Interview Quitions (Personal Interview)

!) Tell me something about your self?1. Give me a general view of your current (or most recent) responsibilities. 2. If you could have the perfect job, what would it be? 3. Think of a problem you had to deal with at your last (or present) job. Tell me exactly what happened and how you handled it. 4. Describe a situation in which you might find it justifiable to break company policy or alter standard procedure. 5. In your past job experience, tell me about a time when you stuck to company policy to solve a problem when it might have been  easier or more immediately effective not to. 6. Give me an example of a time when communicating with a customer (or fellow worker) was difficult. Give me an example of how you handled it. 7. Think of a day when you had many things to do and describe how you scheduled your time. 8. Tell me about something you've done in your current (or most recent) job that is creative. 9. Tell me about a time when you made a quick decision that you were proud of. 10. Tell me about an important goal you have set in the past and how successful you were in accomplishing it. 11. Think of a time when you had to do a task that was particularly uninteresting. How did you deal with it? 12. What experience have you had with a miscommunication with a customer (or fellow employee). How did you solve the problem? 13. Tell me about a time when an upper-level decision or a policy change held up your work. 14. Have you ever had to make a sticky decision when no policy existed to cover it? Tell me what you did. 15. Describe a time when you communicated some unpleasant news or feelings to a supervisor. What happened? 16. What has been your experience in dealing with poor performance of subordinates? Give me an example. 17. In your current (or most recent) position, what types of decisions do you make without consulting your boss? 18. Can you give me an example of when you came up with a clever way of motivating someone? 19. Give me an example of a time when you got really motivated at work. 20. What have been major obstacles which you have had to overcome on your most recent (or current) job. How did you deal with them? 21. What types of things have made you angry? How did you react to those situations? 22. Describe a situation in your last (or current) job where you could structure your own work schedule. What did you do? 23. Describe for me a time when you made a mistake that illustrates your need for improvement in a certain area. 24. You have heard the expression, "being able to roll with the punches." Describe a time when you had to do that. 25. If you could be "supervisor-for-a-day" at your current (or most recent) position, what changes would you make?

Technical Interview (Windows / Exchange Administrator)OS1) What are different file systems in Windows NT based Systems---2) Difference between FAT 16, Fat 32 and NTFS file systems----3) What is a Domain and Workgroup? Highlight advtgs and disadvtgs.4) Difference between Winnt4.0 Domain and Win2k ADS domain Model.----5) Which is the latest SP for Winnt4.0---6) What are PDC and BDC? Highlight the difference between PDC and BDC---7) Can we reset password or make changes to domain in NT4.0 when PDC is down and BDC is up.8) What are the NT authentication methods in Winnt4.0 domain model9) What is Local and Global group in NT4.010) What is the Winnt systems boot sequence11) What are the two types of disks systems?12) What are the different versions of Win2k OS?13) What is latest SP for win2k?14) What are FSMO roles? Explain each FSMO roles15) What is the use of PDC emulator in both Native and Mixed mode16) What and where is Schema master located17) What are the 3 naming context in which ADS is divided.18) What will be the effect on root and child domain if Schema master is down19) What is Win2k Authentication method20) What is GC? Why is it recommended to have GC for each AD site and sub domain21) What is TCP/IP port for GC.22) What is the IIS version on win2k Servers23) What type of Dynamic disks supported in Win 2k server24) What is local, global and Universal groups in ADS domain25) What is the database for ADS services?26) What is Sysvol used for?27) What is Dcdiag, netdiag, replmon, repstat and dsadiag? & How to use ?28) What are different types backup in windows 2000? 29) Explain by means of a scenario where would I require a tree, Child domain, Additional Domain Controller ?30) What is TCP/IP? Tel me the difference between TCP & IP?31) What is Distributed File System?32) What is Unattended installation in 2000?33) What are the Different types of RAID?34) What do you mean by Clustering?35) What is the Difference between OU & Group?36) What is the Difference between Basic Disk & Dynamic disk?37) What is Host file, LMHOST file, WINS & DNS?38) What are NTFS permission & shared Permission?39) What is Symmetric & asymmetric processing? 40) What is routing & remote access?41) What IS VPN & What is the difference between PPTP & L2TP?42) What is the mean by subnet?43) What is NAT?44) Explain the procedure for migrating from Windows NT4.0 to Windows 2000?45) How to enable auditing in files & folder?46) What is software Distribution?

47) What is trusting Domain & and what is Trusted Domain?

Exchange 5.5

1) What are the core services? Explain the order of starting the services.2) Explain the hierarchy of exchange Admin program3) What are the two versions of exchange 5.5 and compare them.4) What is the component of exchange called where mails and public data is stored5) What is latest SP for Exchange 5.5?6) What is information store and directory database files and locations7) What is custom recipient mailbox8) What is the size of transaction log file9) Difference between Sequential and circular logging. Where do you enable it?10) Which service is responsible for server-to-server communication?11) What is MTA used for?12) What is GAL13) What are different ways of connecting sites? Highlight differences between X.400 and Site Connector.14) What are different mails clients supported by Exchange 5.5?15) What is IMC used for?16) What is X.400 and X.500 standards17) What is IPM message format.

Little bit of ADS, like Netlogon not starting, users not able to logon to domain… only from the troubleshooting side.Any Exchange Connectivity issues ?Exchange migration to 5.5 to 2003?How important is IIS for exchange?Experience on database crashes?Mails are stuck in the local queues? What could be the problem?Have you faced any issues when Information store is not starting? What will you do?Have you faced any issues when System Attended is not starting? What will you do?Mails are stuck in SMTP queue? What will you do?Any experience on Antivirus?Any experience on Clusters?How can you know wheatear exchange is being backed up completely?Have you been in a situation where you have troubleshooted ADS?Any DNS issues?Difference between WINS and DNS?Any troubleshooting experience on OS?Any experience in memory dump troubleshootingWhy and when GC or ADS is used while sending a mail.What is Stub zone?How is DHCP integrated with ADS?No users r able to check their mails using outlook.. resolve.No users r able to logon to the ADS?Exchange Database size (Std and Ent) (Without SP and with SP)Check out all the PORTS.

Have you worked on disaster recovery Yes / No. What is native mode and mixed mode of Exchange Native mode: Only E2K / E2K3 servers. Mixed Mode: 5.5 and E2K / E2K3 servers What is SMTP Simple Mail Transfer ProtocolWhat is SPAM Mail Abused Protection SystemWhat is MX record Mail Exchanger entry in DNSWhat is PST stands for Personal Storage fileWhich port does SMTP & POP 3 connect to 25 / 110What is level of permission that you have on the Exchange Server a) Exchange administrator b) Exchange Full Administrator c) View only

What is the difference between Exchange server std edition and Enterprise edition a) Standard edition can go up to 16GB store limit only

b) Enterprise edition has no store limit size

What is an stm file a) Streaming file in Exchange 2000 onwards, used for Internet based e-mails

What is a Recovery Storage Group?a) Exchange 2003 introduced for recovering the mail boxes, with no downtime of the production server

What protocol does Outlook use to connect to an Exchange server ? RPC

What is circular logging a) After 5 log files of 5 MB each, the first is over written (Not recommended)

Number of Database and Storage group supported in Exchange? a) 1 Storage group can have 5 stores. We can go up to 5 storage group

What is a checkpoint file ? a) Keeps the track (index) of committed transactions and the log files

What are the core components of Exchange 5.5 a) Directory Services, System Attendant, MTA, Information store, What are the different types of connectors in E55 a) IMC, Site Connector, DRAS, X.400,

What are the files required/used by the Information Store Service ? a) priv.edb, pub.edb, edb.logWhat is a Native Mode Windows 2000 Domain ? a) All Domain controllers are 2000 and above (2003)

Exchange 2000

1) What are the core services for Exchange 20002) Explain the hierarchy of exchange management console program3) Different versions of Exchange 20004) Latest SP for exchange 2000---4) How many storage groups and stores are supported in exchange 20005) What is RUS? Which service is responsible for the RUS? ---6) What is recipient polices, email policy and Mailbox manager policy7) What are DN, RDN UPN and SMTP naming formats?--8)What is System policy?--9) What are the different ways to apply mailbox restriction on certain mailboxes?

10) What is mapi and non-mapi tree?11) What is edb.chk file used for?12) What is eseutil /d, eseutil /p eseutil /g used for?13) What is restore.env file?14) What is dsacess and boostrap?15)what is mailbox enabled and mail enabled user?16) Tell me the mailflow in exchange?

Networking

1) What is OSI layer?2) What is application and Transport layer responsible for?3) What are different classes of networks?4) What is socket combination of5) What are some of the common port number forSMTP, HTTP, FTP, POP3, IMAP, DNS, GC LDAP and RPC6) Difference between WINS and DNS7) What is net bios and FQDN name resolution methods8) What DHCP server.9) How do we clear the dns cache on the client machine?10) What is MAC address and IP address?11) What are the various types of DNS records?12) Explain the zone types in DNS of W2K?13) What is the core diffrence between Bridge and a router ?

MICROSOFT QUESTIONS

1. Tell me something about yourself2. You are working on which Exchange version?3. What are your daily routine tasks4. How message traking works??5. What is the major and significant task that you have done or involved??6. Tell me something about disaster recovery?? Explain with steps.7. If you have one Exchange server and it is directly connected to internet……you receive the

mails, but you r not able to send mails….what is the problem.8. I have 40 GB of space.. my database size (both edb and stm) is 10GB.Then also , I am

running out of space…. What is the problem9. What is purging .How will you configure purging in backup10. What is circular logging??? How will configure it11. If you r at work and have some free time then what u do…12. In case of mailing problem tell me any of the significant one or challenging one.

2nd Round.

1. What is your main professional objective..2. In case you want to restore some of the mails from a users mailbox what will you do…3. Explain the concept of transaction logs

4. how will you check whether the transaction logs are committed or not.5. What is smtp connector…6. what do you expect from a team….

Technical Interview Questions Active Directory

1. what is Active Directory?2. What is LDAP3. can you connect Active Directory to other 3rd party Directory Services? Name a few

options4.

Frequently Asked questions: Collected from Candidates Joined before:

A. Networking:

Q. What is OSPF? What is it used for?A. Open Shortest Path First. It is a routing protocol that is in used for inter router communication to build the tables for routing packets across multiple links for data transmission from one point to another across the shortest path when multiple paths to a destination are available.

Q. How do you divide a Class C network into smaller networks? How does it help?A. Use subnets. Helps by reducing the broadcast network traffic across the networks.

Q. What is the port numbers for SMTP, POP3, FTP. A. 25, 110, 21

Q. What are the classes of Networks?A. Class A (1 to 126), Class B (128 to 191), Class C (192 to 223), Class D (224 to 240) and Class E ( 241 to 254) 255 is used for Broadcast.

Q What is a loop back ipaddress? (Some network equipment uses the term loopback for a virtual interface used for management purposes)A. 127.0.0.1

Q. What do u mean by private IP addressing and public IP addressing?A. Private IP addresses are used for intranet purposes and cannot be addressed from the Internet. Public IP addresses for a part of the pool of IP addresses that can be accessed via the internet, generally allocated by an ISP.( Internet access provider) OR InterNIC has reserved certain IP addresses as private addresses for use with internal web sites or intranets. These addresses are not routable on the public Internet

Q. What are private IP addresses?A. The 3 ranges are :

10.0.0.0 with subnet 255.0.0.0172.16.0.0 with subnet 255.240.0.0

192.168.0.0 with subnet 255.255.0.0

Q. You are the admin at a branch office. The company modifies its IP addressing structure: subnets: 1 Network number: 192.168.1.128 Subnet mask: 255.255.255.128

What is the valid ip range? A. 192.168.1.0....192.168.1.255 B. 192.168.1.129....192.168.1.254 C. 192.168.1.129....192.168.1.190 D. 192.168.1.128....192.168.1.191

Answer: B

Q. What is a difference between a hub and a switch?A. Hub is a device that works on the principle of bandwidth sharing while switches have dedicated bandwidth for each port. Data packet collisions are avoided in switches on account of dedicated bandwidth; while in hubs data collision can cause retransmission of packets.

Q. What is the command by which you can refresh the IP address of a computer, that is assigned an IP by a DHCP server? A. ipconfig /renewall

B. Windows XP:

Q. What is the difference between Remote Desktop and Remote Assistance?A. Remote Desktop is used to access a machine by a user from another machine. Remote Assistance is used by a user when he needs help from another person.

Q. Can you use remote desktop from Windows XP Home to Windows XP professional and vice versa?A. Remote desktop is a feature on Windows XP Professional. Windows XP home can be used a client. So it is possible to use remote desktop from home to professional but not vice-versa.

Q. What is the maximum number of clients that can connect to a Windows XP machine?A Ten (10)

Q. A user on Windows XP using a DHCP client reports that he has an IP address of 169.254.10.10. What do you think is the issue with the desktop?A. The client is not able to contact the DHCP server so he is being allocated an Automatic IP address by Windows XP.

Q. What is RIS? What client OS can be client using this service?A. Remote Installation Services. Windows 2000 Professional and Windows XP.

Q. What is a System Checkpoint?A. Whenever an application is installed Windows XP creates a System checkpoint to which the system can be rolled by using the System restore application.

Q. What is driver roll back?A. Windows XP maintains a backup of the last installed driver. When driver roll back is done, it removes the current driver and reinstates the driver from the backup.

Q. Can u save a file to compressed folder?A. No , Files can only be moved in to compressed folder , you cannot directly save the files.

C. Windows 2000/2003 Server:

Q. Can you have a user by the same name in 2 different OU of a Windows 2000/2003 Active Directory?A. No, object names in Windows 2000/2003 directory have to be unique.

Q. What are DNS Zones?A. Primary, secondary and Active directory integrated OR Forward and Reverse lookup Zones.

Q. What is forward and reverse lookup zones used for?A. Forward lookup zone helps in resolving the names to IP addresses while reverse lookup zones help in IP address to host name lookup.

Q. What is Zone replication?A. Data transfer between the primary and the secondary DNS servers is called zone replication.

Q. Can a Windows 2000 AD server and Windows NT 4.0 PDC co-exist in the same domain?A. No

Q. What is OS hardening?A. It is the process of locking down services not in use by the server to decrease the surface of attack available to hackers/viruses.

Q. How do you install IIS in Windows 2000/2003?A. From Control Panel Add/Remove Programs Windows Components Applications IIS (for Windows 2003) From Control Panel Add/Remove Programs Windows Components IIS (for Windows 2000)

Q. What command do you use for creating an Active Directory in Windows 2000/2003?A. DCPROMO

Q. You are administrator of a Windows 2000 network. You are configuring RIS to deploy Windows 2000 Professional on new client computers. New users report that when they attempt to install their computers, they are unable to get an IP address. What should you do?

A. Authorize the DHCP server in the DHCP console. B. Configure each computer to boot from a remote installation bootdisk. C. Create a reservation in DHCP for each client. D. Start the Boot Information Negotiation Layer (BINL) service on the RIS server.

Answer: A

Q. What are the differences between NT 4.0 and 2000 domains?

A. Domain implementation in Windows 2000 was basically written from the ground up with its directory service roots and the table below shows the major differences:

Feature Windows NT 4 Windows 2000 mixed- Windows 2000 native-

mode mode

Number of objects40,000 (20,000 recommended)

40,000 (20,000 recommended)

1,000,000 although 4,000,000 has been listed

Multimaster replication

No Yes Yes

Group types Global, Local Global, Domain LocalUniversal, Global, Domain Local

Nested groups No No Yes

Cross-domain administration

Limited Limited Full

Password filtersManually installed with SP2 and above

Manually installed Automatically installed

Queries using desktop change/configuration management

No 2000 DC's only Yes

Authentication protocols

NTLM NTLM, Kerberos

Q. How do you demote a PDC to a BDC?A. Normally when you promote a BDC to the PDC, the existing PDC is automatically demoted to a BDC, but in the event that the PDC was taken off line and then a BDC promoted when the old PDC is restarted it will still think its the PDC and when it detects another PDC it will simply stop its own netlogon service.

Q. What is a DHCP server?A. Dynamic Host Configuration Protocol. Its is used to allocate IP addresses dynamically and automatically to client machines. The advantage is that the pool of IP addresses is used efficiently and the administrator does not have to assign an IP address to each client individually.

D. Exchange Server.

Q. What is the pre-requisite for setting up Exchange 2000 on Windows 2000?A. Windows 2000 Active Directory, IIS, SMTP and NNTP protocol and Windows 2000 SP1.

Q. What is the maximum size of a Personal Store file (*.pst) in Outlook?A. 2 GB

Q. What is the difference between SMTP and POP3? A. SMTP is a mail transmission protocol while POP3 is a mail retrieval protocol.

Q. What are the critical services in Exchange 5.5?A. System Attendant, Directory Service, Information Store are critical services, MTA is a non critical service

Q. In Exchange 5.5, explain the role of the site service account?A. It is the account that is used for authenticating each service of Exchange server during startup and for administrative purposes.

Q. Do you need to have a Active Directory to install Exchange2000?A. Yes, Active Directory is the pre-requites of Exchange2000

Q Is it possible for Exchange5.5 to co-exit with Exchange2000?A. Yes, You will need to have a active directory connector.

Q In which version of Exchange is X-400 connector available?A. X-400 connector is available only in Exchange Enterprise version.

Q What is a digital Certificate?A. A digital certificate is a certificate issued by a certification authority to facilitate the identification of the sender and the recipients and also helps encrypt the data to ensure that only the intended receiver gets the data.

E. Backup and Restore:

Q. What is the difference between Differential and Incremental backup?A. Differential backup takes the backup from the last full backup. It does not reset the archive bit. Incremental backup takes the backup from the last known backup state. It resets the archive bit.

Q. Can you restore files and folder backed from a NTFS partion to FAT?A. Yes , the files can be restored , but only thing is the NTFS permission can not be retained .

Q. What is a difference between moving a file on same partion and moving it across two different partions?A. Moving a file in same partion will retain its original permission. But if it is moved across the partion then the permissions you will be loosed and it will take the parent permission of that volume.

F. MSOffice:Q. If a user reports that his MS Word applications reports as corrupted hat action do you take first?A. Go to Add-Remove programs in the Control Panel and attempt to repair the MSOffice setup.

G. ISA Server: Q. What are the modes that you can install ISA server in?A. Caching Only, Firewall and Mixed Mode.

Q. What is stateful filtering of packets?A. Application Layer inspection or Filtering. The incoming packets are inspected at the application layer for integrity and to ensure that the packets do not lead to security vulnerability at the application layer.

H. SQL serverQ. What is a SQL database?A. RDBMS

Q. How do you backup a table?A. BCP Out to export the table to a flat file and BCP In to import the table into the database from a flat file.

Q. What is the latest service pack for SQL Server 2000?A. Service Pack 3A

Q. What is a trigger?

A. It is a set of instructions defined to be executed when a certain set of conditions are meet.

General questions: Exchange server

← What are the mailbox limits? ←← How to I check the size of my mailbox? ←← Once a campus-wide Exchange account is created, when does it begin to receive e-mail? ←← Please tell me where I can find Outlook Web Access or OWA for the campus-wide Exchange server. ←← Why does it seem that items disappear from my "deleted items" folder all at one time? ←← I use Outlook 2003, what should I expect? ←← My career account password does not work. What should I do? ←← How do I change my Exchange password?I do not understand the connection between my Exchange

password and my career account. ←← I am a computer support person. I have a faculty/staff member who has requested an ITaP Exchange

account. How do I request an account for them? ←← I am a computer support person. I have a faculty/staff member who needs their ITaP Exchange

account deleted. How do I delete an account? ←Configuration: ← I connect via IMAP or POP to the Exchange server. What must I do to connect? ←← I need configuration information for my Outlook email client to use with the campus-wide Exchange

server. Can you help?I am using a Macintosh and would like to use Entourage X (with the proper updates) to connect to the ITaP Exchange servers. How do I configure this? I currently use LMHOST to connect to exchange. Where can I find an updated lmhost file?

←← Is there anything that I can do to help speed up response time to the campus-wide Exchange server? ←← I am using Outlook 2003/Windows XP and would like to connect to the ITaP Exchange server using

RPC over HTTPS. How would I configure this? ←← What is the best way to connect to Exchange 2003 from home? ←Intelligent Message Filtering: ← What is Intelligent Message Filtering (IMF)?What does Intelligent Message Filtering (IMF) do for me?

How do I turn "on" Junk Filtering for Safe or Blocked Sender Lists? ←← Do I have to run my Outlook 2003 in Cached Mode to use Safe\Blocked Sender Lists? ←← I receive a dialog box that says "The Junk E-mail Filter is not available for your Microsoft Exchange

Server e-mail account because you are working online. To enable the Junk E-mail Filter for this account, switch to Cached Exchange Mode.", what does this mean?

←← How do I add someone to my Safe Sender List? ← How do I add someone to my Blocked Sender List? ← How do I remove someone from my Safe Senders List? ← How do I remove someone from my Blocked Senders List? ← Can I modify the Aggressiveness of the Junk E-mail filtering? ← Can I have it permanently delete suspected junk e-mail instead of moving it to the Junk E-mail folder? ←← What happens if I have a rule for E-mail from someone and the IMF scanner thinks it is SPAM? ←Portable Devices:← I have a portable device that can browse the internet. How can I check my email with it? ←← What devices are supported for Outlook Mobile Access (OMA)? ←← Where do I go for information about Blackberry wireless devices? ←Public Folder questions:← What are the possible types of Public Folders? Please tell me about naming standards for Public

Folders? Could you tell me about controlling permissions to Public Folders? Is there anything else I need to know about Public Folders?

←Resource questions:← What are the possible types of Resources? Please tell me about naming standards for Resources?How

do I configure a Resource?

1. What is Exchange 2003 Forestprep?

Exchange 2003 Forestprep extends the AD schema to include Exchange specific information.

When you use the /ForestPrep option, the Exchange Setup program extends the Active Directory schema to add Exchange-specific classes and attributes.

ForestPrep also creates the container object for the Exchange 2003 organization in the domain naming context of Active Directory, and it assigns, to the account that you specify, Exchange Full Administrative permissions to the organization object.

This account now has the authority to install and manage Exchange 2003 throughout the forest, along with the authority to assign other administrators Exchange Full Administrative permissions after the first Exchange server is installed.

2. What is Exchange 2003 Domain prep?

Domain Prep creates the groups and permissions necessary for Exchange servers to read and modify user attributes in Active Directory. You must run Domain Prep before installing your first Exchange server in a domain.

3. What is a DC?

A DC is a Windows 2000 or 2003 Domain Controller that holds active directory partitions for a domain (used for things like user authentication).

4. What is a GC?

A GC is a Global Catalog Server. A GC holds a full set of attribute for the domain in which it reside and a subset of attributes for all objects in the Active Directory Forest.

5. What is DDNS and why do I need it?

Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.

OR

(DDNS is a service that maps Internet domain names to IP addresses. DDNS serves a similar purpose to DNS: DDNS allows anyone hosting a Web or FTP server to advertise a public name to prospective users. Unlike DNS that only works with static IP addresses, DDNS works with dynamic IP addresses, such as those assigned by an ISP or other DHCP server. DDNS is popular with home net workers, who typically receive dynamic, frequently-changing IP addresses from their service provider.)

6. What is a border server?

A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.

7. What is a mixed mode Exchange environment?

An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.

8. How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Administrative Group?

In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a group of Exchange objects sharing a common set of permissions and routing groups define how those servers communicate with one another. A single Administrative Group can contain several Routing Groups. Example: Your North American Exchange servers might be grouped in a single Administrative Group, but subdivided into several Routing Groups to optimize interserver communication. An Administrative Group contains zero or more Routing Groups.

1. What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

2. Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + KB331320

3. When will Exchange 2003 SP1 be available?

When it is ready

4. How do I configure the Recovery Storage Group?

In Exchange 2003, there is a new feature called the "Recovery Storage Group" (RSG). This is a special instance of ESE (a 5th instance) which can be spun up to provide:a. Item/Folder/Mailbox level restore without the need for a spare serverb. "Dial tone" (blank mailbox) support if you lose a database and need to get the users quickly up and running for send/receive

To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new Recovery Storage Group.Once the RSG exists, you can add a database to it (any MDB from any Storage Group from any server inside the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use ExMerge to extract the data from the RSG and merge it into the production database (for scenario a.), or you can swap the RSG-restored database for the temporary production database (for scenario b).

One of the goals for the Recovery Storage Group

5. Under Exchange 5.5 I couldn't restore a single mailbox without 3rd party products. With Exchange 2003, is it any easier to restore a single mailbox or back up a single mailbox?

Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Windows account is deleted. Although restores have been greatly improved with the new Recovery Storage Group (RSG) and the Volume Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would still require a 3rd party brick level backup utility.

6. Can I back up the EXIFS drive using NT Backup or another backup application?

You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in messages and attachments being inaccessible via the Outlook client.

7. How can I prevent a user from sending and receiving Internet mail?

Follow the steps outlined below:

1. Create a group called InternalOnly. 2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the

X400 address alone so they can receive internal mail. 3. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s),

choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector.

4. Follow the steps in KB277872, regarding Connector Restrictions.[Now they can't use the SMTP connector(s) to send external mail]

8. What tools are used to administer Exchange 2003?

Active Directory Users & Computers - Used to create users, distribution groups and contacts.

Exchange System Manager - Used to manage the Exchange Server, create address lists, recipient policies, and now does some user level actions...

9. Can I use Exchange 2000 tools to manage Exchange 2003 Servers?

No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000 ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange 2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000 SP3 roll-up to your Admin workstation(s) - http://microsoft.com/downloads/details.aspx?FamilyId=E247C80E-8AFA-4C2A-96B3-F46D1808C790&displaylang=en

The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning). Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that the data value is greater than the version of ESM running, it will not allow edits to that object.

The following objects may become damag

10. Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers?

Yes, with the exception of the following Exchange 2000 components; Key Management Server, Exchange Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:Mail Connectors

11. I created a user in AD Users and Computers, but in the Exchange system manager it doesn't appear under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after it has been created, which would cause it to appear.

12. I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in Outlook.

Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies can be accessed with the web.

13. In Exchange 5.5, I could have multiple mailboxes associated with a single user account. How do I do that in Exchange 2003?

Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object 'receive as' and 'send as' permissions to that mailbox.

14. What is the difference between 'receive as' and 'send as'?

'Receive as' allows a user object to open a mailbox. 'Send as' allows a user to send out a mail message as the mailbox that has been opened.

15. How do I restrict a user or domain from sending mail to my users?

First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers).

16. I've created more than one address list. Which list will users see for their GAL?

The following criteria are used when determining what a client will see for the Global Address List.

o Which Address List do you have permissions to see? o Which Address List contains your mailbox object as an entry?

If your mailbox appears as an object in more than one address list:

o Which of the remaining Address Lists contains more entries?

2. What do the event IDs mean in the message tracking log?

They are listed in Appendix A

3. Is Single Instance Storage maintained when moving users between servers | storage groups | databases?

Yes...

4. In my native E2K3 organization is there any requirement for RPC connectivity between servers?

In order to move users between servers, RPC connectivity is required.

5. How can I archive messages sent or received by my users?

1. Messages can be archived on a per store basis by enabling the option on the general properties tab of the Mailbox Store in the Exchange System Manager.

2. Use an event sink (either write your own or use the simple one provided by Microsoft and described in “Archive Sink Readme.txt”

3. Use a 3rd party message archival tool.

17. Why when I try to add an additional mailbox store do I receive the following error? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a

You are running the standard version of Exchange 2003 which is limited to a single 16GB private information store.

18. How do I get the Exchange Advanced Tab in Active Directory Users and Computers?

Open Active Directory Users and Computers. Click on the View menu item at the top of the application. Select “Advanced Features” on the menu list. When you open a property page for an Active Directory object that has a mailbox associated with it, you will now see the “Exchange Advanced” tab at the top.

19. How do I control the format of the addresses before the @ sign in a recipient policy?

You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy.

Examples:

User: Tommy Lee JonesDomain: company.com

%g.%s@company.com = Tommy.Jones@company.com%1g%s@company.com = TJones@company.com%g%2s@comapny.com = TommyJo@company.com

Less commonly used variables include, %m (alias) and %d (display name).

20. How do I make Exchange automatically send a welcome message to all newly created users?

There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is opened after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script.

21. How do I determine what version of Outlook applies to a build or version number?

http://www.cdolive.com/build.htm

22. Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. ****

There are 3rd party products that will do this too.

23. How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

24. How can you tell the exact version of Exchange you are running?

Here is a list of build numbers for Exchange 2000/2003:

Exchange 2000

o 4417.5 = Exchange 2000 RTM o 4712.7 = Exchange 2000 SP1 o 5762.4 = Exchange 2000 SP2 o 6249.4 = Exchange 2000 SP3 o 6396.1 = Exchange 2000 Post-SP3 Super Roll-up o 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes

Exchange 2003

o 6728.12 = Exchange 2003 Beta 1 o 6803.8 = Exchange 2003 Beta 2 o 6851.10 = Exchange 2003 Release Candidate 0 o 6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

2. How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic – KB317327

3. Resource / Conference room scheduling

Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to “Direct Booking of Resource Without a Delegate Account”

There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that will automatically accept/decline meeting requests for conference rooms and other resources.

4. How do I create users from an Excel table?

There is no built-in way to accomplish that. However, see http://www.cdolive.net/download/bulkaddfromexcel.zip for a Windows Scripting Host script that uses an Excel table to create users and mailbox enable them.

5. How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me it is in use when I try to create a new user?

Either open Outlook to create a new message with that SMTP address and hit “CTRL+K” to resolve it, or use a Windows Scripting Host script to find it. For the latter, see http://www.cdolive.net/download/adusermanagement.zip (look for FindUserWithADSI.wsf and FindUserWithCDO.wsf)

6. How do I disable the "Automatically update e-mail addresses based on recipient policy" on all users or contacts?

' Default setting for "msExchPoliciesExcluded" is empty' Once disabling the automatic e-mail address update it is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

' Default setting for "msExchPoliciesIncluded" is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" plus a unique GUID for each applied Recipient Policy separated by a comma' And after turning off the automatic update "msExchPoliciesIncluded" is only:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

7. How do I Enable the Security Tab for the Organization Object?

This tab is not enabled by default. For instructions on how to enable it see KB264733

8. How do I restrict users from Creating Top-Level Folders?

For Exchange 2000 public folders, you can follow the instructions in this article KB256131. But with Exchange 2000, however, any time a new server is added to the organization, these permissions will be reset.

In Exchange 2003 these permission are restricted by default so to install Exchange 2003, you will automatically restrict them.

“Allow create top-level public folder access control entry for everyone” permissions and “allow anonymous logon from the organization container” permissions are removed during the installation of Exchange 2003.*****

9. Why do the storage quota settings not take effect immediately?

This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more information see KB327378

10. How do I limit which Outlook client versions can access my server?

You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more information, see KB288894

Exchange 2003 > Setup/Upgrade

1. What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

2. Can Exchange 5.5 or Exchange 2000 run on Windows 2003?

NO. Windows 2003 uses IIS 6.0, which has been re-engineered to keep up with best practices and industry standards. Windows 2003 has an IIS 5.0 compatibility mode, however, it is not compatible with Exchange 5.5 or Exchange 2000. Therefore, neither Exchange Systems are compatible with Windows 2003.

3. Can I run Exchange 2000 with an AD infrastructure with Windows 2003 DC's?

YES, all exchange versions will run in an AD 2003 environment. Exchange 2000 will benefit from some of the new features in AD 2003 and Exchange 5.5 has an ADC specifically for an Exchange 5.5/ AD 2003 environment. If AD 2000 is upgraded to AD 2003, the ADC will need to be upgraded also.*

4. Can I upgrade Exchange 2003 Beta 2 to RTM?

NO. Microsoft will not support any deployment of Beta 2 into a production environment. Their official position is, “Exchange 2003 Beta 2 should not be deployed in a production environment. You can deploy Exchange 2003 Beta 2 in a test environment only.

5. Can I upgrade Exchange 5.5 in place to Exchange 2003?

NO. In place upgrades to Exchange 2003 must already be Exchange 2000 SP3 and Windows 2000 SP3 or later. The only upgrade paths from 5.5 to 2003 are; an in place upgrade to Exchange 2000 then an in place upgrade to Exchange 2003 or the leap frog migration which requires another server.

6. How should I upgrade from Exchange 5.5 to Exchange 2003?

Since Exchange 5.5 can not be upgraded in place, The Active Directory should be upgraded to AD 2003, setup the new ADC and then install a new Exchange 2003 server. Then move users from 5.5 to 2003.

