Exchange Wipro-Infotech Interview Q-n-A
Q.1 What does the .edb and .stm file contain in Exchange 2000?
Answer:The .Edb File Contains All The Folders, Tables And Indexes For Messaging Data And Mapi Messages And Attachments The Stm File (New To Exchange 2000) Contains Internet Content In Its Native Format.
Note:- (*.Edb + *.Stm) + (*.Log) = Database
Q.2 Where is the Directory Service database stored in Exchange 5.5?
Answer: Dir.edb
Q.3 Mention the types of Routing Group Connectors in Exchange 2000?
Answer:
A Routing Group is a collection of Exchange servers that communicate with each other directly over the same internal network or reliable connection.
When multiple Routing Groups must be created, each individual group must be connected using one of three available Exchange connection types:
Routing Group Connector This connector is the default connector type. It can be used to connect a single or multiple Exchange bridgehead server for load balancing of message traffic.
SMTP Connector The SMTP connector uses the Simple Mail Transport Protocol to connect and communicate with remote Routing Groups, non-Exchange mail systems, and the Internet mail host.
X.400 Mail Connector Limited to a single local and remote host, the X.400 connector is primarily designed for communications between Exchange Server 2003 and X.400 mail systems.
Mixed Mode
When Exchange Server 2003 is in a mixed environment, Routing Groups can consist of only servers that had been installed directly into the Administrative Group where the Routing Group resides. Additional servers from other Administrative Groups cannot be added to the Routing Group.
Native Mode
After the functional level has been raised to Native Mode, Exchange servers can be managed and moved between Routing Groups.
Also, Routing Groups in a single Administrative Group can contain servers from other Administrative Groups.
Q.4 What are the features of Active Directory in Windows 2000?
Answer: Features of Active Directory in Windows 2000 can be categorised as
Manageability :-Centralized Management, Group Policy, Global Catalog,IntelliMirror Desktop Management, Automated Software Distribution, Active Directory Service Interfaces, Backward Compatibility, Delegated Administration,Multi-Master Replication
Security :-Kerberos Authentication, Smart Card Support, Transitive Domain Trust,PKI/x.509,LDAP over SSL, Required Authentication Mechanism ,Attribute-Level Security, Spanning Security Groups,LDAP ACL Support
Interoperability:-DirSync Support, Active Directory Connectors, Open APIs,Native LDAP,DNS Naming, Open Change History, DEA Platform, DEN Platform, Extensible Schema
Q.5 What are the features of Exchange 2003 over Exchange 2000?
Answer: - Better Anti-spam tools - comprehensive set of filters Improved Queue management Smoother integration with IIS Enhanced OWA. Now includes a spell checker and X509 certificates Outlook Mobile Access (OMA), which functions like OWA for devices Cached replication of Outlook 2003. Cached mode creates a local data file that Outlook uses for all foreground activity. It then contacts the Exchange server in the background. Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager) Deployment and migration tools
Q.7 How to restore Group policies?
Answer:-
A GPO is a container for policies that are applied on a domain. When you configure a domain, the domain creates a Default Domain Policy for itself. Each GPO that you create has a GUID. When you create a new user-defined GPO, the %SystemRoot%\Sysvol folder contains a folder that has the GUID as its name. This folder represents the newly created GPO. If you accidentally delete a GPO, the corresponding folder is automatically removed from the Sysvol folder. Back up the system state every day so that you can restore the policy files if you accidentally delete the GPO.
Method 1: Copy all the old policy files to a new GPO
To copy all the old policy files to a new GPO, follow these steps.Note To copy files from the old GPO to a new GPO, you must have the most recent system state backup that contains the Sysvol folder and the old GPO. Also, you must know the GUID of the old GPO.
1.
Restore the system state to an alternative location. To do this, follow these steps:
2.
Use Active Directory Users and Computers to create a new GPO. To do this, follow these steps:
3.
Copy all the policy files from the temporary folder to the newly created GPO. To do this, follow these steps:
Q.8 What is the function of NNTP service in Exchange 2000?
Answer:-While installing Exchange 2000, the system creates a default Network News Transfer Protocol (NNTP) virtual server. You can use this virtual server to house a feed from other newsgroups This Default NNTP virtual server can be used to create feeds to a Public Folder for storage (Internet Newsgroups). For other storage media (either a file system or remote share), you must create a new virtual server.
Network News Transfer Protocol
Because Network News Transfer Protocol (NNTP) is growing in popularity, it would be wise for us to take a brief look at the architecture of this protocol. We'll then discuss the more pragmatic aspects of administering NNTP on your network.
NNTP Architecture
NNTP specifies a way to distribute, query, retrieve, and post news articles on the Internet. A client wanting to retrieve a subset of articles from the database is called a subscriber. NNTP allows a subscriber to request a subset of articles rather than requiring the retrieval of all articles from the database. Before NNTP was developed, two methods of distributing news items were popular: Internet mailing lists and the Usenet news system.
An Internet mailing list, commonly known as a list server, distributes news by the use of distribution e-mail lists. A subscriber sends a message to the distribution list, and the message is e-mailed to all of the members of the list. But sending a separate copy of an e-mail to each subscriber can consume a large amount of disk space, bandwidth, and CPU resources. In addition, it can take from several minutes to several hours for the message to be fully distributed, depending on the size of the list and the physical resources available to propagate it. Maintaining the subscriber list also involves significant administrative effort, unless a third-party program is used to automate this function.
Storing and retrieving messages from a central location instead of sending an email to each subscriber can significantly reduce the use of these resources. The Usenet news system provides this alternative. In addition, Usenet allows a subscriber to select only those messages he or she wants to read and also provides indexing, cross-referencing, and message expiration.
NNTP is modeled on the Usenet news specifications in RFC 850, but it is designed to make fewer demands on the structure, content, and storage of the news articles. It runs as a background service on one host and can accept connections from other hosts on the LAN or over the Internet.
When a subscriber connects to an NNTP server, the subscriber issues the NEWSGROUPS command to determine whether any new newsgroups have been created on the server. If so, the server notifies the subscriber and gives the subscriber the opportunity to subscribe to the new newsgroups. After this, the subscriber is connected to the desired newsgroup and can use the NEWNEWS command to ask the server whether any new articles have been posted since the subscriber's last connection. The subscriber receives a list of new articles from the server and can request transmission of some or all of those articles. Finally, the subscriber can either reply to a news article or post a new article to the server by using the POST command.
NNTP uses TCP for its connections and SMTP-like commands and responses. The default TCP port for NNTP is 119. An NNTP command consists of a command word followed in some cases by a parameter, and commands are not case sensitive. Each line can contain only one command and may not exceed 512 characters, including spaces, punctuation, and the trailing CR–LF (carriage return/line feed) command. Commands cannot be continued on the next line.
Responses from the server can take the form of a text response or a status response. Text responses are displayed in the subscriber's client program, whereas status responses are interpreted by the client program before any display occurs.
Q.9.What is Recepient Update Service in Exchange 2000?
Answer:- Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory
Default Exchange organization will have two RUS objects
(a) Enterprise Configuration RUS :-responsible for the updating of the email addresses for the system objects such as the MTA & System Attendant.
(b) Domain RUS :-responsible for the updating of the address information for recipient objects in the domain that it is responsible for
Q.10 The function of the Default SMTP Virtual Server in Exchange 2000?
Answer:-
SMTP virtual server plays a critical role in mail delivery.SMTP virtual servers provide the Exchange mechanisms for managing SMTP. the default SMTP virtual server sends messages within a routing group. Additionally, if the server is a domain controller, Active Directory uses this virtual server for SMTP directory replication. An SMTP virtual server is defined by a unique combination of an IP address and port number. The default SMTP virtual server uses all available IP addresses on the server and uses port 25 for inbound connections. A single physical server can host many virtual servers.
Q.1 What is the Active Directory?
Ans: Active Directory stores information about resources on the network and makes it easy for users to locate, manage and use their resources.
Q.2 where is the Active Directory database located?
Ans: The Active Directory database is located in the
“%systemroot%\NTDS\NTDS.DIT”
It is based on Jet database.
Q.3 What is the Active Directory Schema?
Ans: 1. It is dynamically updatable.
2. It is dynamically available.
3. DACL.
Q.4 What is LDAP? What is the port for LDAP?
Ans: LDAP is a method of communication in Active Directory. LDAP is a directory service protocol that is used to query and update Active Directory.
Q.5 What is a tree?
Ans: A collection of domains which share a common namespace.
Q.6 What is the function of “%systemroot%\system32\dssec.dat” fie?
Ans: To delegate the right to unlock locked user accounts to a user or group in Active Directory, you must first make the right visible.
The %Systemroot%\System32\Dssec.dat file contains filters that control the whether a right is revealed, and can be written. Open Dssec.dat in Notepad and find [User]. Within [User], the lockoutTime entry is listed alphabetically. Change the mask from 7 to 0, yielding lockoutTime=0.
NOTE: The mask values appears to be:
0 - Read and Write of property unfiltered
1 - Read of property filtered
2 - Write of property filtered
7 - Filter out property.
Q.7 What are the core services in Exchange 5.5? Exlplain the order of starting the services?
Ans: 1. Directory service(DS): “net start msexchangeds”
2. Information Store(IS): “net start msexchangeis”
3. Message Transfer Agent(MTA): “net start msexchangemta”
4. Internet Mail Connector(IMC): “net start msexchangeimc”
5. “net start msexchangees”
Q.8 What is the size of Transaction log file?
Ans: 5 MB (Exxxx.log)
Q.9 IMC service in Exchange 5.5 does not start. Explain the necessary steps you would take to check and resolve the problem?
Ans: 1. Incorrectly configured Address Space.
2. Use a blank space in the Address Space field which will lets the Internet Mail Connector send mail to all recipients and provides a basic configuration on which to build after you know your service works. If you have entered anything in this box, try removing it and see if the IMC starts.
Q10. What are the core services in Exchange 2000? Explain the process of starting the services?
Ans: The core services are
Microsoft Exchange MTA Stack(msexchangemta).
Microsoft Exchange Information store(msexchangeis).
Microsoft Exchange Routing Engine(reSvc).
Microsoft Exchange Sysytem Attendant(msexchangesa).
Network News Transfer Protocol(NNTPSvc)
Simple Mail Transfer Protocol(SMTPSvc).
Q11. Explain the Hierarchy of the Exchange Management Console Program?
Ans: Organisation Name
Global Settings
Recepients
Administrative Groups
Tools
Q12. What is the latest service pack for Exchange 5.5 and Exchange 2000?
Ans: Exchange 5.5: SP4
Exchange 2000: SP4
Exchange 2003: SP2
Q14. What is RUS? Which service is responsible for the RUS?
Ans: The Recipient Update Service (RUS) is a component in the Exchange 2000 System Attendant service. The RUS creates and maintains Exchange 2000-specific attribute values in the Active Directory.
If you create a mailbox for a user, the RUS is responsible for the automatic generation of the user’s Simple Mail Transfer Protocol (SMTP) address and any other proxy addresses that you have defined for your recipients. However, in Active Directory Users and Computers tool, the proxy addresses are not displayed immediately because a short latency period occurs before the Recipient Update Service produces the new e-mail addresses. This latency occurs even if you have configured the RUS to run continuously.
After you install Exchange 2000, two instances of RUS are created:
The enterprise configuration RUS,
The domain RUS
There is only one instance of the enterprise RUS in the organization. You must have a RUS for each domain that contains mailbox-enabled users.
Each instance of the Domain RUS associates one Exchange 2003 computer(where the RUS runs) with one Windows 2000 or Windows 2003 Server Domain controller(where AD objects are updated).
Only one RUS can be associated with any Active Directory domain controller.
If you have multiple sites, you can also add multiple instances of the RUS for each domain. In this scenario, an instance of the RUS is hosted on a DC in each site, and mailbox creation does not depend on the inter-site replication schedule of the AD.
If you create a new mailbox-enabled user, that user cannot log on to their mailbox until the RUS has generated the new proxy e-mail addresses. If you set the RUS to run on a schedule, that user may have to wait a short period before they can use Exchange 2003.
To update addresses immediately, you can force the RUS to run manually.
Q15. What is a recipient policy, e-mail policy and mailbox manager policy?
Ans: Recipient policies are used in Exchange 2000 server to automatically control the generation of e-mail addresses for recipient objects
The following are recipient objects,
Mail-enables users
Contacts
Groups
Public Folders.
Recipient policies are similar to the “Site-Addressing” feature in Exchange 5.5, but are more flexible. For e.g. recipient policies allow you to create multiple addresses for a given address type.
They provide a set of LDAP-based filter rules. These rules allow you to select the set of recipients to which the recipient policy will apply.
Mailbox manager policy is the policy in which the Exchange Administrator has the ability to control the content of user’s mailbox.
Recipient policies are a set of configurable rules that run on a schedule and evaluate all the messaging-enabled objects in your Active Directory forest. The policy uses the rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules.
Q16. What is edb.chk file used for?
Ans: The checkpoint files are used to keep a track of transactions that are committed to the database after backup.
Q17. What is eseutil/d, eseutil/p, eseutil/g used for?
Ans: 1. Eseutil /d : Defragmentation
Eseutil /p : Repair
Eseutil /g : Integrity check
Q17. What is the temp.edb file?
Ans: The file TEMP.EDB is used to store transactions that are in progress. TEMP.EDB is also used for some transient storage during online compaction.
Q18. Explain the “LDIFDE” utility?
Ans: It allows you to import and export Active Directory content in LDIF format. LDIF files are composed of blocks of entries. An entry can add, modify, or delete an object. The first line of an entry is the distinguished name. The second line contains a changetype, which can be add, modify, or delete. If it is an object addition, the rest of the entry contains the attributes that should be initially set on the object (one per line). For object deletions, you do not need to specify any other attributes. And for object modifications, you need to specify at least three more lines. The first should contain the type of modification you want to perform on the object. This can be add (to set a previously unset attribute or to add a new value to a multivalued attribute), replace (to replace an existing value), or delete (to remove a value). The modification type should be followed by a colon and the attribute you want to perform the modification on. The next line should contain the name of the attribute followed by a colon, and the value for the attribute. For example, to replace the last name attribute with the value Smith, you'd use the following LDIF
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com
changetype: modify
replace: sn
sn: Smith
-
Modification entries must be followed by a line that only contains a hyphen (-). You can put additional modification actions following the hyphen, each separated by another hyphen. Here is a complete LDIF example that adds a jsmith user object and then modifies the givenName and sn attributes for that object:
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com
changetype: add
objectClass: user
samaccountname: jsmith
sn: JSmith
useraccountcontrol: 512
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com
changetype: modify
add: givenName
givenName: Jim
-
replace: sn
sn: Smith
-
Q13. Explain the Anatomy of a Domain, trust and a forest in the Active Directory?
