MCSE

MICROSOFT CERTIFIED SYSTEMS ENGINEER

NETWORK: A network is a collection of computers connected together. NETWORKING: is a process of communication between the interconnected Devices basically to share the network resources. Benefits of Networking: 1. Share resources. i) Data ii) Hardware 2. Share S/W 3.Sharing of license Network is a collection of computers connected together to get benefited from Networking. Networking: Networking is a process of communication among systems. Types of Networks: 1) Local Area Network (LAN): Systems connected within the same geographical area is called LAN. A LAN can span 2 kilometers. Components of LAN: 1.NIC (Network Interface Card) 2.Cable Co axial, cat5 or cat6 3.Hubs or Switches. 2) Metropolitan Area Networking: MAN is a combination of LANs or WANS located and connected within the same city. Components of MAN: 1. Router 2. Brouter (Brouter is a combination of bridge or router) 3. ATM Switches 4. DSL connectivity (DSL Digital Subscriber Link) ex: Star cables . 3) Wide Area Networking (WAN): Interconnection of LANs or MAN s located within the same geographical area or different area it depends on telecommunication services. Components of WAN: Same as MAN:

Networking devices: Hubs, Switches, Routers and NICs.

HUB: Hub is a centralized device provides communication among systems when

we have more than 2 computers we need to have a device called hub to interconnect. Disadvantage of a Hub:
When we want to transfer some data from one system to another system. If our network has 24 systems the data packet instead of being sent only to the destined system it is being send to all the network participants. (i.e. 24 systems.)Hubs follow broadcasting SWITCH: It is an advanced version over a Hub. The main benefit of switch is Unicast. Data packets are transmitted only to the target computer instead of all. Switch maintains a table called MIT (Mac Information Table.) which is generated as soon as we turn on the switch, which acts like an index table and easy the process of finding the networked system. MIT contains the port no, IP address and MAC address. MAC: (Media Access Control): It is an address burnt in the NIC by the manufacturer. MAC address is of 48 bits in the farm of Hexa decimal. Every NIC has its own unique MAC address. MAC address determines the physical location of a system. ROUTER: Router is a device connects two different networks. Class A network with Class C network etc. Routing is a process of communication between two different networks.

Network Topologies:
The way of cabling is called topology. The architecture of a network is called topology E.g.: Bus, Star, Ring, and Mesh Topologies. Bus Topology: Components of Bus Topology: 1.Co-axial cable (back bone cable) 2. T- connectors 3.BNC (British Network Connector) 4. Terminator 5. Patch cable

Disadvantages of Bus: If anything goes wrong with backbone cable whole network is down. Follows a serial communication. Outdated these days. Star Topology: Star topology is an advanced version over bus topology. Where it uses either a hub or a switch, it uses cat5/6 cables. It uses connecters called (Recommend Jack) - RJ45 Star topology offers faster data transfer or processing. Ring Topology: Ring topology is useful when we want redundancy (fault tolerance) we go with this type of topology. Ring topology uses a device called MSAU. (Multi Station Access Unit) It is a unit inside which a logical ring is formed. This ring ensures the availability of Network. The availability of ring ensures availability of network. It was basically implemented in IBM networks. Logical Topologies: are two types 1. Work group. 2. Domain Workgroup (peer to peer): Collection of computers connected together to share the resources. No servers are used. Only Client OS is mostly used. Any O/S like, DOS, 95, 98, workstation, win 2000 pro, and XP pro can be configured as work-group model. Suitable for smaller organizations. Where security is not the criteria. No administrator is required Where we are not using client server based applications. Like oracle, SQL and exchange etc. Domain (Client/Server) Domain is a collection of computers connected together with a server and users Domain model can have servers like UNIX, Novell NetWare, WIN-NT server, 2000 server, and 2003 server. Provides centralized administration. Suitable for medium to large size networks/organizations. Suitable when we have client server architecture (Back ends & front ends)