7. Where's the Instant Messaging Server?

The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real–Time Communications (RTC) server. It is no longer a component of the Exchange Server. For more information, see http://www.microsoft.com/office/preview/rtcserver/.

8. What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface.

You must upgrade back-end servers to Exchange 2003 as well

Interface matrix

Ex2000 FE + Ex2000 BE = Ex2000 OWAEx2003 FE + Ex2000 BE = Ex2000 OWA Ex2000 FE + Ex2003 BE = Not supported (AG protected) Ex2003 FE + Ex2003 BE = Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003

9. What do I need to get RPC over HTTP working?

Client

o Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side

o Exchange 2003 on Windows 2003 for FE (if FE is deployed) o Exchange 2003 on Windows 2003 for BE o Exchange 2003 on Windows 2003 for Public Folders o Exchange 2003 on Windows 2003 for System Folders o Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network.

10. What do I need in order to install Exchange 2003?

A partial list includes:

o DNS (preferably DDNS) o Active Directory 2000 or 2003 o Permissions to update the Schema o Hardware sufficient to run Exchange 2003 o Windows 2000 SP3 applied to all DCs, GC, and all (future) E2K2 servers, or Windows 2003.

11. I'm running Exchange 5.5 and would like to upgrade to Exchange 2003. Can I upgrade directly?

No. The only supported upgrade in place is from Exchange 2000 SP3 or later. You would need to first upgrade your Exchange 5.5 server to at least Exchange 2000 SP3 and then upgrade in place to Exchange 2003. Another option is to exmerge out your current users and exmerge them into an Exchange 2003 server. And the only other option is called the leap frog migration. You configure the Active Directory Connector (ADC) for Exchange 2003 between the Active Directory and Exchange 5.5 Directory Service. Install a new Exchange 2003 server into the enterprise and move the Exchange 5.5 users to Exchange 2003.

12. Can I install Exchange 2003 on Windows 2000 server?

Yes, but Windows 2000 must have SP3 loaded first.

13. Can I rename or move the default groups created by Exchange during domainprep and forestprep?

Only if you want to horribly break your Exchange installation.

14. What are the minimum hardware requirements for Exchange 2003?

The minimum practical hardware requirements in our experience are 1.25 times the disk space one would allocate under Exchange 2000, 1GB RAM (4GB minimum if the Exchange server also serves any other function) and the fastest processor(s) you can afford.

15. Am I better off with one really fast processor or two somewhat slower processors?

You're better off with two really fast processors. But, with all other things being equal, two processors are better than one with Exchange 2003. In most instances, a 2-processor machine would be preferable.

16. Can I have multiple Exchange 2003 organizations in a single forest?

No. Only a single E2K3 organization can exist within a single forest. Delegation of administration within the organization can be accomplished using OUs in AD and Administrative/ Routing Groups in the Exchange system manager.

17. Can an Exchange 2003 organization span multiple forests?

No. All domains in a forest share a common schema and the Exchange organization exists within this configuration naming context. The GC, which provides the Global Address List is populated only with items within the forest

18. How can I merge multiple directories to create a unified Exchange organization?

o Microsoft's Meta-Directory Services (MMS) o HP's LDAP Directory Synchronization Utility o CPS Systems' SimpleSync o ADSI (code, code code)

19. Can I upgrade from the evaluation edition of Exchange 2003 Enterprise Server to the RTM standard version of Exchange 2003 Server?

No this is technically a downgrade from enterprise to standard. You can only upgrade the evaluation version of Exchange 2003 Enterprise to Exchange 2003 Enterprise RTM.

20. How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires?

The Exchange Server Setup Progress Log includes the date on which the Exchange server was installed. Take the difference between that date and today's date and subtract it from 120 to determine how many days remain in your evaluation.

21. My evaluation version has expired! Are my databases toast?

No. Install a full version of Exchange 2000 Enterprise and you can continue to use your existing databases.

22. I plan to run Exchange in a hosted environment, where can I find information on how to configure my Exchange server to host multiple companies

Microsoft Service Providers

23. What ports does Exchange use?

A partial list of the ports your Exchange server might use is included below

o 25 SMTP o 53 DNS o 80 HTTP o 88 Kerberos o 102 X.400 o 110 POP3 o 119 NNTP o 135 RPC o 137 - NetBIOS Session Service o 139 - NetBIOS Name Service o 143 IMAP4 o 379 LDAP (SRS) o 389 LDAP o 443 HTTP (SSL) o 445 - NetBIOS over TCP o 465 SMTP (SSL) o 563 NNTP (SSL) o 636 LDAP (SSL) o 691 LSA o 993 IMAP4 (SSL) o 994 IRC (SSL) o 995 POP3 (SSL) o 1503 T.120 o 1720 H.323 o 1731 Audio conferencing o 1863 - MSN IM o 3268 GC o 3269 GC (SSL) o 6001 Rpc/HTTP Exchange Store o 6002 HTTP Exchange Directory Referral service o 6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog o 6667 IRC/IRCX o 6891 - 6900 - MSN IM File transfer

o 6901 - MSN IM Voice o 7801 - 7825 - MSN IM Voice

24. Exchange Group Policy Notes, what should I do?

A: Do Not delete the Default Domain Policy or Default Domain Controller Policy in your Active Directory.

The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F-11D2-945F-00C04fB984F9 for its operations. If it doesn't find it, domain prep will fail.

1. What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface.

You must upgrade back-end servers to Exchange 2003 as well

Interface matrix

Ex2000 FE + Ex2000 BE = Ex2000 OWAEx2003 FE + Ex2000 BE = Ex2000 OWA Ex2000 FE + Ex2003 BE = Not supported (AG protected) Ex2003 FE + Ex2003 BE = Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003

2. Can I use Exchange 2003's OWA to access a mailbox on an Exchange 5.5 or Exchange 2000 server?

Yes and No. Exchange 2003 can access a 2000 back-end server however, it will remain the same as Exchange 2000 OWA. As for Exchange 5.5, the enhanced OWA is built directly into the store technology and only a mailbox residing on an Exchange 2003 server can be accessed using the enhanced OWA interface. Nice try, though.

3. Can I use Exchange 5.5's OWA to access a mailbox on an Exchange 2003 server?

Yes. But you will not get the look and feel or the added features from the 2003 servers.

4. How do I remove the ADC after moving all of my users to an Exchange 2003 server?

First, you need to use the Exchange 5.5 Admin program to delete the directory replication connectors (Org | Site | Configuration | Connections). Once you have deleted the connections, you need to be logged on with an account with Schema Admin privileges to delete the ADC connector.

5. How many Global Catalog servers should I deploy?

There is no hard and fast rule in this regard. Some potential guidelines include:

1. At least 1 per routing group

2. One for every 4 Exchange servers in a routing group 3. One (or more) for each physical location

1. Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. ****

There are 3rd party products that will do this too.

2. How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

3. What additional queues have been exposed?

All the system queues like the failed message retry queue, DNS messages pending submission, and messages queued for deferred delivery are now exposed to enhance trouble shooting.

4. What do the various queue names mean?

DNS messages pending submission - Contains delivery status notifications (DSN), also known as non-delivery reports that are ready to be delivered by Exchange. The Delete All Messages (no NDR) and Delete All Messages (NDR) functions are unavailable for this queue.

Messages queued for deferred delivery – Contains the messages marked by the client for deferred delivery or messages simply awaiting delivery at a different time.

Failed message retry - Contains messages that have been marked as retry due to a delivery failure. This queue also does not have the NDR functions mention in the DNS messages pending submission queue.

5. How do you restrict Distribution Lists?

Submissions can be restricted to a limited number of security principles though the standard Windows Discretionary Access Control List (DACL). This feature prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal only distribution list. An example of this would be an “All Employees” distribution list which should not be available to anyone outside the company (by spoofing or otherwise). Note Restricted distribution lists will only work on the bridgehead servers or SMTP gateway servers running Exchange 2003.

To set restrictions on a distribution list

1. Click Start, point to All Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.

2. Expand your organizational unit container, and double-click Users. 3. Right-click the distribution list for which you want to restrict submissions, and then click

Properties. 4. Click the Exchange General tab.

5. Under Message Restrictions, under Accept messages, select one of the following options:

o Click From everyone to allow anyone to send to this distribution list. This includes anonymous users from the Internet.

o Click From authenticated users only to allow only authenticated users to send mail to this distribution list.

o Click Only from to specify a select set of users or groups that can send to this group and then click Add to specify the users or groups that you want to permit to send mail to this distribution list.

o Click From everyone except to allow everyone but a select set of users or groups to send to this distribution group and then click Add to specify the list of users or groups that you want to restrict from sending to this distribution list.

2. Can I view the queues on a per server basis?

Yes, in the new Queue Viewer in the Exchange 2003 System Manager.

3. How do I activate the real time safe block list?

Enabling connection filter involves two steps:

1. Create the recipient filter using the Connection Filtering tab on the Message Delivery Properties under Global Settings.

2. Apply the filter at the SMTP virtual server level.

The Directions are in the document entitled “Exchange Titanium Getting Started Guide”

6. How do I move SMTP queues and badmail directories?

Exchange 2003 allows you to change the location of queue directories for SMTP virtual servers and X.400.

The Directions are in the document entitled “Exchange Titanium Getting Started Guide”

7. How do I filter incoming mail by subject or attachment?

Exchange 2003 does not have any built-in function to accomplish that. Either look for a third party tool or develop your own Windows SMTP Transport Event Sink.

See http://www.cdolive.net/download/SMTPTransportEvent-AttachmentFilter.zip and http://www.cdolive.net/download/SMTPTransportEvent-SenderFilter.zip for two samples to get you started. More information about Windows SMTP Transport Event Sinks can be found at http://msdn.microsoft.com

8. How do I limit the maximum amount of messages the SMTP queue can hold?

You have to use the MaxMessageObjects registry key. For more information, see KB258748

9. How do I strip the attachment from an NDR?

You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are necessary to display the notification in the preview pane are stripped, and the originator of the message cannot use the Send Again option. For more information, see KB308303

1. What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

2. What is the STM file?

the .stm file is part of the information store database that contains the native internet formatted items. It is used to improve the performance of the database.

3. Why does the size of the EDB file not change when I move users out of that store?

The .edb file will only decrease in size once a database defrag is performed.

4. How do I move the log files?

The new ESM allows the administrator to move the log files through the GUI.

5. Is there an easier way to move mailboxes grouped by mailbox.store?

Yes, you can now move mailboxes through ESM grouped by mailbox store.

6. Will an in place upgrade from Exchange 2000 remove the M: drive?

Yes, In both the clean install and upgrade from Exchange 2000 scenarios, Exchange 2003 does not present EXIFS as drive letter M:

7. If there is still an M: drive mapped, why does the free space number look funny?

The free space number shown on the M: drive is based on the main install drive for Exchange. It is not related to the drive space on the drives where the stores actually exist.

1. Which cluster configuration is preferred?

Microsoft recommends Active/Passive clustering because it:

o Scales better o sizes the same way as a stand alone Exchange server o can have up to 8 nodes in the cluster o always fails over to a fresh node

2. What happened to Active/Active Clustering?

Active/Active clustering is only supported with a 2-node cluster limited to 1900 concurrent connections.

3. Do I still have to cycle the services on fail back like in 2000 Active/Passive mode?

The Exchange services are automatically shutdown on failover so when fail back happens the services are automatically brought back online for a clean address space.

4. How many cluster nodes are supported by each version of Exchange?

Exchange 2003 and Windows 2003, Standard Edition will run up to a 4-node cluster. Exchange 2003 and Windows 2003 Enterprise will run an 8-node cluster with at least one passive node.

5. Are there any other differences between Win2k and Win2k3 clustering?

Win2k3 Enterprise and Datacenter both support 8-node clusters. MSCS (Microsoft Clustering Services) is now available for high availability. NLB Manager allows the administrator to configure the NLB service in a central location thus avoiding mistakes from repetitive actions. For more information see the “Technical Overview of Clustering in Windows Server 2003” and “Windows Server 2003 Server Cluster Architecture” documents.

6. Why am I getting the 9582’s and what is VM Fragmentation?

VM fragmentation is when the virtual memory becomes fragmented and can prevent stores form mounting. The 9582 event is the event that warns about this condition. For more information refer to “The Extensible Storage Engine Database Engine Contributes to Virtual Memory Fragmentation (324118)”

1. Can I use the Windows 2003 Active Directory connector with Exchange 2003?

No, you need to install the Exchange 2003 ADC.

2. How can I get a list of connection agreements in Exchange 2003 ADC?

Run the ExchDump utility with the /CA switch.

3. What are the new ADC Tools?

The Active Directory Connector management console now contains an ADC Tools option. ADC Tools is a collection of wizards and tools that help you set up connection agreements by scanning your current Active Directory and Exchange 5.5 Directory and organization, and automatically creating the recommended connection agreements. The following wizards are included in the ADC Tools:

Resource Mailbox Wizard This wizard identifies Active Directory accounts that match more than one Exchange 5.5 mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which designates the mailboxes as resource mailboxes. You can either make these changes online or export a commaseparated value (.csv) file that you can update and import into the Exchange 5.5 directory.

Connection Agreement Wizard This wizard recommends connection agreements based on your Exchange 5.5 directory and Active Directory configuration. You can review the list of recommended connection agreements and select those you want the wizard to create.

The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector and running ADC Tools.

1. What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface.

You must upgrade back-end servers to Exchange 2003 as well

Interface matrix

Ex2000 FE + Ex2000 BE = Ex2000 OWAEx2003 FE + Ex2000 BE = Ex2000 OWA Ex2000 FE + Ex2003 BE = Not supported (AG protected) Ex2003 FE + Ex2003 BE = Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003

2. How do I disable OWA for a single user in Exchange 2000/2003?

In Active Directory Users and Computers (Advanced Features view) open the properties for the user object and choose Exchange Advanced | Protocol Settings | HTTP | Settings | and uncheck the 'Enable for mailbox' check box.

3. How do I stop users from going to a bookmarked /LOGON.ASP page after conversion to 2003 OWA?

After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marked the URL of mail.company.com/exchange/logon.asp, since in 5.5 OWA it automatically would pull the user from the root URL into a logon page (since it used ASP) but now the user only sees the same base URL of mail.company.com/exchange. So once the users used the book mark or in some cases the "autocomplete" feature in IE they would be pulled to a dead address.

Go into the front-end server that is hosting your OWA.

o Start up IIS admin and locate the /Exchange virtual directory o Right click on the /Exchange directory and using the "wizard" create a new virtual directory

called logon.asp. When it prompts where the content is located just put something like c:\inetpub\wwwroot o Once the virtual root has been created, right click it, select properties then select the tab labeled

"Virtual Directory" o Select the "A redirection to a URL" and then in the "Redirect to" URL enter /exchange/

What happens is when the user hits the virtual root of /exchange/logon.asp it pulls the user back to only /exchange*

4. How do I activate session timeouts for OWA users?

Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity. See Logon Modifications for OWA Users for the instructions.

5. How do I disable potions of the OWA interface?

Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively enable/disable certain features in the web client. Exchange 2003 extends the segmentation options found in Exchange 2000. You can either set global (per server) segmentation via a registry parameter, or set the msExchMailboxFolderSet attribute on user objects. A bit mask determines the functionality available to the user. For a list of fields, see OWA Segmentation .

6. What are the new OWA Hot Keys?

o Ctrl+N: New Mail (or Post, if in public folders) o Ctrl+R: Reply to currently selected mail in view o Ctrl+Shift+R: Reply all to currently selected mail in view o Ctrl+Shift+F: Forward currently selected mail o Ctrl+U: Mark currently selected message(s) as unread o Ctrl+Q: Mark currently selected message(s) as read

Note: You need al least IE 5.0 or better for these to work.

7. How do I make OWA work properly with Extended Characters?

Beginning in Exchange 2000, messages with extended characters are encoded with UTF-8, by default. For more information see KB273615 and KB281745

1. What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership.

2. Can I deploy OMA in a mixed environment?

In a mixed Exchange environment, you must use Exchange 2003 for both the front-end and back-end servers to gain access to mailboxes through Outlook Mobile Access (OMA) and Exchange ActiveSync. For mailboxes on Exchange 5.5 and 2000, you need to deploy Microsoft Mobile Information Server.

3. Which devices are supported by Microsoft to be used with OMA?

Device support for Outlook Mobile Access (OMA) Browse is dictated by the Device Update package installed on the Exchange 2003 server. When you run Exchange 2003 Setup today, the DU2 package is silently installed as part of the installation.

Approximately, every 6 months, new Device Update packages are released. This will add support for more devices to your Exchange server.

The current Device Update package is DU4. The full list of devices and which DU package they are included in is available here.

4. How do I verify OMA is functioning?

You can verify Outlook Mobile Access (OMA) is functioning from a desktop machine running IE 6.0 Assuming that SERVER1 is running Exchange 2003:

1. From a desktop PC running IE6.0, navigate to http://server1/oma 2. Enter the logon credentials for an existing mailbox which resides on server1 3. Click the OK hyperlink when you receive the warning about your device being unsupported

4. Welcome to OMA!

5. I have just upgraded and I can’t use OMA, why?

The setting to enable/disable OMA Browse is actually set during ForestPrep. Exchange 2003 ForestPrep will no longer enable OMA Browse by default. Exchange 2003 ForestPrep/Reinstall will keep it enabled if it was already enabled. This means that OMA Browse WON’T be enabled when running ForestPrep to upgrade from Exchange 2000. You can find OMA Browse settings in ESM, under Global Settings -> Mobile Services -> Properties

Note: ActiveSync and AUTD remain unchanged.

6. I have an Exchange 2003 server on a member server that I promoted to a DC, what happened to my OMA, it no longer works?

Amongst other problems, the ASP.NET account changes which causes OMA to cease functioning.

1. What do I need to get RPC over HTTP working?

Client

o Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side

o Exchange 2003 on Windows 2003 for FE (if FE is deployed) o Exchange 2003 on Windows 2003 for BE o Exchange 2003 on Windows 2003 for Public Folders o Exchange 2003 on Windows 2003 for System Folders o Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network.

2. Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + Q331320

3. How can I enable/disable an attribute used by the Outlook client for ambiguous name resolution

o "Registry Modification Required to Allow Write Operations to Schema" - KB216060 o "Setting an Attribute's searchFlags Property to Be Indexed for ANR" - KB243311.

4. What are the differences in compression between Outlook 2002/2003 and Exchange 2002/2003?

The following tables illustrate how RPC compression and buffer packing works on the wire between the Outlook client and Exchange Server.

Outlook 2002 against Exchange 2000 / 2003

Mode Data FlowNetwork Client

Buffer Size

Data Buffer Size

Size on Wire

Compressed

Online Download/Upload LAN 32Kb 32Kb 32Kb No

Online Download/Upload WAN 4Kb/8Kb 4Kb/8Kb 4Kb/8Kb No

Offline Download/Upload All 32Kb 32Kb 32Kb No

Outlook 2003 against Exchange 2003

ModeData Flow

Network Client

Buffer Size

Data Buffer Size

Size on Wire

Compressed

Online Download All 32Kb 32Kb <32Kb Yes

Online Upload All 32Kb 32Kb <32Kb Yes

Cached Download All 96Kb >96Kb 96Kb Yes

Cached Upload All 32Kb 32Kb <32Kb Yes

Offline Download All 32Kb >32Kb 32Kb Yes

Offline Upload All 32Kb 32Kb <32Kb Yes

The compression technology used between Outlook 2003 and Exchange 2003 is called XPRESS(tm) and is based on the Lempel-Ziv (LZ-77) algorithm. This is the same technology that Active Directory uses to perform compression of its’ RPC data when replicating between servers. All data over the size of 1 KB is compressed, and the technology is built into both client and server; therefore the compression is full duplex.

The compression gain is dictated by the message format and attachment(s) type. Because the compression is performed at the RPC level, all message data is compressed.

o Plain text and HTML messages usually compress between 60% and 80% (on the wire saving) o Rich-text (RTF) messages usually compress up to 20% (on the wire saving) o Word documents compress down better than PowerPoint files

5. OWA Segmentation

Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively enable/disable certain features in the web client.

Exchange 2003 extends the segmentation options found in Exchange 2000. You can either set global (per server) segmentation via a registry parameter, or set the msExchMailboxFolderSet attribute on user objects. A bit mask determines the functionality available to the user:

2000

1. What is a GC?

A GC is a Global Catalog Server. A GC holds a full set of attributes for the domain in which it resides and a subset of attributes for all objects in the Active Directory Forest.

2. What is DDNS and why do I need it?

Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.

3. What is a border server?

A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.

4. What is a mixed mode Exchange environment?

An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.

5. What is forestprep?

Forestprep extends the AD schema to include Exchange specific information. Additional information can be found on the Microsoft Exchange Server Site

6. What is domainprep?

Domainprep creates the groups and permissions necessary for Exchange servers to read and modify user attributes. Additional information can be found on the Microsoft Exchange Server Site.

7. What is a DC?

A DC is a Windows 2000 Domain Controller that holds active directory for a domain (used for things like user authentication).

8. How does an Exchange 5.5 site compare to an Exchange 2000 Routing Group or Administrative Group?

In a mixed mode Exchange environment the Exchange 2000 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a group of Exchange objects sharing a common set of permissions and routing groups define how those servers communicate with one another. A single Administrative Group can contain several Routing Groups.

Example: Your north American Exchange servers might be grouped in a single Administrative Group, but subdivided into several Routing Groups to optimize interserver communication.

An Administrative Group contains zero or more Routing Groups.

1. What's changed in Exchange 2000 compared to previous versions of Exchange?

Lots of things have changed with Exchange 2000. Microsoft has written quite a bit about the new features

which can be found on the Microsoft Exchange 2000 - Server Features Overview Site. The following are a few articles from this site:

o Enhanced Platform for Messaging and Collaboration o Microsoft Web Storage System Collaboration and Applications o Anytime, Anywhere Communication

Microsoft Exchange 2000 Server Datasheet. Some highlights include:

o SMTP is now the primary method for intra-server communication in a pure Exchange 2000 environment.

o Integration with Active Directory. o Support for multiple information stores. o Enhanced Outlook Web Access

2. What do I need in order to install Exchange 2000?

A partial list includes:

o DNS (preferably DDNS) o Active Directory o Permissions to update the Schema o Hardware sufficient to run Exchange 2000 o Windows 2000 SP1 applied to all DCs, GC, and all (future) E2K servers.

3. I'm running Exchange 4.0 and would like to upgrade to Exchange 2000. Can I upgrade directly?

No. The only supported upgrade path is from Exchange 5.5 SP3 or later. You would need to first upgrade your Exchange 4.0 server to at least Exchange 5.5 SP3 and then upgrade to Exchange 2000. Another option is to exmerge out your current users, and exmerge them into an Exchange 2000 server.

4. Can I install Exchange 2000 on Windows NT 4.0 or without using Active Directory?

No

5. Can I rename or move the default groups created by Exchange during domainprep and forestprep?

Only if you want to horribly break your Exchange installation.

6. How do I configure a Front End/ Back End topology?

There is an excellent white paper on the subject available from Microsoft "Exchange 2000 Front-end and Back-end Topology".

7. What are the minimum hardware requirements for Exchange 2000?

The minimum practical hardware requirements in our experience are 1.25 times the disk space one would allocate under Exchange 5.5, 256MB RAM (512MB minimum if the Exchange server also serves any other function) and the fastest processor(s) you can afford.

8. Am I better off with one really fast processor or two somewhat slower processors?

You're better off with two really fast processors. But, with all other things being equal, two processors are better than one with Exchange 2000. In most instances, a 2-processor machine would be preferable.

9. Can I have multiple Exchange 2000 organizations in a single forest?

No. Only a single E2K organization can exist within a single forest. Delegation of administration within the organization can be accomplished using OUs in AD and Administrative/ Routing Groups in the Exchange system manager.

10. Can an Exchange 2000 organization span multiple forests?

No. All domains in a forest share a common schema and the Exchange organization exists within this configuration naming context. The GC, which provides the Global Address List is populated only with items within the forest.

11. How can I merge multiple directories to create a unified Exchange organization?

o Microsoft's Meta-Directory Services (MMS) o Compaq's LDAP Directory Synchronization Utility o CPS Systems' SimpleSync o ADSI (code, code code)

12. Can I upgrade from the evaluation edition of Exchange 2000 Enterprise Server to the RTM standard version of Exchange 2000 Server?

No This is technically a downgrade from enterprise to standard. You can only upgrade the evaluation version of Exchange 2000 Enterprise to Exchange 2000 Enterprise RTM.

13. How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires?

The Exchange Server Setup Progress Log includes the date on which the Exchange server was installed. Take the difference between that date and today's date and subtract it from 120 to determine how many days remain in your evaluation.

14. My evaluation version has expired! Are my databases toast?

No. Install a full version of Exchange 2000 Enterprise and you can continue to use your existing databases.

15. I plan to run Exchange in a hosted environment, where can I find information on how to configure my Exchange server to host multiple companies?

Microsoft Service Providers

16. What ports does Exchange use?

A partial list of the ports your Exchange server might use is included below. If you're asking this question

because you'd like to configure your firewall to allow users to connect using Outlook from the internet, we HIGHLY recommend you consider using VPN instead. (Do you really want to expose your GC to the possibility of attack from a 16 year old script kiddie?)

o 25 SMTP o 53 DNS o 80 HTTP o 88 Kerberos o 102 X.400 o 110 POP3 o 119 NNTP o 135 RPC o 137 - Netbios Session Service o 139 - Netbios Name Service o 143 IMAP4 o 379 LDAP (SRS) o 389 LDAP o 443 HTTP (SSL) o 445 - Netbios over TCP o 465 SMTP (SSL) o 563 NNTP (SSL) o 636 LDAP (SSL) o 691 LSA o 993 IMAP4 (SSL) o 994 IRC (SSL) o 995 POP3 (SSL) o 1503 T.120 o 1720 H.323 o 1731 Audio conferencing o 1863 - MSN IM o 3268 GC o 3269 GC (SSL) o 6667 IRC/IRCX o 689 - 6900 - MSN IM File transfer o 6901 - MSN IM Voice o 7801 - 7825 - MSN IM Voice

Additional information on Exchange ports and connecting through a firewall is included below. Remember, VPN is your friend.

o Q280132 XCCC: Exchange 2000 Windows 2000 Connectivity Through Firewalls o Q270836 XCLN: Exchange 2000 Static Port Mappings o Q278339 XGEN: TCP/UDP Ports Used By Exchange 2000 Server

17. How do I add additional SMTP domains?

o Setting Up SMTP Domains for Inbound and Relay E-Mail in Exchange 2000 Server - Q260973 o How to Receive Messages for Two SMTP Domains Using Exchange 2000 - Q289833

18. How do I uninstall Exchange 2000?

MS Knowledge Base Articles:

o Q260378 o Q273478 o Q264309

19. Exchange Group Policy Notes, what should I do?

A: Do Not delete the Default Domain Policy or Default Domain Controller Policy in your Active Directory.

The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F-11D2-945F-00C04fB984F9 for its operations. If it doesn't find it, domain prep will fail.

1. Can I use Exchange 2000's OWA to access a mailbox on an Exchange 5.5 server?

No. The enhanced OWA is built directly into the store technology and only a mailbox residing on an Exchange 2000 server can be accessed using the enhanced OWA interface. Nice try, though.

2. Can I use Exchange 5.5's OWA to access a mailbox on an Exchange 2000 server?

Yes.

3. How do I remove the ADC after moving all of my users to an Exchange 2000 server?

First, you need to use the Exchange 5.5 Admin program to delete the directory replication connectors (Org | Site | Configuration | Connections). Once you have deleted the connections, you need to be logged on with an account with Schema Admin privileges to delete the ADC connector.

4. How many Global Catalog servers should I deploy?

There is no hard and fast rule in this regard. Some potential guidelines include:

1. At least 1 per routing group 2. One for every 4 Exchange servers in a routing group 3. One (or more) for each physical location

5. How do I stop users from going to booked marked /LOGON.ASP page after conversion to 2000 OWA?

After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marked the URL of mail.company.com/exchange/logon.asp, since in 5.5 OWA it automatically would pull the user from the root URL into a logon page (since it used ASP) but now the user only sees the same base URL of mail.company.com/exchange. So once the users used the book mark or in some cases the "autocomplete" feature in IE they would be pulled to a dead address. But... since you can't really edit the M:\ drive the /EXCHANGE points to you couldn't build a ASP page to do a response.redirect in ASP.

o Go into the front-end server that is hosting your OWA. o Start up IIS admin and locate the /Exchange virtual directory o Right click on the /Exchange directory and using the "wizard" create a new virtual directory

called logon.asp. When it prompts where the content is located just put something like c:\inetpub\wwwroot

o Once the virtual root has been created, right click it, select properties then select the tab labeled "Virtual Directory"

o Select the "A redirection to a URL" and then in the "Redirect to" URL enter /exchange/

What happens is when the user hits the virtual root of /exchange/logon.asp it pulls the user back to only /exchange

1. How can I prevent a user from sending and receiving Internet mail?

Follow the steps outlined below:

1. Create a group called InternalOnly. 2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the

X400 address alone so they can receive internal mail. 3. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s),

choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector.

4. Follow the steps in KB277872, regarding Connector Restrictions.[Now they can't use the SMTP connector(s) to send external mail]

2. I created a user in AD Users and Computers, but in the Exchange system manager it doesn't appear under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after it has been created, which would cause it to appear.

3. I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in Outlook.

Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies can be accessed with the web.

4. What is the difference between 'receive as' and 'send as'?

'Receive as' allows a user object to open a mailbox. 'Send as' allows a user to send out a mail message as the mailbox that has been opened.

5. How do I restrict a user or domain from sending mail to my users?

First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers).

6. I've created more than one address list. Which list will users see for their GAL?

The following criteria are used when determining what a client will see for the Global Address List.

o Which Address List do you have permissions to see? o Which Address List contains your mailbox object as an entry?

If your mailbox appears as an object in more than one address list:

o Which of the remaining Address Lists contains more entries?

2. How do I control the format of the addresses before the @ sign in a recipient policy?

You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy.

Examples:

User: Tommy Lee JonesDomain: company.com

%g.%s@company.com = Tommy.Jones@company.com%1g%s@company.com = TJones@company.com%g%2s@comapny.com = TommyJo@company.com

Less commonly used variables include, %m (alias) and %d (display name).

3. How do I make Exchange automatically send a welcome message to all newly created users?

There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is opened after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script.

4. How do I determine what version of Outlook applies to a build or version number?

http://www.cdolive.com/build.htm

5. How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

6. How can you tell the exact version of Exchange you are running?

Here is a list of build numbers for Exchange 2000/2003:

Exchange 2000

o 4417.5 = Exchange 2000 RTM o 4712.7 = Exchange 2000 SP1 o 5762.4 = Exchange 2000 SP2 o 6249.4 = Exchange 2000 SP3 o 6396.1 = Exchange 2000 Post-SP3 Super Roll-up o 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes

Exchange 2003

o 6728.12 = Exchange 2003 Beta 1 o 6803.8 = Exchange 2003 Beta 2

o 6851.10 = Exchange 2003 Release Candidate 0 o 6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

7. How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic – KB317327

8. Resource / Conference room scheduling

Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to “Direct Booking of Resource Without a Delegate Account”

There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that will automatically accept/decline meeting requests for conference rooms and other resources.

9. Why do the storage quota settings not take effect immediately?

This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more information see KB327378

10. How do I limit which Outlook client versions can access my server?

You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more information, see KB288894

11. How do I limit the maximum amount of messages the SMTP queue can hold?

You have to use the MaxMessageObjects registry key. For more information, see KB258748

12. How do I strip the attachment from an NDR?

You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are necessary to display the notification in the preview pane are stripped, and the originator of the message cannot use the Send Again option. For more information, see KB308303

13. How do I disable OWA for a single user in Exchange 2000/2003?

In Active Directory Users and Computers (Advanced Features view) open the properties for the user object and choose Exchange Advanced | Protocol Settings | HTTP | Settings | and uncheck the 'Enable for mailbox' check box.

14. How do I make OWA work properly with Extended Characters?

Beginning in Exchange 2000, messages with extended characters are encoded with UTF-8, by default. For more information see KB273615 and KB281745

15. Under Exchange 5.5 I couldn't restore a single mailbox without 3rd party products. With Exchange 2000, is it any easier to restore a single mailbox or back up a single mailbox?