Ans: 1. Anatomy of a Domain.
Domains are represented by domainDNS objects.
Q14. What are the 3 NC’s in a forest?
Ans: 1. The Forest Root Domain.
2. The Configuration NC.
3. The Schema NC.
Q15. What are the different partitions associated with a Forest?
Ans: 1. Configuration NC : Contains data that is applicable across all of the domains and, thus, is replicated to all domain controllers in the forest. Some of this data includes the site topology, list of partitions, published services, display specifiers, and extended rights.
Schema NC : Contains the objects that describe how data can be structured and stored in Active Directory. The classSchema objects in the Schema NC represent class definitions for objects. The attributeSchema objects describe what data can be stored with classes. The Schema NC is replicated to all domain controllers in a forest.
Domain NC : As described earlier, a domain is a naming context that holds domain-specific data including user, group, and computer objects.
Application partitions : Configurable partitions that can be rooted anywhere in the forest and can be replicated to any domain controller in the forest. These are not available with Windows 2000.
Q16. After successfully demoting a DC/removing the forest which commands help determine if all entries have been removed?
Ans:
> netsh wins server \\
> nslookup
> nslookup -type=SRV _ldap._tcp.gc._msdcs.
nslookup
Q17. What are the steps to remove a Domain from a Forest?
Ans: 1. Start from the last DC of the Domain.
Run “dcpromo”, and select the option “This server is the last domain controller in the domain”.
Note : If the domain you want to remove has subdomains, you have to remove the subdomains before proceeding.
After all domain controllers have been demoted and depending on how our environment is configured, you may need to remove WINS and NS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process.
Remove any trusts established for the domain.
Q18. You want to completely remove a domain that was orphaned because "This server is the last domain controller in the domain" was not selected when demoting the last domain controller, the domain was forcibly removed, or the last domain controller in the domain was decommissioned improperly. Explain the procedure?
Ans: The following ntdsutil commands (in bold) would forcibly remove the emea.rallencorp.com domain from the rallencorp.com forest. Replace
ntdsutil "meta clean" "s o t" conn "con to server
metadata cleanup: "s o t" "list domains"
Found 4 domain(s)
0 - DC=rallencorp,DC=com
1 - DC=amer,DC=rallencorp,DC=com
2 - DC=emea,DC=rallencorp,DC=com
3 - DC=apac,DC=rallencorp,DC=com
Select operation target: sel domain 2
No current site
Domain - DC=emea,DC=rallencorp,DC=com
No current server
No current Naming Context
Select operation target: q
metadata cleanup: remove sel domain
You will receive a message indicating whether the removal was successful.
Note: Removing an orphaned domain consists of removing the domain object for the domain (e.g., dc=emea,dc=rallencorp,dc=com), all of its child objects, and the associated crossRef object in the Partitions container. You need to target the Domain Naming FSMO when using the ntdsutil command because that server is responsible for creation and removal of domains.
In the solution, shortcut parameters were used to reduce the amount of typing necessary. If each parameter were typed out fully, the commands would look as follows:
ntdsutil "metadata cleanup" "select operation target" connections "connect to server
metadata cleanup: "select operation target" "list domains"
Found 4 domain(s)
0 - DC=rallencorp,DC=com
1 - DC=amer,DC=rallencorp,DC=com
2 - DC=emea,DC=rallencorp,DC=com
3 - DC=apac,DC=rallencorp,DC=com
Select operation target: select domain 2
No current site
Domain - DC=emea,DC=rallencorp,DC=com
No current server
No current Naming Context
Select operation target: quit
metadata cleanup: remove selected domain
Q19. You want to find the NetBIOS name of a domain. Although Microsoft has moved to using DNS for primary name resolution, the NetBIOS name of a domain is still important, especially with down-level clients that are still based on NetBIOS instead of DNS for naming. How can you achieve this?
Ans: A. Using Graphical User Interface:
Open the Active Directory Domains and Trusts snap-in.
Right-click the domain you want to view in the left pane and select Properties.
The NetBIOS name will be shown in the "Domain name (pre-Windows 2000)" field.
B. Using a Command-line Interface:
1. > dsquery * cn=partitions,cn=configuration,
Note: Each domain has a crossRef object that is used by Active Directory to generate referrals. Referrals are necessary when a client performs a query and the directory server handling the request does not have the matching object(s) in its domain. The NetBIOS name of a domain is stored in the domain's crossRef object in the Partitions container in the Configuration NC. Each crossRef object has a dnsRoot attribute, which is the fully qualified DNS name of the domain. The netBIOSName attribute contains the NetBIOS name for the domain.
Q20. You want to rename a domain due to organizational changes or legal restrictions because of an acquisition. Renaming a domain is a very involved process and should be done only when absolutely necessary. Changing the name of a domain can have an impact on everything from DNS, replication, and GPOs to DFS and Certificate Services. A domain rename also requires that all domain controllers and member computers in the domain are rebooted! Is it possible in Windows 2000?
Ans: Under Windows 2000, there is no supported process to rename a domain. There is one workaround for mixed-mode domains in which you revert the domain and any of its child domains back to Windows NT domains. This can be done by demoting all Windows 2000 domain controllers and leaving the Windows NT domain controllers in place. You could then reintroduce Windows 2000 domain controllers and use the new domain name when setting up Active Directory.
A domain rename procedure is supported if a forest is running all Windows Server 2003 domain controllers and is at the Windows Server 2003 forest functional level.
The tool is “rendom.exe”.
Q21. You want to create a one-way or two-way nontransitive trust from an AD domain to a Windows NT domain.How do we create a Trust Between a Windows NT Domain and an AD Domain ?
Ans. Using a graphical user interface:
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click the domain you want to add a trust for and select Properties.
Click on the Trusts tab.
Click the New Trust button.
After the New Trust Wizard opens, click Next.
Type the NetBIOS name of the NT domain and click Next.
Assuming the NT domain was resolvable via its NetBIOS name, the next screen will ask for the Direction of Trust. Select Two-way, One-way incoming, or One-way outgoing, and click Next.
If you selected Two-way or One-way Outgoing, you'll need to select the scope of authentication, which can be either Domain-wide or Selective, and click Next.
Enter and re-type the trust password and click Next.
Click Next twice to finish.
Using a command-line interface
> netdom trust
[/UserD:
[/UserO:
[/TWOWAY]
For example, to create a trust from the NT4 domain RALLENCORP_NT4 to the AD domain RALLENCORP, use the following command:
> netdom trust RALLENCORP_NT4 /Domain:RALLENCORP /ADD[RETURN]
/UserD:RALLENCORP\administrator /PasswordD:*[RETURN]
/UserO:RALLENCORP_NT4\administrator /PasswordO:*
You can make the trust bidirectional, i.e., two-way, by adding a /TwoWay switch to the example.
Q 22 .How to Create a Transitive Trust Between Two AD Forests ?
Ans: Using a graphical user interface
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right click the forest root domain and select Properties.
Click on the Trusts tab.
Click the New Trust button.
After the New Trust Wizard opens, click Next.
Type the DNS name of the AD forest and click Next.
Select Forest trust and click Next.
Complete the wizard by stepping through the rest of the configuration screens.
Using a command-line interface
> netdom trust
[/UserD:
[/UserO:
For example, to create a two-way forest trust from the AD forest rallencorp.com to the AD forest othercorp.com, use the following command:
> netdom trust rallencorp.com /Domain:othercorp.com /Twoway /Transitive /ADD[RETURN]
/UserD:administrator@othercorp.com /PasswordD:*[RETURN]
/UserO:administrator@rallencorp.com /PasswordO:*
Note: A new type of trust called a forest trust was introduced in Windows Server 2003. Under Windows 2000, if you wanted to create a fully trusted environment between two forests, you would have to set up individual external two-way trusts between every domain in both forests. If you have two forests with three domains each and wanted to set up a fully trusted model, you would need nine individual trusts. Figure 2-4 illustrates how this would look.
Figure 2-4. Trusts necessary for two Windows 2000 forests to trust each other
With a forest trust, you can define a single one-way or two-way transitive trust relationship that extends to all the domains in both forests. You may want to implement a forest trust if you merge or acquire a company and you want all of the new company's Active Directory resources to be accessible for users in your Active Directory environment and vice versa. Figure 2-5 shows a forest trust scenario. To create a forest trust, you need to use accounts from the Enterprise Admins group in each forest.
Figure 2-5. Trust necessary for two Windows Server 2003 forests to trust each other
Q23. You want to create a shortcut trust between two AD domains in the same forest or in different forests. Shortcut trusts can make the authentication process more efficient between two domains in a forest.
Q.23 How to View the Trusts for a Domain ?
Problem
You want to view the trusts for a domain.
Solution
Using a graphical user interface
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click the domain you want to view and select Properties.
Click on the Trusts tab.
Using a command-line interface
netdom query trust /Domain:
Q.23 How to Verify a Trust ?
Problem
You want to verify that a trust is working correctly. This is the first diagnostics step to take if users notify you that authentication to a remote domain appears to be failing.
Solution
Using a graphical user interface
For the Windows 2000 version of the Active Directory Domains and Trusts snap-in:
In the left pane, right-click on the trusting domain and select Properties.
Click the Trusts tab.
Click the domain that is associated with the trust you want to verify.
Click the Edit button.
Click the Verify button.
For the Windows Server 2003 version of the Active Directory Domains and Trusts snap-in:
In the left pane, right-click on the trusting domain and select Properties.
Click the Trusts tab.
Click the domain that is associated with the trust you want to verify.
Click the Properties button.
Click the Validate button.
Using a command-line interface
> netdom trust
[/UserO:
[/UserD:
Q25. How to Reset a Trust ?
Problem
You want to reset a trust password. If you've determined a trust is broken, you need to reset it, which will allow users to authenticate across it again.
Solution
Using a graphical user interface
Follow the same directions as Recipe 2.20. The option to reset the trust will only be presented if the Verify/Validate did not succeed.
Using a command-line interface
> netdom trust
[/UserO:
[/UserD:
Q26. How to Remove a Trust ?
Problem
You want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required.
Solution
Using a graphical user interface
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click on the trusting domain and select Properties.
Click the Trusts tab.
Click on the domain that is associated with the trust you want to remove.
Click the Remove button.
Click OK.
Using a command-line interface
> netdom trust
[/UserO:
[/UserD:
Q27 .How to Find Duplicate SIDs in a Domain ?
Problem
You want to find any duplicate SIDs in a domain. Generally, you should never find duplicate SIDs in a domain, but it is possible in some situations, such as when the relative identifier (RID) FSMO role owner has to be seized or you are migrating users from Windows NT domains.
Solution
Using a command-line interface
To find duplicate SIDs run the following command, replacing
> ntdsutil "sec acc man" "co to se
The following message will be returned:
Duplicate SID check completed successfully. Check dupsid.log for any duplicates
The dupsid.log file will be in the directory where you started ntdsutil.
If you want to delete any objects that have duplicate SIDs, you can use the following command:
> ntdsutil "sec acc man" "co to se
Like the check command, the clean command will generate a message like the following upon completion:
Duplicate SID cleanup completed successfully. Check dupsid.log for any duplicate
Q.28 How to Find the Domain Controllers for a Domain?
Problem
You want to find the domain controllers in a domain.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
Connect to the target domain.
Click on the Domain Controllers OU.
The list of domain controllers for the domain will be present in the right pane.
Using a command-line interface
> netdom query dc /Domain:
Q29. How to Find a Domain Controller's Site?
Problem
You need to determine the site of which a domain controller is a member.
Solution
Using a graphical user interface
Open LDP and from the menu, select Connection -Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389.
Click OK.
From the menu select Connection Bind.
Enter credentials of a domain user.
Click OK.
From the menu, select Browse Search.
For BaseDN, type the distinguished name of the Sites container (e.g., cn=sites,cn=configuration,dc=rallencorp, dc=com).
For Scope, select Subtree.
For Filter, enter:
(&(objectcategory=server)(dnsHostName=
Click Run.
Using a command-line interface
> nltest /dsgetsite /server:
Q 30. How to Move a Domain Controller to a Different Site?
Problem
You want to move a domain controller to a different site.
Solution
Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
In the left pane, expand the site that contains the domain controller.
Expand the Servers container.
Right-click on the domain controller you want to move and select Move.
In the Move Server box, select the site to which the domain controller will be moved and click OK.
Using a command-line interface
When using the dsmove command you must specify the DN of the object you want to move. In this case, it needs to be the distinguished name of the server object for the domain controller. The value for the -newparent option is the distinguished name of the Servers container you want to move the domain controller to.
> dsmove "
For example, the following command would move dc2 from the Default-First-Site-Name site to the Raleigh site.
> dsmove "cn=dc2,cn=servers,cn=Default-First-Site-Name,cn=sites,cn=configuration,[RETURN]
rallencorp" -newparent "cn=servers,cn=Raleigh,cn=sites,cn=configuration,rallencorp
Q31. How to Find the Global Catalog Servers in a Forest?
Problem
You want a list of the global catalog servers in a forest.
Solution
Using a graphical user interface
Open LDP and from the menu select Connection Connect.
For Server, enter the name of a DC.
For Port, enter 389.
Click OK.
From the menu select Connection Bind.
Enter credentials of a domain user.
Click OK.
From the menu select Browse Search.
For BaseDN, type the DN of the Sites container (e.g., cn=sites,cn=configuration,dc=rallencorp, dc=com).
For Scope, select Subtree.
For Filter, enter (&(objectcategory=ntdsdsa)(options=1)).
Click Run.
Using a command-line interface
> dsquery server -forest -isgc
Q32. How to Find Domain Controllers and Global Catalogs via DNS?
Problem
You want to find domain controllers or global catalogs using DNS lookups.
Solution
Domain controllers and global catalog servers are represented in DNS as SRV records. You can query SRV records using nslookup by setting the type=SRV, such as the following:
> nslookup
Default Server: dns01.rallencorp.com
Address: 10.1.2.3
> set type=SRV
You then need to issue the following query to retrieve all domain controllers for the specified domain.
