Windows Admin Questions and Answers
|A domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory database. A tree can have multiple domains|
|Group Policy allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).|
A Group Policy Object (GPO) is a collection of settings that control the working environment of user accounts and computer accounts. GPOs define registry-based policies, security options, software installation and maintenance options, script options, and folder redirection options.
There are two kinds of Group Policy objects:
* Local Group Policy objects are stored on individual computers.* Nonlocal Group Policy objects, which are stored on a domain controller, are available only in an Active Directory environment.
|Firstly, schmmgmt.dll has to be register. Then ADSIEdit tool can be used to edit schema.|
Domain local groups assign access permissions to global domain groups for local domain resources.
Global groups provide access to resources in other trusted domains.
Universal groups grant access to resources in all trusted domains.
|Switching or transferring roles in an Active Directory can be made with the use of Ntdsutil.exe.|
|A domain controller (DC) or network domain controller is a Windows-based computer system that is used for storing user account data in a central database. It is the centrepiece of the Windows Active Directory service that authenticates users, stores user account information and enforces security policy for a Windows domain.
A domain controller allows system administrators to grant or deny users access to system resources, such as printers, documents, folders, network locations, etc., via a single username and password.
|Backing up Active Directory is essential to maintain an Active Directory database. You can back up Active Directory by using the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003 family provides.You frequently backup the system state data on domain controllers so that you can restore the most current data. By establishing a regular backup schedule, you have a better chance of recovering data when necessary.To ensure a good backup includes at least the system state data and contents of the system disk, you must be aware of the tombstone lifetime. By default, the tombstone is 60 days. Any backup older than 60 days is not a good backup. Plan to backup at least two domain controllers in each domain, one of at least one backup to enable an authoritative restore of the data when necessary. For taking backup of active directory you have to do this :
first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUPwhen the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the syatem including AD backup , DNS ETC.
* Read-Only Domain Controllers
* Fine-Grained Password Policies
* Restartable Active Directory Service
* Backup and Recovery
* SYSVOL Replication with DFS-R
* Auditing Improvements* UI Improvement
NTFS is the current file system used by Windows Operating System. It provides security for local user as well as for domain users. It offers features like security permissions (to limit other users' access to folders), quotas (so one user can't fill up the disk), shadowing (backing up) and many other features that help Windows.On the other hand, FAT32 is the older Microsoft file system, primarily used by the Windows 9X line and Window could be installed on a FAT32 partition up to XP. In comparison, FAT32 offers none of what was mentioned above, and also has a maximum FILE (not folder) size of 4GB, which is kind of small these days, especially in regards to HD video.