Yes and no. Under Exchange 2000, a mailbox is not deleted immediately when an NT account is deleted. It can be reattached to a new user object following the steps described in the Microsoft Knowledge Base article "XADM: How to Recover a Deleted Mailbox in Exchange 2000" - Q274343. There is no built in mechanism for backing up a single Exchange mailbox. This would still require a 3rd party brick level backup utility.

16. Can I back up the M: drive using NT Backup or another backup application?

You can, but you will be sad. Do NOT back up the M: drive of an Exchange 2000 server. It can result in messages and attachments being inaccessible via the Outlook client.

17. What tools are used to administer Exchange 2000?

1. Active Directory Users & Computers - Used to create users, distribution groups and contacts. 2. Exchange System Manager - Used to manage the Exchange Server, create address lists,

recipient policies, etc...

7. In Exchange 5.5 I could have multiple mailboxes associated with a single user account. How do I do that in Exchange 2000?

Exchange 2000 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object 'receive as' and 'send as' permissions to that mailbox.

8. Can I administer an Exchange 5.5 server using the Exchange 2000 administration program? Can I administer an Exchange 2000 server using the Exchange 5.5 Admin program? Can I manage an Exchange 2000 server using AD Sites and Servers?

Unless you are following specific steps in a Microsoft KB article which specifies using a specific tool to perform a specific task you should NOT use anything other than the standard tool shipped with a product to administer it. So, you should NOT use the Exchange 5.5 Administrator program to administer Exchange 2000 servers, you should NOT use the Exchange 2000 System Manager to administer Exchange 5.5 servers and you should NOT use the AD Sites and Servers tool to Administer Exchange 2000 servers.

9. What do the event IDs mean in the message tracking log?

They are listed in Table 3. "Exchange 2000 message events" in the MSDN article titled "Building Management Components for Microsoft Exchange 2000 Server".

10. How can I enable/disable an attribute used by the Outlook client for ambiguous name resolution?

3. "Registry Modification Required to Allow Write Operations to Schema" - Q216060 4. "Setting an Attribute's searchFlags Property to Be Indexed for ANR" - Q243311.

11. Is Single Instance Storage maintained when moving users between servers | storage groups | databases?

Yes…

12. In my native E2K organization are there any requirement for RPC connectivity between servers?

In order to move users between servers, RPC connectivity is required.

13. How can I archive messages sent or received by my users?

5. Messages can be archived on a per store basis by enabling the option on the general properties tab of the Mailbox Store in the Exchange System Manager.

6. Use an event sink (either write your own or use the simple one provided by Microsoft and described in "XGEN: How to Install and Use the Exchange Server Archive Sink" - Q254767

7. Use a 3rd party message archival tool.

14. Why when I try to add an additional mailbox store do I receive the following error? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a

You are running the standard version of Exchange 2000 which is limited to a single 16GB private information store.

15. Is there any way to append a text message to all out bound email for Exchange 2000?

Since there is no longer an IMC/IMS in Exchange 2000, the IMCEXT.DLL no longer applies. To prepend or append text to email messages you will need to write an Event Sink. Basic documentation can be found in the Exchange SDK or on MSDN.

1. Exchange 2000 Move Server Method

Like the Ed Crowley Move Server Method for Exchange 5.5, this method should create less potential for grief and downtime in your organization than other methods of moving to a new server. Many of the changes (especially changes to Active Directory) can take quite some time to replicate, so completing this process over the course of several days might be appropriate in many organizations. Like the 5.5 version of the ECMSM, this is probably not the easiest method for moving servers, but we believe it to be the least risky.

Remember that Exchange 2000 offers multiple databases and storage groups, so you may have to repeat some of the steps listed below on multiple databases. You can also configure multiple connectors and virtual servers, so you may have to recreate multiple instances of those as well.

Exchange 2000 no longer has its own directory. For the purposes of this document we’ve made the assumption that this move is of a single monolithic server in an organization (meaning that it handles both AD and Exchange). If this is not the Active Directory server in in your organization, you can probably skip all of the steps listed in italics.

1. Take a good backup of your existing server and save a copy of any custom forms or applications in use to a PST file.

2. Bring up a new Windows 2000 server in the same AD domain as the existing server. Make sure the following are installed on the server:

1. SMTP service 2. NNTP Service 3. Terminal Services (Not required but highly recommended) 4. DNS

3. Bring the box up to the same Windows 2000 service pack and hotfix level as the existing Exchange 2000 server.

4. Run DCPROMO to promote the new server to a domain controller. Choose to create an additional domain controller in an existing domain.

5. Wait for replication to complete. A tool such as ADcheck from NetIQ might help in this regard. 6. Install Exchange 2000 and bring it up to the same service pack and hotfix level as the existing

server. 7. Create new mailbox stores and public folder stores on the new server to match the old server

(This is not a requirement per se, you might instead choose a different configuration to take advantage of new and improved hardware).

8. Apply any Server, Mailbox Store or Public Store policies to the new server as needed. 9. Change the default Public Store for the existing Exchange server to the new Exchange Server.

This is done on the General tab of the Mailbox Store in the 10. Exchange System Manager. Once this change is completed all new public folders created by

users on this mailbox store will be created on the new server. (Repeat this for each mailbox store defined). 11. Create a replica of each public folder on the new server. Be sure to create a replica for the

following system folders (and all their subfolders) as well: EFORMS Registry, Offline Address Book and Schedule+ Free Busy. To access the system folders, right-click on Folders | Public Folders in the Exchange System Manager and choose View System Folders.

12. Promote the new server to a Global Catalog server. This is done by going to Active Directory Sites and Services and double-clicking on the server you wish to promote to be a GC. Then right-click on NTDS settings and choose properties. On the properties tab, check the box labeled Global Catalog. Allow plenty of time for the changes to replicate.

13. Modify the Recipient Update Service in the Exchange System Manager to point to the new server.

14. In the Exchange System Manager | Tools | Monitoring and Status recreate any monitoring or status monitors needed for the new server.

15. Transfer the 5 FSMO roles to the new server. If you don’t know what a FSMO is and have no idea why anyone would want 5 of the suckers, we’d like to recommend this book to you for future reading: Windows 2000 Essential Reference. The RID, Infrastructure and PDC FSMO roles are changed in Active Directory Users and Computers. The Domain Naming Master is changed in Active Directory Domains and Trusts and the Schema FSMO is changed in Active Directory Schema. If Active Directory Schema is not available, you must install the Windows 2000 Administration Tools from the Windows 2000 Server compact disc and add it to an MMC console.

16. Recreate any virtual servers or connectors on the new server. 17. Apply any existing SMTP filters against the new SMTP virtual servers as needed. 18. Move mailboxes from the existing server to the new server using Active Directory Users and

Computers. (If you are running AV software on the Exchange server, you may want to stop it during the process of moving users).

19. Verify that the AD Changes have replicated successfully. 20. Run DCPROMO on the old server to demote it to a member server. 21. Leave the old Exchange server up and running for a while so that MAPI clients can be

redirected to the new server. Yes, it happens automagically as long as the client can connect to the old server at least once before you shut it down.

22. Notify POP3 and IMAP 4 users that the server address has changed (this step may not be necessary if your users were connecting to an Exchange Front End Server.).

23. Create MX records pointing to the new server as necessary. (For those using port forwarding via NAT, you may only need to change the internal IP address that packets are forwarded to, or you might choose to change the IP address of the new server after everything else is running smoothly… lots of possibilities here and we can’t cover them all).

24. Uninstall Exchange 2000 from the original server. 25. Additional Resources:

Q252117 Some Files Not Deleted When Exchange 2000 Server is Removed Q260378 How To Manually Remove an Exchange 2000 Installation Q251825 Uninstalling Last Server in Routing Group Does Not Clean Up the RG

Connectors from Other RGs. Q307917 Removing the First Exchange 2000 Server from the Site Q266686 How to Configure the Simple Mail Transfer Protocol Service, Part 1 Q268163 How to Configure the Simple Mail Transfer Protocol Service, Part 2

22 What is the M: Drive?

The M drive is merely a manifestation [1] of mail messages.

You can read quite a bit more on Windows Installable File System drivers on MSDN. A file system is really just a collection of APIs that allow you to navigate a set of data in a logical fashion - containers (folders) and items

(files). It shouldn't be too hard to see how one might view mail data as containers (folders) and items (messages) [3].

So, the ExIFS driver, which is installed with Exchange 2000 is the "Exchange Installable File System driver." It allows a certain set of well known APIs [2] to view the containers and items. It just so happens that if you give a file system supporting those APIs a drive letter, you can see it through Explorer or a CMD window, or any of the other standard Windows file dialog boxes...because they use the file system APIs to access data. It's no different than a network drive or a RAM drive or a flash memory card or a zip drive or ... It is merely a manifestation of data in the form of folders and files. The thing to remember is that since it is just a view of the mail messages presented by the file system APIs, it's not necessarily the most feature rich way to manipulate that data. The manipulation via the ExIFS (M: drive) is limited by the set of file system APIs [2]. On the other hand, the ability to manipulate the data through a mail client like Outlook has a very rich set of APIs for dealing with mail data - much beyond the simple functions for finding and displaying files. The messaging APIs that are native to the Exchange store allow things like getrecipients, addattachment, resolvenames, etc.

So, the M: drive can be seen as an (abbreviated) acronym for "Merely a Marginally Manipulatable Manifestation of Mail Messages."

1. To make evident or certain by showing or displaying. 2. readfile, writefile, movefile, deletefile, renamefile, openfile, closefile, findfile, etc. 3. It's slightly more complex than this because a mail message is actually a container as well. it

contains a header and a body and perhaps one or more attachments, which themselves can be messages (containers). It also can contain multiple bodies (e.g mime multipart alternative content) that display based on the best capabilities of the client.

1. To block Internet send & receive in Exchange 2000: 1. Create and mail-enable a group called InternalOnly. 2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the

X400 address alone so they can receive internal mail. [Now they cannot receive mail from the outside] [1] 3. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s),

choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector. [2]

4. Follow the steps in Q277872, regarding Connector Restrictions. [Now they can't use the SMTP connector(s) to send external mail]

5. Restart the SMTP service. 6. State that they cannot receive mail from the outside. That is MOSTLY true, although they can

still receive if you encapsulate their email address. i.e. Joe.User@FAKE.DOMAIN instead of DOMAIN.COM can be encapsulated as IMCEASMTP-Joe+2eUser+40FAKE+2eDOMAIN@domain.com. (use +40 for an @, +2e for a period) That gets the mail there, despite the fake domain.

7. If you don't have a connector, make one. You need this to enable the restrictions.

Why should I go to Exchange 2003 now?

There are several reasons. A few are: 1. Opportunity for Server Consolidation From Exchange 5.5 and Exchange 2000 because you

can get more mailboxes on an Exchange 2003 Server. 2. Better security features. The server is secure by default and has added things like automatic

logoff for an inactive OWA session, Connection filtering, and has more junk mail features like real-time blacklists.

3. Availability enhancements such as End-to-End Outlook Monitoring, Improvements in ESM, Mailbox Recovery Center, and a Recovery Storage Group.

4. Increase in Mobile device support for Pocket PC’s, Pocket PC Phones and Microsoft Windows®–powered Smartphones.

What are the differences between Exchange 2000 and Exchange 2003?

Some features that are new in Exchange 2003 are: ← Volume Shadow Copy Service for Database Backups/Recovery ← Mailbox Recovery Center

← Recovery Storage Group ← Front-end and back-end Kerberos authentication ← Distribution lists are restricted to authenticated users ← Real-time Safe and Block lists ← Inbound recipient filtering ← Attachment blocking in Microsoft Office Outlook Web Access ← HTTP access from Outlook 2003 ← cHTML browser support (i-Mode phones) ← xHTML (Wireless Application Protocol [WAP] 2.0) browser support ← Queues are centralized on a per-server basis ← Move log files and queue data using Exchange System Manager ← Multiple Mailbox Move tool ← Dynamic distribution lists ← 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft

Operations Manager) ← Deployment and migration tools

6

What is the difference between Exchange 2003 Standard and Exchange 2003 Enterprise editions?

Standard Edition ← 16 GB database limit ← One mailbox store ← One public folder store ← NEW: Server can act as a front-end (post-Beta 2)

Enterprise Edition ← Clustering ← Up to 20 databases per server ← X.400 Connectors

Both Editions support features such as: ← Database snapshot ← OMA and ActiveSync ← AirMAPI ← Recovery Storage Group ← Exchange Management Pack for MOM ← Note: It is not possible to in-place upgrade Exchange 2000 Enterprise Edition to

Exchange 2003 Standard Edition.

What’s the difference between Exchange 2003 and Windows 2003?

Windows Server 2003 provides significant enhanced functionality that Exchange 2003 takes advantage of:

Outlook HTTP accessIIS 6.0 and Windows RPC Proxy service in Windows Server 2003 enable communication between Outlook 2003 and Exchange Server 2003 by means of HTTP. Outlook 2003 users can synchronize directly with the server running Exchange Server 2003 over a HTTP or HTTPS connection.

Internet protocol supportIIS 6.0 provides Exchange with its support for many common Internet access protocols that increase the flexibility of the operating system, such as HTTP, Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4), and Simple Mail Transfer Protocol (SMTP).

Active DirectoryWindows provides Active Directory, upon which Exchange depends for user information, mail routing information, user authentication, and LDAP read and write functions.

Support for clusteringExchange Server 2003 provides better support for clustering, which enables high availability of a company’s infrastructure. Customers can choose to run up to 8-node clusters, with at least one passive node, when running Exchange 2003 on Windows Server 2003, Enterprise Edition. (In Windows 2000 Advanced Server, clustering was limited to two nodes, one active and one passive; if a company chose to run Windows 2000 Datacenter Server, clustering was limited to four nodes.)

Volume Shadow Copy serviceThis and Virtual Disk Service are part of a storage framework that provides heterogeneous interoperation of storage hardware, storage software, and applications. Exchange 2003 writes to the Volume Shadow Copy service on Windows Server 2003, reducing dramatically the backup and restore times for Exchange messaging environments. This enables IT departments to support greater numbers of users per server and reduces the total number of servers running Exchange in their environment.

What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership.

Main differences between Exchange Server 2003 and 2000

← Improved security, including all those of IIS v 6.0. ← HTTP over RPC means you do not need to configure a VPN for OWA. ← Up to 8 node Active / Passive clustering. ← Volume Shadow Copy for backup. ← Super upgrade tools like ExDeploy. ← pfMigrate utility to move public folders from legacy systems. ← An attempt to control Junk email both on the client and the server.

Differences Between Exchange 2003 and 2000

The following Microsoft® Exchange 2000 Server application development-related technologies and features were

changed in Exchange Server 2003. Some technologies were enhanced, while others were removed, or are not

supported in specific scenarios.

Exchange WMI Provider Changes

The Exchange Server 2003 includes new Microsoft Windows® Management Instrumentation (WMI) classes for

managing Exchange Server 2003. You can read about the changes in the WMI Changes for Exchange Server 2003

section.

Active Directory Schema Changes

During installation, Exchange Server 2003 changes some class and attribute definitions in Microsoft Active

Directory®. For information about the schema changes that Exchange Server 2003 makes, read the Active

Directory Schema section.

Managed Wrappers for SMTP Server Event Sinks

Published in June, 2003, the technical article Writing Managed Sinks for SMTP and Transport Events  provides

sample code and information for both Exchange 2000 Server and Exchange Server 2003.

Anti-spam Infrastructure

Exchange Server 2003 includes a new property that can be used as a standard mechanism by message filtering

applications. The property indicates how confident the filter is that a message is unsolicited commercial e-mail. For

more information about how to create message filtering applications, see the Anti-Spam section.

CDO Component Names Did Not Change

In Exchange Server 2003 the CDOEX library is still named "CDO for Exchange 2000". Similarly, the CDO library that

ships with Microsoft Windows Server™ 2003 is still named "CDO for Windows 2000".

Note   The CDO for Exchange Management (CDOEXM) version that ships with Exchange Server 2003 must be used

when accessing Exchange Server 2003. The Exchange Server 2003 CDOEXM can also be used to access Exchange

2000 Server. The CDOEXM library that ships with Exchange 2000 Server is not supported for accessing Exchange

Server 2003.

Exchange 2000 Technologies not Included with Exchange 2003

The following technologies that were included in Exchange 2000 Server are not available in Exchange Server 2003.

M: Drive Mapping Removed

The mapped M: drive is not supported in Exchange Server 2003 and is not added in either the upgrade or fresh

install of Exchange Server 2003. Microsoft FrontPage® Server Extensions are also not be supported in Exchange

Server 2003 because the mapped M: drive is required to upload some data to Exchange. Existing applications can

no longer use the mapped M: drive functionality.

FrontPage Server Extensions Removed

FrontPage Server Extensions are not supported on Exchange Server 2003 because the mapped M: drive is required

to upload some data to Exchange. Existing applications can no longer use this functionality.

Exchange Instant Messaging Removed

The Exchange 2000 Server Instant Messaging Service (IM) is no longer included in the Exchange Server 2003.

Microsoft recommends migrating any applications that use Exchange 2000 Server IM to other Microsoft real-time

collaboration technologies.

SQL Create Index Function Removed

The Structured Query Language (SQL) Create Index function is not supported in Exchange Server 2003 and has

been removed. Applications should not attempt to use the function.

Versioning Schema Properties Removed

Versioning will not be supported in Exchange Server 2003, and the following schema properties will not be available

to applications:

dav:autoversion

dav:checkintime

dav:childautoversioning

dav:childversioning

http://schemas.microsoft.com/exchange/defaultrevision

dav:isversioned

dav:mergedfrom

dav:revisioncomment

dav:revisionid

dav:revisionlabel

dav:revisionuri

dav:vresourceid

MAPI Technology Changes

While Extended MAPI is still used and supported with Exchange Server 2003, the following parts of Exchange MAPI

are not installed, and are not supported by Exchange Server 2003. These changes affect only the MAPI system that

is installed by Exchange.

Common Messaging Calls (CMC)

Simple MAPI

CDOHTML

Client applications build using Simple MAPI or CMC will continue to function and be supported, provided the

necessary libraries are installed on the computer where the application is running. Extended MAPI and Collaboration

Data Objects (CDO) version 1.2.1 are supported with Exchange Server 2003

Visual Studio .NET Technology Support Policy

Not all Exchange technologies are supported for use in managed code applications. The Microsoft Knowledge Base

article 813349  provides information about which Exchange development APIs are supported in applications

using Microsoft Visual Studio® .NET and the Microsoft .NET Framework.

Anonymous Access to IIS Metabase Disabled

When you send a message using cdoSendUsingPickup without specifying a pickup directory, CDO for Exchange

2000 Server (CDOEX) searches the Microsoft Internet Information Services (IIS) metabase and determines the

pickup directory for the first active SMTP service instance. However, because anonymous access to the IIS

metabase has been disabled, you need to either specify which SMTP service pickup directory you want CDOEX to

use by setting the smtpserverpickupdirectory Field, or ensure that your application runs under an account that has

read access to the IIS metabase. Note that if you set the pickup directory in your application explicitly,

subsequently changing the location of the pickup directory may cause your application to fail.

Public Folders Mail-Disabled by Default

By default, all folders under PUBLIC/NON_IPM_SUBTREE are mail-disabled. You can, however, mail enable any of

these folders as necessary. Please see the Exchange SDK for instructions about how to mail enable a public folder.

savesentitems Field is ignored

The savesentitems Field has no effect when you send messages using CDOEX. A copy of the message is saved to

the Sent Items folder regardless of the parameter setting. This is because the Exchange OLE DB (ExOLEDB)

provider provider is hard-coded to save a copy of all sent messages to the Sent Items folder.

Exchange 5.5 Event Agent Disabled by Default

The Exchange Server 5.5 event agent continues to be shipped with, and supported on Exchange Server 2003.

However, by default the agent is disabled during installation.

MSDAIPP Cannot be Run on the Exchange Server

The Microsoft OLE DB Provider for Internet Publishing (MSDAIPP) is not supported on the Exchange computer.

Running MSDAIPP is supported on a computer where Exchange is not installed.

What is MX RECORD?

Short for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.

When more than one MX record is entered for any single domain name that is using more than one mail server, the MX record can be prioritized with a preference number that indicates the order in which the mail servers should be used. This enables the use of primary and backup mail servers.

MX (Mail eXchange) FAQ

What is a mail exchange?"Mail exchange" is just another name for the machine whose primary function is receiving and sending email. Also known as mailhost, mailhub, or even postoffice, this machine usually has a mail server (software written specifically for distributing files) listening on port 25 to receive incoming email.

What is a Mail Delivery Agent? (How is email delivered?)A Mail Delivery Agent (MDA) is the "postal worker" software that looks at the address and either drops it into the local user's mailbox or tosses it back on the "truck" for delivery elsewhere. In other words, the MDA reads the header and decides whether it needs to be put in a mailbox on its own machine or sent back out over the Internet to a remote machine.

What is an MX record?

An MX (Mail eXchange) record will redirect email sent to any user's machine (joe@norbert.dept1.cornell.edu, for example) to a designated mailhost. It tells the MDA where to route email.

The MX record uses preference values to specify the routing order--low value = high priority. In the example below, when mail is sent to norbert.dept1.cornell.edu the MDA (see Mail Delivery Agent above) tries to reroute the mail to mailhost.dept1.cornell.edu which has the lowest value, and therefore the highest priority. If that fails, it tries mailhost2.dept1.cornell.edu and finally mailhost3.dept1.cornell.edu.

norbert.dept1.cornell.edu 86400 A     128.253.180.254norbert.dept1.cornell.edu 86400 MX 10 mailhost.dept1.cornell.edunorbert.dept1.cornell.edu 86400 MX 20 mailhost2.dept1.cornell.edunorbert.dept1.cornell.edu 86400 MX 30 mailhost3.dept1.cornell.edu

These records can be added on the host page for norbert.dept1.cornell.edu.

What is a "dangling" MX record?An MX record can exist for a host that is not registered or no longer registered. For example, if people have become used to sending email to Joe at joe@norbert.dept1.cornell.edu, and the host norbert dies or is decommissioned, Joe can still receive mail at his old address if you retain an MX record for norbert that redirects the mail to a new address. We recommend this option be used sparingly because it may cause confusion in users who don't have understand how mail to a non-existant host can still be delivered.

What is a domain MX record?A domain MX record will redirect mail sent to joe@dept1.cornell.edu to a designated mailhost. The MX record is attached only to the domain name (dept1.cornell.edu). If a host exists with the same name as the domain, a "dangling" MX record is created which is not attached to any existing host. In either case, mail directed to the domain name is redirected to the mail exchange defined in the MX record. This does not effect mail sent directly to individual hosts in the domain.For example, if a domain MX exists for dept1.cornell.edu, with a mail exchange of mailhost.dept1.cornell.edu, then mail to joe@dept1.cornell.edu will be delivered to joe@mailhost.dept1.cornell.edu.

What is a domain-wide MX record?A domain-wide MX record gets attached to every registered host in the domain. This function allows mail to be delivered to a central mailhost when incorrectly configured hosts may direct the reply mail back to the local machine. Some administrators discourage the use of incoming sendmail service on individual machines as this has been historically a method for system compromise. Frequently, sendmail is turned off on individual machines and mail is redirected back to a more secure central mailhost. Since users may have published a local version of their email address, it is important to redirect the email to prevent a break in mail service.

For example, if a domain-wide MX record exists for dept1.cornell.edu, with a mail exchange of mailhost.dept1.cornell.edu, then mail to joe@norbert.dept1.cornell.edu will be delivered to joe@mailhost.dept1.cornell.edu.

2. generic windows questions ? how to check mini dump file ....steps3. why universal group is faded when in windows 2000 or 2003 server ?4. what is one of the feature which is availabe in windows 2003 server ?5. authoritatve & non-authoruitative restore ?6. in which scenario we can use ?7. what is diff between exchange 2003 std & 2003 Ent server ?8. /3 gb switch & HeapDecomitt ?9. smtp diag and how it work?10. what is win route tool in exchage ?11.how will you troubleshoot if one of your website is process hunger ?12. what is the step you will do when you server crash..

1 To Speed up the Exchange Server Reboot.

Rebooting a server running Exchange Server, whether on Microsoft Windows NT 4, Windows 2000 Server, or Windows Server 2003, can take much longer than normal. Exchange Server 2003 is no different, and if it is installed on a Windows Server 2003 that functions as Global Catalog server, the server can take as long as 10 minutes to reboot.  

2 What is Exchange 2003 Forestprep? What kind of permissions required to run Forestprep command?

Exchange 2003 Forestprep extends the Active Directory schema to include Exchange specific information. If you run Forestprep for the first time in a Forest, the required permissions or role is to be Member of the Schema Admins and Enterprise Admins groups. Other than the first time, the Exchange Full Administrator permissions at the Exchange organization level will do3Is there information I should review before installing SP2 in Exchange 2003 Server?

Yes. Before installation, you should review the Exchange Server 2003 SP2 Release Notes as well as the Exchange Server 2003 system requirements. 4What is AD (Active Directory) Schema?

The schema is a definition of the types of objects that are allowed within a directory and the attributes that are associated with those objects. These definitions must be consistent across domains in order for the security policies and access rights to function correctly. 5What does RUS do in Exchange?

RUS (Recipient Update Service) is responsible for making updates to e-mail addresses, and it does this based on recipient policy changes. These updates are made at a specific interval that is defined for the service. You can view the update interval and modify it as necessary by completing the following steps:

6What is the difference between a .STM file and a .EDB file?

On the surface, storage groups and databases seem to be the most fundamental Exchange Server components. You use storage groups as containers for mailbox and public folder stores. You create mailbox and public folder stores within storage groups, and each storage group can have multiple data stores. An Exchange database is associated with each data store. You use Exchange databases to ease the administration burden that comes with managing large installations. For example, instead of having a

single 100-GB database for the entire organization, you can create five 20-GB databases that you can manage more easily. 7)What is the difference between a Storage Group and Mailbox Store?

What is the difference between a Storage Group and Mailbox Store?

Storage Group:Managing Information store is one of your most important tasks as a Microsoft Exchange Server 2000/2003 administrator. The information store can contain storage groups, data stores, and databases.

Storage groups allow you to group databases logically, giving you the option of managing an entire storage group (with all its database) or managing databases individually. When Exchange server is installed, the information store has a single storage group called First Storage Group. You can create additional storage groups as needed. Exchange Server 2003 Enterprise Edition is the most flexible. With the enterprise edition, you can create up to four additional storage groups as needed for a maximum of five storage groups per server (with one of the storage groups, called the recovery storage group, being reserved for database recovery operations).

8How does move mailbox really work?

Move mailbox is the best, supported way to move mailbox data between Exchange servers and update the directory object. It's been around for ages and has been improved with each version. In Exchange 2003, for instance, the mailbox moves can now be scheduled and are multi-threaded to dramatically improve performance. Exchange 2003 SP1 added the ability to move mailboxes cross-site while still in mixed mode.

There are a number of resources on how to do move mailbox between Exchange servers (KB.224975 and KB.328810 are two good examples), but what's missing is a good high-level description of what goes on behind the scenes to make it all happen. This post focuses on Exchange 2003, but much of this applies to earlier versions as well. There's a bunch of additional steps required for cross-site moves, but those are covered in other places.

Q.1 What does the .edb and .stm file contain in Exchange 2000?

Answer:The .Edb File Contains All The Folders, Tables And Indexes             For Messaging Data And Mapi Messages And Attachments            The .Stm File (New To Exchange 2000) Contains Internet Content In Its            Native Format.

  Note:-  (*.Edb + *.Stm) + (*.Log) = Database

Q.2 Where is the Directory Service database stored in Exchange 5.5?

Answer: Dir.edb

Q.4 What are the features of Active Directory in Windows 2000?

ANSWER: Features of Active Directory in Windows 2000 Can be Categorised as

      Manageability :-Centralized Management,Group Policy,Global Catalog,IntelliMirror Desktop Management,

      Automated Software Distribution,Active Directory Service Interfaces,Backward Compatibility,       Delegated Administration,Multi-Master Replication

      Security      :-Kerberos Authentication,Smart Card Support,Transitive Domain Trust,PKI/x.509,LDAP over SSL,       Required Authentication Mechanism ,Attribute-Level Security,Spanning Security Groups,LDAP ACL Support

     Interoperability:-DirSync Support,Active Directory Connectors,Open APIs,Native LDAP,DNS Naming,Open Change History,    DEA Platform,DEN Platform,Extensible Schema

Q.5 What are the features of Exchange 2003 over Exchange 2000?

Answer:-Better Anti-spam tools - comprehensive set of filters  Improved Queue management  Smoother integration with IIS  Enhanced OWA.  Now includes a spell checker and X509 certificates  Outlook Mobile Access (OMA), which functions like OWA for devices  Cached replication of Outlook 2003.  Cached mode creates a local data file  that Outlook uses for all foreground activity. It  then contacts the  Exchange server in the background.  Volume Shadow Copy Service for Database Backups/Recovery  Mailbox Recovery Center  Recovery Storage Group  Front-end and back-end Kerberos authentication  Distribution lists are restricted to authenticated users  Queues are centralized on a per-server basis  Move log files and queue data using Exchange System Manager  Multiple Mailbox Move tool  Dynamic distribution lists  1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager)  Deployment and migration tools

Q.5 How will you upgrade from Exchange 2000 to Exchange 2003?

Answer:-http://www.microsoft.com/technet/prodtechnol/exchange/2003/upgrade.mspx

Q.6 What are the precautions to be taken before a disaster recovery in exchnage 2000?

Answer:-http://www.microsoft.com/downloads/details.aspx?FamilyID=6E55DD49-8A6...

Q.8 what is the function of NNTP service in Exchange 2000? Answer:-While installing Exchange 2000, the system creates a default Network News Transfer Protocol (NNTP) virtual  server. You can use this virtual server to house a feed from other newsgroups  This Default NNTP virtual server can be used to create feeds to a Public Folder for storage (Internet

Newsgroups).  For other storage media (either a file system or remote share), you must create a new virtual server.

Q.9.What is Recepient Update Service in Exchange 2000?

Answer:- Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is   responsible for updating address lists and email addresses in your Active Directory

 Default Exchange organization will have two RUS objects

 (a) Enterprise Configuration RUS :-responsible for the updating of the email addresses for the                                                  system objects such as the MTA & System Attendant.

 (b) Domain RUS :-responsible for the updating of the address information for recipient objects     in the domain that it is responsible for

Q.10 The function of the Default SMTP Virtual Server in Exchange 2000?

Answer:-SMTP virtual server plays a critical role in mail delivery.  SMTP virtual servers provide the Exchange mechanisms for managing SMTP.  the default SMTP virtual server sends messages within a routing group.  Additionally, if the server is a domain controller, Active Directory uses  this virtual server for SMTP directory replication . An SMTP virtual server is defined by a  unique combination of an IP address and port number.  The default SMTP virtual server uses all available IP addresses on the server and  uses port 25 for inbound connections.  A single physical server can host many virtual servers

What is an Mx record. What are valid values for an Mx record? (IP, Glue, Cname?) What happens if two mx records have the same preference? Different preference? What is a TTL value? And why should I care? What is the difference between EHLO and HELO? Describe the IIS SMTP service.

What are the FSMO (Flexible single master operation )Roles in Active Directory?

To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion.

In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain.

In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

Schema Master:

The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.

Domain naming master:

The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest.

Infrastructure master

At any time, there can be only one domain controller acting as the infrastructure master in each domain. The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog data will always be up to date. If the infrastructure master finds data that is out of date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain.

Important

•Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.

In the case where all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

The infrastructure master is also responsible for updating the group-to-user references whenever the members of groups are renamed or changed. When you rename or move a member of a group (and that member resides in a different domain from the group), the group may temporarily appear not to contain that member. The infrastructure master of the group's domain is responsible for updating the group so it knows the new name or location of the member. This prevents the loss of group

memberships associated with a user account when the user account is renamed or moved. The infrastructure master distributes the update via multimaster replication.

There is no compromise to security during the time between the member rename and the group update. Only an administrator looking at that particular group membership would notice the temporary inconsistency.

RID master

The RID master allocates sequences of relative IDs (RIDs) to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the RID master in each domain in the forest.

Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique security ID (SID). The SID consists of a domain SID, which is the same for all SIDs created in the domain, and a RID, which is unique for each SID created in the domain.