> _ldap._tcp.
You can issue a similar query to retrieve global catalogs, but since they are forest-wide, the query is based on the forest name.
> _gc._tcp.
You can even find the domain controllers or global catalogs that are in a particular site or that cover a particular site by querying the following:
> _ldap._tcp.
> _gc._tcp.
See Recipe 11.18 for more information on site coverage.
Q33. How about Finding the FSMO Role Holders ????
3.25.1 Problem
You want to find the domain controllers that are acting as one of the FSMO roles.
3.25.2 Solution
3.25.2.1 Using a graphical user interface
For the Schema Master:
Open the Active Directory Schema snap-in.
Right-click on Active Directory Schema in the left pane and select Operations Master.
For the Domain Naming Master:
Open the Active Directory Domains and Trusts snap-in.
Right-click on Active Directory Domains and Trusts in the left pane and select Operations Master.
For the PDC Emulator, RID Master, and Infrastructure Master:
Open the Active Directory Users and Computers snap-in.
Make sure you've targeted the correct domain.
Right-click on Active Directory Users and Computers in the left pane and select Operations Master.
There are individual tabs for the PDC, RID, and Infrastructure roles.
3.25.2.2 Using a command-line interface
In the following command, you can leave out the /Domain
> netdom query fsmo /Domain:
For some reason, this command returns a "The parameter is incorrect" error on Windows Server 2003. Until that is resolved, you can use the dsquery server command shown here, where
> dsquery server -hasfsmo
Q34. How to Transfer a FSMO Role?
3.26.1 Problem
You want to transfer a FSMO role to a different domain controller. This may be necessary if you need to take a current FSMO role holder down for maintenance.
3.26.2 Solution
3.26.2.1 Using a graphical user interface
Use the same directions as described in Recipe 3.25 for viewing a specific FSMO, except target (i.e., right-click and select Connect to Domain Controller) the domain controller you want to transfer the FSMO to before selecting Operations Master.
Click the Change button.
Click OK twice.
You should then see a message stating whether the transfer was successful.
3.26.2.2 Using a command-line interface
The following would transfer the PDC Emulator role to
> ntdsutil roles conn "co t s
Q35. How to Seize a FSMO Role?
3.27.1 Problem
You need to seize a FSMO role because the current role holder is down and will not be restored.
3.27.2 Solution
3.27.2.1 Using a command-line interface
The following would seize the PDC Emulator role to
> ntdsutil roles conn "co t s
Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:
"seize domain naming master"
"seize infrastructure master"
"seize RID master"
"seize schema master"
Q36. How on Finding the PDC Emulator FSMO Role Owner via DNS?
3.28.1 Problem
You want to find the PDC Emulator for a domain using DNS.
3.28.2 Solution
3.28.2.1 Using a command-line interface
> nslookup -type=SRV _ldap._tcp.pdc._msdcs.
Q37. How toView the Attributes of an Object using LDP?
4.2.1 Problem
You want to view one or more attributes of an object using LDP
4.2.2 Solution
4.2.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller or domain that contains the object.
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user that can view the object (if necessary).
Click OK.
From the menu, select View Tree.
For BaseDN, type the DN of the object you want to view.
For Scope, select Base.
Click OK.
4.2.2.2 Using a command-line interface
> dsquery * "
For Windows 2000, use this command:
> enumprop "LDAP://
Q38. How to Use LDAP Controls?
4.3.1 Problem
You want to use an LDAP control as part of an LDAP operation.
4.3.2 Solution
4.3.2.1 Using a graphical user interface
Open LDP.
From the menu, select Options Controls.
For the Windows Server 2003 version of LDP, select the control you want to use under Load Predefined. The control should automatically be added to the list of Active Controls.
For the Windows 2000 version of LDP, you'll need to type the object identifier (OID) of the control under Object Identifier.
Enter the value for the control under Value.
Select whether the control is server- or client-side under Control Type.
Check the box beside Critical if the control is critical.
Click the Check-in button.
Click OK.
At this point, you will need to invoke the LDAP operation (for example, Search) that will use the control. In the dialog box for any operation, be sure that the "Extended" option is checked before initiating the operation.
Q39. How to use LDP for Searching for Objects in a Domain?
4.5.1 Problem
You want to find objects that match certain criteria in a domain.
4.5.2 Solution
4.5.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user.
Click OK.
From the menu, select Browse Search.
For BaseDN, type the base distinguished name where the search will start.
For Scope, select the appropriate scope.
For Filter, enter an LDAP filter.
Click Run.
4.5.2.2 Using a command-line interface
> dsquery *
Q40. How to use LDP for searching the Global Catalog?
4.6.1 Problem
You want to perform a forest-wide search using the global catalog.
4.6.2 Solution
4.6.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a global catalog server.
For Port, enter 3268.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user.
Click OK.
From the menu, select Browse Search.
For BaseDN, type the base distinguished name where to start the search.
For Scope, select the appropriate scope.
For Filter, enter an LDAP filter.
Click Run.
4.6.2.2 Using a command-line interface
> dsquery *
Q41 .How to Delegate Control of an OU?
5.9.1 Problem
You want to delegate administrative access of an OU to allow a group of users to manage objects in the OU.
5.9.2 Solution
5.9.2.1 Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the target OU, right-click on it, and select Delegate Control.
Select the users and/or groups to delegate control to by using the Add button and click Next.
Select the type of privilege to grant the users/groups and click Next.
Click Finish.
5.9.2.2 Using a command-line interface
ACLs can be set via a command-line with the dsacls utility from the Support Tools. See Recipe 14.10 for more information.
Q42. How to Link a GPO to an OU?
5.11.1 Problem
You want to apply the settings in a GPO to the users and/or computers within an OU, also known as linking the GPO to the OU.
5.11.2 Solution
5.11.2.1 Using a graphical user interface
Open the Group Policy Management (GPMC) snap-in.
Expand Forest in the left pane.
Expand Domain and navigate down to the OU in the domain you want to link the GPO to.
Right-click on the OU and select either Create and Link a GPO Here (if the GPO does not already exist) or Link an Existing GPO (if you have already created the GPO).
Q43. How to Create a Site?
11.1.1 Problem
You want to create a site.
11.1.2 Solution
11.1.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
Right-click on the Sites container and select New Site.
Beside Name, enter the name of the new site.
Under Link Name, select a site link for the site.
Click OK twice.
11.1.2.2 Using a command-line interface
Create an LDIF file called create_site.ldf with the following contents:
dn: cn=
changetype: add
objectclass: site
dn: cn=Licensing Site Settings,cn=
changetype: add
objectclass: licensingSiteSettings
dn: cn=NTDS Site Settings,cn=
changetype: add
objectclass: nTDSSiteSettings
dn: cn=Servers,cn=
changetype: add
objectclass: serversContainer
then run the following command:
> ldifde -v -i -f create_site.ldf
Q44. How to Create a Subnet?
11.4.1 Problem
You want to create a subnet.
11.4.2 Solution
11.4.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
Right-click on the Subnets container and select New Subnet.
Enter the Address and Mask and then select which site the subnet is part of.
Click OK.
11.4.2.2 Using a command-line interface
Create an LDIF file called create_subnet.ldf with the following contents:
dn: cn=
changetype: add
objectclass: subnet
siteObject: cn=
then run the following command:
> ldifde -v -i -f create_subnet.ldf
Q45. How to Create a Site Link ?
11.7.1 Problem
You want to create a site link to connect two or more sites together.
11.7.2 Solution
11.7.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
Expand the Sites container.
Expand the Inter-Site Transports container.
Right-click on IP (or SMTP) and select New Site Link.
For Name, enter the name for the site link.
Under Site is not in this site link, select at least two sites and click the Add button.
Click OK.
11.7.2.2 Using a command-line interface
The following LDIF would create a site link connecting the SJC and Dallas sites:
dn: cn=Dallas-SJC,cn=IP,cn=inter-site
transports,cn=sites,cn=configuration,
changetype: add
objectclass: siteLink
siteObject: cn=SJC,cn=sites,cn=configuration,
siteObject: cn=Dallas,cn=sites,cn=configuration,
If the LDIF file were named create_site_link.ldf, you'd then run the following command:
> ldifde -v -i -f create_site_link.ldf
Q46 .How to Create a Site Link Bridge ?
11.12.1 Problem
You want to create a site link bridge because you've disabled site link transitivity.
11.12.2 Solution
11.12.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
In the left pane, expand Sites Inter-Site Transports.
Right-click either the IP or SMTP folder depending which protocol you want to create a site link bridge for.
Select New Site Link Bridge.
Highlight two or more sites in the left box.
Click the Add button.
Click OK.
11.12.2.2 Using a command-line interface
Create an LDIF file called create_site_link_bridge.ldf with the following contents, where
dn: cn=
transports,cn=sites,cn=configuration,
changetype: add
objectclass: siteLinkBridge
siteLinkList: cn=
siteLinkList: cn=
Then run the following command:
> ldifde -v -i -f create_site_link_bridge.ldf
Q47. How to Find the Bridgehead Servers for a Site?
11.13.1 Problem
You want to find the bridgehead servers for a site.
11.13.2 Solution
11.13.2.1 Using a graphical user interface
Open the Replication Monitor from the Support Tools (replmon.exe).
From the menu, select View Options.
In the left pane, right-click on Monitored Servers and select Add Monitored Server.
Use the Add Monitored Server Wizard to add a server in the site you want to find the bridgehead server(s) for.
In the left pane, right-click on the server and select Show BridgeHead Servers In This Server's Site.
11.13.2.2 Using a command-line interface
> repadmin /bridgeheads [
The /bridgeheads option is valid only with the Windows Server 2003 version of repadmin. There is no such option in the Windows 2000 version.
11.13.2.3 Using VBScript
Q48. How to Move a Domain Controller to a Different Site?
Problem
You want to move a domain controller to a different site. This may be necessary if you promoted the domain controller without first adding its subnet to Active Directory. In that case, the domain controller will be added to the Default-First-Site-Name site.
Solution
Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
In the left pane, expand Sites, expand the site where the server you want to move is contained, and expand the Servers container.
Right-click on the server you want to move and select Move.
Select the site to move the server to.
Click OK.
Using a command-line interface
> dsmove "cn=
cn=sites,cn=configuration,
cn=sites,cn=configuration,
Q49. How to Configure a Domain Controller to Cover Multiple Sites?
11.17.1 Problem
You want to configure a domain controller to cover multiple sites, which will cause clients in those sites to use that domain controller for authentication and directory lookups.
11.17.2 Solution
11.17.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start Run.
In the left pane, expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Netlogon Parameters.
If the SiteCoverage value does not exist, right-click on Parameters in the left pane and select New Multi-String Value. For the name, enter SiteCoverage.
In the right pane, double-click on the value and on a separate line, enter each site the server should cover.
Click OK.
11.17.2.2 Using a command-line interface
> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]
"SiteCoverage" /t REG_MULTI_SZ /d
Q50. How to Trigger the KCC?
11.27.1 Problem
You want to trigger the KCC.
11.27.2 Solution
11.27.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
In the left pane, browse to the NTDS Settings object for the server you want to trigger the KCC for.
Right-click on NTDS Settings, select All Tasks, and Check Replication Topology.
Click OK.
11.27.2.2 Using a command-line interface
> repadmin /kcc
Q51. How to Determine if the KCC Is Completing Successfully?
11.28.1 Problem
You want to determine if the KCC is completing successfully.
11.28.2 Solution
11.28.2.1 Using a graphical user interface
Open the Event Viewer of the target domain controller.
Click on the Directory Service log.
In the right pane, click on the Source heading to sort by that column.
Scroll down to view any events with Source: NTDS KCC.
11.28.2.2 Using a command-line interface
The following command will display any KCC errors found in the Directory Service log:
> dcdiag /v /test:kccevent /s:
Q51. How to Disable the KCC for a Site?
11.29.1 Problem
You want to disable the KCC for a site and generate your own replication connections between domain controllers.
11.29.2 Solution
11.29.2.1 Using a graphical user interface
Open ADSI Edit.
Connect to the Configuration Naming Context if it is not already displayed.
In the left pane, browse the Configuration Naming Context Sites.
Click on the site you want to disable the KCC for.
In the right pane, double-click CN=NTDS Site Settings.
Modify the options attribute. To disable only intra-site topology generation, enable the 00001 bit (decimal 1). To disable inter-site topology generation, enable the 10000 bit (decimal 16). To disable both, enable the 10001 bits (decimal 17).
Click OK.
11.29.2.2 Using a command-line interface
You can disable the KCC for
dn: cn=NTDS Site Settings,
changetype: modify
replace: options
options:
-
If the LDIF file were named disable_kcc.ldf, you would run the following command:
> ldifde -v -i -f disable_kcc.ldf
Q52 . How to Change the Interval at Which the KCC Runs?
11.30.1 Problem
You want to change the interval at which the KCC runs.
11.30.2 Solution
11.30.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start Run.
Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters.
Right-click on Parameters and select New DWORD Value.
Enter the following for the name: Repl topology update period (secs).
Double-click on the new value and under Value data enter the KCC interval in number of seconds (900 is the default).
Click OK.
11.30.2.2 Using a command-line interface
> reg add HKLM\System\CurrentControlSet\Services\NTDS\Parameters /v "Repl topology[RETURN]
update period (secs)" /t REG_DWORD /d
Q53. How to Determine if Two Domain Controllers Are in Sync?
12.1.1 Problem
You want to determine if two domain controllers are in sync and have no objects to replicate to each other.
12.1.2 Solution
12.1.2.1 Using a command-line interface
By running the following two commands you can compare the up-to-dateness vector on the two DCs:
> repadmin /showutdvec
> repadmin /showutdvec
The Windows 2000 version of repadmin used a different syntax to accomplish the same thing. Here is the equivalent syntax:
> repadmin /showvector
> repadmin /showvector
Q54.How to View the Replication Status of Several Domain Controllers
12.2.1 Problem
You want to take a quick snap-shot of replication activity for one or more domain controllers.
12.2.2 Solution
12.2.2.1 Using a command-line interface
The following command will show the replication status of all the domain controllers in the forest:
> repadmin /replsum
You can also use * as a wildcard character to view the status of a subset of domain controllers. The following command will display the replication status of only the servers that begin with the name dc-rtp:
> repadmin /replsum dc-rtp*
Q55 . How to View Unreplicated Changes Between Two Domain Controllers?