Domain offers security and provides logon authentication. Suitable if security is criteria Requires an administrator. The History of MS Network O/S: 1. Desktop O.S.: DOS, 95, WKS, 98, 2k Prof., XP-Prof. 2. Network O.S.: UNIX, Win NT server 4.0, Win 2000 server, Win 2003 server. Win NT 3.1 was introduced in 1993 Win NT 3.5 was introduced in 1994 Win NT 4.0 was introduced in 1996 Win NT5.0 was renamed as windows 2000 server. .NET server was renamed as windows 2003 server

WINDOWS 2000 FAMILY

Professional (Client) Standard Server Advanced server

Data center server

WINDOWS 2003 FAMILY

Standard Server Enterprise edition Advanced server Data center server

HARDWARE REQUIREMENTS Windows 2003 Standard Edition: RAM: Min:128 MB Rec : 256 MB Max. RAM 4 GB Processor: Pentium 550 MHz HDD free space 1.5GB SMP: 4 processors Windows 2003 Web Edition: RAM: Min: 128 MB Rec: 256 MB Max. RAM 2 GB Processor: Pentium 550 MHz HDD free space 1.5GB SMP: 2 processors Windows 2003 Enterprise Editions: RAM: Min:128 MB Rec: 256 MB Max. RAM 16 GB Processor: Pentium 733MHz HDD free space 1.5GB SMP: 16 processors Windows 2003 Data Center Edition: RAM: Min: 1GB Rec : 2GB Max. RAM 64 GB Processor: Pentium 733MHz HDD free space 1.5GB SMP: 64 processors

IP Addressing: There are two versions of Ips 1. IP version 4: offers IPs up to 4.2 billion (32 bit size) 2. IP version 6: 128 bit size. IP address is used for identifying the system and provides communication. IP address is of 32 bits divided in four octets. Each Octet is of 8 bits, separated by a (.) dot. IP is a combination of Network ID & Host ID. Uses subnet mask to differentiate Network ID with Host ID. Subnet mask acts like a mask between Network ID & the Host ID. Numbers range between 0-255. Organizations responsible for assigning IPs to clients. IANA: Internet Assign Naming Authority. ICANN: Internet Corporation assigning for name Numbers. IANA has classified IP addressing into classes. Class A: Class B: Class C: Class D: Class E: 1-126 (used in LAN/WAN) 128 191(used in LAN/WAN) 192 223(used in LAN/WAN) 224 239 (used for multi casting) 240 254 (used for experimentation & research)

Class A B C D E

Format N.H.H.H N.H.H.H N.H.H.H MULTICAST RESEARCH

No of N/Ws Z 8-1 126 Z 16 2 16.384 Z 24 3 2.097.153 N/A N/A

No of hosts Z 24 2 16.777.214 Z 16 2 Z82 N/A N/A 65.534 254

Subnet mask 255.0.0.0 255.255.0.0 255.255.255.0 N/A N/A

Range 1 - 126 128 - 191 192 - 223 224 - 239 240 - 254

Class A: The first octet is reserved for network ID. The first bit of first octet is always (0). Class B: The first two octets are reserved for Network IDs. The first two bits of first octet are reserved as (10) Class C: The first three octets are reserved as network portions. The first three bits of first octet are reserved as (110) Class D: Used for Multicasting. The first four bits of first octet are reserved as (1110) Class D: Used for Experimentation. The first four bits of first octet are reserved as (1111) The first bit of first octet is called as priority bit which determines the class of N/W 0.0.0.0. Are reserved as N/W ID. 255.255.255.255 is reserved as broadcast ID. 127.0.0.1 Is reserved as loop back ID Implementing/Configuring TCP/IP. On Desktop Right click on my network places-properties Double click local area network-Select properties Click-Use the following ip address Specify the address in the box DNS also same as IP address. Verifying: Go to command prompt

Type ping IP address. (PING: Packet Internet Groper)

ACTIVE DIRECTORY AD: Is a centralized database where it contains the information about the objects like users, groups, computers, printers etc. AD is a centralized hierarchical Directory Database. AD is a searchable Database. 2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.