To move an object between domains (using Movetree.exe), you must initiate the move on the domain controller acting as the RID master of the domain that currently contains the object.

PDC Emulator:

The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.

The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner.

In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:

Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded

to the PDC emulator before a bad password failure message is reported to the user. Account lockout is processed on the PDC emulator. Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC

Emulator's SYSVOL share, unless configured not to do so by the administrator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or

earlier PDC performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.

At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest

Microsoft Exchange Server interview questions1. Distribution List? 2. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for? 3. What is MIME & MAPI? 4. List the services of Exchange Server 2000? 5. How would you recover Exchange server when the log file is corrupted?6. What are the required components of Windows Server 2003 for installing Exchange

2003? - ASP.NET, SMTP, NNTP, W3SVC 7. What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep 8. What Exchange process is responsible for communication with AD? - DSACCESS 9. What 3 types of domain controller does Exchange access? - Normal Domain Controller,

Global Catalog, Configuration Domain Controller 10. What connector type would you use to connect to the Internet, and what are the two

methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address

11. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini

12. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers.

13. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space.

14. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268

15. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE

16. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.

17. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup.

18. Where to configure the Smart Host information to configureit in the Virtual Server and others state to configure in the SMTPConnector.  

19. What is the function of the Site Replication Service?

The Site Replication Service (SRS) was designed to provide directory interoperability between Exchange 5.5 and Exchange 2000. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory. SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory and the Exchange 5.5 directory. To Exchange 5.5, the SRS looks like another Exchange 5.5 configuration/recipients replication partner.

20 What are Storage Groups, and what is the relationship between them and multiple databases?

Ans:- A Storage Group is a virtual container for multiple databases, of which you can have up to five

21: Does Exchange 2000 support Single-Mailbox Restore?

Ans: Exchange 2000 does not support Single-Mailbox Restore with tools and products from Microsoft. You can find several third-party backup programs that support Single-Mailbox Restore, but the Ntbackup.exe tool cannot perform this function. Exchange 2000 does provide Mailbox Retention, a feature that enables you to retain a deleted mailbox for a specified period of time before permanently deleting it.

22: What is Instant Messaging?

Ans: Instant Messaging (IM) is a fundamentally unique medium of communication. This technology gives

Exchange 2000 users the ability to communicate with other Instant Messaging users in an immediate, interactive

environment that conveys "presence" and "status" information.

23: How many recipients can be on an SMTP message?

Ans: The maximum number of recipients is 5,000 by default. When you send a message from one server to another with 5,000 recipients, you want that message body to be carried across the wire only once. The Windows 2000 SMTP server enables the administrator to specify the maximum number of recipients per message. The intention of having a low number is to make it harder for people to send junk mail to many recipients at once. The SMTP standard specifies that messages with more than 100 recipients should be broken into multiple messages.

Note  SMTP standards specify that servers must be able to handle at least 100 recipients.

24: Is there any authentication performed when one server running Exchange talks to another through SMTP?

Ans: In Exchange 5.5, server-to-server communication is authenticated and encrypted using system-level Remote Procedure Call (RPC). With Exchange 2000, each server uses SMTP authentication with Kerberos. Encryption is not done by default. There are two options for encryption—Internet Protocol Security (IPsec), which is built into Windows 2000, and Transport Layer Security (TLS), built into the SMTP service and used by Exchange 2000. TLS is also known as secure sockets layer (SSL).

25: Isn't SMTP less secure than the X.400-based RPC that Exchange 5.5 had?

Ans: Many people think that SMTP is not secure because it has a clear-text submission protocol. Exchange 2000 does several things to increase the security of data over SMTP:

•Server-to-server communication is always authenticated. The default state of each server will not accept unauthenticated SMTP traffic. Each message is checked to see that the From: field in the submitted message is really the person who authenticated.

•With IPsec or TLS, encryption of data between servers is as good or better than the encrypted RPC of Exchange 5.5.

•Much of the intra-organization server-to-server mail traffic is actually somewhat obscured. Messages that originated from MAPI clients or the Web client are a set of MAPI properties that need to be carried from server-to-server. MAPI properties are carried in a Transport-Neutral Encapsulation Format (TNEF) binary large object (BLOB). This is encoded using a publicly available, unencrypted format, but it is not readable. There will be no useful information available from a message in transit. Even if a tool is used to parse a BLOB, data could be decoded. However, it would be extremely difficult to easily look at mail traffic.

26: What is the definition of site, administrative group, and routing group in a mixed organization?

Ans: An Exchange site is a server grouping for both administrative and topological purposes. In a mixed organization, the servers running Exchange 5.5 recognize sites, while the servers running Exchange 2000 recognize both administrative and routing groups. The Active Directory Connector automatically replicates each Exchange 5.5 site to Exchange 2000 as both an administrative group with a routing group of the same name.

27: How does an Exchange 5.5 site relate to an Exchange 2000 administrative group?

Ans: In a mixed or native Exchange 2000/Exchange 5.5 topology, these are mapped 1:1. The administrative group is mainly for permissions mapping, although the administrative group is used to create the legacy-distinguished name (DN).

28 How do messages get from an Exchange 2000 server to an Exchange 5.5 server in the same site/routing group?

Ans: An Exchange 2000 server evaluates whether the server is in the same routing group or not. If it is, then the server sends the message through the Message Transfer Agent (MTA), which creates a direct local area network (LAN), MTA, RPC connection. If it is not, the server routes the message to the routing group of the destination server through connectors.

29 How do messages get from an Exchange 2000 server to another Exchange 2000 server in a mixed routing group?

Ans: Exchange 2000 servers, whether in a mixed or pure routing group, always use SMTP to send messages from one server to another. The SMTP Service will open a direct connection to the destination server. However, Exchange 2000 servers will route based on routing groups, not administrative groups.

30: How does a Windows 2000 domain relate to an Exchange 2000 organization?

Ans: There is no relationship. All configuration information for Exchange 2000 is stored in the Active Directory configuration naming context. This is replicated to every domain controller to each domain in the forest. Therefore, Exchange Organization information is available for read/write in every domain.

31: How does a Windows 2000 site relate to an Exchange 2000 routing group?

Ans: An Exchange routing group is a collection of Exchange 2000 servers with high-availability to one another, but not necessarily high bandwidth. Although the concept of the Windows 2000 site and the Exchange routing group are quite similar, there are no alignment prerequisites for deployment. Routing groups are defined in the configuration naming context of the Active Directory.

32: How does a Windows 2000 domain relate to an Exchange 2000 routing group?

Ans; There is no relationship. An Active Directory domain contains users and computer information for those that reside in that domain. An Exchange routing group contains information about Exchange 2000 servers that have high-availability to one another.

33; How does a Windows 2000 forest relate to an Exchange organization?

Ans: In Exchange 2000, there is a limitation of exactly one Exchange organization per Windows 2000 Active Directory forest. Conversely, every server within a given Exchange organization must be in the same Active Directory forest.

34: What is the purpose of a routing group?

Ans; The routing group is the smallest unit of servers likely to be connected to one another at all times. The routing group is one node on the graph of connector paths with multiple possible connectors between routing groups.

Within a routing group, or before routing has been configured by the creation of a routing group, mail from one server to another goes point-to-point using SMTP.

If you wish to have direct point-to-point routing between a collection of Exchange 2000 servers, you can place them into the same routing group. In general, you design your routing group boundaries based upon connectivity and availability of the network. Between routing groups, you can define connectors that route messages between these routing group collections. It is common practice to use a routing group connector (RGC) to accomplish this.

35: What does it mean for a connector to go down?

Ans: If the source bridgehead cannot contact the destination bridgehead, then the system, by default, retries for 10 minutes. After 10 minutes, the bridgehead is marked unavailable. If there are other target bridgeheads on the connector, those are tried instead. Once all target bridgeheads on the connector are tagged as unavailable, then the whole connector is marked down and other routes are evaluated. If there are other available routes, message(s) are rerouted. If there are no other routes available, the message will sit in the local queue until the connector comes back up.

36: What does the routing service do when a local connector is down?

Ans: When the SMTP Service or X.400 Service notices that a connector is down, it notifies the routing service of this. The routing service marks the connection as down in its routing state graph.

37: What exactly does a routing master do?

Ans: The routing master coordinates changes to link state that are learned by servers within its routing group. When one single server coordinates changes, it is possible to treat a routing group as a single entity and to compute a least-cost path between routing groups. All servers in the routing group advertise and act upon the same information.

38: What happens when it goes down?

Ans: All servers in the routing group continue to operate on the same information that they had at the time they lost contact with the master. This cannot cause mail to loop, because all servers continue to operate on loop-free information.

When the master comes back up, it starts with all servers and connectors marked up. As it learns about down servers, it reconstructs the link state information and passes it around.

39: How do SMTP and X.400 servers communicate link state information within a routing group?

Ans: Each server communicates with the master through a TCP-based Link State Algorithm (LSA) protocol developed in the transport core development team. Each server, including the master, is on TCP listening port 691 and registered with Internet Assigned Numbers Authority (IANA) for this purpose. The master broadcasts changes only to all servers in its routing group.

40; What are the file names for the essential exchange database?

Ans: Priv1.EDB, Priv1.STM

41: What are the core exchange serives? Are they the same on exchange 5.5 and 2000?

Ans: Information Store Service, System Attendant Service, Routing Engine

42: What ports do LDAP and GC use?

Ans: LDAP=389 GC=3268

43: What is DNS port & protocol

Ans: 53

44: Zenith infotech have 1 exchange server & ABC is one other company

How zenith infotech get mail from Abc (RUS)

45) Which contain in SYSVOL?

Ans: Logon script & Group policy

46: DHCP are Unicast, Multicast or Broadcast

Ans: DHCP are Broadcast

47: How to restore one particular mail box in exchange 2003

48:Which contain have in system state backup

Ans: Active directory,Boot file,COM+Registary

49: How much zone in DNS

Ans: Reverers Lookup & Forword lookup Zone

How much zone in Forword & Reveres lookup zone

Microsoft Exchange Server interview questions20. Distribution List? 21. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for? 22. What is MIME & MAPI? 23. List the services of Exchange Server 2000? 24. How would you recover Exchange server when the log file is corrupted?25. What are the required components of Windows Server 2003 for installing Exchange

2003? - ASP.NET, SMTP, NNTP, W3SVC 26. What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep 27. What Exchange process is responsible for communication with AD? - DSACCESS 28. What 3 types of domain controller does Exchange access? - Normal Domain Controller,

Global Catalog, Configuration Domain Controller

29. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address

30. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini

31. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers.

32. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space.

33. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268

34. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE

35. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.

36. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup.

37. Where to configure the Smart Host information to configureit in the Virtual Server and others state to configure in the SMTPConnector.  

38. What is the function of the Site Replication Service?

The Site Replication Service (SRS) was designed to provide directory interoperability between Exchange 5.5 and Exchange 2000. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory. SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory and the Exchange 5.5 directory. To Exchange 5.5, the SRS looks like another Exchange 5.5 configuration/recipients replication partner.

20 What are Storage Groups, and what is the relationship between them and multiple databases?

Ans:- A Storage Group is a virtual container for multiple databases, of which you can have up to five

21: Does Exchange 2000 support Single-Mailbox Restore?

Ans: Exchange 2000 does not support Single-Mailbox Restore with tools and products from Microsoft. You can find several third-party backup programs that support Single-Mailbox Restore, but the Ntbackup.exe tool cannot perform this function. Exchange 2000 does provide Mailbox Retention, a feature that enables you to retain a deleted mailbox for a specified period of time before permanently deleting it.

22: What is Instant Messaging?

Ans: Instant Messaging (IM) is a fundamentally unique medium of communication. This technology gives

Exchange 2000 users the ability to communicate with other Instant Messaging users in an immediate, interactive

environment that conveys "presence" and "status" information.

23: How many recipients can be on an SMTP message?

Ans: The maximum number of recipients is 5,000 by default. When you send a message from one server to another with 5,000 recipients, you want that message body to be carried across the wire only once. The Windows 2000 SMTP server enables the administrator to specify the maximum number of recipients per message. The intention of having a low number is to make it harder for people to send

junk mail to many recipients at once. The SMTP standard specifies that messages with more than 100 recipients should be broken into multiple messages.

Note  SMTP standards specify that servers must be able to handle at least 100 recipients.

24: Is there any authentication performed when one server running Exchange talks to another through SMTP?

Ans: In Exchange 5.5, server-to-server communication is authenticated and encrypted using system-level Remote Procedure Call (RPC). With Exchange 2000, each server uses SMTP authentication with Kerberos. Encryption is not done by default. There are two options for encryption—Internet Protocol Security (IPsec), which is built into Windows 2000, and Transport Layer Security (TLS), built into the SMTP service and used by Exchange 2000. TLS is also known as secure sockets layer (SSL).

25: Isn't SMTP less secure than the X.400-based RPC that Exchange 5.5 had?

Ans: Many people think that SMTP is not secure because it has a clear-text submission protocol. Exchange 2000 does several things to increase the security of data over SMTP:

•Server-to-server communication is always authenticated. The default state of each server will not accept unauthenticated SMTP traffic. Each message is checked to see that the From: field in the submitted message is really the person who authenticated.

•With IPsec or TLS, encryption of data between servers is as good or better than the encrypted RPC of Exchange 5.5.

•Much of the intra-organization server-to-server mail traffic is actually somewhat obscured. Messages that originated from MAPI clients or the Web client are a set of MAPI properties that need to be carried from server-to-server. MAPI properties are carried in a Transport-Neutral Encapsulation Format (TNEF) binary large object (BLOB). This is encoded using a publicly available, unencrypted format, but it is not readable. There will be no useful information available from a message in transit. Even if a tool is used to parse a BLOB, data could be decoded. However, it would be extremely difficult to easily look at mail traffic.

26: What is the definition of site, administrative group, and routing group in a mixed organization?

Ans: An Exchange site is a server grouping for both administrative and topological purposes. In a mixed organization, the servers running Exchange 5.5 recognize sites, while the servers running Exchange 2000 recognize both administrative and routing groups. The Active Directory Connector automatically replicates each Exchange 5.5 site to Exchange 2000 as both an administrative group with a routing group of the same name.

27: How does an Exchange 5.5 site relate to an Exchange 2000 administrative group?

Ans: In a mixed or native Exchange 2000/Exchange 5.5 topology, these are mapped 1:1. The administrative group is mainly for permissions mapping, although the administrative group is used to create the legacy-distinguished name (DN).

28 How do messages get from an Exchange 2000 server to an Exchange 5.5 server in the same site/routing group?

Ans: An Exchange 2000 server evaluates whether the server is in the same routing group or not. If it is, then the server sends the message through the Message Transfer Agent (MTA), which creates a direct local area network (LAN), MTA, RPC connection. If it is not, the server routes the message to the routing group of the destination server through connectors.

29 How do messages get from an Exchange 2000 server to another Exchange 2000 server in a mixed routing group?

Ans: Exchange 2000 servers, whether in a mixed or pure routing group, always use SMTP to send messages from one server to another. The SMTP Service will open a direct connection to the destination server. However, Exchange 2000 servers will route based on routing groups, not administrative groups.

30: How does a Windows 2000 domain relate to an Exchange 2000 organization?

Ans: There is no relationship. All configuration information for Exchange 2000 is stored in the Active Directory configuration naming context. This is replicated to every domain controller to each domain in the forest. Therefore, Exchange Organization information is available for read/write in every domain.

31: How does a Windows 2000 site relate to an Exchange 2000 routing group?

Ans: An Exchange routing group is a collection of Exchange 2000 servers with high-availability to one another, but not necessarily high bandwidth. Although the concept of the Windows 2000 site and the Exchange routing group are quite similar, there are no alignment prerequisites for deployment. Routing groups are defined in the configuration naming context of the Active Directory.

32: How does a Windows 2000 domain relate to an Exchange 2000 routing group?

Ans; There is no relationship. An Active Directory domain contains users and computer information for those that reside in that domain. An Exchange routing group contains information about Exchange 2000 servers that have high-availability to one another.

33; How does a Windows 2000 forest relate to an Exchange organization?

Ans: In Exchange 2000, there is a limitation of exactly one Exchange organization per Windows 2000 Active Directory forest. Conversely, every server within a given Exchange organization must be in the same Active Directory forest.

34: What is the purpose of a routing group?

Ans; The routing group is the smallest unit of servers likely to be connected to one another at all times. The routing group is one node on the graph of connector paths with multiple possible connectors between routing groups.

Within a routing group, or before routing has been configured by the creation of a routing group, mail from one server to another goes point-to-point using SMTP.

If you wish to have direct point-to-point routing between a collection of Exchange 2000 servers, you can place them into the same routing group. In general, you design your routing group boundaries based upon connectivity and availability of the network. Between routing groups, you can define connectors that route messages between these routing group collections. It is common practice to use a routing group connector (RGC) to accomplish this.

35: What does it mean for a connector to go down?

Ans: If the source bridgehead cannot contact the destination bridgehead, then the system, by default, retries for 10 minutes. After 10 minutes, the bridgehead is marked unavailable. If there are other target bridgeheads on the connector, those are tried instead. Once all target bridgeheads on the connector are tagged as unavailable, then the whole connector is marked down and other routes are evaluated. If there are other available routes, message(s) are rerouted. If there are no other routes available, the message will sit in the local queue until the connector comes back up.

36: What does the routing service do when a local connector is down?

Ans: When the SMTP Service or X.400 Service notices that a connector is down, it notifies the routing service of this. The routing service marks the connection as down in its routing state graph.

37: What exactly does a routing master do?

Ans: The routing master coordinates changes to link state that are learned by servers within its routing group. When one single server coordinates changes, it is possible to treat a routing group as a single entity and to compute a least-cost path between routing groups. All servers in the routing group advertise and act upon the same information.

38: What happens when it goes down?

Ans: All servers in the routing group continue to operate on the same information that they had at the time they lost contact with the master. This cannot cause mail to loop, because all servers continue to operate on loop-free information.

When the master comes back up, it starts with all servers and connectors marked up. As it learns about down servers, it reconstructs the link state information and passes it around.

39: How do SMTP and X.400 servers communicate link state information within a routing group?

Ans: Each server communicates with the master through a TCP-based Link State Algorithm (LSA) protocol developed in the transport core development team. Each server, including the master, is on TCP listening port 691 and registered with Internet Assigned Numbers Authority (IANA) for this purpose. The master broadcasts changes only to all servers in its routing group.

40; What are the file names for the essential exchange database?

Ans: Priv1.EDB, Priv1.STM

41: What are the core exchange serives? Are they the same on exchange 5.5 and 2000?

Ans: Information Store Service, System Attendant Service, Routing Engine

42: What ports do LDAP and GC use?

Ans: LDAP=389 GC=3268

43: What is DNS port & protocol

Ans: 53

44: Zenith infotech have 1 exchange server & ABC is one other company

How zenith infotech get mail from Abc (RUS)

45) Which contain in SYSVOL?

Ans: Logon script & Group policy

46: DHCP are Unicast, Multicast or Broadcast

Ans: DHCP are Broadcast

47: How to restore one particular mail box in exchange 2003

48:Which contain have in system state backup

Ans: Active directory,Boot file,COM+Registary

49: How much zone in DNS

Ans: Reverers Lookup & Forword lookup Zone

How much zone in Forword & Reveres lookup zone

Active Directory

What is Active Directory? Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object—people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL).

1. What’s new in Windows Server 2003 regarding the DNS management? When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

How can you authenticate between forests? Four types of authentication are used across forests: (1) Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical logon outside the user’s home forest; (3) Kerberos delegation to N-tier application in another forest; and (4) user principal name (UPN) credentials

What snap-in administrative tools are available for Active Directory? Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak

1. What types of classes exist in Windows Server 2003 Active Directory?  o Structural class. The structural class is important to the system administrator in that it

is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.

o Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.

o Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.

o 88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use

2. What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network. How is user account security established in Windows Server 2003? When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account’s security token, which determines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.

3. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same? No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different

What is DHCP? How we configure DHCP

DHCP (Dynamic Host Configuration Protocol) is a communications protocol that lets network administrators centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address, which is assigned when an Internet connection is created for a specific computer. Without DHCP, the IP address must be entered manually at each computer in an organization and a new IP address must be entered each time a computer moves to a new location on the network. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network.

For Configuring DHCP 1stly u need 2 have one static IP Address? Win2000/2003 server, DNS Service should be stared for Replication. After meeting minimum requirements go to Network services in control panel and install DHCP service.

    For configure DHCP u need to first choose which ip range u want to assign for your Network. Before that u need to authorize dhcp server in Active Directory. After that u need to create pool of ip address that is scope. It also need to activate.

And finally Installing DHCP is easy.  Authorizing and Activating are straightforward.  The toughest part is investigating all the Scope options and decides whether to implement them at the Server or Scope level

4. What is scope & super scope?

( Super Scop)

Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often called multinets

Advantages and Disadvantages of Upgrading Exchange 5.5 to Exchange 2003 Ser What's New in Exchange 2003 Exchange 2003 -Unable to track Messages through ESM How to prepare for and install Exchange 2003 Where can i find all the emails in Exchange 2003? Exchange 2003 in DMZ creating CSV for Exchange 2003 Exchange 2003 & Spam

ACTIVE DIRECTORY – DNS – FSMO – GROUP POLICY

What Is Active Directory?Active Directory consists of a series of components that constitute both its logical structure and its physical structure. It provides a way for organizations to centrally manage and store their user objects, computer objects, group membership, and define security boundaries in a logical database structure.

Purpose of Active Directory

Active Directory stores information about users, computers, and network resources and makes the resources accessible to users and applications. It provides a consistent way to name, describe, locate, access, manage, and secure information about these resources

Functions of Active Directory

Active Directory provides the following functions:

● Centralizes control of network resourcesBy centralizing control of resources such as servers, shared files, and printers, only authorized users can access resources in Active Directory.

● Centralizes and decentralizes resource managementAdministrators have Centralized Administration with the ability to delegate administration of subsets of the network to a limited number of individuals giving them greater granularity in resource management.

● Store objects securely in a logical structureActive Directory stores all of the resources as objects in a secure, hierarchical logical structure.

● Optimizes network trafficThe physical structure of Active Directory enables you to use network bandwidth more efficiently. For example, it ensures that, when users log on to the network, the authentication authority that is nearest to the user, authenticates them reducing the amount of network traffic.

Sites within Active Directory

Sites are defined as groups of well-connected computers. When you establish sites, domain controllers within a single site communicate frequently. This communication minimizes the latency within the site; that is, the time required for a change that is made on one domain

controller to be replicated to other domain controllers. You create sites to optimize the use of bandwidth between domain controllers that are in different locationsOperations Master RolesWhen a change is made to a domain, the change is replicated across all of the domain controllers in the domain. Some changes, such as those made to the schema, are replicated across all of the domains in the forest. This replication is called multimaster replication.

During multimaster replication, a replication conflict can occur if originating updates are performed concurrently on the same object attribute on two domain controllers. To avoid replication conflicts, Active Directory uses single master replication, which designates one domain controller as the only domain controller on which certain directory changes can be made. This way, changes cannot occur at different places in the network at the same time. Active Directory uses single master replication for important changes, such as the addition of a new domain or a change to the forest-wide schema.

Operations that use single-master replication are arranged together in specific roles in a forest or domain. These roles are called operations master roles. For each operations master role, only the domain controller that holds that role can make the associated directory changes. The domain controller that is responsible for a particular role is called an operations master for that role. Active Directory stores information about which domain controller holds a specific role.

Forest-wide Roles

Forest-wide roles are unique to a forest, forest-wide roles are:

● Schema master Controls all updates to the schema. The schema contains the master list of object classes and attributes that are used to create all Active Directory objects, such as users, computers, and printers.

● Domain naming master (its check domain unique) (Controls the addition or removal of domains in the forest). When you add a new domain to the forest, only the domain controller that holds the domain naming master role can add the new domain.

There is only one schema master and one domain naming master in the entire forest.

Domain-wide Roles

Domain-wide roles are unique to each domain in a forest, the domain-wide roles are:

● Primary domain controller emulator (PDC) Acts as a Windows NT PDC to support any backup domain controllers (BDCs) running Microsoft Windows® NT within a mixed-mode domain. This type of domain has domain controllers that run Windows NT 4.0. The PDC emulator is the first domain controller that you create in a new domain.(back world comport ability )

● Relative identifier master (RID)When a new object is created, the domain controller creates a new security principal that represents the object and assigns the object a unique security identifier (SID). This SID consists of a domain SID, which is the same for all security principals created in the domain, and a RID, which is unique for each security principal created in the domain. The RID master allocates blocks of RIDs to each domain controller in the domain. The domain controller then assigns a RID to objects that are created from its allocated block of RIDs. (Mangees Distribution of read number)

● Infrastructure masterwhen objects are moved from one domain to another, the infrastructure master updates object references in its domain that point to the object in the other domain. The object reference contains the object’s globally unique identifier (GUID), distinguished name, and a SID. Active Directory periodically updates the distinguished name and the SID on the object reference to reflect changes made to the actual object, such as moves within and between domains and the deletion of the object. (Updated group membership )

The global catalog contains:

● The attributes that are most frequently used in queries, such as a user’s first name, last name, and logon name.

● The information that is necessary to determine the location of any object in the directory.

● The access permissions for each object and attribute that is stored in the global catalog. If you search for an object that you do not have the appropriate permissions to view, the object will not appear in the search results. Access permissions ensure that users can find only objects to which they have been assigned access.

A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. Taking a user object as an example, it would by default have many different attributes such as first name, last name, phone number, and many more. The GC will by default only store the most common of those attributes that would be used in search operations (such as a user’s first and last names, or login name, for example). The partial attributes that it has for that object would be enough to allow a search for that object to be able to locate the full replica of the object in active directory. This allows searches done against a local GC, and reduces network traffic over the WAN in an attempt to locate objects somewhere else in the network.

Domain Controllers always contain the full attribute list for objects belonging to their domain. If the Domain Controller is also a GC, it will also contain a partial replica of objects from all other domains in the forest.

Active Directory uses DNS as the name resolution service to identify domains and domain host computers during processes such as logging on to the network.

Similar to the way a Windows NT 4.0 client will query WINS for a NetBIOS DOMAIN[1B] record to locate a PDC, or a NetBIOS DOMAIN[1C] record for domain controllers, a Windows 2000, 2003, or Windows XP client can query DNS to find a domain controller by looking for SRV records.

Integration of DNS and Active Directory

The integration of DNS and Active Directory is essential because a client computer in a Windows 2000 network must be able to locate a domain controller so that users can log on to a domain or use the services that Active Directory provides. Clients locate domain controllers and services by using A resource records and SRV records. The A resource record contains the FQDN and IP address for the domain controller. The SRV record contains the FQDN of the domain controller and the name of the service that the domain controller provides.

What Are Active Directory Integrated Zones?

One benefit of integrating DNS and Active Directory is the ability to integrate DNS zones into an Active Directory database. A zone is a portion of the domain namespace that has a logical grouping of resource records, which allows zone transfers of these records to operate as one unit.

Active Directory Integrated Zones

Microsoft DNS servers store information that is used to resolve host names to IP addresses and IP addresses to host names in a database file that has the extension .dns for each zone.

Active Directory integrated zones are primary zones that are stored as objects in the Active Directory database. If zone objects are stored in an Active Directory domain partition, they are replicated to all domain controllers in the domain.

What Are DNS Zones?A zone starts as a storage database for a single DNS domain name. If other domains are added below the domain used to create the zone, these domains can either be part of the same zone or belong to another zone. Once a subdomain is added, it can then either be:

● Managed and included as part of the original zone records, or

● Delegated away to another zone created to support the subdomain

Types of Zones

1There are two types of zones, forward lookup and reverse lookup. Forward lookup zones contain information needed to resolve names within the DNS domain. They must include SOA and NS records and can include any type of resource record except the PTR resource record. Reverse lookup zones contain information needed to perform reverse lookups. They usually include SOA, NS, PTR, and CNAME records.

With most queries, the client supplies a name and requests the IP address that corresponds to that name. This type of query is typically described as a forward lookup. Active Directory requires forward lookup zones.

However, what if a client already has a computer's IP address and wants to determine the DNS name for the computer? This is important for programs that implement security based on the connecting FQDN, and is used for TCP/IP network troubleshooting. The DNS standard provides for this possibility through reverse lookups.

Once you have installed Active Directory, you have two options for storing your zones when operating the DNS server at the new domain controller:

Standard Zone

Zones stored this way are located in .dns text files that are stored in the %SystemRoot%\System32\Dns folder on each computer operating a DNS server. Zone file names correspond to the name you choose for the zone when creating it, such as Example.microsoft.com.dns if the zone name was example.microsoft.com.

This type offers the choice of using either a Standard Primary zone or a Standard Secondary zone.

Standard Primary Zone

For standard primary-type zones, only a single DNS server can host and load the master copy of the zone. If you create a zone and keep it as a standard primary zone, no additional primary servers for the zone are permitted. Only one server is allowed to accept dynamic updates, also known as DDNS, and process zone changes. The standard primary model implies a single point of failure.

Standard Secondary Zone

A secondary name server gets the data for its zones from another name server (either a primary name server or another secondary name server) for that zone across the network. The data in a Secondary zone is Read only, and updated information must come from additional zone transfers. The process of obtaining this zone information (i.e., the database file) across the network is referred to as a zone transfer. Zone transfers occur over TCP port 53.

Secondary servers can provide a means to offload DNS query traffic in areas of the network where a zone is heavily queried and used. Additionally, if a primary server is down, a secondary server can provide some name resolution in the zone until the primary server is available.

Note A Standard Primary zone will not replicate its information to any other DNS servers, but may allow zone transfers to Secondary zones. Win2003 also supports stub zones. A secondary or stub zone cannot be hosted on a DNS server that hosts a primary zone for the same domain name.

Directory-integrated Zone

Zones stored this way are located in the Active Directory tree under the domain object container. Each directory-integrated zone is stored in a dnsZone container object identified by the name you choose for the zone when creating it. Active Directory integrated zones will replicate this information to other domain controllers in that domain.

Note If DNS is running on a Windows 2000 server that is not a domain controller, it will not be able to use an Active Directory integrated zones, or replicate with other domain controllers since it does not have Active Directory installed.

DNS Records

After you create a zone, additional resource records need to be added to it. The most common resource records (RRs) to be added are:

Table 1. Record Types

Name Description

Host (A) For mapping a DNS domain name to an IP address used by a computer.

Alias (CNAME) For mapping an alias DNS domain name to another primary or canonical name.

Mail Exchanger (MX)

For mapping a DNS domain, name to the name of a computer that exchanges or forwards mail.

Pointer (PTR) For mapping a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer.

Service location (SRV)

For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers.

Other resource records as needed.

Q1. What does the logical component of the Active Directory structure include?

■ Objects:-Resources are stored in the Active Directory as objects.

Sub category: object class

An object is really just a collection of attributes. A user object, for example, is made up of attributes such as name, password, phone number, group membership, and so on. The attributes that make up an object are defined by an object class. The user class, for example, specifies the attributes that make up the user object.

The Active Directory Schema:-

The classes and the attributes that they define are collectively referred to as the Active Directory Schema—in database terms, a schema is the structure of the tables and fields and

how they are related to one another. You can think of the Active Directory Schema as a collection of data (object classes) that defines how the real data of the directory (the attributes of an object) is organized and stored

■ Domains

The basic organizational structure of the Windows Server 2003 networking model is the domain. A domain represents an administrative boundary. The computers, users, and other objects within a domain share a common security database.

■ Trees

Multiple domains are organized into a hierarchical structure called a tree. Actually, even if you have only one domain in your organization, you still have a tree. The first domain you create in a tree is called the root domain. The next domain that you add becomes a child domain of that root. This expandability of domains makes it possible to have many domains in a tree. Figure 1-1 shows an example of a tree. Microsoft.com was the first domain created in Active Directory in this example and is therefore the root domain.

Figure 1-1 A tree is a hierarchical organization of multiple domains.All domains in a tree share a common schema and a contiguous namespace. In the example shown in Figure 1-1, all of the domains in the tree under the microsoft.com root domain share the namespace microsoft.com. Using a single tree is fine if your organization is confined within a single DNS namespace. However, for organizations that use multiple DNS namespaces, your model must be able to expand outside the boundaries of a single tree. This is where the forest comes in.

■ Forest

A forest is a group of one or more domain trees that do not form a contiguous namespace but may share a common schema and global catalog. There is always at least one forest on a network, and it is created when the first Active Directory–enabled computer (domain controller) on a network is installed.