12.3.1 Problem
You want to find the unreplicated changes between two domain controllers.
12.3.2 Solution
12.3.2.1 Using a graphical user interface
Open the Replication Monitor from the Support Tools (replmon.exe).
From the menu, select View Options.
On the General tab, check the box beside Show Transitive Replication Partners and Extended Data.
Click OK.
In the left pane, right-click on Monitored Servers and select Add Monitored Server.
Use the Add Monitored Server Wizard to add one of the domain controllers you want to compare (I'll call it dc1).
In the left pane, under the server you just added, expand the naming context that you want to check for unreplicated changes.
Right-click on the other domain controller you want to compare (I'll call it dc2) and select Check Current USN and Un-replicated Objects.
Enter credentials if necessary and click OK.
If some changes have not yet replicated from dc2 to dc1, a box will pop up that lists the unreplicated objects.
To find out what changes have yet to replicate from dc1 to dc2, repeat the same steps except add dc2 as a monitored server and check for unreplicated changes against dc1.
12.3.2.2 Using a command-line interface
Run the following two commands to find the differences between two domain controllers. Use the /statistics option to view a summary of the changes:
> repadmin /showchanges
> repadmin /showchanges
The Windows 2000 version of repadmin has a different syntax to accomplish the same thing. Here is the equivalent syntax:
> repadmin /getchanges
> repadmin /getchanges
Q 56.How to Force Replication from One Domain Controller to Another
12.4.1 Problem
You want to force replication between two partners.
12.4.2 Solution
12.4.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
Browse to the NTDS Setting object for the domain controller you want to replicate to.
In the right pane, right-click on the connection object to the domain controller you want to replicate from and select Replicate Now.
12.4.2.2 Using a command-line interface
The following command will perform a replication sync of the naming context specified by
> repadmin /replicate
The Windows 2000 version of repadmin has a different syntax to accomplish the same thing. Here is the equivalent syntax:
> repadmin /sync
Q57. How to Change the Intra-Site Replication Interval?
12.5.1 Problem
You want to change the number of seconds that a domain controller in a site waits before replicating within the site.
12.5.2 Solution
12.5.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start Run.
Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters.
If a value entry for Replicator notify pause after modify (secs) does not exist, right-click on Parameters and select New DWORD Value. For the name, enter: Replicator notify pause after modify (secs).
Double-click on the value and enter the number of seconds to wait before notifying intra-site replication partners.
Click OK.
12.5.2.2 Using a command-line interface
With the following command, change
> reg add HKLM\System\CurrentControlSet\Services\NTDS\Parameters /v "Replicator[RETURN]
notify pause after modify (secs)" /t REG_DWORD /d
Q58. How to Change the Inter-Site Replication Interval ?
12.6.1 Problem
You want to set the schedule for replication for a site link.
12.6.2 Solution
These solutions assume the IP transport, but the SMTP transport could be used as well.
12.6.2.1 Using a graphical user interface
Open the Active Directory Sites and Services snap-in.
Expand the Inter-Site Transport container.
Click on the IP container.
In the right pane, double-click on the site link you want to modify the replication interval for.
Enter the new interval beside Replicate every.
Click OK.
12.6.2.2 Using a command-line interface
To change the replication interval, create an LDIF file named set_link_rep_interval.ldf with the following contents:
dn: cn=
cn=configuration,
changetype: modify
replace: replInterval
replInterval:
-
then run the following command:
> ldifde -v -i -f set_link_rep_interval.ldf
Q59. How to Check for Potential Replication Problems?
12.8.1 Problem
You want to determine if replication is succeeding.
12.8.2 Solution
The following two commands will help identify problems with replication on a source domain controller:
> dcdiag /test:replications
> repadmin /showrepl /errorsonly
12.8.3 Discussion
For a more detailed report, you can use the Replication Monitor (replmon.exe). The Generate Status Report option will produce a lengthy report of site topology, replication information, and provide details on any errors encountered. The Directory Service event log can also be an invaluable source of replication and KCC problems.
Q60. How to Find Conflict Objects ?
12.11.1 Problem
You want to find conflict objects that are a result of replication collisions.
12.11.2 Solution
12.11.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389 or 3268 for the global catalog.
Click OK.
From the menu, select Connection Bind.
Enter credentials (if necessary) of a user that can view the object.
Click OK.
From the menu, select Browse Search.
For BaseDN, type the base DN from where you want to start the search.
For Scope, select the appropriate scope.
For Filter, enter ((cn=*\0ACNF:*)(ou=*\0ACNF:*)).
Click Run.
12.11.2.2 Using a command-line interface
The following command finds all conflict objects within the whole forest:
> dsquery * forestroot -gc -attr distinguishedName -scope subtree -filter[RETURN]
"((cn=*\0ACNF:*)(ou=*\0ACNF:*))"
Q61. How to View Object Metadata?
12.12.1 Problem
You want to view metadata for an object. The object's replPropertyMetaData attribute stores metadata information about the most recent updates to every attribute that has been set on the object.
12.12.2 Solution
12.12.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller or domain that contains the object.
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials (if necessary) of a user that can view the object.
Click OK.
From the menu, select Browse Replication View Metadata.
For Object DN, type the distinguished name of the object you want to view.
Click OK.
12.12.2.2 Using a command-line interface
In the following command, replace
> repadmin /showobjmeta
This command was called /showmeta in the Windows 2000 version of repadmin. Also, the parameters are switched in that version, where
1. What's the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups
for local domain resources. Global groups provide access to resources
in other trusted domains. Universal groups grant access to resources in
all trusted domains.
2. I am trying to create a new universal user group. Why can't I?
Universal groups are allowed only in native-mode Windows Server 2003
environments. Native mode requires that all domain controllers be
promoted to Windows Server 2003 Active Directory.
3. What is LSDOU?
It's group policy inheritance model, where the policies are applied
to Local machines, Sites, Domains and Organizational Units.
4. Why doesn't LSDOU work under Windows NT?
If the NTConfig.pol file exist, it has the highest priority among the
numerous policies.
5. Where are group policies stored?
%SystemRoot%System32\GroupPolicy
6. What is GPT and GPC?
Group policy template and group policy container.
7. Where is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
8. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
The computer settings take priority.
9. You want to set up remote installation procedure, but do not want
the user to gain access over it. What do you do?
gponame-> User Configuration-> Windows Settings-> Remote Installation Services->
Choice Options is your friend.
10. What's contained in administrative template conf.adm?
Microsoft NetMeeting policies
11. How can you restrict running certain applications on a machine?
Via group policy, security settings for the group, then Software
Restriction Policies.
12. You need to automatically install an app, but MSI file is not available. What do you do?
A .zap text file can be used to add applications using the Software
Installer, rather than the Windows Installer.
13. What's the difference between Software Installer and Windows Installer?
The former has fewer privileges and will probably require user
Intervention. Plus, it uses .zap files.
14. What can be restricted on Windows Server 2003 that wasn't there in previous products?
Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.
15. What does IntelliMirror do?
It helps to reconcile desktop settings, applications, and stored files
for users, particularly those who move between workstations or those
who must periodically work offline.
16. Where is secedit?
It's now gpupdate.
You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritance among the options when creating
the policy.
What is "tattooing" the Registry?
The user can view and modify user preferences that are not stored in
maintained portions of the Registry. If the group policy is removed or
changed, the user preference will persist in the Registry.
19. How do you fight tattooing in NT/2000 installations?
You can't.
20. How do you fight tattooing in 2003 installations?
User Configuration - Administrative Templates - System - Group Policy -
enable - Enforce Show Policies Only.
21. What does IntelliMirror do?
It helps to reconcile desktop settings,applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline.
22. What's the major difference between FAT and NTFS on a local machine?
FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.
23. How do FAT and NTFS differ in approach to user shares?
They don't, both have support for sharing.
24. Explan the List Folder Contents permission on the folder in NTFS.
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
25. I have a file to which the user has access, but he has no folder permission to read it. Can he access it?
It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can't drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run... window.
26. For a user in several groups, are Allow permissions restrictive or permissive?
Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission.
27. For a user in several groups, are Deny permissions restrictive or permissive?
Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions.
28. What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
29. What's the difference between standalone and fault-tolerant DFS (Distributed File System) installations?
The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders.
30. We're using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
31. Where exactly do fault-tolerant DFS shares store information in Active Directory?
In Partition Knowledge Table, which is then replicated to other domain controllers.
32. Can you use Start->Search with DFS shares?
Yes.
33. What problems can you have with DFS installed?
Two users opening the redundant copies of the file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated through DFS.
34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS.
Yeah, you can't. Install a standalone one.
35. Is Kerberos encryption symmetric or asymmetric?
Symmetric.
36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
Time stamp is attached to the initial client request, encrypted with the shared key.
37. What hashing algorithms are used in Windows 2003 Server?
RSA Data Security's Message Digest 5 (MD5), produces a 128-bit hash, and the
Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.
38. What third-party certificate exchange protocols are used by Windows 2003 Server?
Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with third-party certificate authorities.
39. What's the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it's the Administrator account, not any account that's part of the Administrators group.
40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists,specifically the ones using NTLMv1?
A cracker would launch a dictionary attack by hashing every imaginable term used for password and then compare the hashes.
41. What's the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.
42. How many passwords by default are remembered when you check "Enforce Password History Remembered"?
User's last 6 passwords.
Interview Question ‘N’ Answer Bank
Q.1 What is the latest Service Pack for Exchange 2000/Exchange 2003
Ans : Service Pack 3./ Service Pack 1
Q.2 What are the versions of ISA servers and their service packs?
Ans : ISA Server 2000 SP1
ISA Server 2004 SP1
Q.3 What are the core services that run a ISA server?
Ans : Microsoft ISA Server Control
Microsoft Web Proxy
Q.4 What is the function of the .edb and .stm files in Exchange 2000?
Ans: .edb files :-
Q.5 What is the core function of the Active directory Connector in Exchange 2000?
Ans: The ADC is the service that lets you perform directory synchronization between the Exchange Server 5.5 DS and AD. The ADC uses connection agreements (CAs) to define individual configurations for replication.
Q.6 What is the SRS service in Exchange 2000?
Ans : The SRS is an Exchange 2000 service that allows integration with Exchange Server 5.5 sites. The SRS runs on an Exchange 2000 server but presents itself as an Exchange Server 5.5 DS to other Exchange Server 5.5 servers. You can use the SRS only if you're running Exchange 2000 in mixed mode.
The SRS in Intrasite Replication :-
Figure 1.
Figure 1 shows an Exchange Server 5.5 site (i.e., a site that contains only Exchange Server 5.5 servers) with a CA homed against one of the servers, S4. The CA to the AD is well defined because it has a valid source of Exchange Server 5.5 directory information. The ADC obtains information from the Exchange Server 5.5 DS on server S4.
But what happens when you upgrade the server S4 from Exchange Server 5.5 to Exchange 2000? Upgrading compromises the integrity of the CA because S4 doesn't have an Exchange Server 5.5 DS (because Exchange 2000 uses AD), and the CA becomes unusable. Your only option is to rehome the Exchange Server 5.5 end of the CA to another server (e.g., server S5). This action would reestablish the integrity of the CA, but you would need to rehome this CA when you subsequently upgrade server S5 to Exchange 2000. This rehoming activity could repeat itself for some time unless you initially homed your CA against a server that you knew would be the last one in the site you migrate to Exchange 2000.
Retaining CA integrity. Let's assume that server S4 is the first Exchange Server 5.5 server in the site you're upgrading to Exchange 2000. This assumption satisfies one of the rules for enabling the SRS: You're upgrading the first server in the site. When you perform the upgrade in this situation, the SRS (which is the Exchange Server 5.5 DS in disguise) becomes active. And because the SRS takes part in Exchange Server 5.5 directory replication just like any other Exchange Server 5.5 service, it has a valid view of the Exchange Server 5.5 directory in its SRS database.
Figure 2.
Figure 2 shows the SRS active on S4.
Because the SRS is active on server S4, you can retain the existing CA that is homed against S4. Because the SRS is there, you have a valid source of Exchange Server 5.5 directory information, so you don't need to manually rehome the CA. Having one server that you know can always provide a source of Exchange Server 5.5 directory information is a big plus.
When you home a CA against a regular Exchange Server 5.5 server, you must bind the Exchange Server 5.5 end of the CA against the Lightweight Directory Access Protocol (LDAP) of the Exchange Server 5.5 DS. The ADC uses LDAP to access the Exchange Server 5.5 DS. By default, the Exchange Server 5.5 LDAP listens on port 389, but you can enable LDAP on another port (e.g., if you're running an Exchange Server 5.5 server on a Windows 2000 domain controller). AD on a Win2K domain controller also listens on port 389, and as Win2K is starting up, it seizes control of port 389 before the Exchange Server 5.5 DS can get to it.
The SRS behaves similarly. The SRS runs only on a Win2K system, and this system might be a domain controller. A CA always wants to connect to a source of Exchange Server 5.5 directory information over LDAP. To avoid confusion, the Exchange engineering team designed the SRS so that it offers its LDAP service from port 379. Therefore, if you had previously homed your CA against an Exchange Server 5.5 DS on port 389, you must modify the CA so that it now points to port 379 to get to the SRS DS. "More Tips for Using the Active Directory Connector," Reader to Reader, April 2000, explains how to change the LDAP port.
This modification requires only that you use the CA management tool to redirect the CA to a different port after the upgrade to Exchange 2000. However, this modification is a small change to an existing CA, compared with rehoming the CA to an altogether different server.
Within an Exchange Server 5.5 site, an Exchange Server 5.5 server communicates with other Exchange Server 5.5 servers to keep the information in its DS consistent with the information in the other Exchange Server 5.5 servers' directories. This behavior is the essence of intrasite replication. The component responsible for controlling this process is the Knowledge Consistency Checker (KCC)—which is on every Exchange Server 5.5 server. The KCC maintains a table of all Exchange Server 5.5 servers that take part in the replication chain.
As you upgrade many Exchange Server 5.5 servers in the site to Exchange 2000, most servers won't have the SRS enabled. In these cases, the upgrade code removes the entry for each respective server from the KCC table. For example, for the systems you see in Figure 2 (presuming that they're not bridgehead servers), the code removes servers S1, S2, S3, and S5 from the Exchange Server 5.5 intrasite replication chain. (More precisely, the code removes the servers' directory service agent—DSA—object from the KCC table.) Removing the servers' DSA ensures that they no longer take part in Exchange Server 5.5 intrasite replication because they're no longer Exchange Server 5.5 servers. If the upgrade process didn't remove these DSA objects from the KCC table, you'd see many errors in the event log, signifying that Exchange Server 5.5 directory replication failed against the newly upgraded servers.
