Windows Server 2003 Technical Information
Netlogon share –
A share located only on Domain Controllers and contains GPOs,
scripts and .POL files for policy of Windows NT/98. The Netlogon
share replicates among all DCs in the Domain, and is accessible
for read only for the Everyone group, and Full Control for the
Domain Admins group. The Netlogon's real location is:
When a domain member computer boots up, it finds the DC and looks for the Netlogon share in it. To see what DC the computer used when it booted, you can go to the Run command and type %logonserver%\Netlogon. The content of the Netlogon share should be the same on all DCs in the domain.
Initiating Replication Using the Sites and Services Manager Snap-in
1. Click Start, point to Programs, point to Administrative
Tools, and then click Active Directory Sites and Services.
2. Expand the Sites container in the left pane. Expand the container that represents the name of the site containing the target server that needs to be synchronized with its replication partners.
3. Expand the Servers container, and then expand the target server to display the NTDS Settings object (an object that represents settings for the domain controller).
4. Click the NTDS Settings object. The connection objects in the right pane represent the target server's direct replication partners.
5. Right-click a connection object in the right pane, and then click Replicate Now. Windows 2000 initiates replication of any changes from the source server (the server represented by the connection object) to the target server for all directory partitions the target server is configured to replicate from the source server.
Distributed File System overview
With Distributed File System (DFS), system administrators can
make it easy for users to access and manage files that are
physically distributed across a network. With DFS, you can make
files distributed across multiple servers appear to users as if
they reside in one place on the network. Users no longer need to
know and specify the actual physical location of files in order
to access them.
For example, if you have marketing material scattered across multiple servers in a domain, you can use DFS to make it appear as though all of the material resides on a single server. This eliminates the need for users to go to multiple locations on the network to find the information they need.
Reasons for using DFS
You should consider implementing DFS if:
• You expect to add file servers or modify file locations.
• Users who access targets are distributed across a site or sites.
• Most users require access to multiple targets.
• Server load balancing could be improved by redistributing targets.
• Users require uninterrupted access to targets.
• Your organization has Web sites for either internal or external use.
In Windows 2000, there are three types of groups:
• Local groups: Groups that are defined on a local computer. Local groups are used on the local computer only. You create local groups with the Local Users And Groups utility.
• Security groups: Groups that can have security descriptors associated with them. You define security groups in domains using Active Directory Users And Computers.
• Distribution groups: Groups that are used as e-mail distribution lists. They can't have security descriptors associated with them. You define distribution groups in domains using Active Directory Users And Computers.
Groups can have different scopes—domain local, built-in
local, global, and universal. That is, the groups have different
areas in which they are valid.
• Domain local groups: Groups that are used to grant permissions within a single domain. Members of domain local groups can include only accounts (both user and computer accounts) and groups from the domain in which they are defined.
• Built-in local groups: Groups that have a special group scope that have domain local permissions and, for simplicity, are often referred to as domain local groups. The difference between built-in local groups and other groups is that built-in local groups can't be created or deleted. You can only modify built-in local groups. References to domain local groups apply to built-in local groups unless otherwise noted.
• Global groups: Groups that are used to grant permissions to objects in any domain in the domain tree or forest. Members of global groups can include only accounts and groups from the domain in which they are defined.
• Universal groups: Groups that are used to grant permissions on a wide scale throughout a domain tree or forest. Members of global groups include accounts and groups from any domain in the domain tree or forest.
What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global
domain groups for local domain resources. Global groups provide
access to resources in other trusted domains. Universal groups
grant access to resources in all trusted domains.
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol, or LDAP, is an
application protocol for querying and modifying directory
services running over TCP/IP.
A directory is a set of objects with attributes organized in a logical and hierarchical manner. A simple example is the telephone directory, which consists of a list of names (of either persons or organizations) organized alphabetically, with each name having an address and phone number associated with it.
An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries).
What kinds of updates does WSUS distribute?
WSUS distributes Microsoft critical updates, definition
updates (i.e. for Microsoft Outlook Junk E-mail filters and
Windows Defender), security updates, update rollups, and
specific tools like the Malicious Software Removal Tool.
Updates will be distributed for IT supported Windows operating systems and Microsoft Office. Though patches for additional Microsoft software such as SQL Express Edition, Forefront, and XML may be distributed by WSUS, this software is not supported by IT, and IT cannot guarantee that all applicable patches will be distributed to campus. Therefore, IT does not recommend that individuals running unsupported Microsoft software rely solely on WSUS to keep their computers up-to-date and secure.
Difference b/w SUS and WSUS
SUS did a great job of keeping Windows up to date, but WUS
will be able to update other products such as Microsoft
Office, Exchange Server and ISA Server. Eventually, WUS will be able to keep all current Microsoft server products
up to date.
Comparison of Windows Server 2003 Editions
Standard Edition: 4-GB RAM Maximum
Enterprise Edition: 32-GB RAM Maximum, 64-bit Support for Intel Itanium-based, Hot Add Memory
Datacenter Edition: 64-GB RAM Maximum, 64-bit Support for Intel Itanium-based, Hot Add Memory
Web Edition: 2-GB RAM Maximum
In Active Directory a single server always holds at least three directory partitions:
• The schema
• The configuration (replication topology and related metadata)
• One or more per-domain directory partitions (subtrees containing domain-specific objects in the directory)
The KCC and Replication Topology
The Knowledge Consistency Checker (KCC) uses site link
configuration information to enable and optimize replication
traffic by generating a least-cost replication topology. Within
a site, for each directory partition, the KCC builds a ring
topology that tries to set a maximum number of hops (3) between
any two domain controllers. Between sites, the KCC creates a
spanning tree of all intersite connections. Therefore, adding
sites and domains increases the processing that is required by
When domain controllers for the same domain are located in
different sites, at least one bridgehead server per directory
partition and per transport (IP or SMTP) replicates changes from
one site to a bridgehead server in another site. A single
bridgehead server can serve multiple partitions per transport
and multiple transports. Replication within the site allows
updates to flow between the bridgehead servers and the other
domain controllers in the site. Bridgehead servers help to
ensure that the data replicated across WAN links is not stale or