Microsoft.com

sales.microsoft.com

RND.Microsoft.com

West.Microsoft.comEast.Microsoft.com

This first domain in a forest, called the forest root domain, is special because it holds the schema and controls domain naming for the entire forest. It cannot be removed from the forest without removing the entire forest itself. Also, no other domain can ever be created above the forest root domain in the forest domain hierarchy.

Figure 1-2 shows an example of a forest with two trees. Each tree in the forest has its own namespace. In the figure, microsoft.com is one tree and contoso.com is a second tree. Both are in a forest named microsoft.com (after the first domain created)

Figure 1-2 Trees in a forest share the same schema, but not the same namespace.

A forest is the outermost boundary of Active Directory; the directory cannot be larger than the forest. However, you can create multiple forests and then create trust relationships between specific domains in those forests; this would let you grant access to resources and accounts that are outside of a particular forest.

■Organizational Units

Organizational Units (OUs) provide a way to create administrative boundaries within a domain. Primarily, this allows you to delegate administrative tasks within the domain.

OUs serve as containers into which the resources of a domain can be placed. You can then assign administrative permissions on the OU itself. Typically, the structure of OUs follows an organization’s business or functional structure. For example, a relatively small organization with a single domain might create separate OUs for departments within the organization.

Q2. What does the physical structure of active directory contain?

Microsoft.com

sales.microsoft.com

RND.Microsoft.com

West.Microsoft.comEast.Microsoft.com

Root domain of microsoft.com forest & tree

Contoso.com

West.contoso.comEast.contoso.com

Root domain of Contoso.com forest

Physical structures include domain controllers and sites.

Q3.What is nesting?

The creation of an OU inside another OU.

IMP: - once you go beyond about 12 OUs deep in a nesting structure, you start running into significant performance issues.

Q4. What is trust relationship and how many types of trust relationship is there in exchange 2003?

Since domains represent security boundaries, special mechanisms called trust relationships allow objects in one domain (called the trusted domain) to access resources in another domain (called the trusting domain).

Windows Server 2003 supports six types of trust relationships:

■ Parent and child trusts■ Tree-root trusts■ External trusts■ Shortcut trusts■ Realm trusts■ Forest trusts

Q5. What is a site?A Windows Server 2003 site is a group of domain controllers that exist on one or more IP subnets (see Lesson 3 for more on this) and are connected by a fast, reliable network connection. Fast means connections of at least 1Mbps. In other words, a site usually follows the boundaries of a local area network (LAN). If different LANs on the network are connected by a wide area network (WAN), you’ll likely create one site for each LAN.

Q6. What is the use of site?Sites are primarily used to control replication traffic. Domain controllers within a site are pretty much free to replicate changes to the Active Directory database whenever changes are made. Domain controllers in different sites compress the replication traffic and operate based on a defined schedule, both of which are intended to cut down on network traffic.

More specifically, sites are used to control the following:

■ Workstation logon traffic■ Replication traffic■ Distributed File System (DFS)

Distributed File System (DFS) is a server component that provides a unified naming convention for folders and files stored on different servers on a network. DFS lets you create a single logical hierarchy for folders and files that is consistent on a network, regardless of where on the network those items are actually stored. Files represented in the DFS might be stored in multiple locations on the network, so it makes sense that Active Directory should be able to direct users to the closest physical location of the data they need. To this end, DFS

uses site information to direct a client to the server that is hosting the requested data within the site. If DFS does not find a copy of the data within the same site as the client, DFS uses the site information in Active Directory to determine which file server that has DFS shared data is closest to the client.

■ File Replication Service (FRS)Every domain controller has a built-in collection of folders named SYSVOL (for System Volume). The SYSVOL folders provide a default Active Directory location for files that must be replicated throughout a domain. You can use SYSVOL to replicate Group Policy Objects, startup and shutdown scripts, and logon and logoff scripts. A Windows Server 2003 service named File Replication Service (FRS) is responsible for replicating files in the SYSVOL folders between domain controllers. FRS uses site boundaries to govern the replication of items in the SYSVOL folders.

Q7. What are the objects a site contains?Sites contain only two types of objects. The first type is the domain controllers contained in the site. The second type of object is the site links configured to connect the site to other sites.

Q8.What is a Site link?Within a site, replication happens automatically. For replication to occur between sites, you must establish a link between the sites. There are two components to this link: the actual physical connection between the sites (usually a WAN link) and a site link object. The site link object is created within Active Directory and determines the protocol used for transferring replication traffic (Internet Protocol [IP] or Simple Mail Transfer Protocol [SMTP]). The site link object also governs when replication is scheduled to occur.

Q9. Explain Replication in Active directory?Windows Server 2003 uses a replication model called multimaster replication, in which all replicas of the Active Directory database are considered equal masters. You can make changes to the database on any domain controller and the changes will be replicated to other domain controllers in the domain.

Domain controllers in the same site replicate on the basis of notification. When changes are made on a domain controller, it notifies its replication partners (the other domain controllers in the site); the partners then request the changes and replication occurs. Because of the high-speed, low-cost connections assumed within a site, replication occurs as needed rather than according to a schedule.

You should create additional sites when you need to control how replication traffic occurs over slower WAN links. For example, suppose you have a number of domain controllers on your main LAN and a few domain controllers on a LAN at a branch location. Those two LANs are connected to one another with a slow (256K) WAN link. You would want replication traffic to occur as needed between the domain controllers on each LAN, but you would want to control traffic across the WAN link to prevent it from affecting higher priority network traffic. To address this situation, you would set up two sites— one site that contained all the domain controllers on the main LAN and one site that contained all the domain controllers on the remote LAN.

Q10. What are the different types of replication?Single site (called intrasite replication)

Replication between sites (called intersite replication).

■ Intrasite Replication Intrasite replication sends replication traffic in an uncompressed format. This is because of the assumption that all domain controllers within the site are connected by high-bandwidth links. Not only is the traffic uncompressed, but replication occurs according to a change notification mechanism. This means that if changes are made in the domain, those changes are quickly replicated to the other domain controllers.

■ Intersite Replication Intersite replication sends all data compressed. This shows an appreciation for the fact that the traffic will probably be going across slower WAN links (as opposed to the LAN connectivity intrasite replication assumes), but it increases the server load because compression/decompression is added to the processing requirements. In addition to the compression, the replication can be scheduled for times that are more appropriate to your organization. For example, you may decide to allow replication only during slower times of the day. Of course, this delay in replication (based on the schedule) can cause inconsistency between servers in different sites.

Q11. What is LDAP?LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.

An LDAP-aware directory service (such as Active Directory) indexes all the attributes of all the objects stored in the directory and publishes them. LDAP-aware clients can query the server in a wide variety of ways.

Q12.What types of naming convention active directory uses?Active Directory supports several types of names for the different formats that can accessActive Directory.These names include:

■ Relative Distinguished NamesThe relative distinguished name (RDN) of an object identifies an object uniquely, but only within its parent container. Thus the name uniquely identifies the object relative to the other objects within the same container. In the example

CN=wjglenn,CN=Users,DC=contoso,DC=com,

the relative distinguished name of the object is CN=wjglenn. The relative distinguished name of the parent organizational unit is Users. For most objects, the relative distinguished name of an object is the same as that object’s Common Name attribute. Active Directory creates the relative distinguished name automatically, based on information provided when the object is created. Active Directory does not allow two objects with the same relative distinguished name to exist in the same parent container.

The notations used in the relative distinguished name (and in the distinguished name discussed in the next section) use special notations called LDAP attribute tags to identify each part of the name. The three attribute tags used include:

■ DC The Domain Component (DC) tag identifies part of the DNS name of the domain, such as COM or ORG.■ OU The Organizational Unit (OU) tag identifies an organizational unit container.■ CN The Common Name (CN) tag identifies the common name configured for an Active Directory object.

■ Distinguished NamesEach object in the directory has a distinguished name (DN) that is globally unique and identifies not only the object itself, but also where the object resides in the overall object hierarchy. You can think of the distinguished name as the relative distinguished name of an object concatenated with the relative distinguished names of all parent containers that make up the path to the object.

An example of a typical distinguished name would be:

CN=wjglenn,CN=Users,DC=contoso,DC=com.

This distinguished name would indicate that the user object wjglenn is in the Users container, which in turn is located in the contoso.com domain. If the wjglenn object is moved to another container, its DN will change to reflect its new position in the hierarchy. Distinguished names are guaranteed to be unique in the forest, similar to the way that a fully qualified domain name uniquely identifies an object’s placement in a DNS hierarchy. You cannot have two objects with the same distinguished name.

■ User Principal NamesThe user principal name that is generated for each object is in the form username@ domain_name. Users can log on with their user principal name, and an administrator can define suffixes for user principal names if desired. User principal names should be unique, but Active Directory does not enforce this requirement. It’s best, however, to formulate a naming convention that avoids duplicate user principal names.

■ Canonical NamesAn object’s canonical name is used in much the same way as the distinguished name— it just uses a different syntax. The same distinguished name presented in the preceding section would have the canonical name:

contoso.com/Users/wjglenn.

As you can see, there are two primary differences in the syntax of distinguished names and canonical names. The first difference is that the canonical name presents the root of the path first and works downward toward the object name. The second difference is that the canonical name does not use the LDAP attribute tags (e.g., CN and DC).

Q13. What is multimaster replication?Active Directory follows the multimaster replication which every replica of the Active Directory partition held on every domain is considered an equal master. Updates can be made to objects on any domain controller, and those updates are then replicated to other domain controllers.

Q14.Which two operations master roles should be available when new security principals are being created and named?Domain naming master and the relative ID master

Q15. What are different types of groups?■ Security groups Security groups are used to group domain users into a single administrative unit. Security groups can be assigned permissions and can also be used as e-

mail distribution lists. Users placed into a group inherit the permissions assigned to the group for as long as they remain members of that group. Windows itself uses only security groups.

■ Distribution groups These are used for nonsecurity purposes by applications other than Windows. One of the primary uses is within an e-mailAs with user accounts, there are both local and domain-level groups. Local groups are stored in a local computer’s security database and are intended to control resource access on that computer. Domain groups are stored in Active Directory and let you gather users and control resource access in a domain and on domain controllers.

Q16. What is a group scope and what are the different types of group scopes?Group scopes determine where in the Active Directory forest a group is accessible and what objects can be placed into the group. Windows Server 2003 includes three group scopes: global, domain local, and universal.

■ Global groups are used to gather users that have similar permissions requirements. Global groups have the following characteristics:

1. Global groups can contain user and computer accounts only from the domain in which the global group is created.2. When the domain functional level is set to Windows 2000 native or Windows Server 2003 (i.e., the domain contains only Windows 2000 or 2003 servers), global groups can also contain other global groups from the local domain.3. Global groups can be assigned permissions or be added to local groups in any domain in a forest.

■ Domain local groups exist on domain controllers and are used to control access to resources located on domain controllers in the local domain (for member servers and workstations, you use local groups on those systems instead). Domain local groups share the following characteristics:

1. Domain local groups can contain users and global groups from any domain in a forest no matter what functional level is enabled.2. When the domain functional level is set to Windows 2000 native or Windows Server 2003, domain local groups can also contain other domain local groups and universal groups.

■ Universal groups are normally used to assign permissions to related resources in multiple domains. Universal groups share the following characteristics:

1. Universal groups are available only when the forest functional level is set to Windows 2000 native or Windows Server 2003.2. Universal groups exist outside the boundaries of any particular domain and are managed by Global Catalog servers.3. Universal groups are used to assign permissions to related resources in multiple domains.4. Universal groups can contain users, global groups, and other universal groups from any domain in a forest.5. You can grant permissions for a universal group to any resource in any domain.

Q17. What are the items that groups of different scopes can contain in mixed and native mode domains?

Q18. What is group nesting?Placing of one group in another is called as group nesting

For example, suppose you had juniorlevel administrators in four different geographic locations, as shown in Figure 4-10. You could create a separate group for each location (named something like Dallas JuniorAdmins). Then, you could create a single group named Junior Admins and make each of the location-based groups a member of the main group. This approach would allow you to set permissions on a single group and have those permissions flow down to the members, yet still be able to subdivide the junior administrators by location.

Q19. How many characters does a group name contain?

64

Q20. Is site part of the Active Directory namespace? NO: - When a user browses the logical namespace, computers and users are grouped into domains and OUs without reference to sites. However, site names are used in the Domain Name System (DNS) records, so sites must be given valid DNS names.

Q21. What is DFS?The Distributed File System is used to build a hierarchical view of multiple file servers and shares on the network. Instead of having to think of a specific machine name for each set of files, the user will only have to remember one name; which will be the 'key' to a list of shares found on multiple servers on the network. Think of it as the home of all file shares with links that point to one or more servers that actually host those shares.

DFS has the capability of routing a client to the closest available file server by using Active Directory site metrics. It can also be installed on a cluster for even better performance and reliability.

Understanding the DFS TerminologyIt is important to understand the new concepts that are part of DFS. Below is an definition of each of them.

Dfs root: You can think of this as a share that is visible on the network, and in this share you can have additional files and folders.

Dfs link: A link is another share somewhere on the network that goes under the root. When a user opens this link they will be redirected to a shared folder.

Dfs target (or replica): This can be referred to as either a root or a link. If you have two identical shares, normally stored on different servers, you can group them together as Dfs Targets under the same link.

The image below shows the actual folder structure of what the user sees when using DFS and load balancing.

Figure 1: The actual folder structure of DFS and load balancing

Windows 2003 offers a revamped version of the Distributed File System found in Windows 2000, which has been improved to better performance and add additional fault tolerance, load balancing and reduced use of network bandwidth. It also comes with a powerful set of command-line scripting tools which can be used to make administrative backup and restoration tasks of the DFS namespaces easier. The client windows operating system consists of a DFS client which provides additional features as well as caching.

Q22. What are the types of replication in DFS?

There are two types of replication: * Automatic - which is only available for Domain DFS * Manual - which is available for stand alone, DFS and requires all files to be replicated manually.

Q23. Which service is responsible for replicating files in SYSVOL folder?

File Replication Service (FRS)

Q24. What all can a site topology owner do?The site topology owner is the name given to the administrator (or administrators) that oversee the sitetopology. The owner is responsible for making any necessary changes to the site as the physical network grows and changes. The site topology owner’s responsibilities include:

■ Making changes to the site topology based on changes to the physical network topology.■ Tracking subnetting information for the network. This includes IP addresses, subnet masks, and the locations of the subnets.■ Monitoring network connectivity and setting the costs for links between sites.

Q1. What is DNS.

DNS provides name registration and name to address resolution capabilities. And DNS drastically lowers the need to remember numeric IP addresses when accessing hosts on the Internet or any other TCP/IP-based network.

Before DNS, the practice of mapping friendly host or computer names to IP addresses was handled via host files. Host files are easy to understand. These are static ASCII text files that simply map a host name to an IP address in a table-like format. Windows ships with a HOSTS file in the \winnt\system32\drivers\etc subdirectory

The fundamental problem with the host files was that these files were labor intensive. A host file is manually modified, and it is typically centrally administrated.

The DNS system consists of three components: DNS data (called resource records), servers (called name servers), and Internet protocols for fetching data from the servers.

Q2. Which are the four generally accepted naming conventions?

NetBIOS Name (for instance, SPRINGERS01)

TCP/IP Address (121.133.2.44)

Host Name (Abbey)

Media Access Control (MAC)—this is the network adapter hardware address

Q3. How DNS really works

DNS uses a client/server model in which the DNS server maintains a static database of domain names mapped to IP addresses. The DNS client, known as the resolver, perform queries against the DNS servers. The bottom line? DNS resolves domain names to IP address using these steps

Step 1. A client (or “resolver”) passes its request to its local name server. For example, the URL term www.idgbooks.com typed into Internet Explorer is passed to the DNS server identified in the client TCP/IP configuration. This DNS server is known as the local name server.

Step 2. If, as often happens, the local name server is unable to resolve the request, other name servers are queried so that the resolver may be satisfied.

Step 3. If all else fails, the request is passed to more and more, higher-level name servers until the query resolution process starts with far-right term (for instance, com) or at the top of the DNS tree with root name servers

Below is the Steps explained with the help of a chart.

Figure 8-5: How DNS works

Q4. Which are the major records in DNS?

1. Host or Address Records (A):- map the name of a machine to its numeric IP address. In clearer terms, this record states the hostname and IP address of a certain machine. Have three fields: Host Name, Domain, Host IP Address.

E.g.:- eric.foobarbaz.com. IN A 36.36.1.6

It is possible to map more than one IP address to a given hostname. This often happens for people who run a firewall and have two 84thernet cards in one machine. All you must do is add a second A record, with every column the same save for the IP address.

2. Aliases or Canonical Name Records (CNAME)

“CNAME” records simply allow a machine to be known by more than one hostname. There must always be an A record for the machine before aliases can be added. The host name of a machine that is stated in an A record is called the canonical, or official name of the machine. Other records should point to the canonical name. Here is an example of a CNAME:

www.foobarbaz.com. IN CNAME eric.foobarbaz.com.

You can see the similarities to the previous record. Records always read from left to right, with the subject to be queried about on the left and the answer to the query on the right. A machine can have an unlimited number of CNAME aliases. A new record must be entered for each alias.

You can add A or CNAME records for the service name pointing to the machines you want to load balance.

3. Mail Exchange Records (MX)

MX” records are far more important than they sound. They allow all mail for a domain to be routed to one host. This is exceedingly useful – it abates the load on your internal hosts since they do not have to route incoming mail, and it allows your mail to be sent to any address in your domain even if that particular address does not have a computer associated with it. For example, we have a mail server running on the fictitious machine eric.foobarbaz.com. For convenience sake, however, we want our email address to be “user@foobarbaz.com” rather than “user@eric.foobarbaz.com”. This is accomplished by the record shown below:

foobarbaz.com. IN MX 10 eric.foobarbaz.com.

The column on the far left signifies the address that you want to use as an Internet email address. The next two entries have been explained thoroughly in previous records. The next column, the number “10”, is different from the normal DNS record format. It is a signifier of priority. Often larger systems will have backup mail servers, perhaps more than one. Obviously, you will only want the backups receiving mail if something goes wrong with the primary mail server. You can indicate this with your MX records. A lower number in an MX record means a higher priority, and mail will be sent to the server with the lowest number (the lowest possible being 0). If something happens so that this server becomes unreachable, the computer delivering the mail will attempt every other server listed in the DNS tables, in order of priority.

Obviously, you can have as many MX records as you would like. It is also a good idea to include an MX record even if you are having mail sent directly to a machine with an A record. Some sendmail programs only look for MX records.

It is also possible to include wildcards in MX records. If you have a domain where your users each have their own machine running mail clients on them, mail could be sent directly to each machine. Rather than clutter your DNS entry, you can add an MX record like this one:

*.foobarbaz.com. IN MX 10 eric.foobarbaz.com.

This would make any mail set to any individual workstation in the foobarbaz.com domain go through the server eric.foobarbaz.com.

One should use caution with wildcards; specific records will be given precedence over ones containing wildcards.

4. Pointer Records (PTR)

Although there are different ways to set up PTR records, we will be explaining only the most frequently used method, called “in-addr.arpa”.

In-addr.arpa PTR records are the exact inverse of A records. They allow your machine to be recognized by its IP address. Resolving a machine in this fashion is called a “reverse lookup”. It is becoming more and more common that a machine will do a reverse lookup on your machine before allowing you to access a service (such as a World Wide Web page). Reverse lookups are a good security measure, verifying that your machine is exactly who it claims to be. In-addr.arpa records look as such:

6.1.36.36.in-addr.arpa. IN PTR eric.foobarbaz.com.

As you can see from the example for the A record in the beginning of this document, the record simply has the IP address in reverse for the host name in the last column.

A note for those who run their own name servers: although Allegiance Internet is capable of pulling zones from your name server, we cannot pull the inverse zones (these in-addr.arpa records) unless you have been assigned a full class C network. If you would like us to put PTR records in our name servers for you, you will have to fill out the online web form on the support.allegianceinternet.com page.

5. Name Server Records (NS)

NS records are imperative to functioning DNS entries. They are very simple; they merely state the authoritative name servers for the given domain. There must be at least two NS records in every DNS entry. NS records look like this:

foobarbaz.com. IN NS draven.foobarbaz.com.

There also must be an A record in your DNS for each machine you enter as A NAME server in your domain.

If Allegiance Internet is doing primary and secondary names service, we will set up these records for you automatically, with “nse.algx.net” and “nsf.algx.net” as your two authoritative name servers.

6. Start Of Authority Records (SOA)

The “SOA” record is the most crucial record in a DNS entry. It conveys more information than all the other records combined. This record is called the start of authority because it denotes the DNS entry as the official source of information for its domain. Here is an example of a SOA record, then each part of it will be explained:

foobarbaz.com. IN SOA draven.foobarbaz.com. hostmaster.foobarbaz.com. (

1996111901 ; Serial

10800 ; Refresh

3600 ; Retry

3600000 ; Expire

86400 ) ; Minimum

The first column contains the domain for which this record begins authority for. The next two entries should look familiar. The “draven.foobarbaz.com” entry is the primary name server for the domain. The last entry on this row is actually an email address, if you substituted a “@” for the first “.”. There should always be a viable contact address in the SOA record.

The next entries are a little more unusual then what we have become used to. The serial number is a record of how often this DNS entry has been updated. Every time a change is made to the entry, the serial number must be incremented. Other name servers that pull information for a zone from the primary only pull the zone if the serial number on the primary name server’s entry is higher than the serial number on it’s entry. In this way the name servers for a domain are able to update themselves. A recommended way of using your serial number is the YYYYMMDDNN format shown above, where the NN is the number of times that day the DNS has been changed.

Also, a note for Allegiance Internet customers who run their own name servers: even if the serial number is incremented, you should still fill out the web form and use the comment box when you make changes asking us to pull the new zones.

All the rest of the numbers in the record are measurements of time, in seconds. The “refresh” number stands for how often secondary name servers should check the primary for a change in the serial number. “Retry” is how long a secondary server should wait before trying to reconnect to primary server if the connection was refused. “Expire” is how long the secondary server should use its current entry if it is unable to perform a refresh, and “minimum” is how long other name servers should cache, or save, this entry.

There can only be one SOA record per domain. Like NS records, Allegiance Internet sets up this record for you if you are not running your own name server.

Quick Summary of the major records in DNS

Record Type Definition

Host (A) Maps host name to IP address in a DNS zone. Has three fields: Domain, Host Name, Host IP Address.

Aliases (CNAME) Canonical name resource record that creates an alias for a host name. CNAME records are typically used to hide implementation details from clients. Fields include: Domain, Alias Name, For Host DNS Name.

Nameservers (NS) Identifies the DNS name servers in the DNS domain. NS records appear in all DNS zones and reverse zones. Fields include: Domain, Name Server DNS Name.

Pointer (PTR) Maps IP address to host name in a DNS reverse zone. Fields include: IP Address, Host DNS Name.

Mail Exchange (MX)

Specifies a mail exchange server for a DNS domain name. Note that the term “exchange” does not refer to Microsoft Exchange, a BackOffice e-mail application. However, to connect Microsoft Exchange to the Internet via the Internet Mail Server (IMS), the MX record must be correctly configured by your ISP.

A mail exchange server is a host that will either process or forward

mail for the DNS domain name. Processing the mail means either delivering it to the addressee or passing it to a different type of mail transport. Forwarding the mail means sending it to its final destination server, sending it using Simple Mail Transfer Protocol to another mail server that is closer to the final destination, or queuing it for a specified amount of time.

Fields include: Domain, Host Name (Optional), Mail Exchange Server DNS Name, Preference Number.

Q5.What is a DNS zone

A zone is simply a contiguous section of the DNS namespace.  Records for a zone are stored and managed together.  Often, subdomains are split into several zones to make manageability easier.  For example, support.microsoft.com and msdn.microsoft.com are separate zones, where support and msdn are subdomains within the Microsoft.com domain.

Q6. Name the two Zones in DNS?

DNS servers can contain primary and secondary zones.  A primary zone is a copy of a zone where updates can be made, while a secondary zone is a copy of a primary zone.  For fault tolerance purposes and load balancing, a domain may have several DNS servers that respond to requests for the same information.

The entries within a zone give the DNS server the information it needs to satisfy requests from other computers or DNS servers.

Q7. How many SOA record does each zone contain?

Each zone will have one SOA record.  This records contains many miscellaneous settings for the zone, such as who is responsible for the zone, refresh interval settings, TTL (Time To Live) settings, and a serial number (incremented with every update).

Q8. Short summary of the records in DNS.

The NS records are used to point to additional DNS servers.  The PTR record is used for reverse lookups (IP to name).  CNAME records are used to give a host multiple names.  MX records are used when configuring a domain for email.

Q9. What is an AD-integrated zone?

AD-integrated zones store the zone data in Active Directory and use the same replication process used to replicate other data between domain controllers. The one catch with AD-integrated zones is that the DNS server must also be a domain controller. Overloading DNS server responsibilities on your domain controllers may not be something you want to do if you plan on supporting a large volume of DNS requests.

Q10.What is a STUB zone?

A stub zone is a copy of a zone that contains only those resource records necessary to

identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is

used to resolve names between separate DNS namespaces. This type of resolution may be

necessary when a corporate merger requires that the DNS servers for two separate DNS

namespaces resolve names for clients in both namespaces.

The master servers for a stub zone are one or more DNS servers authoritative for the child

zone, usually the DNS server hosting the primary zone for the delegated domain name.

Q11. What does a stub zone consists of?

A stub zone consists of:

• The start of authority (SOA) resource record, name server (NS) resource records, and the

glue A resource records for the delegated zone.

• The IP address of one or more master servers that can be used to update the stub zone.

Q12. How the resolution in a stub zone takes place?

When a DNS client performs a recursive query operation on a DNS server hosting a stub

zone, the DNS server uses the resource records in the stub zone to resolve the query. The

DNS server sends an iterative query to the authoritative DNS servers specified in the NS

resource records of the stub zone as if it were using NS resource records in its cache. If the

DNS server cannot find the authoritative DNS servers in its stub zone, the DNS server

hosting the stub zone attempts standard recursion using its root hints.

The DNS server will store the resource records it receives from the authoritative DNS servers

listed in a stub zone in its cache, but it will not store these resource records in the stub zone

itself; only the SOA, NS, and glue A resource records returned in response to the query are

stored in the stub zone. The resource records stored in the cache are cached according to

the Time-to-Live (TTL) value in each resource record. The SOA, NS, and glue A resource

records, which are not written to cache, expire according to the expire interval specified in the

stub zone's SOA record, which is created during the creation of the stub zone and updated

during transfers to the stub zone from the original, primary zone.

If the query was an iterative query, the DNS server returns a referral containing the servers

specified in the stub zone.

Q 13.What is the benefits of Active Directory Integration?

For networks deploying DNS to support Active Directory, directory-integrated primary zones

are strongly recommended and provide the following benefits:

* Multimaster update and enhanced security based on the capabilities of Active Directory

In a standard zone storage model, DNS updates are conducted based upon a single-master update model. In this model, a single authoritative DNS server for a zone is designated as the primary source for the zone.

This server maintains the master copy of the zone in a local file. With this model, the primary server for the zone represents a single fixed point of failure. If this server is not available, update requests from DNS clients are not processed for the zone.

With directory-integrated storage, dynamic updates to DNS are conducted based upon a multimaster update model.

In this model, any authoritative DNS server, such as a domain controller running a DNS server, is designated as a primary source for the zone. Because the master copy of the zone is maintained in the Active Directory database, which is fully replicated to all domain controllers, the zone can be updated by the DNS servers operating at any domain controller for the domain.

With the multimaster update model of Active Directory, any of the primary servers for the directory-integrated zone can process requests from DNS clients to update the zone as long as a domain controller is available and reachable on the network.

Also, when using directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides granulated access to either the zone or a specified RR in the zone.

For example, an ACL for a zone RR can be restricted so that dynamic updates are only allowed for a specified client computer or a secure group such as a domain administrators group. This security feature is not available with standard primary zones.

Note that when you change the zone type to be directory-integrated, the default for updating the zone changes to allow only secure updates. Also, while you may use ACLs on DNS-related Active Directory objects, ACLs may only be applied to the DNS client service.

* Directory replication is faster and more efficient than standard DNS replication.

Because Active Directory replication processing is performed on a per-property basis, only relevant changes are propagated. This allows less data to be used and submitted in updates for directory-stored zones.

Note: Only primary zones can be stored in the directory. A DNS server cannot store secondary zones in the directory. It must store them in standard text files. The multimaster replication model of Active Directory removes the need for secondary zones when all zones are stored in Active Directory.

Q14. What is Scavenging?

DNS scavenging is the process whereby resource records are automatically removed if they are not updated after a period of time. Typically, this applies to only resource records that were added via DDNS, but you can also scavenge manually added, also referred to as static,

records. DNS scavenging is a recommended practice so that your DNS zones are automatically kept clean of stale resource records.

Q15. What is the default interval when DNS server will kick off the scavenging process?

The default value is 168 hours, which is equivalent to 7 days.

DNS Q&A corner

Q1. How do I use a load balancer with my name servers?

Just wanted to ask a question about load balanced DNS servers> via an external network load balancing appliance (i.e - F5's Big IP,> Cisco's Content Switches/ Local Directors).> The main question being the configuration whether to use 2> Master/Primary Servers or is it wiser to use 1 Primary and 1> Secondary? The reason is that I feel there are two configurations> that could be setup. One in which only the resolvers query the> virtual IP address on the load balancing appliance or actually> configure your NS records to point to the Virtual Address so that all> queries, ie - both by local queries directly from local users and> also queries from external DNS servers. I've included a text> representation of the physical configuration. Have you ever> heard or architected such a configuration?

>      VIP = 167.147.1.5> ------------------------------------>> Load Balancer Device |> ------------------------------------>                 |>                 |>           ----------------->            |           |>  ----------------         -------------->> DNS 1     |         | DNS 2   |>  ----------------         --------------> 1.1.1.1               1.1.1.2

There's usually not much need to design solutions like these, since mostname server implementations will automatically choose the name serverthat responds most quickly. In other words, if DNS 1 fails, remotename servers will automatically try DNS 2, and vice versa.

However, it can be useful for resolvers. In that case, you don't need toworry about NS records (since resolvers don't use them), just setting upa virtual IP address.

> Also, Is there any problems in running two Master/Primaries?

Just that you'd have to synchronize the zone data between the twomanually.

Q2. How does reverse mapping work?

How can reverse lookup possibly work on the Internet - how can a local> resolver or ISP's Dns server find the pointer records please? E.g. I run> nslookup 161.114.1.206 & get a reply for a Compaq server> - how does it know where to look? Is there a giant reverse lookup zone in> the sky?

Yes, actually, there is: in-addr.arpa.

If a resolver needs to reverse map, say, 161.114.1.206 to a domain name, it first inverts the octets of the IP address and appends "in-addr.arpa." So, in this case, the IP address would become the domain name 206.1.114.161.in-addr.arpa.

Then the resolver sends a query for PTR records attached to that domain name. If necessary, the resolution process starts at the root name servers. The root name servers refer the querier to the 161.in-addr.arpa name servers, run by an organization called ARIN, the American Registry for Internet Numbers. These name servers refer the querier to 1.114.161.in-addr.arpa name servers, run by Compaq. And, finally, these name servers map the IP address to inmail.compaq.com.

Q3. What are the pros and cons of running slaves versus caching-only name servers?

> Question: I am in the process of setting up dns servers in several locations for my > business. I have looked into having a primary master server running in my server > room and adding slave servers in the other areas. I then thought I could just > setup a primary and a single slave server and run caching only servers in the other > areas. What are the pros and cons of these two options, or should I run a slave > server in every location and still have a caching server with it? I just don't > know what the best way would be. Please help.

The main advantage of having slaves everywhere is that you have asource of your own zone data on each name server. So if you havea community of hosts near each slave that look up domain names inyour zones, the local name server can answer most of their queries.

On the other hand, administering slaves is a little more work thanadministering caching-only name servers, and a little greater burdenon the primary master name server.

Q4. Can I set a TTL on a specific record?

> Is it possible to setup ttl values for individual records in bind?

Sure. You specify explicit TTLs in a record's TTL field, between the ownerfield and the class field:

foo.example. 300 IN A 10.0.0.1

Q5. Can I use an A record instead of an MX record?

> I have a single machine running DNS mail and web for a domain> and I'm not sure that I have DNS setup properly. If the machine> that is running the mail is the name of the domain does there need> to be an MX record for mail?

