replicate any changes to the restored domain controller, ensuring that the domain controller has an accurate and updated copy of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, and you will use it in most situations that result from Active Directory data loss or corruption. To perform a non-authoritative restore, you must be able to start the domain controller in Directory Services Restore Mode.