The SRS in Intersite Replication :-
When you upgrade an Exchange Server 5.5 directory replication bridgehead server to Exchange 2000, the bridgehead server must maintain a means for communicating site information to its Exchange Server 5.5 bridgehead replication partner. The SRS provides this means because it appears to the replication partner as an Exchange Server 5.5 DS to communicate with.
Figure 3.
Two Exchange Server 5.5 directory replication bridgehead servers (S9 and S1) communicating across a DRC.
When you upgrade server S1 from Exchange Server 5.5 to Exchange 2000, as Figure 4 shows, the SRS becomes indispensable because once again, it reduces the administrative effort associated with upgrading servers. Because the pure Exchange Server 5.5 site (i.e., Site B) has no CA, all site and topology information for Site B must come from traditional Exchange Server 5.5 directory replication.
In the absence of an SRS service, you need to rehome Exchange Server 5.5 DRCs onto different servers as you upgrade bridgehead servers from Exchange Server 5.5. In this example, upgrading server S1 to Exchange 2000 without an SRS service would require rehoming the DRC to another server in the site (e.g., S2).
Components of the SRS even optimize CAs and DRCs. If a CA becomes available to Site B, Exchange can deliver directory information into that site two ways: across a DRC and through a CA. Exchange Server 5.5 directory replication is object-based, whereas replication through a CA is attribute-based. Therefore, using CAs to provide directory information is more efficient than using DRCs because attribute-based replication involves less data on the wire. If you use a CA, as Figure 5 shows, the SRS disables the DRC between the two Exchange Server 5.5 sites and uses ADC-based replication instead.
You can see that, with respect to intersite replication, the SRS is a useful tool. Without it, the management of DRCs would increase administrative overhead. The SRS proves its worth just for managing CAs within a site, but coupled with managing connections between Exchange Server 5.5 bridgehead servers, it's essential.
Behind a Bridgehead Server Upgrade :-
When you upgrade server S1 to Exchange 2000, the Setup program modifies the existing local dir.edb database (i.e., the traditional Exchange Server 5.5 DS), copies the new executables for the SRS service from the installation CD-ROM, and creates several objects in AD's configuration-naming context. (The configuration-naming context contains all Exchange 2000 configuration information.)
Specifically, an instance of an object of class ms-Exch-Site-Replication-Service within the Exchange tree in the AD configuration-naming context represents the SRS. Figure 6 shows an example of a default SRS object, Microsoft DSA, from ADSI Edit. ADSI Edit, part of the Microsoft Windows 2000 Resource Kit, is a useful tool for looking at objects, attributes, and their values in AD.
In this case (i.e., when S1 is the first Exchange 2000 server in the site), the Setup process also creates a Configuration Connection Agreement (ConfigCA) between AD and the new SRS service installed locally. The SRS takes on the ownership of the DRC to server S9. Because the SRS object in AD has a legacyExchangeDN attribute of /o=
The SRS connects to bridgehead server S9 over a DRC and to AD through a ConfigCA. The ConfigCA is two-way, replicating configuration information for the Exchange Server 5.5 view of Site A from the SRS to AD and back-replicating information for administrative group A (the Exchange 2000 view of the site) from AD to the SRS.
Q.7 Where are the NTFRS transactions stored?
Ans : In the Ntfrs.jdb Jet database and in a set of log files in the default paths %SystemRoot%\Ntfrs\Jet\Log.
Q.8 What are the different MS Exchange server 5.5. files that are installed after running setup?
Ans : 1. Private Information Store ( C:\exchsrvr\MDBDATA)
2. Public Information Store (C:\exchsrvr\MDBDATA)
3. Information Store Logs (C:\exchsrvr\MDBDATA)
4. Directory Service (C:\exchsrvr\DSADATA)
5. Directory Service Logs (C:\exchsrvr\DSADATA)
6. MTA (C:\exchsrvr\MDBDATA)
Q.9 What are the core MS exchange 5.5 services/components?
Ans :- 1. Directory Service (DS) Microsoft Exchange Directory
2. Microsoft Exchange Event Service
3. Information Store (IS) Microsoft Exchange Information Store
4. Message Transfer Agent (MTA)Microsoft Exchange Message Transfer Agent
5. System Attendant (SA) Microsoft Exchange System Attendant.
Q.10 What is the latest Service Pack for Windows NT Server 4.0?
Ans : Service pack 6a
Q.11 What is the latest Service Pack for Windows 2000 Server?
Ans : Windows 2000 Service Pack 4
Q.12 What is the IIS version on Win2K servers/W2K3 servers?
Ans : IIS 5.0 On Windows 2000 Server
IIS 6.0 On Windows 2003 Server
Q.13 What is the TCP/IP port for A Global Catalogue Server (GC)?
Ans : Port 3268
Q.14 Explain the Active Directory Log files?
Ans : The key files are:
ntds.dit
edb.log
res1.log
res2.log
edb.chk
When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t present, AD will use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in %systemroot%\NTDS, along with the other files we’ve discussed. During the installation of AD (by running DCpromo), you can specify that the log files and database files be installed in different locations, as shown in Figure 1.
Figure 1. The default locations for the Active Directory database and log files.
.1 What does the .edb and .stm file contain in Exchange 2000?
Answer:The .Edb File Contains All The Folders, Tables And Indexes For Messaging Data And Mapi Messages And Attachments The Stm File (New To Exchange 2000) Contains Internet Content In Its Native Format.
Note:- (*.Edb + *.Stm) + (*.Log) = Database
Q.2 Where is the Directory Service database stored in Exchange 5.5?
Answer: Dir.edb
Q.3 Mention the types of Routing Group Connectors in Exchange 2000?
ANSWER: Sanjay Sir Please Help ......
A Routing Group is a collection of Exchange servers that communicate with each other directly over the same internal network or reliable connection.
When multiple Routing Groups must be created, each individual group must be connected using one of three available Exchange connection types:
Routing Group Connector This connector is the default connector type. It can be used to connect a single or multiple Exchange bridgehead server for load balancing of message traffic.
SMTP Connector The SMTP connector uses the Simple Mail Transport Protocol to connect and communicate with remote Routing Groups, non-Exchange mail systems, and the Internet mail host.
X.400 Mail Connector Limited to a single local and remote host, the X.400 connector is primarily designed for communications between Exchange Server 2003 and X.400 mail systems.
Mixed Mode
When Exchange Server 2003 is in a mixed environment, Routing Groups can consist of only servers that had been installed directly into the Administrative Group where the Routing Group resides. Additional servers from other Administrative Groups cannot be added to the Routing Group.
Native Mode
After the functional level has been raised to Native Mode, Exchange servers can be managed and moved between Routing Groups.
Also, Routing Groups in a single Administrative Group can contain servers from other Administrative Groups.
Q.4 What are the features of Active Directory in Windows 2000?
ANSWER: Features of Active Directory in Windows 2000 Can be Categorized as
Manageability:-Centralized Management, Group Policy, Global Catalog, IntelliMirror Desktop Management, Automated Software Distribution, Active Directory Service Interfaces, Backward Compatibility, Delegated Administration,Multi-Master Replication
Security :-Kerberos Authentication, Smart Card Support, Transitive Domain Trust,PKI/x.509,LDAP over SSL, Required Authentication Mechanism ,Attribute-Level Security, Spanning Security Groups, DAP ACL Support
Interoperability:-DirSync Support, Active Directory Connectors, Open APIs,Native LDAP,DNS Naming, Open Change History, DEA Platform, DEN Platform, Extensible Schema
Q.5 What are the features of Exchange 2003 over Exchange 2000?
Answer:-Better Anti-spam tools - comprehensive set of filters Improved Queue management Smoother integration with IIS Enhanced OWA. Now includes a spell checker and X509 certificates Outlook Mobile Access (OMA), which functions like OWA for devices Cached replication of Outlook 2003. Cached mode creates a local data file that Outlook uses for all foreground activity. It then contacts the Exchange server in the background. Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager) Deployment and migration tools
Q.5 How will you upgrade from Exchange 2000 to Exchange 2003?
Answer:-http://www.microsoft.com/technet/prodtechnol/exchange/2003/upgrade.mspx
Q.6 What are the precautions to be taken before a disaster recovery in exchnage 2000?
Answer:-http://www.microsoft.com/downloads/details.aspx?FamilyID=6E55DD49-8A6C-4F30-947E-BDE95917F585&displaylang=en
Q.7 How to restore Group policies?
Answer:-
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dcgpofix.asp
dcgpofix
Backup and Restore
From GPMC, it is easy to perform backup and restore operations. Backup and restore operation options are context-sensitive, depending on where you are within the Group Policy Objects node.
Backup Individual GPO(s)
Click on the Group Policy Objects note to display all GPOs in the domain.
Select the target GPO(s) for backup. For multiple GPOs:
For a range of GPOs, select the first GPO, press SHIFT and click on the last GPO.
For multiple non-contiguous GPOs, select the first GPO, press CTRL and click on other GPOs.
Right-click and select Backup...
On the next window, speficy the backup directory and description and click Back Up.
Click OK when done.
Backup All GPOs
This operation is normally performed by domain administrators.
Select the Group Policy Object node.
Right-click and select Backup All...
Specify the backup directory and description and click Back Up.
Click OK when done.
Restore GPO
Within the Group Policy Object node, select the target GPO.
Right-click and select Restore from Backup... This will launch the Restore Group Policy Object Wizard.
Click Next.
Specify the correct backup folder location.
If multiple backups have been done, choose the correct backup version. The Source GPO window displays the GPO name, backup timestamp and description. You can also check the settings on the source GPO by clicking on the View Settings... button.
Click Next.
Click Finish when ready to restore.
Click OK when done. You have now restored the GPO.
Also check following link
http://support.microsoft.com/default.aspx?scid=kb;en-us;842252
Sanjay Sir .
Q.8 what is the function of NNTP service in Exchange 2000?Answer:-While installing Exchange 2000, the system creates a default Network News Transfer Protocol (NNTP) virtual server. You can use this virtual server to house a feed from other newsgroups This Default NNTP virtual server can be used to create feeds to a Public Folder for storage (Internet Newsgroups). For other storage media (either a file system or remote share), you must create a new virtual server.
NOTE:- Sir , Please Add Ur Inputs.....
Network News Transfer Protocol
Because Network News Transfer Protocol (NNTP) is growing in popularity, it would be wise for us to take a brief look at the architecture of this protocol. We'll then discuss the more pragmatic aspects of administering NNTP on your network.
NNTP Architecture
NNTP specifies a way to distribute, query, retrieve, and post news articles on the Internet. A client wanting to retrieve a subset of articles from the database is called a subscriber. NNTP allows a subscriber to request a subset of articles rather than requiring the retrieval of all articles from the database. Before NNTP was developed, two methods of distributing news items were popular: Internet mailing lists and the Usenet news system.
An Internet mailing list, commonly known as a list server, distributes news by the use of distribution e-mail lists. A subscriber sends a message to the distribution list, and the message is e-mailed to all of the members of the list. But sending a separate copy of an e-mail to each subscriber can consume a large amount of disk space, bandwidth, and CPU resources. In addition, it can take from several minutes to several hours for the message to be fully distributed, depending on the size of the list and the physical resources available to propagate it. Maintaining the subscriber list also involves significant administrative effort, unless a third-party program is used to automate this function.
Storing and retrieving messages from a central location instead of sending an email to each subscriber can significantly reduce the use of these resources. The Usenet news system provides this alternative. In addition, Usenet allows a subscriber to select only those messages he or she wants to read and also provides indexing, cross-referencing, and message expiration.
NNTP is modeled on the Usenet news specifications in RFC 850, but it is designed to make fewer demands on the structure, content, and storage of the news articles. It runs as a background service on one host and can accept connections from other hosts on the LAN or over the Internet.
When a subscriber connects to an NNTP server, the subscriber issues the NEWSGROUPS command to determine whether any new newsgroups have been created on the server. If so, the server notifies the subscriber and gives the subscriber the opportunity to subscribe to the new newsgroups. After this, the subscriber is connected to the desired newsgroup and can use the NEWNEWS command to ask the server whether any new articles have been posted since the subscriber's last connection. The subscriber receives a list of new articles from the server and can request transmission of some or all of those articles. Finally, the subscriber can either reply to a news article or post a new article to the server by using the POST command.
NNTP uses TCP for its connections and SMTP-like commands and responses. The default TCP port for NNTP is 119. An NNTP command consists of a command word followed in some cases by a parameter, and commands are not case sensitive. Each line can contain only one command and may not exceed 512 characters, including spaces, punctuation, and the trailing CR–LF (carriage return/line feed) command. Commands cannot be continued on the next line.
Responses from the server can take the form of a text response or a status response. Text responses are displayed in the subscriber's client program, whereas status responses are interpreted by the client program before any display occurs.
Q.9.What is Recipient Update Service in Exchange 2000?
Answer: - Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory
Default Exchange organization will have two RUS objects
(a) Enterprise Configuration RUS:-responsible for the updating of the email addresses for the system objects such as the MTA & System Attendant.
(b) Domain RUS:-responsible for the updating of the address information for recipient objects in the domain that it is responsible for
Q.10 The function of the Default SMTP Virtual Server in Exchange 2000?
Answer:-SMTP virtual server plays a critical role in mail delivery. SMTP virtual servers provide the Exchange mechanisms for managing SMTP. The default SMTP virtual server sends messages within a routing group. Additionally, if the server is a domain controller, Active Directory uses this virtual server for SMTP directory replication. An SMTP virtual server is defined by a unique combination of an IP address and port number. The default SMTP virtual server uses all available IP addresses on the server and uses port 25 for inbound connections. A single physical server can host many virtual servers
1 Backing Up Active Directory
16.1.1 Problem
You want to back up Active Directory to tape or disk.
16.1.2 Solution
Back up the System State, which includes the Active Directory-related files on the domain controller. Here are the directions for backing up the System State using the NtBackup utility that comes installed on Windows 2000 and Windows Server 2003 computers:
16.1.2.1 Using a graphical user interface
Go to Start All Programs (or Programs for Windows 2000) Accessories System Tools Backup.