Technically, no. Nearly all mailers will look up A records for adomain name in a mail destination if no MX records exist.

> If an MX record is not needed, how would you put in an MX> record for a backup mailserver.

You can't. If you want to use a backup mailer, you need to useMX records.

> www cname 192.168.0.1 > mail cname 192.168.0.1> pop cname 192.168.0.1> smtp cname 192.168.0.1

These CNAME records are all incorrect. CNAME records createan alias from one domain name to another, so the field after "CNAME"must contain a domain name, not an IP address. For example:www CNAME foo.example.

Q6. What are a zone's NS records used for?

> Could you elaborate a little bit on why do we need to put NS records for> the zone we are authoritative for ?> The parent name server handles these already. Is there any problem if our> own NS records have lower TTLs than the records from parent name server ?

That's a good question. The NS records from your zone data file are used for several things:

- Your name servers returns them in responses to queries, in the authority section of the DNS message. Moreover, the set of NS records that comes directly from your name server supersedes the set that a querier gets from your parent zone's name servers, so if the two sets are different, yours "wins."

- Your name servers use the NS records to determine where to send NOTIFY messages.

- Dynamic updaters determine where to send updates using the NS records, which they often get from the authoritative name servers.

Q7. Do slaves only communicate with their masters over TCP?

> When the slave zone checks in with the master zone for the serial number, is> all this traffic happening on TCP. For example, if you have acl's blocking> udp traffic but allowing tcp traffic will the transfer work or will it fail> due to the slaves inability to query for the SOA record on udp?

No. The refresh query (for the zone's SOA record) is usually done over UDP.

Q8. What's the largest number I can use in an MX record?

> Could you tell us the highest possible number we can use for the MX > preference ?

Preference is an unsigned, 16-bit number, so the largest number youcan use is 65535.

Q9. Why are there only 13 root name servers?

> I'm very wondering why there are only 13 root servers on globally.> Some documents explain that one of the reason is technical limit on Domain > Name System (without any detailed explanation).> From my understanding, it seems that some limitation of NS record numbers> in DNS packet that specified by certain RFCs, or just Internet policy stuff.>> Which one is proper reason?

It's a technical limitation. UDP-based DNS messages can be up to 512 byteslong, and only 13 NS records and their corresponding A records will fit into a DNS message that size.

IMP informationhttp://www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm

Q1.Which is the FIVE FSMO roles?

Schema Master Forest Level One per forest

Domain Naming Master Forest Level One per forest

PDC Emulator Domain Level One per domain

RID Master Domain Level One per domain

Infrastructure Master Domain Level One per domain

Q2. What are their functions?

1.  Schema Master (Forest level)

The schema master FSMO role holder is the Domain Controller responsible for performing updates to the active directory schema.  It contains the only writable copy of the AD schema.  This DC is the only one that can process updates to the directory schema, and once the schema update is complete, it is replicated from the schema master to all other DCs in the forest. There is only one schema master in the forest.

2.  Domain Naming Master (Forest level)

The domain naming master FSMO role holder is the DC responsible for making changes to the forest-wide domain name space of the directory.  This DC is the only one that can add or remove a domain from the directory, and that is it's major purpose.  It can also add or remove cross references to domains in external directories.  There is only one domain naming master in the active directory or forest.

3.  PDC Emulator (Domain level)

In a Windows 2000 domain, the PDC emulator server role performs the following functions: Password changes performed by other DCs in the domain are replicated

preferentially to the PDC emulator first. Authentication failures that occur at a given DC in a domain because of an

incorrect password are forwarded to the PDC emulator for validation before a bad password failure message is reported to the user. Account lockout is processed on the PDC emulator. Time synchronization for the domain.Group Policy changes are preferentially written to the PDC emulator.

Additionally, if your domain is a mixed mode domain that contains Windows NT 4 BDCs, then the Windows 2000 domain controller, that is the PDC emulator, acts as a Windows NT 4 PDC to the BDCs.

There is only one PDC emulator per domain.

Note: Some consider the PDC emulator to only be relevant in a mixed mode domain. This is not true.  Even after you have changed your domain to native mode (no more NT 4 domain controllers), the PDC emulator is still necessary for the reasons above.

4.  RID Master (Domain level)

The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain. It is also responsible for removing an object from its domain and putting it in another domain during an object move.

When a DC creates a security principal object such as a user, group or computer account, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that makes the object unique in a domain.

Each Windows 2000 DC in a domain is allocated a pool of RIDs that it assigns to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC.

There is one RID master per domain in a directory.

5.  Infrastructure Master (Domain level)

The DC that holds the Infrastructure Master FSMO role is responsible for cross domain updates and lookups.  When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID

(for references to security principals), and the distinguished name (DN) of the object being referenced. The Infrastructure role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.

When a user in DomainA is added to a group in DomainB, then the Infrastructure master is involved.  Likewise, if that user in DomainA, who has been added to a group in DomainB, then changes his username in DomainA, the Infrastructure master must update the group membership(s) in DomainB with the name change.

There is only one Infrastructure master per domain.

 

Q3. What if a FSMO server fails?    

Schema Master No updates to the Active Directory schema will be possible. Since schema updates are rare (usually done by certain applications and possibly an Administrator adding an attribute to an object), then the malfunction of the server holding the Schema Master role will not pose a critical problem.

Domain Naming Master The Domain Naming Master must be available when adding or removing a domain from the forest (i.e. running DCPROMO). If it is not, then the domain cannot be added or removed.  It is also needed when promoting or demoting a server to/from a Domain Controller.  Like the Schema Master, this functionality is only used on occasion and is not critical unless you are modifying your domain or forest structure.

PDC Emulator The server holding the PDC emulator role will cause the most problems if it is unavailable.  This would be most noticeable in a mixed mode domain where you are still running NT 4 BDCs and if you are using downlevel clients (NT and Win9x). Since the PDC emulator acts as a NT 4 PDC, then any actions that depend on the PDC would be affected (User Manager for Domains, Server Manager, changing passwords, browsing and BDC replication).In a native mode domain the failure of the PDC emulator isn't as critical because other domain controllers can assume most of the responsibilities of the PDC emulator.

RID Master The RID Master provides RIDs for security principles (users, groups, computer accounts). The failure of this FSMO server would have little impact unless you are adding a very large number of users or groups.Each DC in the domain has a pool of RIDs already, and a problem would occur only if the DC you adding the users/groups on ran out of RIDs.

Infrastructure Master This FSMO server is only relevant in a multi-domain environment. If you only have one domain, then the Infrastructure Master is irrelevant.  Failure of this server in a

multi-domain environment would be a problem if you are trying to add objects from one domain to another.

Q4. Where are these FSMO server roles found?

The first domain controller that is installed in a Windows 2000 domain, by default, holds all five of the FSMO server roles. Then, as more domain controllers are added to the domain, the FSMO roles can be moved to other domain controllers.

Q5. Can you Move FSMO roles?

Yes, moving a FSMO server role is a manual process, it does not happen automatically.  But what if you only have one domain controller in your domain?  That is fine. If you have only one domain controller in your organization then you have one forest, one domain, and of course the one domain controller.  All 5 FSMO server roles will exist on that DC.  There is no rule that says you have to have one server for each FSMO server role.

Q6. Where to place the FSMO roles?

Assuming you do have multiple domain controllers in your domain, there are some best practices to follow for placing FSMO server roles.

The Schema Master and Domain Naming Master should reside on the same server, and that machine should be a Global Catalog server.   Since all three are, by default, on the first domain controller installed in a forest, then you can leave them as they are.Note: According to MS, the Domain Naming master needs to be on a Global Catalog Server. If you are going to separate the Domain Naming master and Schema master, just make sure they are both on Global Catalog servers.

IMP:- Why Infrastructure Master should not be on the same server that acts as a Global Catalog server?The Infrastructure Master should not be on the same server that acts as a Global Catalog

server.The reason for this is the Global Catalog contains information about every object in the forest. When the Infrastructure Master, which is responsible for updating Active Directory information about cross domain object changes, needs information about objects not in it's domain, it contacts the Global Catalog server for this information.  If they both reside on the same server, then the Infrastructure Master will never think there are changes to objects that reside in other domains because the Global Catalog will keep it constantly updated.  This would result in the Infrastructure Master never replicating changes to other domain controllers in its domain.Note: In a single domain environment this is not an issue.

Microsoft also recommends that the PDC Emulator and RID Master be on the same server. This is not mandatory like the Infrastructure Master and the Global Catalog server above, but is recommended. Also, since the PDC Emulator will receive more traffic than any other

FSMO role holder, it should be on a server that can handle the load.

It is also recommended that all FSMO role holders be direct replication partners and they have high bandwidth connections to one another as well as a Global Catalog server.

Q7.What permissions you should have in order to transfer a FSMO role?

Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to transfer:

Schema Master member of the Schema Admins group

Domain Naming Master member of the Enterprise Admins group

PDC Emulatormember of the Domain Admins group and/or the Enterprise Admins group

RID Mastermember of the Domain Admins group and/or the Enterprise Admins group

Infrastructure Mastermember of the Domain Admins group and/or the Enterprise Admins group

FSMO TOOLS

Q8. Tools to find out what servers in your domain/forest hold what server roles?

1. Active Directory Users and Computers:- use this snap-in to find out where the domain level FSMO roles are located (PDC Emulator, RID Master, Infrastructure Master), and also to change the location of one or more of these 3 FSMO roles.

Open Active Directory Users and Computers, right click on the domain you want to view the FSMO roles for and click "Operations Masters".  A dialog box (below) will open with three tabs, one for each FSMO role.  Click each tab to see what server that role resides on.  To change the server roles, you must first connect to the domain controller you want to move it to.  Do this by right clicking "Active Directory Users and Computers" at the top of the Active Directory Users and Computers snap-in and choose "Connect to Domain Controller".  Once connected to the DC, go back into the Operations Masters dialog box, choose a role to move and click the Change button.When you do connect to another DC, you will notice the name of that DC will be in the field below the Change button (not in this graphic).

2. Active Directory Domains and Trusts - use this snap-in to find out where the Domain Naming Master FSMO role is and to change it's location.

The process is the same as it is when viewing and changing the Domain level FSMO roles in Active Directory Users and Computers, except you use the Active Directory Domains and Trusts snap-in. Open Active Directory Domains and Trusts, right click "Active Directory Domains and Trusts" at the top of the tree, and choose "Operations Master".  When you do, you will see the dialog box below. Changing the server that houses the Domain Naming Master requires that you first connect to the new domain controller, then click the Change button.  You can connect to another domain controller by right clicking "Active Directory Domains and Trusts" at the top of the Active Directory Domains and Trusts snap-in and choosing "Connect to Domain Controller".

3. Active Directory Schema - this snap-in is used to view and change the Schema Master FSMO role. However... the Active Directory Schema snap-in is not part of the default Windows 2000 administrative tools or installation.  You first have to install the Support Tools from the \Support directory on the Windows 2000 server CD or install the Windows 2000 Server Resource Kit.  Once you install the support tools you can open up a blank Microsoft Management Console (start, run, mmc) and add the snap-in to the console.  Once the snap-in is open, right click "Active Directory Schema" at the top of the tree and choose "Operations Masters".  You will see the dialog box below. Changing the server the Schema Master resides on requires you first connect to another domain controller, and then click the Change button.

You can connect to another domain controller by right clicking "Active Directory Schema" at the top of the Active Directory Schema snap-in and choosing "Connect to Domain Controller

4.Netdom

The easiest and fastest way to find out what server holds what FSMO role is by using the Netdom command line utility.  Like the Active Directory Schema snap-in, the Netdom utility is only available if you have installed the Support Tools from the Windows 2000 CD or the Win2K Server Resource Kit.

To use Netdom to view the FSMO role holders, open a command prompt window and type:netdom query fsmo and press enter.  You will see a list of the FSMO role servers:

5. Active Directory Relication Monitor another tool that comes with the Support Tools is the Active Directory Relication Monitor.  Open this utility from Start, Programs, Windows 2000 Support Tools.  Once open, click Edit, Add Monitored Server and add the name of a Domain Controller.  Once added, right click the Server name and choose properties.  Click the FSMO Roles tab to view the servers holding the 5 FSMO roles (below). You cannot change roles using Replication Monitor, but this tool has many other useful purposes in regard to Active Directory information.  It is something you should check out if you haven't already.

Finally, you can use the Ntdsutil.exe utility to gather information about and change servers for FSMO roles.  Ntdsutil.exe, a command line utility that is installed with Windows 2000 server, is rather complicated and beyond the scope of this document.

6. DUMPFSMOS

Command-line tool to query for the current FSMO role holders

Part of the Microsoft Windows 2000 Server Resource Kit

Downloadable from http://www.microsoft.com/windows2000

/techinfo/reskit/default.asp

Prints to the screen, the current FSMO holders

Calls NTDSUTIL to get this information

7. NLTEST

Command-line tool to perform common network administrative tasks

Type “nltest /?” for syntax and switches

Common uses

Get a list of all DCs in the domain

Get the name of the PDC emulator

Query or reset the secure channel for a server

Call DsGetDCName to query for an available domain controller

8. Adcheck (470k) (3rd party) 

A simple utility to view information about AD and FSMO roles

http://www.svrops.com/svrops/downloads/zipfiles/ADcheck.msi

Q9. How to Transfer and Seize a FSMO Role

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q255504

GROUP POLICY

Q1. What are Group Policies?

Group Policies are settings that can be applied to Windows computers, users or both.  In Windows 2000 there are hundreds of Group Policy settings. Group Policies are usually used to lock down some aspect of a PC.  Whether you don't want users to run Windows Update or change their Display Settings, or you want to insure certain applications are installed on computers - all this can be done with Group Policies.

Group Policies can be configured either Locally or by Domain Polices. Local policies can be accessed by clicking Start, Run and typing gpedit.msc.  They can also be accessed by opening the Microsoft Management Console (Start, Run type mmc), and adding the Group Policy snap-in.  You must be an Administrator to configure/modify Group Policies.  Windows 2000 Group Policies can only be used on Windows 2000 computers or Windows XP computers.  They cannot be used on Win9x or WinNT computers.

Q2. Domain policy gets applied to whom ?

Domain Policies are applied to computers and users who are members of a Domain, and these policies are configured on Domain Controllers.  You can access Domain Group Polices by opening Active Directory Sites and Services (these policies apply to the Site level only) or Active Directory Users and Computers (these policies apply to the Domain and/or

Organizational Units).

Q3. From Where to create a Group Policy?

To create a Domain Group Policy Object open Active Directory Sites and Services and right click Default-First-Site-Name or another Site name, choose properties, then the Group Policy tab, then click the New button.  Give the the GPO a name, then click the Edit button to configure the policies.For Active Directory Users and Computers, it the same process except you right click the Domain or an OU and choose properties.

Q4. Who can Create/Modify Group Policies?

You have to have Administrative privileges to create/modify group policies.  The following table shows who can create/modify group policies:

Policy Type Allowable Groups/Users

Site Level Group Policies Enterprise Administrators and/or Domain Administrators in the root domain. The root domain is the first domain created in a tree or forest.  The Enterprise Administrators group is found only in the root domain.

Domain Level Group Policies

Enterprise Administrators, Domain Administrators or members of the built-in group - Group Policy Creator Owners.  By default only the Administrator user account is a member of this group

OU Level Group Policies Enterprise Administrators, Domain Administrators or members of the Group Policy Creator Owners.  By default only the Administrator user account is a member of this group.

Additionally, at the OU level, users can be delegated control for the OU Group Policies by starting the Delegate Control Wizard (right click the OU and choose Delegate Control). However, the wizard only allows the delegated user to Link already created group policies to the OU.  If you want to give the OU administrators control over creating/modifying group policies, add them to the Group Policy Creator Owners group for the domain.

Local Group Policies The local Administrator user account or members of the local Administrators group.

Q5. How are Group Policies Applied?

Group Polices can be configured locally, at the Site level, the Domain level or at the Organizational Unit (OU) level. Group Policies are applied in a Specific Order, LSDO - Local policies first, then Site based policies, then Domain level policies, then OU polices, then nested OU polices (OUs within OUs). Group polices cannot be linked to a specific user or group, only container objects.

In order to apply Group Polices to specific users or computers, you add users (or groups) and computers to container objects. Anything in the container object will then get the policies linked to that container. Sites, Domains and OUs are considered container objects.

Computer and User Active Directory objects do not have to put in the same container object. For example, Sally the user is an object in Active Directory. Sally's Windows 2000 Pro PC is also an object in Active Directory. Sally the user object can be in one OU, while her computer object can be another OU. It all depends on how you organize your Active Directory structure and what Group Policies you want applied to what objects.

User and Computer Policies

There are two nodes in each Group Policy Object that is created.  A Computer node and a User Node. They are called Computer Configuration and User Configuration (see image above). The polices configured in the Computer node apply to the computer as a whole.

Whoever logs onto that computer will see those policies.Note: Computer policies are also referred to as machine policies.

User policies are user specific.  They only apply to the user that is logged on.  When creating Domain Group Polices you can disable either the Computer node or User node of the Group Policy Object you are creating.  By disabling a node that no policies are defined for, you are decreasing the time it takes to apply the polices.To disable the node polices: After creating a Group Policy Object, click that Group Policy Object on the Group Policy tab, then click the Properties button.  You will see two check boxes at the bottom of the General tab.

It's important to understand that when Group Policies are being applied, all the policies for a node are evaluated first, and then applied.  They are not applied one after the other. For example, say Sally the user is a member of the Development OU, and the Security OU. When Sally logs onto her PC the policies set in the User node of the both the Development OU and the Security OU Group Policy Objects are evaluated, as a whole, and then applied to Sally the user.  They are not applied Development OU first, and then Security OU (or visa- versa).The same goes for Computer policies.  When a computer boots up, all the Computer node polices for that computer are evaluated, then applied.

When computers boot up, the Computer policies are applied.  When users login, the User policies are applied.  When user and computer group policies overlap, the computer policy wins.

Note: IPSec and EFS policies are not additive.  The last policy applied is the policy the user/computer will have.

When applying multiple Group Policies Objects from any container, Group Policies are applied from bottom to top in the Group Policy Object list. The top Group Policy in the list is the last to be applied. In the above image you can see three Group Policy Objects associated with the Human Resources OU. These polices would be applied No Windows Update first, then No Display Settings, then No ScreenSaver.  If there were any conflicts in the policy settings, the one above it would take precedence.

Q6.How to disable Group Policy Objects

When you are creating a Group Policy Object, the changes happen immediately.  There is no "saving" of GPOs.  To prevent a partial GPO from being applied, disable the GPO while you are configuring it. To do this, click the Group Policy Object on the Group Policy tab and under the Disable column, double click - a little check will appear.  Click the Edit button, make your changes, then double click under the Disable column to re-enable the GPO.  Also, if you want to temporarily disable a GPO for troubleshooting reasons, this is the place to do it.  You can also click the Options button on the Group Policy tab and select the Disabled check box.

Q7. When does the group policy Scripts run?

Startup scripts are processed at computer bootup and before the user logs in.Shutdown scripts are processed after a user logs off, but before the computer shuts down.

Login scripts are processed when the user logs in.Logoff scripts are processed when the user logs off, but before the shutdown script runs.

Q8. When the group policy gets refreshed/applied?

Group Policies can be applied when a computer boots up, and/or when a user logs in. However, policies are also refreshed automatically according to a predefined schedule. This is called Background Refresh.

Background refresh for non DCs (PCs and Member Servers) is every 90 mins., with a +/- 30 min.interval.  So the refresh could be 60, 90 or 120 mins. For DCs (Domain Controllers), background refresh is every 5 mins.Also, every 16 hours every PC will request all group policies to be reapplied (user and machine) These settings can be changed under Computer and User Nodes, Administrative Templates,System, Group Policy.

Q9. Which are the policies which does not get affected by background refresh?

Policies not affected by background refresh. These policies are only applied at logon time:

Folder RedirectionSoftware InstallationLogon, Logoff, Startup, Shutdown Scripts

Q9. How to refresh Group Policies suing the command line?

Secedit.exe is a command line tool that can be used to refresh group policies on a Windows 2000 computer.  To use secedit, open a command prompt and type:

secedit /refreshpolicy user_policy  to refresh the user policiessecedit /refreshpolicy machine_policy  to refresh the machine (or computer) policies

These parameters will only refresh any user or computer policies that have changed since the last refresh.  To force a reload of all group policies regardless of the last change, use:

secedit /refreshpolicy user_policy /enforcesecedit /refreshpolicy machine_policy /enforce

Gpupdate.exe is a command line tool that can be used to refresh group policies on a Windows XP computer.  It has replaced the secedit command.  To use gpupdate, open a command prompt andtype:

gpupdate /target:user  to refresh the user policiesgpupdate /target:machine  to refresh the machine (or computer) policies

As with secedit, these parameters will only refresh any user or computer policies that have changed since the last refresh.  To force a reload of all group policies regardless of the last change, use:

gpupdate /force

Notice the /force switch applies to both user and computer policies.  There is no separation of the two like there is with secedit

Q10. What is the Default Setting for Dial-up users?

Win2000 considers a slow dial-up link as anything less than 500kbps.  When a user logs into a domain on a link under 500k some policies are not applied.

Windows 2000 will automatically detect the speed of the dial-up connection and make a decision about applying Group Policies.  

Q11. Which are the policies which get applied regardless of the speed of the dial-up connection?

Some policies are always applied regardless of the speed of the dial-up connection. These are:

Administrative TemplatesSecurity SettingsEFS RecoveryIPSec

Q12. Which are the policies which do not get applied over slow links?

IE Maintenance SettingsFolder RedirectionScriptsDisk Quota settingsSoftware Installation and Maintenance

These settings can be changed under Computer and User Nodes, Administrative Templates,System, Group Policy.

If the user connects to the domain using "Logon Using Dial-up Connection" from the logon screen, once the user is authenticated, the computer policies are applied first, followed by the user policies.

If the user connects to the domain using "Network and Dial-up Connections", after they logon, the policies are applied using the standard refresh cycle.

Q13. Which are the two types of default policies?

There are two default group policy objects that are created when a domain is created.  The Default Domain policy and the Default Domain Controllers policy.

Default Domain Policy - this GPO can be found under the group policy tab for that domain. It is the first policy listed.  The default domain policy is unique in that certain policies can only be applied at the domain level.

If you double click this GPO and drill down to Computer Configuration, Windows Settings, Security Settings, Account Policies, you will see three policies listed:

Password PolicyAcount Lockout PolicyKerberos Policy

These 3 policies can only be set at the domain level.  If you set these policies anywhere else- Site or OU, they are ignored.  However, setting these 3 policies at the OU level will have the effect of setting these policies for users who log on locally to their PCs.  Login to the domain you get the domain policy, login locally you get the OU policy.

If you drill down to Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options, there are 3 policies that are affected by Default Domain Policy:

Automatically log off users when logon time expiresRename Adminsitrator Account - When set at the domain level, it affects the Domain Administrator account only.Rename Guest Account - When set at the domain level, it affects the Domain Guest account only.

The Default Domain Policy should be used only for the policies listed above.  If you want to create additional domain level policies, you should create additional domain level GPOs.Do not delete the Default Domain Policy.  You can disable it, but it is not recommended.

Default Domain Controllers Policy - This policy can be found by right clicking the Domain

Controllers OU, choosing Properties, then the Group Policy tab.  This policy affects all Domain Controllers in the domain regardless of where you put the domain controllers.  That is, no matter where you put your domain controllers in Active Directory (whatever OU you put them in), they will still process this policy.

Use the Default Domain Controllers Policy to set local policies for your domain controllers, e.g. Audit Policies, Event Log settings, who can logon locally and so on.

Q14.How to restore Group policy setting back to default?

The following command would replace both the Default Domain Security Policy and DefaultDomain Controller Security Policy. You can specify Domain or DC instead of Both, to onlyrestore one or the other.

> dcgpofix /target:Both

Note that this must be run from a domain controller in the target domain where you want to reset the GPO

If you've ever made changes to the default GPOs and would like to revert back to the originalsettings, the dcgpofix utility is your solution. dcgpofix works with a particular version ofschema. If the version it expects to be current is different from what is in Active Directory, itnot restore the GPOs. You can work around this by using the /ignoreschema switch, whichrestore the GPO according to the version dcgpofix thinks is current. The only time you mightexperience this issue is if you install a service pack on a domain controller (dc1) that extendsschema, but have not installed it yet on a second domain controller (dc2). If you try to run

dcgpofix from dc2, you will receive the error since a new version of the schema and thedcgpofix utility was installed on dc1.

Resolving GPOs from Multiple Sources

Because GPOs can come from different sources to apply to a single user or computer, there must be a way of determining how those GPOs are combined. GPOs are processed in the following order:

1. Local GPO The local GPO on the computer is processed and all settings specified in that GPO are applied.

2. Site GPOs GPOs linked to the site in which the computer resides are processed. Settings made at this level override any conflicting settings made at the preceding level. If multiple GPOs are linked to a site, the site administrator can control the order in which those GPOs are processed.

3. Domain GPOs GPOs linked to the domain in which the computer resides are processed and any settings are applied. Settings made at the domain level override conflicting settings applied at the local or site level. Again, the administrator can control the processing order when multiple GPOs are linked to the domain.4. OU GPOs GPOs linked to any OUs that contain the user or computer object are processed. Settings made at the OU level override conflicting settings applied at the domain, local, or site level. It is possible for a single object to be in multiple OUs. In this case, GPOs linked to the highest level OU in the Active Directory hierarchy are processed first, followed by the next highest level OU, and so on. If multiple GPOs are linked to a single

Q15. What are the two exceptions to control the inheritance of the group policy?

■ No Override When you link a GPO to a container, you can configure a No Override option that prevents settings in the GPO from being overridden by settings in GPOs linked to child containers. This provides a way to force child containers to conform to a particular policy.■ Block Inheritance You can configure the Block Inheritance option on a container to prevent the container from inheriting GPO settings from its parent containers. However, if a parent container has the No Override option set, the child container cannot block inheritance from this parent.

Q16. How to Redirect New User and Computer Accounts?

By default, new user and computer accounts are created in the Users and Computers containers, respectively. You cannot link a GPO to either of these built-in containers. Even though the built-in containers inherit GPOs linked to the domain, you may have a situation that requires user accounts and computer accounts to be stored in an OU to which you can link a GPO. Windows Server 2003 includes two new tools that let you redirect the target locationfor new user and computer accounts. You can use redirusr.exe to redirect user accounts and redircomp.exe to redirect computer accounts. Once you choose the OU for redirection, new user and computer accounts are createddirectly in the new target OU, where the appropriate GPOs are linked. For example, you could create an OU named New Users, link an appropriate GPO to the OU, and then redirect the creation of new-users accounts to the New Users OU. Any new users created would immediately be affected by the settings in the GPO. Administrators could then move the new user accounts to a more appropriate location later. You can find both of these tools in the %windir%\system32 folder on any computer running Windows Server 2003. You can learn more about using these tools in Knowledge Base article 324949, “Redirecting the Users and Computers Containers in Windows Server 2003 Domains,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Q17. What permissions should a administrator have to manage GPOs?

Editing GPOs linked to sites requires Enterprise Administrative permissions.Editing GPOs linked to domains requires Domain AdministrativeEditing GPOs linked to OUs requires permissions for the OU.

Q18. What is the client requirement for supporting GPOs?

For client computers to accept Group Policy settings, they must be members of Active Directory. Support for Group Policy for key operating systems includes the following:

■ Windows 95/98/Me do not support Group Policy.■ Windows NT 4.0 and earlier versions do not support Group Policy.

■ Windows 2000 Professional and Server support many of the Group Policy settings available in Windows Server 2003, but not all. Unsupported settings are ignored.■ Windows XP Professional, Windows XP 64-bit Edition, and Windows Server 2003 fully support Group Policy.

What is a Domain and Workgroup? Highlight advtgs and disadvtgs.

Domain:“A domain is a group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.” - www.murdoch.edu.au/cwisad/glossary.html

There is no real limit to the amount of computers on a domain, it is common to see domains with over 2000 computers/devices (Nodes) in it. For networks with that many workstation, you will need enterprise level software such as SMS, Exchange etc. to effectively manage it. If you are using Windows XP as an OS... ONLY Windows XP Pro is capable of operating in a Domain environment. You can mix OS clients on a domain, you can have Macintosh, Windows, Linux, Unix all under the same domain sharing resources as needed.

A domain usually costs more money to setup because there is more hardware and software required (Such as a Domain Controller and a Server Level OS) to get it configured properly.

In a domain, all the machines have domain level admin accounts on the local administrator group. What this means is, you can effectively manage any and all of the computers on the domain as long as your user account is a member of the Domain Admin group.

Workgroup:Workgroup computing occurs when all the individuals have computers connected to a network (a group of two or more computer systems linked together) that allows them to send e-mail to one another, share data files, and other resources such as printers. Normally, a workgroup is limited to 10 network devices/computers. Also, both Windows XP Pro and Home can function in a workgroup environment.Your typical "out of box" system is setup to be used on a workgroup. If you want, you can change the network type from workgroup to domain and viceversa. Machines setup in a Domain environment are much easier to manage than workgroups when it comes to network resources (Shared Files, Shared Printers, etc.) Since workgroup machines might have different account names, you really have to know the admin acccount for each specific machine in order to effectively manage the workgroup.

What are the Different types of RAID?1. What does RAID stand for ?

In 1987, Patterson, Gibson and Katz at the University of California Berkeley, published a paper entitled "A Case for Redundant Arrays of Inexpensive Disks (RAID)" . This paper described various types of disk arrays, referred to by the acronym RAID. The basic idea of RAID was to combine multiple small, inexpensive disk drives into an array of disk drives which yields performance exceeding that of a Single Large Expensive Drive (SLED). Additionally, this array of drives appears to the computer as a single logical storage unit or drive.

The Mean Time Between Failure (MTBF) of the array will be equal to the MTBF of an individual drive, divided by the number of drives in the array. Because of this, the MTBF of an array of drives would be too low for many application requirements. However, disk arrays can be made fault-tolerant by redundantly storing information in various ways.

Five types of array architectures, RAID-1 through RAID-5, were defined by the Berkeley paper, each providing disk fault-tolerance and each offering different trade-offs in features and performance. In addition to these five redundant array architectures, it has become popular to refer to a non-redundant array of disk drives as a RAID-0 array.

2. Data Striping

Fundamental to RAID is "striping", a method of concatenating multiple drives into one logical storage unit. Striping involves partitioning each drive's storage space into stripes which may be as small as one sector (512 bytes) or as large as several megabytes. These stripes are then interleaved round-robin, so that the combined space is composed alternately of stripes from each drive. In effect, the storage space of the drives is shuffled like a deck of cards. The type of application environment, I/O or data intensive, determines whether large or small stripes should be used.

Most multi-user operating systems today, like NT, Unix and Netware, support overlapped disk I/O operations across multiple drives. However, in order to maximize throughput for the disk subsystem, the I/O load must be balanced across all the drives so that each drive can be kept busy as much as possible. In a multiple drive system without striping, the disk I/O load is never perfectly balanced. Some drives will contain data files which are frequently accessed and some drives will only rarely be accessed. In I/O intensive environments, performance is optimized by striping the drives in the array with stripes large enough so that each record potentially falls entirely within one stripe. This ensures that the data and I/O will be evenly distributed across the array, allowing each drive to work on a different I/O operation, and thus maximize the number of simultaneous I/O operations which can be performed by the array.

In data intensive environments and single-user systems which access large records, small stripes (typically one 512-byte sector in length) can be used so that each record will span across all the drives in the array, each drive storing part of the data from the record. This causes long record accesses to be performed faster, since the data transfer occurs in parallel on multiple drives. Unfortunately, small stripes rule out multiple overlapped I/O operations, since each I/O will typically involve all drives. However, operating systems like DOS which do not allow overlapped disk I/O, will not be negatively impacted. Applications such as on-demand video/audio, medical imaging and data acquisition, which utilize long record accesses, will achieve optimum performance with small stripe arrays.

A potential drawback to using small stripes is that synchronized spindle drives are required in order to keep performance from being degraded when short records are accessed. Without synchronized spindles, each drive in the array will be at different random rotational positions. Since an I/O cannot be completed until every drive has accessed its part of the record, the drive which takes the longest will determine when the I/O completes. The more drives in the array, the more the average access time for the array approaches the worst case single-drive access time. Synchronized spindles assure that every drive in the array reaches its data at the same time. The access time of the array will thus be equal to the average access time of a single drive rather than approaching the worst case access time.