Domain Controller (D.C.) A server where A.D. is installed is called D.C. Functionality of A.D.: Using A.D. we can organize, manage and control resources. It provides single point of administration. Purpose of A.D.: 1.Provides user logon authentication services. 2.To organize and manage user A/Cs, computers, groups and n/w resources. 3.Enables authorized users to easily locate n/w resources. Features of A.D.: 1.Fully integrated security system with the help of Kerberos. 2.Easy administration using group policy. 3.Scalable to any size n/w 4. Flexible (install/uninstall) 5.Extensible (modify the schema) New features in 2003 6.Rename computer name & Domain names. 7.Cross forest trust relationship. 8.Site-to-Site replication is faster. Evolution of LDAP: Earlier we had no database standard; hence TTU & ISO introduced X-500 LDAP (Light Weight Directory Access Protocol): It is an industry standard directory access protocol used for querying and providing communication among the objects in A.D.

It is directory access protocol

It runs on the port no. 389. DAP: It is based on OSI model. LDAP: Is based on TCP/IP model Installing A.D: Remequirents:

Windows 2003 O.S. A static IP NTFS partition with 250 MB of free HDD space DNS (Domain Naming System) Step1: on 2003 machine Start > Run> dcpromo>next>next >Select domain controller for a new domain >Domain in a new forest >next >Specify the domain name (Ex: zoom.com) >Net bios name (do nothing)>Next >database>next >Sysvol>next >Select middle one>next >Provide pwd>next >Restart - when it prompts After installing A.D. Go to Start>programs> administration tools We should notice 5 options like ADUC, ADDT, ADSS, DCSP, and DSP Safe removal of A.D. >Start >run >dcpromo Forceful removal of A.D .>Start >run > dcpromo / forceremoval Tools used for: Active Directory Domains and Trusts: Implementing trusts Raisingdomain/forest functional levels Adding user logon suffixes Active Directory Sites and Services: Configuring intrasite/intersite replication Configuring global catalog

 Creation of sites, site links, subnets. Scheduling replication Active Directory Users and Computers: Managing users/groups Managing computers. Managing OU s Managing Group Policy (Domain Level) Managing Operations masters. Raising domain functional level.

Domain controller security policy: Set account, audit and password policies Set user rights Permissions or policies Pertains only to the DC where you set. Domain security policy: Set account, audit and password policies Set user rights Permissions or policies pertain to the DC as well as to all the domains with in.

Installing ADC (Additional Domain Controller): Requirements: D.C. Static .P. DNS Stand-alone or Member Server.

Step1: on Stand alone machine or member server Specify I.P. Specify prefer DNS as servers IP. Start > run >ping servers IP. Step2: >start >run >dcpromo>next>next>select ADC for an existing domain Specify administrator s name & pwd. Domain name of DC (eg.zoom.com) Browse the domain Next>next> restore pwd. ADC is a back up for DC ADC maintains a back up copy of A.D., which will be in read only format. ADCs provide fault tolerance & load balancing There can be any no. of ADCs for a DC. ADCs should be placed and maintained offsite away from the DC. ADC maintains same domain name. Verifying whether the server is configured as DC or ADC. Start>run>cmd>net accounts For DC we will find primary For ADC we will findBackup ACTIVE DIRECTORY COMPONENTS LOGICAL STRUCTURE Domains Trees Forest Organizational units PHYSICAL STRUCTURE Sites Domain controllers

A.D. Components: Logical structure is useful for organizing the network. Logical components cannot be seen Physical structure is useful for representing our organization for

developing the organizational structure. It reflects the organization (mirrors) Physical structure can be seen. Ex. Site India, US, UK etc. TREE: A tree is a group of domains which share contiguous name space. If more than one domain exits we can combine the multiple domains into hierarchical tree structures. The first domain created is the root domain of the first tree. Additional domains in the same domain tree are child domains. A domain immediately above another domain in the same domain tree is its parent.

FOREST: Multiple domain trees within a single forest do not form a contiguous namespace. I.e. they have non-contiguous DNS domain names Although trees in a forest do not share a name space, a forest does have a single root domain, called the forest root domain The forest root domain is, by definition, the first domain created in the forest. The two forest wide predefined groups Enterprise. Administrators and schema administrators reside in this domain. Physical structure SITES: Site is a combination of TCP/IP, subnets, connected with high-speed links. Sites provide replication There are 2 types of replications 1. Intrasite replication 2. Intersite replication Intrasite Replication: It is a replication with in the same site. It offers full time Replication between DC & ADC when they are within the same site. Intersite Replication: It is a replication between two different sites. Intersite replication is implemented when the sites are away from each other.

