Windows Server 2003 Technical Information
Netlogon share –
A share located only on Domain Controllers and contains GPOs,
scripts and .POL files for policy of Windows NT/98. The Netlogon
share replicates among all DCs in the Domain, and is accessible
for read only for the Everyone group, and Full Control for the
Domain Admins group. The Netlogon's real location is:
C:\WINDOWS\SYSVOL\sysvol\domain.com\SCRIPTS
When a domain
member computer boots up, it finds the DC and looks for the
Netlogon share in it. To see what DC the computer used when it
booted, you can go to the Run command and type
%logonserver%\Netlogon. The content of the Netlogon share should
be the same on all DCs in the domain.
Initiating
Replication Using the Sites and Services Manager Snap-in
1. Click Start, point to Programs, point to Administrative
Tools, and then click Active Directory Sites and Services.
2.
Expand the Sites container in the left pane. Expand the
container that represents the name of the site containing the
target server that needs to be synchronized with its replication
partners.
3. Expand the Servers container, and then expand
the target server to display the NTDS Settings object (an object
that represents settings for the domain controller).
4. Click
the NTDS Settings object. The connection objects in the right
pane represent the target server's direct replication partners.
5. Right-click a connection object in the right pane, and then
click Replicate Now. Windows 2000 initiates replication of any
changes from the source server (the server represented by the
connection object) to the target server for all directory
partitions the target server is configured to replicate from the
source server.
Distributed File System overview
With Distributed File System (DFS), system administrators can
make it easy for users to access and manage files that are
physically distributed across a network. With DFS, you can make
files distributed across multiple servers appear to users as if
they reside in one place on the network. Users no longer need to
know and specify the actual physical location of files in order
to access them.
For example, if you have marketing material
scattered across multiple servers in a domain, you can use DFS
to make it appear as though all of the material resides on a
single server. This eliminates the need for users to go to
multiple locations on the network to find the information they
need.
Reasons for using DFS
You should consider implementing DFS if:
• You expect to
add file servers or modify file locations.
• Users who access
targets are distributed across a site or sites.
• Most users
require access to multiple targets.
• Server load balancing
could be improved by redistributing targets.
• Users require
uninterrupted access to targets.
• Your organization has Web
sites for either internal or external use.
Group
Types
In Windows 2000, there are three types of groups:
•
Local groups: Groups that are defined on a
local computer. Local groups are used on the local computer
only. You create local groups with the Local Users And Groups
utility.
• Security groups: Groups that can
have security descriptors associated with them. You define
security groups in domains using Active Directory Users And
Computers.
• Distribution groups: Groups
that are used as e-mail distribution lists. They can't have
security descriptors associated with them. You define
distribution groups in domains using Active Directory Users And
Computers.
Group Scope
Groups can have different scopes—domain local, built-in
local, global, and universal. That is, the groups have different
areas in which they are valid.
• Domain local groups:
Groups that are used to grant permissions within a single
domain. Members of domain local groups can include only accounts
(both user and computer accounts) and groups from the domain in
which they are defined.
• Built-in local groups:
Groups that have a special group scope that have domain local
permissions and, for simplicity, are often referred to as domain
local groups. The difference between built-in local groups and
other groups is that built-in local groups can't be created or
deleted. You can only modify built-in local groups. References
to domain local groups apply to built-in local groups unless
otherwise noted.
• Global groups: Groups
that are used to grant permissions to objects in any domain in
the domain tree or forest. Members of global groups can include
only accounts and groups from the domain in which they are
defined.
• Universal groups: Groups that are
used to grant permissions on a wide scale throughout a domain
tree or forest. Members of global groups include accounts and
groups from any domain in the domain tree or forest.
What’s the difference between local, global and
universal groups?
Domain local groups assign access permissions to global
domain groups for local domain resources. Global groups provide
access to resources in other trusted domains. Universal groups
grant access to resources in all trusted domains.
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol, or LDAP, is an
application protocol for querying and modifying directory
services running over TCP/IP.
A directory is a set of
objects with attributes organized in a logical and hierarchical
manner. A simple example is the telephone directory, which
consists of a list of names (of either persons or organizations)
organized alphabetically, with each name having an address and
phone number associated with it.
An LDAP directory tree often
reflects various political, geographic, and/or organizational
boundaries, depending on the model chosen. LDAP deployments
today tend to use Domain name system (DNS) names for structuring
the topmost levels of the hierarchy. Deeper inside the directory
might appear entries representing people, organizational units,
printers, documents, groups of people or anything else that
represents a given tree entry (or multiple entries).
What kinds of updates does WSUS distribute?
WSUS distributes Microsoft critical updates, definition
updates (i.e. for Microsoft Outlook Junk E-mail filters and
Windows Defender), security updates, update rollups, and
specific tools like the Malicious Software Removal Tool.
Updates will be distributed for IT supported Windows operating
systems and Microsoft Office. Though patches for additional
Microsoft software such as SQL Express Edition, Forefront, and
XML may be distributed by WSUS, this software is not supported
by IT, and IT cannot guarantee that all applicable patches will
be distributed to campus. Therefore, IT does not recommend that
individuals running unsupported Microsoft software rely solely
on WSUS to keep their computers up-to-date and secure.
Difference b/w SUS and WSUS
SUS did a great job of keeping Windows up to date, but WUS
will be able to update other products such as Microsoft
Office, Exchange Server and ISA Server. Eventually, WUS will be
able to keep all current Microsoft server products
up to
date.
Comparison of Windows Server 2003 Editions
Standard Edition: 4-GB RAM Maximum
Enterprise Edition: 32-GB RAM Maximum, 64-bit
Support for Intel Itanium-based, Hot Add Memory
Datacenter Edition: 64-GB RAM Maximum, 64-bit Support
for Intel Itanium-based, Hot Add Memory
Web Edition:
2-GB RAM Maximum
In Active Directory a
single server always holds at least three directory partitions:
• The schema
• The configuration (replication topology and
related metadata)
• One or more per-domain directory
partitions (subtrees containing domain-specific objects in the
directory)
The KCC and Replication Topology
The Knowledge Consistency Checker (KCC) uses site link
configuration information to enable and optimize replication
traffic by generating a least-cost replication topology. Within
a site, for each directory partition, the KCC builds a ring
topology that tries to set a maximum number of hops (3) between
any two domain controllers. Between sites, the KCC creates a
spanning tree of all intersite connections. Therefore, adding
sites and domains increases the processing that is required by
the KCC.
Bridgehead Servers
When domain controllers for the same domain are located in
different sites, at least one bridgehead server per directory
partition and per transport (IP or SMTP) replicates changes from
one site to a bridgehead server in another site. A single
bridgehead server can serve multiple partitions per transport
and multiple transports. Replication within the site allows
updates to flow between the bridgehead servers and the other
domain controllers in the site. Bridgehead servers help to
ensure that the data replicated across WAN links is not stale or
redundant.
Practice Test Exam