3. The different RAID levels

RAID-0 RAID Level 0 is not redundant, hence does not truly fit the "RAID" acronym. In level 0, data is split across drives, resulting in higher data throughput. Since no redundant information is stored, performance is very good, but the failure of any disk in the array results in data loss. This level is commonly referred to as striping. RAID-1 RAID Level 1 provides redundancy by writing all data to two or more drives. The performance of a level 1 array tends to be faster on reads and slower on writes compared to a single drive, but if either drive fails, no data is lost. This is a good entry-level redundant system, since only two drives are required; however, since one drive is used to store a duplicate of the data, the cost per megabyte is high. This level is commonly referred to as mirroring. RAID-2 RAID Level 2, which uses Hamming error correction codes, is intended for use with drives which do not have built-in error detection. All SCSI drives support built-in error detection, so this level is of little use when using SCSI drives. RAID-3 RAID Level 3 stripes data at a byte level across several drives, with parity stored on one drive. It is otherwise similar to level 4. Byte-level striping requires hardware support for efficient use. RAID-4 RAID Level 4 stripes data at a block level across several drives, with parity stored on one drive. The parity information allows recovery from the failure of any single drive. The performance of a level 4 array is very good for reads (the same as level 0). Writes, however, require that parity data be updated each time. This slows small random writes, in particular, though large writes or sequential writes are fairly fast. Because only one drive in the array stores redundant data, the cost per megabyte of a level 4 array can be fairly low. RAID-5

RAID Level 5 is similar to level 4, but distributes parity among the drives. This can speed small writes in multiprocessing systems, since the parity disk does not become a bottleneck. Because parity data must be skipped on each drive during reads, however, the performance for reads tends to be considerably lower than a level 4 array. The cost per megabyte is the same as for level 4.

Summary:

o RAID-0 is the fastest and most efficient array type but offers no fault-tolerance. o RAID-1 is the array of choice for performance-critical, fault-tolerant environments. In addition, RAID-1 is the only

choice for fault-tolerance if no more than two drives are desired. o RAID-2 is seldom used today since ECC is embedded in almost all modern disk drives. o RAID-3 can be used in data intensive or single-user environments which access long sequential records to

speed up data transfer. However, RAID-3 does not allow multiple I/O operations to be overlapped and requires synchronized-spindle drives in order to avoid performance degradation with short records.

o RAID-4 offers no advantages over RAID-5 and does not support multiple simultaneous write operations. o RAID-5 is the best choice in multi-user environments which are not write performance sensitive. However, at

least three, and more typically five drives are required for RAID-5 arrays. 4. Possible aproaches to RAID

5. Hardware RAIDThe hardware based system manages the RAID subsystem independently from the host and presents to the host only a single disk per RAID array. This way the host doesn't have to be aware of the RAID subsystems(s).

6. The controller based hardware solutionDPT's SCSI controllers are a good example for a controller based RAID solution.The intelligent contoller manages the RAID subsystem independently from the host. The advantage over an external SCSI---SCSI RAID subsystem is that the contoller is able to span the RAID subsystem over multiple SCSI channels and and by this remove the limiting factor external RAID solutions have: The transfer rate over the SCSI bus.

7. The external hardware solution (SCSI---SCSI RAID)An external RAID box moves all RAID handling "intelligence" into a contoller that is sitting in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI controller and apears to the host as a single or multiple disks.This solution has drawbacks compared to the contoller based solution: The single SCSI channel used in this solution creates a bottleneck. Newer technologies like Fiber Channel can ease this problem, especially if they allow to trunk multiple channels into a Storage Area Network.4 SCSI drives can already completely flood a parallel SCSI bus, since the average transfer size is around 4KB and the command transfer overhead - which is even in Ultra SCSI still done asynchonously - takes most of the bus time.

o Software RAID The MD driver in the Linux kernel is an example of a RAID solution that is completely hardware

independent.The Linux MD driver supports currently RAID levels 0/1/4/5 + linear mode.

Under Solaris you have the Solstice DiskSuite and Veritas Volume Manager which offer RAID-0/1 and 5.

Adaptecs AAA-RAID controllers are another example, they have no RAID functionality whatsoever on the controller, they depend on external drivers to provide all external RAID functionality. They are basically only multiple single AHA2940 controllers which have been integrated on one card. Linux detects them as AHA2940 and treats them accordingly.Every OS needs its own special driver for this type of RAID solution, this is error prone and not very compatible.

o Hardware vs. Software RAIDJust like any other application, software-based arrays occupy host system memory, consume CPU cycles and are operating system dependent. By contending with other applications that are running concurrently for host CPU cycles and memory, software-based arrays degrade overall server performance. Also, unlike hardware-based arrays, the performance of a software-based array is directly dependent on server CPU performance and load.

Except for the array functionality, hardware-based RAID schemes have very little in common with software-based implementations. Since the host CPU can execute user applications while the array adapter's processor simultaneously executes the array functions, the result is true hardware multi-tasking. Hardware arrays also do not occupy any host system memory, nor are they operating system dependent.

Hardware arrays are also highly fault tolerant. Since the array logic is based in hardware, software is NOT required to boot. Some software arrays, however, will fail to boot if the boot drive in the array fails. For example, an array implemented in software can only be functional when the array software has been read from the disks and is memory-resident. What happens if the server can't load the array software because the disk that contains the fault tolerant software has failed? Software-based implementations commonly require a separate boot drive, which is NOT included in the array.

What is NAT?

Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.

NAT serves three main purposes:

Provides a type of firewall by hiding internal IP addresses Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations. Allows a company to combine multiple ISDN connections into a single Internet connection.

Also see dynamic NAT and static NAT.

Backup Procedures: The Different Types of Backup Related links: Backup University | Frequently Asked Questions | Whitepapers

Full Backup:A Full backup is simply backing up all files on the system. Users may choose to update archive attributes if they plan on doing any of the following 2 types of partial backups.

Incremental Backup:An incremental backup is a backup that backs up only the files modified since the last backup. When running an incremental backup, users need to update the archive attribute while backing up only modified files. Often the incremental backups are appended to the full backup set. The result is a tape with the changes that occurred daily. This type of backup is useful if the user wishes to have an audit trail of file usage activity on their system and will enable them to restore a specific days work without restoring any changes made since that point in time. To do a full restore for 4 days after a full backup they must restore the full backup and all 4 data sets after it. Unlike the next type of backup.

Differential Backup:A differential backup is a cumulative backup of changes made since the last full backup. It backs up modified files only but does not update the archive attribute. The list of files grows each day until the next full backup is performed clearing the archive attributes. This enables the user to restore all files changed since the last full backup in one pass. These backups can be appended to the full as well, but they will have to keep in mind that each set can contain a different version of a file if that file changes daily. The data sets will always be at least as big as the previous differential (if no changes were made) and will continue to grow as files change. Once a files archive attribute is set it will be backed up each day until after the full backup resets it's attribute bit.

What is TCP/IP?

Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.

Defining a Cluster in Windows 2000

A cluster is a group of independent computers that work together to run a common set of applications and provide the image of a single system to the client and application. The computers are physically connected by

cables and programmatically connected by cluster software. These connections allow computers to use failover and load balancing, which is not possible with a stand-alone computer.

Windows 2000 clustering technology provides high availability, scalability, and manageability:

High availability. The cluster is designed to avoid a single point of failure. Applications can be distributed over more than one computer, achieving a degree of parallelism and failure recovery, and providing more availability.

Scalability. You can increase the cluster's computing power by adding more processors or computers. Manageability. The cluster appears as a single-system image to end users, applications, and the

network, while providing a single point of control to administrators. This single point of control can be remote.

Two Types of Clusters in Windows 2000

In the Windows 2000 Advanced Server and Datacenter Server operating systems, Microsoft introduces two clustering technologies that can be used independently or in combination, providing organizations with a complete set of clustered solutions that can be selected based on the requirements of a given application or service. Windows clustering technologies include:

Cluster service. This service is intended primarily to provide failover support for applications such as databases, messaging systems, and file/print services. Cluster service supports 2-node failover clusters in Windows 2000 Advanced Server and 4-node clusters in Datacenter Server. Cluster service is ideal for ensuring the availability of critical line-of-business and other back-end systems, such as Microsoft Exchange Server or a Microsoft SQL Server™ 7.0 database acting as a data store for an e-commerce Web site.

Network Load Balancing (NLB). This service load balances incoming IP (Internet Protocol) traffic across clusters of up to 32 nodes. Network Load Balancing enhances both the availability and scalability of Internet server-based programs such as Web servers, streaming media servers, and Terminal Services. By acting as the load balancing infrastructure and providing control information to management applications built on top of Windows Management Instrumentation (WMI), Network Load Balancing can seamlessly integrate into existing Web server farm infrastructures. Network Load Balancing will also serve as an ideal load balancing architecture for use with the Microsoft release of the upcoming Application Center in distributed Web farm environments.

BASIC

01

What is Exchange 2003 Forestprep?

Exchange 2003 Forestprep extends the AD schema to include Exchange specific information.

02

What is Exchange 2003 Domainprep?

Exchange 2003 Domainprep creates the groups and permissions necessary for Exchange servers to read and modify user attributes.

03

What is a DC?

A DC is a Windows 2000 or 2003 Domain Controller that holds active directory partitions for a domain (used for things like user authentication).

04

What is a GC?

A GC is a Global Catalog Server. A GC holds a full set of attributes for the domain in which it resides and a subset of attributes for all objects in the Active Directory Forest. 05

What is DDNS and why do I need it?

Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.

06

What is a border server?

A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.

07

What is a mixed mode Exchange environment?

An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.

08

How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Administrative Group?

In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a group of Exchange objects sharing a common set of permissions and routing groups define how those servers communicate with one another. A single Administrative Group can contain several Routing Groups. Example: Your North American Exchange servers might be grouped in a single Administrative Group, but subdivided into several Routing Groups to optimize interserver communication. An Administrative Group contains zero or more Routing Groups.

09

Where's the Instant Messaging Server?

The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real–Time Communications (RTC) server. It is no longer a component of the Exchange Server. For more information, see http://www.microsoft.com/office/preview/rtcserver/.

10

What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership.

11

Why should I go to Exchange 2003 now?

There are several reasons. A few are: 1. Opportunity for Server Consolidation From Exchange 5.5 and Exchange 2000 because you can get

more mailboxes on an Exchange 2003 Server. 2. Better security features. The server is secure by default and has added things like automatic logoff

for an inactive OWA session, Connection filtering, and has more junk mail features like real-time blacklists. 3. Availability enhancements such as End-to-End Outlook Monitoring, Improvements in ESM, Mailbox

Recovery Center, and a Recovery Storage Group. 4. Increase in Mobile device support for Pocket PC’s, Pocket PC Phones and Microsoft Windows®–

powered Smartphones.

12

What are the differences between Exchange 2000 and Exchange 2003?

Some features that are new in Exchange 2003 are: ← Volume Shadow Copy Service for Database Backups/Recovery ← Mailbox Recovery Center ← Recovery Storage Group ← Front-end and back-end Kerberos authentication ← Distribution lists are restricted to authenticated users ← Real-time Safe and Block lists ← Inbound recipient filtering ← Attachment blocking in Microsoft Office Outlook Web Access ← HTTP access from Outlook 2003 ← cHTML browser support (i-Mode phones) ← xHTML (Wireless Application Protocol [WAP] 2.0) browser support ← Queues are centralized on a per-server basis ← Move log files and queue data using Exchange System Manager ← Multiple Mailbox Move tool ← Dynamic distribution lists ← 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations

Manager) ← Deployment and migration tools

13

What is the difference between Exchange 2003 Standard and Exchange 2003 Enterprise editions?

Standard Edition ← 16 GB database limit ← One mailbox store ← One public folder store ← NEW: Server can act as a front-end (post-Beta 2)

Enterprise Edition ← Clustering ← Up to 20 databases per server ← X.400 Connectors

Both Editions support features such as: ← Database snapshot ← OMA and ActiveSync ← AirMAPI ← Recovery Storage Group ← Exchange Management Pack for MOM ← Note: It is not possible to in-place upgrade Exchange 2000 Enterprise Edition to Exchange

2003 Standard Edition.

14

What’s the difference between Exchange 2003 and Windows 2003?

Windows Server 2003 provides significant enhanced functionality that Exchange 2003 takes advantage of:

Outlook HTTP accessIIS 6.0 and Windows RPC Proxy service in Windows Server 2003 enable communication between Outlook 2003 and Exchange Server 2003 by means of HTTP. Outlook 2003 users can synchronize directly with the server running Exchange Server 2003 over a HTTP or HTTPS connection.

Internet protocol supportIIS 6.0 provides Exchange with its support for many common Internet access protocols that increase the flexibility of the operating system, such as HTTP, Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4), and Simple Mail Transfer Protocol (SMTP).

Active DirectoryWindows provides Active Directory, upon which Exchange depends for user information, mail routing information, user authentication, and LDAP read and write functions.

Support for clusteringExchange Server 2003 provides better support for clustering, which enables high availability of a company’s infrastructure. Customers can choose to run up to 8-node clusters, with at least one passive node, when running Exchange 2003 on Windows Server 2003, Enterprise Edition. (In Windows 2000 Advanced Server, clustering was limited to two nodes, one active and one passive; if a company chose to run Windows 2000 Datacenter Server, clustering was limited to four nodes.)

Volume Shadow Copy serviceThis and Virtual Disk Service are part of a storage framework that provides heterogeneous interoperation of storage hardware, storage software, and applications. Exchange 2003 writes to the Volume Shadow Copy service on Windows Server 2003, reducing dramatically the backup and restore times for Exchange messaging environments. This enables IT departments to support greater numbers of users per server and reduces the total number of servers running Exchange in their environment.

SETUP/UPGRADE

01

How can I merge multiple directories to create a unified Exchange organization?

← Microsoft's Meta-Directory Services (MMS) ← HP's LDAP Directory Synchronization Utility ← CPS Systems' SimpleSync ← ADSI (code, code code)

02

Can I upgrade from the evaluation edition of Exchange 2003 Enterprise Server to the RTM standard version of Exchange 2003 Server?

No this is technically a downgrade from enterprise to standard. You can only upgrade the evaluation version of Exchange 2003 Enterprise to Exchange 2003 Enterprise RTM.

03

How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires?

The Exchange Server Setup Progress Log includes the date on which the Exchange server was installed. Take the difference between that date and today's date and subtract it from 120 to determine how many days remain in your evaluation.

04

My evaluation version has expired! Are my databases toast?

No. Install a full version of Exchange 2000 Enterprise and you can continue to use your existing databases.

05

I plan to run Exchange in a hosted environment, where can I find information on how to configure my Exchange server to host multiple companies

06

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

07

Can Exchange 5.5 or Exchange 2000 run on Windows 2003?

NO. Windows 2003 uses IIS 6.0, which has been re-engineered to keep up with best practices and industry standards. Windows 2003 has an IIS 5.0 compatibility mode, however, it is not compatible with Exchange 5.5 or Exchange 2000. Therefore, neither Exchange Systems are compatible with Windows 2003.

08

Can I run Exchange 2000 with an AD infrastructure with Windows 2003 DC's?

YES, all exchange versions will run in an AD 2003 environment. Exchange 2000 will benefit from some of the new features in AD 2003 and Exchange 5.5 has an ADC specifically for an Exchange 5.5/ AD 2003 environment. If AD 2000 is upgraded to AD 2003, the ADC will need to be upgraded also.*

09

Can I upgrade Exchange 2003 Beta 2 to RTM?

NO. Microsoft will not support any deployment of Beta 2 into a production environment. Their official position is, “Exchange 2003 Beta 2 should not be deployed in a production environment. You can deploy Exchange 2003 Beta 2 in a test environment only.

10

Can I upgrade Exchange 5.5 in place to Exchange 2003?

NO. In place upgrades to Exchange 2003 must already be Exchange 2000 SP3 and Windows 2000 SP3 or later. The only upgrade paths from 5.5 to 2003 are; an in place upgrade to Exchange 2000 then an in place upgrade to Exchange 2003 or the leap frog migration which requires another server.

11

How should I upgrade from Exchange 5.5 to Exchange 2003?

Since Exchange 5.5 can not be upgraded in place, The Active Directory should be upgraded to AD 2003, setup the new ADC and then install a new Exchange 2003 server. Then move users from 5.5 to 2003.

12

Where's the Instant Messaging Server?

The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real–Time Communications (RTC) server. It is no longer a component of the Exchange Server.

13

What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.)

It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface.

You must upgrade back-end servers to Exchange 2003 as well

Interface matrix

Ex2000 FE + Ex2000 BE = Ex2000 OWAEx2003 FE + Ex2000 BE = Ex2000 OWA Ex2000 FE + Ex2003 BE = Not supported (AG protected) Ex2003 FE + Ex2003 BE = Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003

14

What do I need to get RPC over HTTP working?

Client ← Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side ← Exchange 2003 on Windows 2003 for FE (if FE is deployed) ← Exchange 2003 on Windows 2003 for BE ← Exchange 2003 on Windows 2003 for Public Folders ← Exchange 2003 on Windows 2003 for System Folders ← Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network.

15

What do I need in order to install Exchange 2003?

A partial list includes: ← DNS (preferably DDNS) ← Active Directory 2000 or 2003 ← Permissions to update the Schema

← Hardware sufficient to run Exchange 2003 ← Windows 2000 SP3 applied to all DCs, GC, and all (future) E2K2 servers, or Windows 2003.

16

I'm running Exchange 5.5 and would like to upgrade to Exchange 2003. Can I upgrade directly?

No. The only supported upgrade in place is from Exchange 2000 SP3 or later. You would need to first upgrade your Exchange 5.5 server to at least Exchange 2000 SP3 and then upgrade in place to Exchange 2003. Another option is to exmerge out your current users and exmerge them into an Exchange 2003 server. And the only other option is called the leap frog migration. You configure the Active Directory Connector (ADC) for Exchange 2003 between the Active Directory and Exchange 5.5 Directory Service. Install a new Exchange 2003 server into the enterprise and move the Exchange 5.5 users to Exchange 2003.

17

Can I install Exchange 2003 on Windows 2000 server?

Yes, but Windows 2000 must have SP3 loaded first.

18

Can I rename or move the default groups created by Exchange during domainprep and forestprep?

Only if you want to horribly break your Exchange installation.

19

What are the minimum hardware requirements for Exchange 2003?

The minimum practical hardware requirements in our experience are 1.25 times the disk space one would allocate under Exchange 2000, 1GB RAM (4GB minimum if the Exchange server also serves any other function) and the fastest processor(s) you can afford.

20

Am I better off with one really fast processor or two somewhat slower processors?

You're better off with two really fast processors. But, with all other things being equal, two processors are better than one with Exchange 2003. In most instances, a 2-processor machine would be preferable.

21

Can I have multiple Exchange 2003 organizations in a single forest?

No. Only a single E2K3 organization can exist within a single forest. Delegation of administration within the organization can be accomplished using OUs in AD and Administrative/ Routing Groups in the Exchange system manager.

22

Can an Exchange 2003 organization span multiple forests?

No. All domains in a forest share a common schema and the Exchange organization exists within this configuration naming context. The GC, which provides the Global Address List is populated only with items within the forest

23

What ports does Exchange use?

A partial list of the ports your Exchange server might use is included below ← 25 SMTP ← 53 DNS ← 80 HTTP ← 88 Kerberos ← 102 X.400 ← 110 POP3 ← 119 NNTP ← 135 RPC ← 137 - NetBIOS Session Service ← 139 - NetBIOS Name Service ← 143 IMAP4 ← 379 LDAP (SRS) ← 389 LDAP ← 443 HTTP (SSL) ← 445 - NetBIOS over TCP ← 465 SMTP (SSL) ← 563 NNTP (SSL) ← 636 LDAP (SSL) ← 691 LSA ← 993 IMAP4 (SSL) ← 994 IRC (SSL) ← 995 POP3 (SSL) ← 1503 T.120 ← 1720 H.323 ← 1731 Audio conferencing ← 1863 - MSN IM ← 3268 GC ← 3269 GC (SSL) ← 6001 Rpc/HTTP Exchange Store ← 6002 HTTP Exchange Directory Referral service ← 6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog ← 6667 IRC/IRCX ← 6891 - 6900 - MSN IM File transfer ← 6901 - MSN IM Voice ← 7801 - 7825 - MSN IM Voice

24

Exchange Group Policy Notes, what should I do?

A: Do Not delete the Default Domain Policy or Default Domain Controller Policy in your Active Directory.

The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F-11D2-945F-00C04fB984F9 for its operations. If it doesn't find it, domain prep will fail.

ADMINISTRATION

01

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting. 02

Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + KB331320

03

When will Exchange 2003 SP1 be available?

When it is ready

04

How do I configure the Recovery Storage Group?

In Exchange 2003, there is a new feature called the "Recovery Storage Group" (RSG). This is a special instance of ESE (a 5th instance) which can be spun up to provide:a. Item/Folder/Mailbox level restore without the need for a spare serverb. "Dial tone" (blank mailbox) support if you lose a database and need to get the users quickly up and running for send/receive

To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new Recovery Storage Group.Once the RSG exists, you can add a database to it (any MDB from any Storage Group from any server inside the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use ExMerge to extract the data from the RSG and merge it into the production database (for scenario a.), or you can swap the RSG-restored database for the temporary production database (for scenario b).

One of the goals for the Recovery Storage Group

05

Under Exchange 5.5 I couldn't restore a single mailbox without 3rd party products. With Exchange 2003, is it any easier to restore a single mailbox or back up a single mailbox?

Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Windows account is deleted. Although restores have been greatly improved with the new Recovery Storage Group (RSG) and the Volume Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would still require a 3rd party brick level backup utility.

06

Can I back up the EXIFS drive using NT Backup or another backup application?

You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in messages and attachments being inaccessible via the Outlook client.

07

How can I prevent a user from sending and receiving Internet mail?

Follow the steps outlined below: 1. Create a group called InternalOnly. 2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the X400

address alone so they can receive internal mail. 3. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s),

choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector.

4. Follow the steps in KB277872, regarding Connector Restrictions.[Now they can't use the SMTP connector(s) to send external mail]

08

What tools are used to administer Exchange 2003?

Active Directory Users & Computers - Used to create users, distribution groups and contacts.

Exchange System Manager - Used to manage the Exchange Server, create address lists, recipient policies, and now does some user level actions...

09

Can I use Exchange 2000 tools to manage Exchange 2003 Servers?

No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000 ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange 2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000 SP3 roll-up to your Admin workstation(s) - http://microsoft.com/downloads/details.aspx?FamilyId=E247C80E-8AFA-4C2A-96B3-F46D1808C790&displaylang=en

The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning). Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that the data value is greater than the version of ESM running, it will not allow edits to that object.

10

Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers?

Yes, with the exception of the following Exchange 2000 components; Key Management Server, Exchange Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:Mail Connectors

11

I created a user in AD Users and Computers, but in the Exchange system manager it doesn't appear under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after it has been created, which would cause it to appear.

12

I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in Outlook.

Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies can be accessed with the web.

13

In Exchange 5.5, I could have multiple mailboxes associated with a single user account. How do I do that in Exchange 2003?

Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object 'receive as' and 'send as' permissions to that mailbox.

14

What is the difference between 'receive as' and 'send as'?

'Receive as' allows a user object to open a mailbox. 'Send as' allows a user to send out a mail message as the mailbox that has been opened.

15

How do I restrict a user or domain from sending mail to my users?

First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers).

16

I've created more than one address list. Which list will users see for their GAL?

The following criteria are used when determining what a client will see for the Global Address List. ← Which Address List do you have permissions to see? ← Which Address List contains your mailbox object as an entry?

If your mailbox appears as an object in more than one address list:

← Which of the remaining Address Lists contains more entries?

17

What do the event IDs mean in the message tracking log?

They are listed in Appendix A

18

Is Single Instance Storage maintained when moving users between servers | storage groups | databases?

Yes...

19

In my native E2K3 organization is there any requirement for RPC connectivity between servers?

In order to move users between servers, RPC connectivity is required.

20

How can I archive messages sent or received by my users?

1. Messages can be archived on a per store basis by enabling the option on the general properties tab of the Mailbox Store in the Exchange System Manager.

2. Use an event sink (either write your own or use the simple one provided by Microsoft and described in “Archive Sink Readme.txt”

3. Use a 3rd party message archival tool.

21

Why when I try to add an additional mailbox store do I receive the following error? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a

You are running the standard version of Exchange 2003 which is limited to a single 16GB private information store.

22

How do I get the Exchange Advanced Tab in Active Directory Users and Computers?

Open Active Directory Users and Computers. Click on the View menu item at the top of the application. Select “Advanced Features” on the menu list. When you open a property page for an Active Directory object that has a mailbox associated with it, you will now see the “Exchange Advanced” tab at the top.

23

How do I control the format of the addresses before the @ sign in a recipient policy?

You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy.

Examples:

User: Tommy Lee JonesDomain: company.com

%g.%s@company.com = Tommy.Jones@company.com%1g%s@company.com = TJones@company.com%g%2s@comapny.com = TommyJo@company.com

Less commonly used variables include, %m (alias) and %d (display name).

24

How do I make Exchange automatically send a welcome message to all newly created users?

There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is opened after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script.

25

Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. ****

There are 3rd party products that will do this too.

26

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

27

How can you tell the exact version of Exchange you are running?

Here is a list of build numbers for Exchange 2000/2003:

Exchange 2000

← 4417.5 = Exchange 2000 RTM ← 4712.7 = Exchange 2000 SP1 ← 5762.4 = Exchange 2000 SP2 ← 6249.4 = Exchange 2000 SP3 ← 6396.1 = Exchange 2000 Post-SP3 Super Roll-up

← 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes

Exchange 2003

← 6728.12 = Exchange 2003 Beta 1 ← 6803.8 = Exchange 2003 Beta 2 ← 6851.10 = Exchange 2003 Release Candidate 0 ← 6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

28

How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic – KB317327

29

Resource / Conference room scheduling

Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to “Direct Booking of Resource Without a Delegate Account”

There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that will automatically accept/decline meeting requests for conference rooms and other resources.

31

How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me it is in use when I try to create a new user?

Either open Outlook to create a new message with that SMTP address and hit “CTRL+K” to resolve it, or use a Windows Scripting Host script to find it. For the latter, see http://www.cdolive.net/download/adusermanagement.zip (look for FindUserWithADSI.wsf and FindUserWithCDO.wsf)

32

How do I Enable the Security Tab for the Organization Object?

This tab is not enabled by default. For instructions on how to enable it see KB264733

33

How do I restrict users from Creating Top-Level Folders?

For Exchange 2000 public folders, you can follow the instructions in this article KB256131. But with Exchange 2000, however, any time a new server is added to the organization, these permissions will be reset.

In Exchange 2003 these permission are restricted by default so to install Exchange 2003, you will automatically restrict them.

“Allow create top-level public folder access control entry for everyone” permissions and “allow anonymous logon from the organization container” permissions are removed during the installation of Exchange 2003.*****

34

Why do the storage quota settings not take effect immediately?

This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more information see KB327378

35

How do I limit which Outlook client versions can access my server?

You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more information, see KB288894

37

How do I disable the "Automatically update e-mail addresses based on recipient policy" on all users or contacts?

' Default setting for "msExchPoliciesExcluded" is empty' Once disabling the automatic e-mail address update it is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

' Default setting for "msExchPoliciesIncluded" is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" plus a unique GUID for each applied Recipient Policy separated by a comma' And after turning off the automatic update "msExchPoliciesIncluded" is only:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

Migration

01

Can I use Exchange 2003's OWA to access a mailbox on an Exchange 5.5 or Exchange 2000 server?

Yes and No. Exchange 2003 can access a 2000 back-end server however, it will remain the same as Exchange 2000 OWA. As for Exchange 5.5, the enhanced OWA is built directly into the store technology and only a mailbox residing on an Exchange 2003 server can be accessed using the enhanced OWA interface. Nice try, though.

02

Can I use Exchange 5.5's OWA to access a mailbox on an Exchange 2003 server?

Yes. But you will not get the look and feel or the added features from the 2003 servers.

03

How do I remove the ADC after moving all of my users to an Exchange 2003 server?

First, you need to use the Exchange 5.5 Admin program to delete the directory replication connectors (Org | Site | Configuration | Connections). Once you have deleted the connections, you need to be logged on with an account with Schema Admin privileges to delete the ADC connector.

04

How many Global Catalog servers should I deploy?

There is no hard and fast rule in this regard. Some potential guidelines include: 1. At least 1 per routing group 2. One for every 4 Exchange servers in a routing group 3. One (or more) for each physical location

Transport

01

What additional queues have been exposed?

All the system queues like the failed message retry queue, DNS messages pending submission, and messages queued for deferred delivery are now exposed to enhance trouble shooting.

02

Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. ****

There are 3rd party products that will do this too.

03

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

04

Can I view the queues on a per server basis?

Yes, in the new Queue Viewer in the Exchange 2003 System Manager.

05

How do I move SMTP queues and badmail directories?

Exchange 2003 allows you to change the location of queue directories for SMTP virtual servers and X.400.

The Directions are in the document entitled “Exchange Titanium Getting Started Guide”

06

What do the various queue names mean?

DNS messages pending submission - Contains delivery status notifications (DSN), also known as non-delivery reports that are ready to be delivered by Exchange. The Delete All Messages (no NDR) and Delete All Messages (NDR) functions are unavailable for this queue.

Messages queued for deferred delivery – Contains the messages marked by the client for deferred delivery or messages simply awaiting delivery at a different time.

Failed message retry - Contains messages that have been marked as retry due to a delivery failure. This queue also does not have the NDR functions mention in the DNS messages pending submission queue.

07

How do I activate the real time safe block list?

Enabling connection filter involves two steps: 1. Create the recipient filter using the Connection Filtering tab on the Message Delivery Properties

under Global Settings. 2. Apply the filter at the SMTP virtual server level.

08

How do I filter incoming mail by subject or attachment?

Exchange 2003 does not have any built-in function to accomplish that. Either look for a third party tool or develop your own Windows SMTP Transport Event Sink.

09

How do I limit the maximum amount of messages the SMTP queue can hold? You have to use the MaxMessageObjects registry key.

10

How do I strip the attachment from an NDR?

You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are necessary to display the notification in the preview pane are stripped, and the originator of the message cannot use the Send Again option.

11

How do you restrict Distribution Lists?

Submissions can be restricted to a limited number of security principles though the standard Windows Discretionary Access Control List (DACL). This feature prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal only distribution list. An example of this would be an “All Employees” distribution list which should not be available to anyone outside the company (by spoofing or otherwise). Note Restricted distribution lists will only work on the bridgehead servers or SMTP gateway servers running Exchange 2003.

To set restrictions on a distribution list

1. Click Start, point to All Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.

2. Expand your organizational unit container, and double-click Users. 3. Right-click the distribution list for which you want to restrict submissions, and then click Properties. 4. Click the Exchange General tab. 5. Under Message Restrictions, under Accept messages, select one of the following options:

← Click From everyone to allow anyone to send to this distribution list. This includes anonymous users from the Internet.

← Click From authenticated users only to allow only authenticated users to send mail to this distribution list.

← Click Only from to specify a select set of users or groups that can send to this group and then click Add to specify the users or groups that you want to permit to send mail to this distribution list.

← Click From everyone except to allow everyone but a select set of users or groups to send to this distribution group and then click Add to specify the list of users or groups that you want to restrict from sending to this distribution list.

STORE

What happened to the M: drive?

The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

02

What is the STM file?

the .stm file is part of the information store database that contains the native internet formatted items. It is used to improve the performance of the database.

03

Why does the size of the EDB file not change when I move users out of that store?

The .edb file will only decrease in size once a database defrag is performed.

04

How do I move the log files?

The new ESM allows the administrator to move the log files through the GUI.

05

Is there an easier way to move mailboxes grouped by mailbox.store?

Yes, you can now move mailboxes through ESM grouped by mailbox store.

06

Will an in place upgrade from Exchange 2000 remove the M: drive?

Yes, In both the clean install and upgrade from Exchange 2000 scenarios, Exchange 2003 does not present EXIFS as drive letter M:

07

If there is still an M: drive mapped, why does the free space number look funny?

The free space number shown on the M: drive is based on the main install drive for Exchange. It is not related to the drive space on the drives where the stores actually exist.

CLUSTERING

01

Which cluster configuration is preferred?