Click the Advanced Mode link.
Click the Backup tab.
Check the box beside System State.
Check the box beside any other files, directories, or drives you would also like to back up.
For Backup destination, select either File or Tape depending on where you want to back up the data to.
For Backup media or file name, type either the name of a file or select the tape to save the backup to.
Click the Start Backup button twice.
16.1.2.2 Using a command-line interface
The NtBackup utility supports several command-line parameters that you can use to initiate backups without ever bringing up the GUI.
For the complete list of supported commands on Windows 2000, see MS KB 300439 (How to Use Command Line Parameters With the "Ntbackup" Command).
For the complete list of supported commands on Windows Server 2003, see MS KB 814583 (HOW TO: Use Command Line Parameters with the Ntbackup Command in Windows Server 2003).
2 Restarting a Domain Controller in Directory Services Restore Mode
16.2.1 Problem
You want to restart a domain controller in DS Restore Mode.
16.2.2 Solution
To enter DS Restore Mode, you must reboot the server at the console. Press F8 after the power-on self test (POST), which will bring up a menu, as shown in Figure 16-1. From the menu, select Directory Services Restore Mode.
Figure 16-1. Boot options
3.Resetting the Directory Service Restore Mode Administrator Password
16.3.1 Problem
You want to reset the DS Restore Mode administrator password. This password is set individually (i.e., not replicated) on each domain controller, and is initially configured when you promote the domain controller into a domain.
16.3.2 Solution
16.3.2.1 Using a graphical user interface
For this to work you must be booted into DS Restore Mode (see Recipe 16.2 for more information).
Go to Start Run.
Type compmgmt.msc and press Enter.
In the left pane, expand System Tools Local Users and Computers.
Click on the Users folder.
In the right pane, right-click on the Administrator user and select Set Password.
Enter the new password and confirm, then click OK.
16.3.2.2 Using a command-line interface
With the Windows Server 2003 version of ntdsutil, you can change the DS Restore Mode administrator password of a domain controller while it is live (i.e., not in DS Restore Mode). Another benefit of this new option is that you can run it against a remote domain controller. Here is the sample output when run against domain controller DC1.
> ntdsutil "set dsrm password" "reset password on server DC1"
ntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server DC1
Please type password for DS Restore Mode Administrator Account: **********
Please confirm new password: **********
Password has been set successfully.
Microsoft added a new command in Windows 2000 Service Pack 2 and later called setpwd. It works similarly to the Windows Server 2003 version of ntdsutil by allowing you to reset the DS Restore Mode password while a domain controller is live. It can also be used remotely.
4 Performing a Non authoritative Restore
16.4.1 Problem
You want to perform a nonauthoritative restore of a domain controller. This can be useful if you want to quickly restore a domain controller that failed due to a hardware problem.
16.4.2 Solution
16.4.2.1 Using a graphical user interface
You must first reboot into Directory Services Restore Mode (see Recipe 16.2 for more information).
Open the NT Backup utility; go to Start All Programs (or Programs for Windows 2000) Accessories System Tools Backup.
Click the Advanced Mode link.
Under the Welcome tab, click the Restore Wizard button and click Next.
Check the box beside System State and any other drives you want to restore and click Next.
Click the Advanced button.
Select Original location for Restore files to.
For the How to Restore option, select Replace existing files and click Next.
For the Advanced Restore Options, be sure that the following are checked: Restore Security Settings, Restore junction points, and Preserve existing mount volume points. Then click Next.
Click Finish.
Restart the computer.
5 Performing an Authoritative Restore of an Object or Sub tree
16.5.1 Problem
You want to perform an authoritative restore of one or more objects, but not the entire Active Directory database.
16.5.2 Solution
Follow the same steps as Recipe 16.4, except after the restore has completed, do not restart the computer.
To restore a single object, run the following:
> ntdsutil "auth restore" "restore object cn=jsmith,ou=Sales,dc=rallencorp,dc=com" q
To restore an entire subtree, run the following:
> ntdsutil "auth restore" "restore subtree ou=Sales,dc=rallencorp,dc=com" q
Restart the computer.
There are some issues related to restoring user, group, computer, and trust objects that you should be aware of. See MS KB 216243 and MS KB 280079 for more information.
6 Performing a Complete Authoritative Restore
16.6.1 Problem
You want to perform a complete authoritative restore of the Active Directory database because something very bad has happened.
16.6.2 Solution
Follow the same steps as Recipe 16.4, except after the restore has completed, do not restart the computer.
Run the following command to restore the entire database:
> ntdsutil "auth restore" "restore database" q
Restart the computer.
7 Checking the DIT File's Integrity
16.7.1 Problem
You want to check the integrity and semantics of the DIT file to verify there is no corruption or bad entries.
16.7.2 Solution
16.7.2.1 Using a command-line interface
First, reboot into Directory Services Restore Mode. Then run the following commands:
> ntdsutil files integrity q q
> ntdsutil "semantic database analysis" "verbose on" go
8 Moving the DIT Files
16.8.1 Problem
You want to move the Active Directory DIT files to a new drive to improve performance or capacity.
16.8.2 Solution
16.8.2.1 Using a command-line interface
First, reboot into DS Restore Mode. Then, run the following commands, in which
> ntdsutil files "move db to
> ntdsutil files "move logs to
9 Repairing or Recovering the DIT
16.9.1 Problem
You need to repair or perform a soft recovery of the Active Directory DIT because a power failure or some other failure caused the domain controller to enter an unstable state.
16.9.2 Solution
16.9.2.1 Using a command-line interface
First, reboot into DS Restore Mode.
Run the following command to perform a soft recovery of the transaction log files:
> ntdsutil files recover q q
If you continue to experience errors, you may need to run a repair, which does a low level repair of the database, but can result in loss of data:
> ntdsutil files repair q q
If either the recover or repair are successful, you should then check the integrity (see Recipe 16.7).
10 Performing an Online Defrag Manually
16.10.1 Problem
You want to initiate an online defragmentation. This can be useful if you want to expedite the defrag process after deleting a bunch of objects.
16.10.2 Solution
16.10.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of the target domain controller.
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user from one of the administrator groups.
Click OK.
From the menu, select Browse Modify.
Leave the Dn blank.
For Attribute, enter DoOnlineDefrag.
For Values, enter 180.
For Operation, select Add.
Click Enter.
Click Run.
16.10.2.2 Using a command-line interface
Create an LDIF file called online_defrag.ldf with the following contents:
dn:
changetype: modify
replace: DoOnlineDefrag
DoOnlineDefrag: 180
11 Determining How Much Whitespace Is in the DIT
16.11.1 Problem
You want to find the amount of whitespace in your DIT. A lot of whitespace in the DIT may mean that you could regain enough space on the disk to warrant performing an offline defrag.
16.11.2 Solution
16.11.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start Run.
Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Diagnostics.
In the right pane, double-click on 6 Garbage Collection.
For Value data, enter 1.
Click OK.
16.11.2.2 Using a command-line interface
> reg add HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics /v "6 Garbage[RETURN]
Collection" /t REG_DWORD /d 1
12 Performing an Offline Defrag to Reclaim Space
16.12.1 Problem
You want to perform an offline defrag of the Active Directory DIT to reclaim whitespace in the DIT file.
16.12.2 Solution
16.12.2.1 Using a command-line interface
First, reboot into Directory Services Restore Mode.
Next, check the integrity of the DIT, as outlined in Recipe 16.7.
Now, you are ready to perform the defrag. Run the following command to create a compacted copy of the DIT file. You should check to make sure the drive on which, you create the copy has plenty of space. A rule of thumb is that it should have at least 115% of the size of the current DIT available.
> ntdsutil files "compact to
Next, you need to delete the transaction log files in the current NTDS directory.
> del
You may want to keep a copy of the original DIT file for a short period of time to ensure nothing catastrophic happens to the compacted DIT. If you are going to copy or move the original version, be sure you have enough space in its new location.
> move
> move
Repeat the steps in Recipe 16.7 to ensure the new DIT is not corrupted. If it is clean, reboot into normal mode and monitor the event log. If no errors are reported in the event log, make sure the domain controller is backed up as soon as possible.
13 Changing the Garbage Collection Interval
16.13.1 Problem
You want to change the default garbage collection interval.
16.13.2 Solution
16.13.2.1 Using a graphical user interface
Open ADSI Edit.
In the left pane, expand cn=Configuration cn=Services cn=Windows NT.
Right-click on cn=Directory Service and select Properties.
Edit the garbageColPeriod attribute and set it to the interval in hours that the garbage collection process should run (the default is 12 hours).
Click OK.
16.13.2.2 Using a command-line interface
Create an LDIF file called change_garbage_period.ldf with the following contents:
dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,
changetype: modify
replace: garbageCollPeriod
garbageCollPeriod:
-
then run the following command:
> ldifde -v -i -f change_garbage_period.ldf
14 Logging the Number of Expired Tombstone Objects
16.14.1 Problem
You want to log the number of expired tombstone objects that are removed from Active Directory during each garbage-collection cycle.
16.14.2 Solution
16.14.2.1 Using a graphical user interface
Run regedit.exe from the command line or Start Run.
Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Diagnostics.
In the right pane, double-click on 6 Garbage Collection.
For Value data, enter 3.
Click OK.
16.14.2.2 Using a command-line interface
> reg add HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics /v "6 Garbage[RETURN]
Collection" /t REG_DWORD /d 3
16.14.2.3 Using VBScript
' This code enables garbage collection logging.
' ------ SCRIPT CONFIGURATION ------
strDCName = "
intValue = 3
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strNTDSReg = "SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"
set objReg = GetObject("winmgmts:\\" & strDCName & "\root\default:StdRegProv")
objReg.SetDWORDValue HKLM, strNTDSReg, "6 Garbage Collection," intValue
WScript.Echo "Garbage Collection logging enabled"
15 Determining the Size of the Active Directory Database
16.15.1 Problem
You want to determine the size of the Active Directory database.
16.15.2 Solution
16.15.2.1 Using a command-line interface
If you are in DS Restore Mode, you can use ntdsutil to report the size of the Active Directory database:
> ntdsutil files info
If you are not in DS Restore Mode and run this command, you will receive the following error message:
*** Error: Operation only allowed when booted in DS restore mode
"set SAFEBOOT_OPTION=DSREPAIR" to override - NOT RECOMMENDED!
As you can see, it is possible to override this failure by setting the SAFEBOOT_OPTION environment variable to DSREPAIR, but I do not recommend this unless you know what you are doing. By setting that environment variable, the ntdsutil command will not stop you from performing other commands. This can be very dangerous.
Another method, which is safer and easier, is to bring up a command shell by going to Start Run, typing cmd.exe, and pressing Enter. Then type cd
then run the following command:
> ldifde -v -i -f online_defrag.ldf
16 Searching for Deleted Objects
16.16.1 Problem
You want to search for deleted objects.
16.16.2 Solution
16.16.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller you want to target (or leave blank to do a serverless bind).
For Port, enter 389.
Click OK.
From the menu, select Connection Connect.
Enter credentials of a user that is an administrator for the domain.
Click OK.
From the menu, select Options Controls.
For Windows Server 2003, select the Return Deleted Objects control under Load Predefined.
For Windows 2000, type 1.2.840.113556.1.4.417 for the Object Identifier and click the Check In button.
Click OK.
From the menu, select Browse Search.
For BaseDN, enter: cn=Deleted Objects,
For Scope, select One Level.
For Filter, enter: (isDeleted=TRUE).
Click the Options button.
Under Search Call Type, select Extended.
Click OK.
Click Run.
16.16.2.2 Using a command-line interface
As of this writing, none of the standard command-line tools provide a way to search for deleted objects.
17 Restoring a Deleted Object
16.17.1 Problem
You want to restore an object that was previously deleted.
16.17.2 Solution
16.17.2.1 Using a graphical user interface
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user that can restore the deleted object (only administrators for the domain by default).
Click OK.
From the menu, select Options Controls.
Select Return deleted objects from the Load Predefined selection.
Click OK.
From the menu, select Browse Modify.
For Dn, enter the distinguished name of the deleted object you want to restore.
For Attribute, enter distinguishedName.
For Values, enter the original DN of the object.
For Operation, select Replace.
Click Enter.
For Attribute, enter isDeleted.
For Values, remove any text.
For Operation, select Delete.
Click Enter.
Add mandatory attributes as necessary:
For Attribute, enter
For Values, enter
For Operation, select Add.
Check the box beside Extended.
Click Run.
The results will be displayed in the right pane.
18 Modifying the Tombstone Lifetime for a Domain
16.18.1 Problem
You want to change the default tombstone lifetime for a domain.
16.18.2 Solution
16.18.2.1 Using a graphical user interface
Open ADSI Edit.
In the left pane, expand cn=Configuration cn=Services cn=Windows NT.
Right-click on cn=Directory Service and select Properties.
Set the tombstoneLifetime attribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).
Click OK.
16.18.2.2 Using a command-line interface
Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:
dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,
changetype: modify
replace: tombstoneLifetime
tombstoneLifetime:
-
then run the following command:
ldifde -v -i -f change_tombstone_lifetime.ldf
DNS in Windows 2000
Introduction
Active Directory is tightly coupled with the Domain Name System (DNS). Both clients and domain controllers use DNS to locate domain controllers in a particular site or that serve a particular function. Each domain controller requires numerous resource records to be present in DNS so it can advertise its services as a domain controller, global catalog server, PDC Emulator, etc. For a detailed description of each of these records plus much more on DNS, see Chapter 6 in Active Directory, Second Edition (O'Reilly).
One of the innovative uses of Active Directory is as a store of DNS data. Instead of using the antiquated primary and secondary zone transfer method or even the more recent NOTIFY method (RFC 1996) to replicate zone data between servers, AD-integrated zones store the zone data in Active Directory and use the same replication process used to replicate other data between domain controllers. The one catch with AD-integrated zones is that the DNS server must also be a domain controller. Overloading DNS server responsibilities on your domain controllers may not be something you want to do if you plan on supporting a large volume of DNS requests.
The Anatomy of a DNS Object
The only time DNS data is stored in Active Directory is if you have a zone that is AD-integrated. When using standard primary and secondary zones that are not AD-integrated, the DNS data is stored locally in the file system of each DNS server in zone files. If you have an AD-integrated zone under Windows 2000, a container is created in the following location: cn=
Store DNS data on all domain controllers in a domain (only option for Windows 2000).