-It requires a site link -Site link is a logical connection between sites, which can be created & Scheduled. -Site link offers communication only at scheduled intervals. Implementing sites: Forceful replication: On DC Start >programs> admin tools > ADSS > expand sites > default first site>servers>Expand DC server > NTDS settings >right click on automatically generated>replicate now>ok. Repeat the same for DC & ADC Creating a site: Open ADSS>Right click on sites>New site>Site name (e.g. UK, US) Select default site link>Ok Moving ADC into another site: Select ADC>Right click on ADC>Select move>Select site. Creating a Site link: Expand inter site transports>Right click on IP>Select new site link Link name (ex. Link US UK) Scheduling a site link: Expand inter site transport>IP>Double click on site link>Change schedule Click on replication not available>set the timings>click on replication available. KCC: (Knowledge Consistency Checker): It is a service of A.D., which is responsible for intimating, or updating the changes made either in DC or ADC. Active Directory is saved in a file called NTDS.DI T C:\windows\ntds\ntds.dit NTDS.DIT - New Technology Directory Services. Directory Information Tree

It is a file logically divided into four partitions. 1. Schema partition 2. Configuration partition 3. Domain partition 4. Application partition It is a set of rules schema defines AD, it is of 2 parts classes & attributes. Ad is constructed with the help of classes and attributes. 1.Schema: Logical partition in AD database template for AD database. Forms the database structures in which data is stored. Extensible Dynamic Protect by ACL (Access Control Lists) DACL s and SACL s (Directory & System ACL s ) One schema for AD forest. Collection of objects is called class. Piece of information about the object is called attribute. 2. Configuration Partition: Logical partition in AD database. map of AD implementation Contains information used for replication logon searches. Domains Trust relationships Sites& site links Subnets Domain controller locations. 3. Domain Partition: Logical partition in AD database. Collections of users, computers, groups etc. Units of replication. Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain. DC s do not replicate domain partition information for other domains 4. Application Partition: It is a newly added partition in win2003. It can be added or removed It can be replicated only to the specified DC s. Useful when we are using AD integrated services like DNS, TAPI services etc.. FSMO roles: (Flexible Single Master Operations): Forest wide Master Operation 1. Schema master 2.Domain Naming master

Domain wide master operation 3. PDC emulator 4. RID master 5. Infrastructure master Schema Master: Responsible for overall management of the entire schema in a forest. The first DC installed acts as a schema master in the entire forest. There can be only one schema master in the entire forest Master: Domain Naming Responsible for addition /removal of domains. It maintains the uniqueness of domain names. There can be only one DNM in the entire forest. 3. PDC emulator: PDC provides backward compatibility for existing NT BDC s and workstations. (If it is running in mixed mode) PDC updates the password changes made by the users.

It is also responsible for synchronizing the time. There can be only one PDC emulator per domain.
4. RID master: Responsible for assigning unique IDs to the objects created in the domain. There can be only one RID master per domain SID Security Identifier it maintains a access controllist. It is divided into two parts. 1.DID (Domain Identifier) 2.RID (Relative Identifier) For knowing the SID of the user >Start>run>cmd> who am I /user 5. Infrastructure master: Responsible for maintaining the updates made to the user & group membership. It also maintains universal group membership. There can be only one infrastructure master per domain The term flexibility means we can transfer any of the 5 roles from DC to ADC.

Transfer of Roles :We can transfer the roles for some temporary maintenance issues on to ADC and again we can transfer back the roles onto DC.