Store DNS data on all domain controllers that are DNS servers in the domain.
Store DNS data on all domain controllers that are DNS servers in the forest.
The default location for the second option is dc=DomainDNSZones,
Inside the MicrosoftDNS container, is a dnsZone object for each AD-integrated zone. Inside of the dnsZone container are dnsNode objects, which stores all resource records associated with a particular node. In the following textual representation of an A record, the dc1.rallencorp.com name is considered a node (generally the left side of the resource record).
dc1.rallencorp.com. 600 IN A 6.10.57.21
There could be multiple resource records associated with the dc1.rallencorp.com name, so Microsoft decided to implement each distinct name as a dnsNode object. The dnsNode object has a dnsRecord attribute, which is multivalued and contains all of the resource records associated with that node. Unfortunately, the contents of that attribute are stored in a binary format and are not directly readable.
Table 13-1 and Table 13-2 contain some of the interesting attributes that are available on dnsZone and dnsNode objects, respectively.
Table 13-1. Attributes of dnsZone objects
Attribute
Description
Dc
Relative distinguished name of the zone.
dnsProperty
Binary formatted string that stores configuration information about the zone.
msDS-Approx-Immed-Subordinates
Approximate number of nodes contained within the zone. This is new to Windows Server 2003.
Table 13-2. Attributes of dnsNode objects
Attribute
Description
dc
Relative distinguished name of the node.
dnsRecord
Binary formatted multivalued attribute that stores the resource records associated with the node.
dnsTombstoned
Boolean that indicates whether the node is marked for deletion. FALSE means it is not and TRUE means that it is.
1 Creating a Forward Lookup Zone
13.1.1 Problem
You want to create a forward lookup zone. A forward lookup zone maps names to IP addresses or other names.
13.1.2 Solution
13.1.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Expand the server in the left pane and click on Forward Lookup Zones.
Right-click on Forward Lookup Zones and select New Zone.
Click Next.
Select the zone type and click Next.
If you selected to store the zone data in Active Directory, next you will be asked which servers you want to replicate the DNS data to. Click Next after you make your selection. (This only applies for Windows Server 2003).
Enter the zone name and click Next.
Fill out the information for the remaining screens. They will vary depending on if you are creating a primary, secondary, or stub zone.
13.1.2.2 Using a command-line interface
The following command creates an AD-Integrated zone:
> dnscmd
2 Creating a Reverse Lookup Zone
13.2.1 Problem
You want to create a reverse lookup zone. A reverse lookup zone maps IP addresses to names.
13.2.2 Solution
13.2.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Expand the server in the left pane and click on Reverse Lookup Zones.
Right-click on Reverse Lookup Zones and select New Zone.
Click Next.
Select the zone type and click Next.
If you selected to store the zone data in Active Directory, next you will be asked which servers you want to replicate the DNS data to. Click Next after you make your selection. (This only applies for Windows Server 2003).
Type the Network ID for the reverse zone or enter a reverse zone name to use.
Fill out the information for the remaining screens. They will vary depending on if you are creating a primary, secondary, or stub zone.
13.2.2.2 Using a command-line interface
The following command creates an AD-integrated reverse zone:
> dnscmd
3 Viewing a Server's Zones
13.3.1 Problem
You want to view the zones on a server.
13.3.2 Solution
13.3.2.1 Using a graphical user interface
Open the DNS Management snap-in.
Right-click on DNS in the left pane and select Connect to DNS Server.
Enter the server you want to connect to and click Enter.
In the left pane, expand the server and click Forward Lookup Zones and Reverse Lookup Zones to view the supported zones.
13.3.2.2 Using a command-line interface
> dnscmd
13.3.2.3 Using VBScript
' This code lists the zones that are supported by the specified server.
' ------ SCRIPT CONFIGURATION ------
strServer = "
' ------ END CONFIGURATION ---------
set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objZones = objDNS.ExecQuery("Select * from MicrosoftDNS_Zone " & _
"Where DnsServerName = '" & _
objDNSServer.Name & "'")
WScript.Echo "Zones on " & objDNSServer.Name
for each objZone in objZones
WScript.Echo " " & objZOne.Name
next
13.3.3 Discussion
13.3.3.1 Using a graphical user interface
When you click on either the Forward Lookup Zones or Reverse Lookup Zones in the left pane, the right pane contains a Type column that displays the zone type for each zone.
13.3.3.2 Using a command-line interface
When using the /enumzones switch without any more parameters, it displays all zones on the server. You can specify additional filters that limit the types of zones returned. With the Windows 2000 version of dnscmd, you can specify up to two filters:
Filter1:
/Primary
/Secondary
/Cache
/Auto-Created
Filter2:
/Forward
/Reverse
With the Windows Server 2003 version of dnscmd, the filter behavior has changed. Instead of having two levels of criteria you can specify one or more of the following:
/Primary
/Secondary
/Forwarder
/Stub
/Cache
/Auto-Created
/Forward
/Reverse
/Ds
/File
/DomainDirectoryPartition
/ForestDirectoryPartition
/CustomDirectoryPartition
/LegacyDirectoryPartition
/DirectoryPartition
4 Converting a Zone to an AD-Integrated Zone
13.4.1 Problem
You want to convert a primary zone to an AD-integrated zone. This causes the contents of the zone to be stored and replicated in Active Directory instead of in a text file.
13.4.2 Solution
13.4.2.1 Using a graphical user interface
Open the DNS Management snap-in.
Right-click on DNS in the left pane and select Connect to DNS Server.
Enter the server you want to connect to and click Enter.
If you want to convert a forward zone, expand the Forward Lookup Zone folder. If you want to convert a reverse zone, expand the Reverse Lookup Zone folder.
Click on the zone you want to convert, then right-click it and select Properties.
Beside Type, click the Change button.
Check the box beside Store the zone in Active Directory.
Click OK twice.
13.4.2.2 Using a command-line interface
> dnscmd
5 Moving AD-Integrated Zones into an Application Partition
13.5.1 Problem
You want to move AD-integrated zones into an application partition.
13.5.2 Solution
13.5.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Expand the server in the left pane and expand either Forward Lookup Zones or Reverse Lookup Zones depending on the type of zone.
Click on the name of the zone.
Right-click on the zone and select Properties.
Click on the Change button beside Replication.
Select the application partition you want to move the zone into.
Click OK twice.
13.5.2.2 Using a command-line interface
The following command will move a zone to the default application partition that replicates across all domain controllers that are DNS servers in the domain:
> dnscmd
6 Delegating Control of a Zone
13.6.1 Problem
You want to delegate control of managing the resource records in a zone.
13.6.2 Solution
13.6.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Expand the server in the left pane and expand either Forward Lookup Zones or Reverse Lookup Zones depending on the type of zone.
Click on the name of the zone.
Right-click on the zone and select Properties.
Click on the Security tab.
Click the Add button.
Use the Object Picker to locate the user or group to which you want to delegate control.
Under Permissions, check the Full Control box.
Click OK.
13.6.2.2 Using a command-line interface
The following command grants full control over managing the resource records in an AD-Integrated zone:
> dsacls dc=
7 Creating and Deleting Resource Records
13.7.1 Problem
You want to create and delete resource records.
13.7.2 Solution
13.7.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
If you want to add or delete a record in a forward zone, expand the Forward Lookup Zone folder. If you want to add or delete a record for a reverse zone, expand the Reverse Lookup Zone folder.
To create a resource record, do the following:
In the left pane, right-click the zone and select the option that corresponds to the record type you want to create—e.g., New Host (A).
Fill in all required fields.
Click OK.
To delete a resource record, do the following:
In the left pane, click on the zone the record is in.
In the right pane, right-click on the record you want to delete and select Delete.
Click Yes to confirm.
13.7.2.2 Using a command-line interface
To add a resource record, use the following command:
> dnscmd
The following command adds an A record in the rallencorp.com zone:
> dnscmd dc1 /recordadd rallencorp.com wins01 A 19.25.52.2.25
To delete a resource record, use the following command:
> dnscmd
The following command deletes an A record in the rallencorp.com zone:
> dnscmd dc1 /recorddelete rallencorp.com wins01 A 19.25.52.2.25
8 Querying Resource Records
13.8.1 Problem
You want to query resource records.
13.8.2 Solution
13.8.2.1 Using a graphical user interface
The DNS Management snap-in does not provide an interface for searching resource records.
13.8.2.2 Using a command-line interface
In the following command, replace
> nslookup -type=
13.8.2.3 Using VBScript
' This code prints the resource records that match
' the specified name
' ------ SCRIPT CONFIGURATION ------
strQuery = "
' ------ END CONFIGURATION ---------
set objDNS = GetObject("winMgmts:root\MicrosoftDNS")
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objRRs = objDNS.ExecQuery(" select * " & _
" from MicrosoftDNS_ResourceRecord" & _
" where OwnerName = """ & strQuery & """" & _
" Or DomainName = """ & strQuery & """" & _
" Or RecordData = """ & strQuery & """")
if objRRs.Count < 1 then
WScript.Echo "No matches found for " & strHostName & " of " _
& strRecordType & " type"
else
for each objRR in objRRs
WScript.Echo objRR.TextRepresentation
next
end if
13.8.3 Discussion
13.8.3.1 Using a command-line interface
You can leave off the -type switch and the command will find any A, PTR, and CNAME records that match
9 Modifying the DNS Server Configuration
13.9.1 Problem
You want to modify the DNS Server settings.
13.9.2 Solution
13.9.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Click on the server, right-click on it, and select Properties.
There will be several tabs you can choose from to edit the server settings.
Click OK to commit the changes after you've completed your modifications.
13.9.2.2 Using a command-line interface
With the following command, replace
> dnscmd
10 Scavenging Old Resource Records
13.10.1 Problem
You want to scavenge old resource records. DNS scavenging is the process whereby resource records are automatically removed if they are not updated after a period of time. Typically, this applies to only resource records that were added via DDNS, but you can also scavenge manually added, also referred to as static, records. DNS scavenging is a recommended practice so that your DNS zones are automatically kept clean of stale resource records.
13.10.2 Solution
The following solutions will show how to enable automatic scavenging on all AD-integrated zones.
13.10.2.1 Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Click on the server, right-click on it, and select Set Aging/Scavenging for all zones.
Check the box beside Scavenge stale resource records.
Configure the No-Refresh and Refresh intervals as necessary and click OK.
Check the box beside Apply these settings to the existing Active Directory-integrated zones and click OK.
Right-click on the server again and select Properties.
Select the Advanced tab.
Check the box beside Enable automatic scavenging of stale resource records.
Configure the scavenging period as necessary.
Click OK.
13.10.2.2 Using a command-line interface
> dnscmd
> dnscmd
> dnscmd
> dnscmd
> dnscmd
11 Clearing the DNS Cache
13.11.1 Problem
You want to clear the DNS cache. The DNS cache contains resource records that are cached for a period of time in memory so that repeated requests for the same record can be returned immediately. There are two types of DNS cache. One pertains to the resolver on any Windows client (servers and workstations), and the other to the cache used by the Microsoft DNS server.
13.11.2 Solution
To flush the client resolver cache, use the following command:
> ipconfig /flushdns
To flush the DNS server cache, use any of the following solutions.
13.11.2.1 Using a graphical user interface
Open the DNS Management snap-in.
Right-click on DNS in the left pane and select Connect to DNS Server.
Enter the server you want to connect to and click Enter.
Right-click on the server and select Clear Cache.
13.11.2.2 Using a command-line interface
The following command will clear the cache on
> dnscmd
12 Verifying That a Domain Controller Can Register Its Resource Records
13.12.1 Problem
You want to verify DNS is configured correctly so that a domain controller can register its resource records, which are needed for clients to be able to locate various AD services.
13.12.2 Solution
13.12.2.1 Using a command-line interface
With the following dcdiag command, replace dc1 with the DNS name of the domain the domain controller is in. This command has to be run directly on the domain controller you want to test.
> dcdiag /test:RegisterInDNS /DnsDomain:dc1
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
......................... dc1 passed test RegisterInDNS
13 Registering a Domain Controller's Resource Records
13.13.1 Problem
You want to manually force registration of a domain controller's resource records. This may be necessary if you've made some configuration changes on your DNS servers to allow your domain controllers to start dynamically registering resource records.
13.13.2 Solution
13.13.2.1 Using a command-line interface
> nltest /dsregdns /server:
14 Preventing a Domain Controller from Dynamically Registering All Resource Records
13.14.1 Problem
You want to prevent a domain controller from dynamically registering its resource records using DDNS. If you manually register domain controllers' resource records, you'll want to prevent those domain controllers from attempting to dynamically register them. If you do not disable them from sending dynamic update requests, you may see annoying error messages on your DNS servers that certain DDNS updates are failing.
13.14.2 Solution
13.14.2.1 Using a command-line interface
> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]
UseDynamicDNS /t REG_DWORD /d 0
The operation completed successfully.
> net stop netlogon
The Net Logon service is stopping.
The Net Logon service was stopped successfully.
> del %SystemRoot%\system32\config\netlogon.dnb
> net start netlogon
The Net Logon service is starting.......
The Net Logon service was started successfully.
15 Preventing a Domain Controller from Dynamically Registering Certain Resource Records
13.15.1 Problem
You want to prevent a domain controller from dynamically registering certain resource records. It is sometimes advantageous to prevent certain resource records from being dynamically registered. For example, if you want to reduce the load on the PDC Emulator for a domain, you could prevent some of its SRV records from being published, which would reduce the amount of client traffic the server receives.
13.15.2 Solution
13.15.2.1 Using a command-line interface
This command will disable the Ldap, Gc, and GcIpAddress resource records from being dynamically registered:
> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]
DnsAvoidRegisterRecords /t REG_MULTI_SZ /d Ldap\0Gc\0GcIpAddress
The operation completed successfully.
> net stop netlogon
The Net Logon service is stopping.
The Net Logon service was stopped successfully.
> del %SystemRoot%\system32\config\netlogon.dnb
> net start netlogon
The Net Logon service is starting.......
The Net Logon service was started successfully.
16 Deregistering a Domain Controller's Resource Records
13.16.1 Problem
You want to manually deregister a domain controller's resource records.
13.16.2 Solution
13.16.2.1 Using a command-line interface
With the following nltest command, replace
> nltest /dsderegdns:
17 Allowing Computers to Use a Different Domain Suffix from Their AD Domain
13.17.1 Problem
You want to allow computers to use a different domain suffix than their AD domain.