We can transfer the roles in two ways 1. Command mode 2. Graphical mode Transfer of roles through command On DC Go to command prompt and type ntdsutil Type: roles Connections Connect to server (name of ADC ex.sys2) Q Transfer schema master Transfer RID master Transfer infrastructure master Transfer Q Q Exit

Transferring roles using GUI: On DC Register the schema For registering schema Start > run > regsvr32 schmmgmt.dll Transferring schema master On Dc Start>Run>mmc>click on file> select add/remove snap in Select A.D.Schema>add>close>ok From console root Expand console root Right click AD Schema Change domain controller

Specify name Ok Right click AD schema Select operations master Click on change Yes> ok> file> exit (need not to save) Transferring Domain naming master: On DC Start>p>admin tools> ADDT>right click on ADDT Connect to domain controller Select ADC Ok Right click on ADDT Operations master Click on change>yes>ok> close Transferring Domain wide master operations: Start >p>admin tools> ADUC Right click on ADUC Connect to DC Select ADC > ok Right click on Domain name Select operations master Change>yes Select PDC> change>yes>select infrastructure>change>close>close. GLOBAL CATALOG It is a service responsible for maintaining information about the objects and serving the requests made by the users by providing the location of the object. Global Catalog runs on the port number 3268. All types of queries are first heard on this port number and forward the query to port no.389 (LDAP s).Maintains the complete information about the objects within the same domain and partial information about other domains. GC communicates to infrastructure master. If DC & ADC are located in the same location only one GC is enough. If the DC&ADC are located remotely to avoid network traffic we need to configure ADC as GC Infrastructure master contacts global catalog for obtaining the updates about user & group membership and universal group membership. The primary functions of GC To maintain universal group membership information, to easily locate the objects

with in the AD.: Configuring a Global catalog server. Either on ADC or on Child DC >Start >program>admin tools> ADSS> expand sites >default first site>server> On NTDS right click> properties>check the box Global Catalog. Installing Child DC: Requirements: Parent DC Member server or stand alone server Static IP DNS NTFS volume with 250 MB of free HDD space On Member Server or stand alone machine specify the servers DNS. >Start >run>dcpromo>next>next>next>domain controller for a new domain>next> Child Domain in an existing tree>specify the parent domains administrators name & pwd. >Specify the child name>next>netbios name> next> database folder> next>Sysvol>next>restart. Installing New Domain tree in an existing forest: Requirements: Forest (initial domain controller or root domain controller) On member server or stand-alone machine. Specify the servers DNS. Start>run>dc promo> next> next> next>Domain Controller for a new domain. Select Domain tree in an existing forest. Specify the root domains admin s name & p w d Next> specify the new domain name> next>net bios name> next>database > next>sys v o l> next>DNS next>permission compatible > next>restore mode p wd> next Trust Relationship: Trust is a process of enabling resources of one domain to be accessed by another domain. Functional Levels:

1.

Domain Functional Level:

A) Windows 2000 mixed B) Windows 2000 native C) Interim D) Windows 2003 server

2. Forest Functional Level: a) Windows 2000 mixed b) Interim c) Windows 2003 server. Windows 2000 mixed: By default when we install 2000 or 2003 o/s it gets installed in win 2000 mixed mode. This mode supports older versions of win2003. We can add NT, 2000 flavors in 2003 networks.

Windows 2000 native:

It supports only 2000 and 2003; Native mode can have 2000&2003 flavors only. Interim: This mode can have NT and 2003. Useful when we upgrade NT to 2003 Windows 2003 server: This mode supports only 2003 server family. We cant join NT/2000 domains Types of Trusts: Trust relationships in Windows server2003: Default two way transitive Kerberos trusts (intra forest) Shortcut one or two away transitive Kerberos trusts (intraforest) Reduce authentication requests Forest-one or two way- transitive Kerberos trusts. WS2003 forests WIN 2000 does not support forest trusts > Only between forest roots

>Creates transitive domain relationships. External one way non-transitive NTLM trusts. Used to connect to /from win NT or external 2000 domains.- manually created. Realm one or two way non-transitive Kerberos trusts. Connect to /from UNIX MT Kerberos realms. Establishing Trusts: The Domain where we have user accounts is called trusted domain. The domain where we have resource is called trusting domain. Trust between parent and child is two way transitive trusts. Ex; A trusts B, automatically B trusts A this is a two way trust. Trust between parent and Grandchild domain is called implicit trust. One-way trust or Non-transitive Trust: A trusts B, but B doesnt trust A Transitive trust (2 ways): If A trusts B, B automatically trusts A One way incoming trust: It means A is getting the resources from B and B is offering the resources.