13.17.2 Solution
13.17.2.1 Using a graphical user interface
Open ADSI Edit.
Connect to the domain you want to edit.
Right-click on the domainDNS object and select Properties.
Edit the msDS-AllowedDNSSuffixes attribute and enter the DNS suffix you want to add.
Click OK.
13.17.2.2 Using a command-line interface
Create an LDIF file called add_dns_suffix.ldf with the following contents:
dn:
changetype: modify
add: msDS-AllowedDNSSuffixes
msDS-AllowedDNSSuffixes:
-
then run the following command:
> ldifde -v -i -f add_dns_suffix.ldf.ldf
Q.1 What is the role of the “MDBDATA” folder in Exchange 2000?
Answer: - It contains the transaction log files and the EDB/STM databases.
Q.2 What is the role of the “MTADATA” folder in Exchange 2000?
Answer: - Any message that goes to the message transfer agent (MTA) is written to the “MTADATA” directory on an NTFS partition and passed to the Store.exe process.
Q.3 Is there a way to know what emails have been sent or received into one mailbox without accessing the users mailbox?
Answer: - Check the “Archive all messages sent or received by mailboxes on this store” checkbox.
Thus “Message Archiving” has been enabled.
Q.4 Is there a way to suspend an Exchange 2000 mailbox without affecting logging into network?
Answer: - Delete the user’s mailbox.
Q.5 What is the basic role of transaction log files in Exchange 2000?
Answer: - The log files you see in the mdbdata directory are used to restore a previous nights database backups to the point of failure, in the event that the server fails. When you back up the store the log files are purged and are of no use anymore assuming the backup was valid.
Q.6 Recently moved E2K over to a new server(W2K+SP4). Have E2K+SP3 and post-SP3 Rollup installed. The store.exe process starts small (100MB or so) and slowly, but surely, takes more and more RAM until there's only about 30MB left.Once that happens, the SMTP VM queues start backing up until the store basically stops responding. Only rebooting seems to help and this is necessary approx. every 30 hours.
Answer: - 1. If you have over 1Gb of memory, try the /3GB switch in Boot.ini to allow more memory for Store.exe.
2. Groupsheild for exchange, as it does a background scan on the mailbox and public stores. This causes store.exe to use up all the virtual memory and the information store fall over.
Q.7 How does one grant permissions for a user to send and receive mails to a particular DL ( e.g Emp of ICICI Bank@UK )?
Answer: - To enable sending:
Go to ADFindEmp of ICICI Bank@UK
PropertiesExchange General Tab
Message RestrictionsAccept messages:Only from
Add
ApplyOK
To enable receiving:
Go to ADFindEmp of ICICI Bank@UK
PropertiesMembers
Add
ApplyOK
Q.8 How would you define a SMTP Queue? What is the default location?
Answer:- The SMTP queue is simply a directory with files representing mail items in it. The default (when installing on drive C:\) is
C:\Program Files\Exchsrvr\Mailroot\Vsi 1
Q.9 What are the 3 directories inside the above location?
Answer: - The 3 directories are
Pickup
Queue
Badmail.
Q.10 What does the “Badmail” folder comprise of? Can one delete the “Badmail” folder?If yes how?
Answer: - The Badmail folder contains messages that cannot be delivered into your organisation, and also cannot be returned back to the sender. Therefore, the folder typically contains spam, and the files within the folder can usually just be deleted.
DO NOT OPEN THE BadMail FOLDER. Depending on how much spam the Small Business Server 2000 computer processes, this folder may contain several hundred thousand files. If you open this folder, the server may appear to have stopped responding.2.. Right-click the BadMail folder, click Rename, and then change the nameto BadMailOld.3.. In the VSI 1 folder, create a new folder that is named BadMail.4.. Permanently delete the BadMailOld folder. To do this, click theBadMailOld folder, hold down the SHIFT key, and then press DELETE.5.. Click Yes when you are prompted with the question of whether you wantto delete the BadMailOld folder. Deleting this folder may take a long time,depending on the number of files in this folder
Q.12 What is the quickest way to find all hidden mailboxes on the system in Exchange 2000?
Answer: - Hidden mailboxes are identified by the fact that the attribute msExchHideFromAddressLists is set to a value of TRUE. All we have to do is perform a custom LDAP query against our AD to search for users with the above attribute set accordingly.
This can easily be done with Active Directory Users & Computers:
1. Bring up Active Directory Users & Computers.2. Right-click your domain name at the top, and choose Find.3. In the Find combo box at the top, select Custom Search.4. Click the Advanced tab.5. Paste in the following LDAP query and then click Find Now.
(&(objectclass=user)(msExchHideFromAddressLists=TRUE))
The list of hidden mailboxes will then be displayed. Don't forget that this will include System Mailboxes. Be sure to leave those alone!
Q. 13 Explain “Messages awaiting Directory Lookup” and how would you troubleshoot the same?
Answer: - Description: This queue contains messages to recipients who have not yet been resolved against the Microsoft Active Directory service. Messages are also held in this queue while distribution lists are expanded.
Troubleshooting: 1. Generally, messages accumulate in this queue because the advanced queuing engine cannot categorize the message.
2. The advanced queuing engine may not be able to access the global catalog servers or to access the recipient information.
3. Or, the global catalog servers are unreachable or are performing slowly.
4. Increase diagnostic logging for the MSExchangeDSAccess service and for the MSExchangeTransport service to collect information about Categorizer components.
Q.14 Why do we need to “Run cleanup Agent”?
Answer: - 1. To see the orphaned mailbox.
2. To connect to a recreated account so as to retrieve mail.
Q.15
.1 What does the .edb and .stm file contain in Exchange 2000?
Answer:The .Edb File Contains All The Folders, Tables And Indexes For Messaging Data And Mapi Messages And Attachments The Stm File (New To Exchange 2000) Contains Internet Content In Its Native Format.
Note:- (*.Edb + *.Stm) + (*.Log) = Database
Q.2 Where is the Directory Service database stored in Exchange 5.5?
Answer: Dir.edb
Q.3 Mention the types of Routing Group Connectors in Exchange 2000?
ANSWER: Sanjay Sir Please Help ......
A Routing Group is a collection of Exchange servers that communicate with each other directly over the same internal network or reliable connection.
When multiple Routing Groups must be created, each individual group must be connected using one of three available Exchange connection types:
Routing Group Connector This connector is the default connector type. It can be used to connect a single or multiple Exchange bridgehead server for load balancing of message traffic.
SMTP Connector The SMTP connector uses the Simple Mail Transport Protocol to connect and communicate with remote Routing Groups, non-Exchange mail systems, and the Internet mail host.
X.400 Mail Connector Limited to a single local and remote host, the X.400 connector is primarily designed for communications between Exchange Server 2003 and X.400 mail systems.
Mixed Mode
When Exchange Server 2003 is in a mixed environment, Routing Groups can consist of only servers that had been installed directly into the Administrative Group where the Routing Group resides. Additional servers from other Administrative Groups cannot be added to the Routing Group.
Native Mode
After the functional level has been raised to Native Mode, Exchange servers can be managed and moved between Routing Groups.
Also, Routing Groups in a single Administrative Group can contain servers from other Administrative Groups.
Q.4 What are the features of Active Directory in Windows 2000?
ANSWER: Features of Active Directory in Windows 2000 Can be Categorised as
Manageability :-Centralized Management,Group Policy,Global Catalog,IntelliMirror Desktop Management, Automated Software Distribution,Active Directory Service Interfaces,Backward Compatibility, Delegated Administration,Multi-Master Replication
Security :-Kerberos Authentication,Smart Card Support,Transitive Domain Trust,PKI/x.509,LDAP over SSL, Required Authentication Mechanism ,Attribute-Level Security,Spanning Security Groups,LDAP ACL Support
Interoperability:-DirSync Support,Active Directory Connectors,Open APIs,Native LDAP,DNS Naming,Open Change History, DEA Platform,DEN Platform,Extensible Schema
Q.5 What are the features of Exchange 2003 over Exchange 2000?
Answer:-Better Anti-spam tools - comprehensive set of filters Improved Queue management Smoother integration with IIS Enhanced OWA. Now includes a spell checker and X509 certificates Outlook Mobile Access (OMA), which functions like OWA for devices Cached replication of Outlook 2003. Cached mode creates a local data file that Outlook uses for all foreground activity. It then contacts the Exchange server in the background. Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager) Deployment and migration tools
Q.5 How will you upgrade from Exchange 2000 to Exchange 2003?
Answer:-http://www.microsoft.com/technet/prodtechnol/exchange/2003/upgrade.mspx
Q.6 What are the precautions to be taken before a disaster recovery in exchnage 2000?
Answer:-http://www.microsoft.com/downloads/details.aspx?FamilyID=6E55DD49-8A6C-4F30-947E-BDE95917F585&displaylang=en
Q.7 How to restore Group policies?
Answer:-
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dcgpofix.asp
dcgpofix
Backup and Restore
From GPMC, it is easy to perform backup and restore operations. Backup and restore operation options are context-sensitive, depending on where you are within the Group Policy Objects node.
Backup Individual GPO(s)
Click on the Group Policy Objects note to display all GPOs in the domain.
Select the target GPO(s) for backup. For multiple GPOs:
For a range of GPOs, select the first GPO, press SHIFT and click on the last GPO.
For multiple non-contiguous GPOs, select the first GPO, press CTRL and click on other GPOs.
Right-click and select Backup...
On the next window, speficy the backup directory and description and click Back Up.
Click OK when done.
Backup All GPOs
This operation is normally performed by domain administrators.
Select the Group Policy Object node.
Right-click and select Backup All...
Specify the backup directory and description and click Back Up.
Click OK when done.
Restore GPO
Within the Group Policy Object node, select the target GPO.
Right-click and select Restore from Backup... This will launch the Restore Group Policy Object Wizard.
Click Next.
Specify the correct backup folder location.
If multiple backups have been done, choose the correct backup version. The Source GPO window displays the GPO name, backup timestamp and description. You can also check the settings on the source GPO by clicking on the View Settings... button.
Click Next.
Click Finish when ready to restore.
Click OK when done. You have now restored the GPO.
Also check following link
http://support.microsoft.com/default.aspx?scid=kb;en-us;842252
Sanjay Sir .
Q.8 what is the function of NNTP service in Exchange 2000?Answer:-While installing Exchange 2000, the system creates a default Network News Transfer Protocol (NNTP) virtual server. You can use this virtual server to house a feed from other newsgroups This Default NNTP virtual server can be used to create feeds to a Public Folder for storage (Internet Newsgroups). For other storage media (either a file system or remote share), you must create a new virtual server.
NOTE:- Sir , Please Add Ur Inputs.....
Network News Transfer Protocol
Because Network News Transfer Protocol (NNTP) is growing in popularity, it would be wise for us to take a brief look at the architecture of this protocol. We'll then discuss the more pragmatic aspects of administering NNTP on your network.
NNTP Architecture
NNTP specifies a way to distribute, query, retrieve, and post news articles on the Internet. A client wanting to retrieve a subset of articles from the database is called a subscriber. NNTP allows a subscriber to request a subset of articles rather than requiring the retrieval of all articles from the database. Before NNTP was developed, two methods of distributing news items were popular: Internet mailing lists and the Usenet news system.
An Internet mailing list, commonly known as a list server, distributes news by the use of distribution e-mail lists. A subscriber sends a message to the distribution list, and the message is e-mailed to all of the members of the list. But sending a separate copy of an e-mail to each subscriber can consume a large amount of disk space, bandwidth, and CPU resources. In addition, it can take from several minutes to several hours for the message to be fully distributed, depending on the size of the list and the physical resources available to propagate it. Maintaining the subscriber list also involves significant administrative effort, unless a third-party program is used to automate this function.
Storing and retrieving messages from a central location instead of sending an email to each subscriber can significantly reduce the use of these resources. The Usenet news system provides this alternative. In addition, Usenet allows a subscriber to select only those messages he or she wants to read and also provides indexing, cross-referencing, and message expiration.
NNTP is modeled on the Usenet news specifications in RFC 850, but it is designed to make fewer demands on the structure, content, and storage of the news articles. It runs as a background service on one host and can accept connections from other hosts on the LAN or over the Internet.
When a subscriber connects to an NNTP server, the subscriber issues the NEWSGROUPS command to determine whether any new newsgroups have been created on the server. If so, the server notifies the subscriber and gives the subscriber the opportunity to subscribe to the new newsgroups. After this, the subscriber is connected to the desired newsgroup and can use the NEWNEWS command to ask the server whether any new articles have been posted since the subscriber's last connection. The subscriber receives a list of new articles from the server and can request transmission of some or all of those articles. Finally, the subscriber can either reply to a news article or post a new article to the server by using the POST command.
NNTP uses TCP for its connections and SMTP-like commands and responses. The default TCP port for NNTP is 119. An NNTP command consists of a command word followed in some cases by a parameter, and commands are not case sensitive. Each line can contain only one command and may not exceed 512 characters, including spaces, punctuation, and the trailing CR–LF (carriage return/line feed) command. Commands cannot be continued on the next line.
Responses from the server can take the form of a text response or a status response. Text responses are displayed in the subscriber's client program, whereas status responses are interpreted by the client program before any display occurs.
Q.9.What is Recepient Update Service in Exchange 2000?
Answer:- Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is responsible for updating address lists and email addresses in your Active Directory
Default Exchange organization will have two RUS objects
(a) Enterprise Configuration RUS :-responsible for the updating of the email addresses for the system objects such as the MTA & System Attendant.
(b) Domain RUS :-responsible for the updating of the address information for recipient objects in the domain that it is responsible for
Q.10 The function of the Default SMTP Virtual Server in Exchange 2000?
Answer:-SMTP virtual server plays a critical role in mail delivery. SMTP virtual servers provide the Exchange mechanisms for managing SMTP. the default SMTP virtual server sends messages within a routing group. Additionally, if the server is a domain controller, Active Directory uses this virtual server for SMTP directory replication . An SMTP virtual server is defined by a unique combination of an IP address and port number. The default SMTP virtual server uses all available IP addresses on the server and uses port 25 for inbound connections. A single physical server can host many virtual servers
98
Exchange Wipro-Infotech Interview Q-n-A
Tuesday, February 24, 2009Labels: MSTech