Microsoft recommends Active/Passive clustering because it: ← Scales better ← sizes the same way as a stand alone Exchange server ← can have up to 8 nodes in the cluster ← always fails over to a fresh node

02

What happened to Active/Active Clustering?

Active/Active clustering is only supported with a 2-node cluster limited to 1900 concurrent connections.

03

Do I still have to cycle the services on fail back like in 2000 Active/Passive mode?

The Exchange services are automatically shutdown on failover so when fail back happens the services are automatically brought back online for a clean address space.

04

How many cluster nodes are supported by each version of Exchange?

Exchange 2003 and Windows 2003, Standard Edition will run up to a 4-node cluster. Exchange 2003 and Windows 2003 Enterprise will run an 8-node cluster with at least one passive node.

05

Are there any other differences between Win2k and Win2k3 clustering?

Win2k3 Enterprise and Datacenter both support 8-node clusters. MSCS (Microsoft Clustering Services) is now available for high availability. NLB Manager allows the administrator to configure the NLB service in a central location thus avoiding mistakes from repetitive actions. For more information see the “Technical Overview of Clustering in Windows Server 2003” and “Windows Server 2003

Server Cluster Architecture” documents.

06

Why am I getting the 9582’s and what is VM Fragmentation?

VM fragmentation is when the virtual memory becomes fragmented and can prevent stores form mounting. The 9582 event is the event that warns about this condition. For more information refer to “The Extensible Storage Engine Database Engine Contributes to Virtual Memory Fragmentation (324118)”

ADC

01

What are the new ADC Tools?

The Active Directory Connector management console now contains an ADC Tools option. ADC Tools is a collection of wizards and tools that help you set up connection agreements by scanning your current Active Directory and Exchange 5.5 Directory and organization, and automatically creating the recommended connection agreements. The following wizards are included in the ADC Tools:

Resource Mailbox Wizard This wizard identifies Active Directory accounts that match more than one Exchange 5.5 mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active

Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which designates the mailboxes as resource mailboxes. You can either make these changes online or export a commaseparated value (.csv) file that you can update and import into the Exchange 5.5 directory.

Connection Agreement Wizard This wizard recommends connection agreements based on your Exchange 5.5 directory and Active Directory configuration. You can review the list of recommended connection agreements and select those you want the wizard to create.

The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector and running ADC Tools.

02

Can I use the Windows 2003 Active Directory connector with Exchange 2003?

No, you need to install the Exchange 2003 ADC.

03

How can I get a list of connection agreements in Exchange 2003 ADC?

Run the ExchDump utility with the /CA switch.

OWA

How do I disable OWA for a single user in Exchange 2000/2003?

In Active Directory Users and Computers (Advanced Features view) open the properties for the user object and choose Exchange Advanced | Protocol Settings | HTTP | Settings | and uncheck the 'Enable for mailbox' check box.

03

How do I make OWA work properly with Extended Characters?

Beginning in Exchange 2000, messages with extended characters are encoded with UTF-8, by default. For more information see KB273615 and KB281745

04

How do I stop users from going to a bookmarked /LOGON.ASP page after conversion to 2003 OWA?

After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marked the URL of mail.company.com/exchange/logon.asp, since in 5.5 OWA it automatically would pull the user from the root URL into a logon page (since it used ASP) but now the user only sees the same base URL of mail.company.com/exchange. So once the users used the book mark or in some cases the "autocomplete" feature in IE they would be pulled to a dead address.

Go into the front-end server that is hosting your OWA.

← Start up IIS admin and locate the /Exchange virtual directory ← Right click on the /Exchange directory and using the "wizard" create a new virtual directory called

logon.asp. When it prompts where the content is located just put something like c:\inetpub\wwwroot ← Once the virtual root has been created, right click it, select properties then select the tab labeled

"Virtual Directory" ← Select the "A redirection to a URL" and then in the "Redirect to" URL enter /exchange/

What happens is when the user hits the virtual root of /exchange/logon.asp it pulls the user back to only /exchange*

05

How do I activate session timeouts for OWA users?

Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity. See Logon Modifications for OWA Users for the instructions.

06

How do I disable potions of the OWA interface?

Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively enable/disable certain features in the web client. Exchange 2003 extends the segmentation options found in Exchange 2000. You can either set global (per server) segmentation via a registry parameter, or set the msExchMailboxFolderSet attribute on user objects. A bit mask determines the functionality available to the user.

07

What are the new OWA Hot Keys?

← Ctrl+N: New Mail (or Post, if in public folders) ← Ctrl+R: Reply to currently selected mail in view ← Ctrl+Shift+R: Reply all to currently selected mail in view ← Ctrl+Shift+F: Forward currently selected mail ← Ctrl+U: Mark currently selected message(s) as unread ← Ctrl+Q: Mark currently selected message(s) as read .

OMA

01

Can I deploy OMA in a mixed environment?

In a mixed Exchange environment, you must use Exchange 2003 for both the front-end and back-end servers to gain access to mailboxes through Outlook Mobile Access (OMA) and Exchange ActiveSync. For mailboxes on Exchange 5.5 and 2000, you need to deploy Microsoft Mobile Information Server.

02

What is OMA?

Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations.

Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices.

Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership.

03

Which devices are supported by Microsoft to be used with OMA?

Device support for Outlook Mobile Access (OMA) Browse is dictated by the Device Update package installed on the Exchange 2003 server. When you run Exchange 2003 Setup today, the DU2 package is silently installed as part of the installation.

Approximately, every 6 months, new Device Update packages are released. This will add support for more devices to your Exchange server.

The current Device Update package is DU4. The full list of devices and which DU package they are included in is available here.

04

I have just upgraded and I can’t use OMA, why?

The setting to enable/disable OMA Browse is actually set during ForestPrep. Exchange 2003 ForestPrep will no longer enable OMA Browse by default. Exchange 2003 ForestPrep/Reinstall will keep it enabled if it was already enabled. This means that OMA Browse WON’T be enabled when running ForestPrep to upgrade from Exchange 2000. You can find OMA Browse settings in ESM, under Global Settings -> Mobile Services -> Properties

Note: ActiveSync and AUTD remain unchanged.

05

I have an Exchange 2003 server on a member server that I promoted to a DC, what happened to my OMA, it no longer works?

Amongst other problems, the ASP.NET account changes which causes OMA to cease functioning.

06

How do I verify OMA is functioning?

You can verify Outlook Mobile Access (OMA) is functioning from a desktop machine running IE 6.0 Assuming that SERVER1 is running Exchange 2003:

1. From a desktop PC running IE6.0, navigate to http://server1/oma 2. Enter the logon credentials for an existing mailbox which resides on server1 3. Click the OK hyperlink when you receive the warning about your device being unsupported 4. Welcome to OMA!

OUTLOOK 2003

01

What do I need to get RPC over HTTP working?

Client ← Outlook 2003, Windows XP with Service Pack 1 + Q331320

Server-side ← Exchange 2003 on Windows 2003 for FE (if FE is deployed) ← Exchange 2003 on Windows 2003 for BE ← Exchange 2003 on Windows 2003 for Public Folders ← Exchange 2003 on Windows 2003 for System Folders ← Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPN-less access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network.

02

Do I need Windows XP to use Outlook RPC over HTTP?

Yes. Windows XP with Service Pack 1 + Q331320

03

How can I enable/disable an attribute used by the Outlook client for ambiguous name resolution

← "Registry Modification Required to Allow Write Operations to Schema" - KB216060 ← "Setting an Attribute's searchFlags Property to Be Indexed for ANR" - KB243311.

04

What are the differences in compression between Outlook 2002/2003 and Exchange 2002/2003?

The following tables illustrate how RPC compression and buffer packing works on the wire between the Outlook client and Exchange Server.

Outlook 2002 against Exchange 2000 / 2003

Mode

Data Flow

Network Client

Buffer Size

Data Buffer Size

Size on Wire

Compressed

OnlineDownload/Upload

LAN 32Kb 32Kb 32Kb No

OnlineDownload/Upload

WAN 4Kb/8Kb 4Kb/8Kb 4Kb/8Kb No

OfflineDownload/Upload

All 32Kb 32Kb 32Kb No

Outlook 2003 against Exchange 2003

Mode

Data Flow

Network Client

Buffer Size

Data Buffer Size

Size on Wire

Compressed

Online Download All 32Kb 32Kb <32Kb Yes

Online Upload All 32Kb 32Kb <32Kb Yes

Cached

Download All 96Kb >96Kb 96Kb Yes

Cached

Upload All 32Kb 32Kb <32Kb Yes

Offline Download All 32Kb >32Kb 32Kb Yes

Offline Upload All 32Kb 32Kb <32Kb Yes

The compression technology used between Outlook 2003 and Exchange 2003 is called XPRESS(tm) and is based on the Lempel-Ziv (LZ-77) algorithm. This is the same technology that Active Directory uses to perform compression of its’ RPC data when replicating between servers. All data over the size of 1 KB is compressed, and the technology is built into both client and server; therefore the compression is full duplex.

The compression gain is dictated by the message format and attachment(s) type. Because the compression is performed at the RPC level, all message data is compressed.

← Plain text and HTML messages usually compress between 60% and 80% (on the wire saving) ← Rich-text (RTF) messages usually compress up to 20% (on the wire saving) ← Word documents compress down better than PowerPoint files

Logon Modifications for OWA Users

You can enable a new logon page for Outlook Web Access that will store the user's user name and password in a cookie instead of in the browser. When a user closes their browser, the cookie will be cleared. Additionally, after a period of inactivity, the cookie will be cleared automatically. The new logon page requires users to enter either their domain name\alias and password or their full UPN e-mail address and password to access their e-mail.

Figure 2.8 Outlook Web Access logon page

This logon page represents more than a cosmetic change; it offers several new features.

To enable forms-based authentication1. In Exchange System Manager, expand the Servers node. 2. Expand the Protocols node under the Exchange server for which you wish to enable forms-based

authentication. 3. Expand HTTP, and then right-click the Exchange Virtual Server. 4. On the Exchange Virtual Server properties page, select the check box next to Enable Forms Based

Authentication for Outlook Web Access. 5. Click Apply, and then click OK.

Cookie Authentication Timeout

Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity.

The automatic timeout is valuable for keeping a user’s account secure from unauthorized access. Although this timeout does not completely eliminate the possibility that an unauthorized user might access an account if an Outlook Web Access session is accidentally left running on a public computer, it greatly reduces this risk.

Note: Cookie Authentication Timeout is available for the rich experience version of Outlook Web Access only.

The inactivity timeout value can be configured by an administrator to match the security needs of your organization.

Note: The default value for the cookie timeout is 10 minutes. If you want to set this value to something other than 10 minutes, you must modify the registry settings on the server. Warning This section contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about restoring the registry, see the “Restore the Registry” Help topic in Regedit.exe or Regedt32.exe

To set the Outlook Web Access cookie timeout value1. Click Start, click Run, and type Regedit in the box next to Open. Click OK.

2. Navigate to the following registry key:HKey_local_machine\system\ CurrentControlSet\Services\MSExchangeWeb\OWA\

3. Create a new Dword value and name it KeyInterval. 4. Right-click the KeyInterval Dword value and click Modify. 5. In the Base window, click the button next to Decimal. 6. In the Value Data field, enter a value (in minutes) between 1 and 1440. 7. Click OK.

How to server administration and user support? How to create the routing table? How to handle the mail box? (e.g. move mailbox to other server) What's the bridgehead server used for? What's the difference between front-end server and backend server for exchange? Exchange installation procedure from start up What you need to do when install exchange domain?]

How do I configure and test the MX Record for my Internet Domain name?http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm

http://blogs.msexchange.org/walther/2006/03/26/best-of-qa-from-webcast-exchange-server-2003-tips-tricks-and-shortcuts

Savio’s Suggestive & Informative Recipes from Ad CookbookInterview Questions

Q.1 What is the Active Directory?

Ans: Active Directory stores information about resources on the network and makes it easy for users to locate, manage and use their resources.

Q.2 Where is the Active Directory database located?

Ans: The Active Directory database is located in the “%systemroot%\NTDS\NTDS.DIT” It is based on Jet database.

Q.3 what is the Active Directory Schema?

Ans: 1. It is dynamically updatable. 2. It is dynamically available. 3. DACL.

Q.4 What is LDAP? What is the port for LDAP?

Ans: LDAP is a method of communication in Active Directory. LDAP is a directory service protocol that is used to query and update Active Directory.(389 port)

Q.5 What is a tree?

Ans: A collection of domains which share a common namespace.

Q.6 What is the function of “%systemroot%\system32\dssec.dat” fie?

Ans: To delegate the right to unlock locked user accounts to a user or group in Active Directory, you must first make the right visible.

The %Systemroot%\System32\Dssec.dat file contains filters that control the whether a right is revealed, and can be written. Open Dssec.dat in Notepad and find [User]. Within [User], the lockoutTime entry is listed alphabetically. Change the mask from 7 to 0, yielding lockoutTime=0.

NOTE: The mask values appears to be:

0 - Read and Write of property unfiltered1 - Read of property filtered2 - Write of property filtered7 - Filter out property.

Q.7 What are the core services in Exchange 5.5? Exlplain the order of starting the services?

Ans: 1. Directory service(DS): “net start msexchangeds”

2. Information Store(IS): “net start msexchangeis”

3. Message Transfer Agent(MTA): “net start msexchangemta”

4. Internet Mail Connector(IMC): “net start msexchangeimc”

5. “net start msexchangees”

Q.8 What is the size of Transaction log file?

Ans: 5 MB (Exxxx.log)

Q.9 IMC service in Exchange 5.5 does not start. Explain the necessary steps you would take to check and resolve the problem?

Ans: 1. Incorrectly configured Address Space.

2. Use a blank space in the Address Space field which will lets the Internet Mail Connector send mail to all recipients and provides a basic configuration on which to build after you know your service works. If you have entered anything in this box, try removing it and see if the IMC starts.

Q10. What are the core services in Exchange 2000? Explain the process of starting the services?

Ans: The core services are

1. Microsoft Exchange MTA Stack(msexchangemta).2. Microsoft Exchange Information store(msexchangeis).3. Microsoft Exchange Routing Engine(reSvc).4. Microsoft Exchange Sysytem Attendant(msexchangesa).5. Network News Transfer Protocol(NNTPSvc)6. Simple Mail Transfer Protocol(SMTPSvc).

Q11. Explain the Hierarchy of the Exchange Management Console Program?

Ans: Organisation Name Global Settings Recepients Administrative Groups Tools

Q12. What is the latest service pack for Exchange 5.5 and Exchange 2000?

Ans: Exchange 5.5 : SP4

Exchange 2000 : SP3

Q14. What is RUS? Which service is responsible for the RUS?

Ans: The Recipient Update Service(RUS) is a component in the Exchange 2000 System Attendant service. The RUS creates and maintains Exchange 2000-specific attribute values in the Active Directory.

If you create a mailbox for a user, the RUS is responsible for the automatic generation of the user’s Simple Mail Transfer Protocol(SMTP) address and any other proxy addresses that you have defined for your recipients. However, in Active Directory Users and Computers tool, the proxy addresses are not displayed immediately because a short latency period occurs before the Recipient Update Service

produces the new e-mail addresses. This latency occurs even if you have configured the RUS to run continuously. After you install Exchange 2000, two instances of RUS are created:

1. The enterprise configuration RUS,2. The domain RUS

There is only one instance of the enterprise RUS in the organization. You must have a RUS for each domain that contains mailbox-enabled users.Each instance of the Domain RUS associates one Exchange 2003 computer(where the RUS runs) with one Windows 2000 or Windows 2003 Server Domain controller(where AD objects are updated).Only one RUS can be associated with any Active Directory domain controller.

If you have multiple sites, you can also add multiple instances of the RUS for each domain. In this scenario, an instance of the RUS is hosted on a DC in each site, and mailbox creation does not depend on the inter-site replication schedule of the AD.

If you create a new mailbox-enabled user, that user cannot log on to their mailbox until the RUS has generated the new proxy e-mail addresses. If you set the RUS to run on a schedule, that user may have to wait a short period before they can use Exchange 2003.

To update addresses immediately, you can force the RUS to run manually.

Q15. What is a recipient policy, e-mail policy and mailbox manager policy?

Ans: Recipient policies are used in Exchange 200o server to automatically control the generation of e-mail addresses for recipient objects The following are recipient objects,

1. Mail-enables users2. Contacts3. Groups4. Public Folders.

Recipient policies are similar to the “Site-Addressing” feature in Exchange 5.5, but are more flexible. For e.g. recipient policies allow you to create multiple addresses for a given address type. They provide a set of LDAP-based filter rules. These rules allow you to select the set of recipients to which the recipient policy will apply.Mailbox manager policy is the policy in which the Exchange Administrator has the ability to control the content of user’s mailbox.

Recipient policies are a set of configurable rules that run on a schedule and evaluate all the messaging-enabled objects in your Active Directory forest. The policy uses the rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. Q16. What is edb.chk file used for?

Ans: The checkpoint files are used to keep a track of transactions that are committed to the database after backup.

Q17. What is eseutil/d, eseutil/p, eseutil/g used for?

Ans: 1. Eseutil /d : Defragmentation

3. Eseutil /p : Repair

4. Eseutil /g ; Integrity check

Q17. What is the temp.edb file?

Ans: The file TEMP.EDB is used to store transactions that are in progress. TEMP.EDB is also used for some transient storage during online compaction.

Q18. Explain the “LDIFDE” utility?

Ans: It allows you to import and export Active Directory content in LDIF format. LDIF files are composed of blocks of entries. An entry can add, modify, or delete an object. The first line of an entry is the distinguished name. The second line contains a changetype, which can be add, modify, or delete. If it is an object addition, the rest of the entry contains the attributes that should be initially set on the object (one per line). For object deletions, you do not need to specify any other attributes. And for object modifications, you need to specify at least three more lines. The first should contain the type of modification you want to perform on the object. This can be add (to set a previously unset attribute or to add a new value to a multivalued attribute), replace (to replace an existing value), or delete (to remove a value). The modification type should be followed by a colon and the attribute you want to perform the modification on. The next line should contain the name of the attribute followed by a colon, and the value for the attribute. For example, to replace the last name attribute with the value Smith, you'd use the following LDIF

dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: modifyreplace: snsn: Smith-

Modification entries must be followed by a line that only contains a hyphen (-). You can put additional modification actions following the hyphen, each separated by another hyphen. Here is a complete LDIF example that adds a jsmith user object and then modifies the givenName and sn attributes for that object:

dn: cn=jsmith,cn=users,dc=rallencorp,dc=comchangetype: addobjectClass: usersamaccountname: jsmithsn: JSmithuseraccountcontrol: 512

dn: cn=jsmith,cn=users,dc=rallencorp,dc=comchangetype: modifyadd: givenNamegivenName: Jim-replace: snsn: Smith-

Q13. Explain the Anatomy of a Domain, trust and a forest in the Active Directory?

Ans: 1. Anatomy of a Domain.

Domains are represented by domainDNS objects.

Q14. What are the 3 NC’s in a forest?

Ans: 1. The Forest Root Domain.

2. The Configuration NC.

3. The Schema NC.

Q15. What are the different partitions associated with a Forest?

Ans: 1. Configuration NC : Contains data that is applicable across all of the domains and, thus, is replicated to all domain controllers in the forest. Some of this data includes the site topology, list of partitions, published services, display specifiers, and extended rights.

2. Schema NC : Contains the objects that describe how data can be structured and stored in Active Directory. The classSchema objects in the Schema NC represent class definitions for objects. The attributeSchema objects describe what data can be stored with classes. The Schema NC is replicated to all domain controllers in a forest.

3. Domain NC : As described earlier, a domain is a naming context that holds domain-specific data including user, group, and computer objects.

4. Application partitions : Configurable partitions that can be rooted anywhere in the forest and can be replicated to any domain controller in the forest. These are not available with Windows 2000.

Q16. After successfully demoting a DC/removing the forest which commands help determine if all entries have been removed?

Ans:

> netsh wins server \\<WINSServerName> show name <ForestDNSName> 1c

> nslookup <DomainControllerDNSName>

> nslookup -type=SRV _ldap._tcp.gc._msdcs.<ForestDNSName>

nslookup <ForestDNSName>

Q17. What are the steps to remove a Domain from a Forest?

Ans: 1. Start from the last DC of the Domain.

2. Run “dcpromo”, and select the option “This server is the last domain controller in the domain”.

Note : If the domain you want to remove has subdomains, you have to remove the subdomains before proceeding.

3. After all domain controllers have been demoted and depending on how our environment is configured, you may need to remove WINS and NS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process.

4. Remove any trusts established for the domain.

Q18. You want to completely remove a domain that was orphaned because "This server is the last domain controller in the domain" was not selected when demoting the last domain controller, the domain was forcibly removed, or the last domain controller in the domain was decommissioned improperly. Explain the procedure?

Ans: The following ntdsutil commands (in bold) would forcibly remove the emea.rallencorp.com domain from the rallencorp.com forest. Replace <DomainControllerName> with the hostname of the Domain Naming Flexible Single Master Operation (FSMO) for the forest:

ntdsutil "meta clean" "s o t" conn "con to server <DomainControllerName>" q q

metadata cleanup: "s o t" "list domains"

Found 4 domain(s) 0 - DC=rallencorp,DC=com 1 - DC=amer,DC=rallencorp,DC=com 2 - DC=emea,DC=rallencorp,DC=com 3 - DC=apac,DC=rallencorp,DC=com

Select operation target: sel domain 2

No current site

Domain - DC=emea,DC=rallencorp,DC=com

No current server

No current Naming Context Select operation target: q metadata cleanup: remove sel domain

You will receive a message indicating whether the removal was successful.

Note: Removing an orphaned domain consists of removing the domain object for the domain (e.g., dc=emea,dc=rallencorp,dc=com), all of its child objects, and the associated crossRef object in the Partitions container. You need to target the Domain Naming FSMO when using the ntdsutil command because that server is responsible for creation and removal of domains.

In the solution, shortcut parameters were used to reduce the amount of typing necessary. If each parameter were typed out fully, the commands would look as follows:

ntdsutil "metadata cleanup" "select operation target" connections "connect to server <DomainControllerName>" quit quit

metadata cleanup: "select operation target" "list domains" Found 4 domain(s) 0 - DC=rallencorp,DC=com 1 - DC=amer,DC=rallencorp,DC=com 2 - DC=emea,DC=rallencorp,DC=com 3 - DC=apac,DC=rallencorp,DC=com

Select operation target: select domain 2 No current site

Domain - DC=emea,DC=rallencorp,DC=com

No current server

No current Naming Context

Select operation target: quit

metadata cleanup: remove selected domain

Q19. You want to find the NetBIOS name of a domain. Although Microsoft has moved to using DNS for primary name resolution, the NetBIOS name of a domain is still important, especially with down-level clients that are still based on NetBIOS instead of DNS for naming. How can you achieve this?

Ans: A. Using Graphical User Interface:

1. Open the Active Directory Domains and Trusts snap-in.2. Right-click the domain you want to view in the left pane and select Properties.

3. The NetBIOS name will be shown in the "Domain name (pre-Windows 2000)" field.

B. Using a Command-line Interface:

1. > dsquery * cn=partitions,cn=configuration,<ForestRootDN> -filter[RETURN] "(&(objectcategory=crossref)(dnsroot=<DomainDNSName>)(netbiosname=*))" -attr[RETURN]netbiosname

Note: Each domain has a crossRef object that is used by Active Directory to generate referrals. Referrals are necessary when a client performs a query and the directory server handling the request does not have the matching object(s) in its domain. The NetBIOS name of a domain is stored in the domain's crossRef object in the Partitions container in the Configuration NC. Each crossRef object has a dnsRoot attribute, which is the fully qualified DNS name of the domain. The netBIOSName attribute contains the NetBIOS name for the domain.

Q20. You want to rename a domain due to organizational changes or legal restrictions because of an acquisition. Renaming a domain is a very involved process and should be done only when absolutely necessary. Changing the name of a domain can have an impact on everything from DNS, replication, and GPOs to DFS and Certificate Services. A domain rename also requires that all domain controllers and member computers in the domain are rebooted! Is it possible in Windows 2000?

Ans: Under Windows 2000, there is no supported process to rename a domain. There is one workaround for mixed-mode domains in which you revert the domain and any of its child domains back to Windows NT domains. This can be done by demoting all Windows 2000 domain controllers and leaving the Windows NT domain controllers in place. You could then reintroduce Windows 2000 domain controllers and use the new domain name when setting up Active Directory.

A domain rename procedure is supported if a forest is running all Windows Server 2003 domain controllers and is at the Windows Server 2003 forest functional level.

The tool is “rendom.exe”.

Q21. You want to create a one-way or two-way nontransitive trust from an AD domain to a Windows NT domain.How do we create a Trust Between a Windows NT Domain and an AD Domain ?

Ans. Using a graphical user interface:

1. Open the Active Directory Domains and Trusts snap-in.2. In the left pane, right-click the domain you want to add a trust for and select Properties.

3. Click on the Trusts tab.

4. Click the New Trust button.

5. After the New Trust Wizard opens, click Next.

6. Type the NetBIOS name of the NT domain and click Next.

7. Assuming the NT domain was resolvable via its NetBIOS name, the next screen will ask for the Direction of Trust. Select Two-way, One-way incoming, or One-way outgoing, and click Next.

8. If you selected Two-way or One-way Outgoing, you'll need to select the scope of authentication, which can be either Domain-wide or Selective, and click Next.

9. Enter and re-type the trust password and click Next.

10. Click Next twice to finish.

Using a command-line interface

> netdom trust <NT4DomainName> /Domain:<ADDomainName> /ADD[RETURN] [/UserD:<ADDomainName>\ADUser> /PasswordD:*][RETURN] [/UserO:<NT4DomainName>\NT4User> /PasswordO:*][RETURN] [/TWOWAY]

For example, to create a trust from the NT4 domain RALLENCORP_NT4 to the AD domain RALLENCORP, use the following command:

> netdom trust RALLENCORP_NT4 /Domain:RALLENCORP /ADD[RETURN] /UserD:RALLENCORP\administrator /PasswordD:*[RETURN] /UserO:RALLENCORP_NT4\administrator /PasswordO:*

You can make the trust bidirectional, i.e., two-way, by adding a /TwoWay switch to the example.

Q 22 .How to Create a Transitive Trust Between Two AD Forests ?

Ans: Using a graphical user interface

1. Open the Active Directory Domains and Trusts snap-in.2. In the left pane, right click the forest root domain and select Properties.

3. Click on the Trusts tab.

4. Click the New Trust button.

5. After the New Trust Wizard opens, click Next.

6. Type the DNS name of the AD forest and click Next.

7. Select Forest trust and click Next.

8. Complete the wizard by stepping through the rest of the configuration screens.

Using a command-line interface

> netdom trust <Forest1DNSName> /Domain:<Forest2DNSName> /Twoway /Transitive /ADD[RETURN] [/UserD:<Forest2AdminUser> /PasswordD:*][RETURN] [/UserO:<Forest1AdminUser> /PasswordO:*]

For example, to create a two-way forest trust from the AD forest rallencorp.com to the AD forest othercorp.com, use the following command:

> netdom trust rallencorp.com /Domain:othercorp.com /Twoway /Transitive /ADD[RETURN] /UserD:administrator@othercorp.com /PasswordD:*[RETURN] /UserO:administrator@rallencorp.com /PasswordO:*

Note: A new type of trust called a forest trust was introduced in Windows Server 2003. Under Windows 2000, if you wanted to create a fully trusted environment between two forests, you would have to set up individual external two-way trusts between every domain in both forests. If you have two forests with three domains each and wanted to set up a fully trusted model, you would need nine individual trusts. Figure 2-4 illustrates how this would look.

Figure 2-4. Trusts necessary for two Windows 2000 forests to trust each otherWith a forest trust, you can define a single one-way or two-way transitive trust relationship that extends to all the domains in both forests. You may want to implement a forest trust if you merge or acquire a

company and you want all of the new company's Active Directory resources to be accessible for users in your Active Directory environment and vice versa. Figure 2-5 shows a forest trust scenario. To create a

forest trust, you need to use accounts from the Enterprise Admins group in each forest.

Figure 2-5. Trust necessary for two Windows Server 2003 forests to trust each other

Q23. You want to create a shortcut trust between two AD domains in the same forest or in different forests. Shortcut trusts can make the authentication process more efficient between two domains in a forest.

Q.23 How to View the Trusts for a Domain ?

Problem

You want to view the trusts for a domain.

Solution

Using a graphical user interface

1. Open the Active Directory Domains and Trusts snap-in.2. In the left pane, right-click the domain you want to view and select Properties.

3. Click on the Trusts tab.

Using a command-line interfacenetdom query trust /Domain:<DomainDNSName>

Q.23 How to Verify a Trust ?

Problem

You want to verify that a trust is working correctly. This is the first diagnostics step to take if users notify you that authentication to a remote domain appears to be failing.

Solution

Using a graphical user interface

For the Windows 2000 version of the Active Directory Domains and Trusts snap-in:

1. In the left pane, right-click on the trusting domain and select Properties.2. Click the Trusts tab.

3. Click the domain that is associated with the trust you want to verify.

4. Click the Edit button.

5. Click the Verify button.

For the Windows Server 2003 version of the Active Directory Domains and Trusts snap-in:

1. In the left pane, right-click on the trusting domain and select Properties.2. Click the Trusts tab.

3. Click the domain that is associated with the trust you want to verify.

4. Click the Properties button.

5. Click the Validate button.

Using a command-line interface> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Verify /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*]

Q25. How to Reset a Trust ?

Problem

You want to reset a trust password. If you've determined a trust is broken, you need to reset it, which will allow users to authenticate across it again.

Solution

Using a graphical user interface

Follow the same directions as Recipe 2.20. The option to reset the trust will only be presented if the Verify/Validate did not succeed.

Using a command-line interface> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Reset /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*]

Q26. How to Remove a Trust ?

Problem

You want to remove a trust. This is commonly done when the remote domain has been decommissioned or access to it is no longer required.

Solution

Using a graphical user interface

1. Open the Active Directory Domains and Trusts snap-in.2. In the left pane, right-click on the trusting domain and select Properties.

3. Click the Trusts tab.

4. Click on the domain that is associated with the trust you want to remove.

5. Click the Remove button.

6. Click OK.

Using a command-line interface> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*]

Q27 .How to Find Duplicate SIDs in a Domain ?

Problem

You want to find any duplicate SIDs in a domain. Generally, you should never find duplicate SIDs in a domain, but it is possible in some situations, such as when the relative identifier (RID) FSMO role owner has to be seized or you are migrating users from Windows NT domains.

Solution

Using a command-line interface

To find duplicate SIDs run the following command, replacing <DomainControllerName> with a domain controller or domain name:

> ntdsutil "sec acc man" "co to se <DomainControllerName>" "check dup sid" q q

The following message will be returned:

Duplicate SID check completed successfully. Check dupsid.log for any duplicates

The dupsid.log file will be in the directory where you started ntdsutil.

If you want to delete any objects that have duplicate SIDs, you can use the following command:

> ntdsutil "sec acc man" "co to se <DomainControllerName>" "clean dup sid" q q

Like the check command, the clean command will generate a message like the following upon completion:

Duplicate SID cleanup completed successfully. Check dupsid.log for any duplicate

Q.28 How to Find the Domain Controllers for a Domain?

Problem

You want to find the domain controllers in a domain.

Solution

Using a graphical user interface

1. Open the Active Directory Users and Computers snap-in.2. Connect to the target domain.

3. Click on the Domain Controllers OU.

4. The list of domain controllers for the domain will be present in the right pane.

Using a command-line interface> netdom query dc /Domain:<DomainDNSName>

Q29. How to Find a Domain Controller's Site?

Problem

You need to determine the site of which a domain controller is a member.

Solution

Using a graphical user interface

1. Open LDP and from the menu, select Connection -Connect.2. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

3. For Port, enter 389.

4. Click OK.

5. From the menu select Connection Bind.

6. Enter credentials of a domain user.

7. Click OK.

8. From the menu, select Browse Search.

9. For BaseDN, type the distinguished name of the Sites container (e.g., cn=sites,cn=configuration,dc=rallencorp, dc=com).

10. For Scope, select Subtree.

11. For Filter, enter:

(&(objectcategory=server)(dnsHostName=<DomainControllerName>))

12. Click Run.

Using a command-line interface> nltest /dsgetsite /server:<DomainControllerName>

Q 30. How to Move a Domain Controller to a Different Site?

Problem

You want to move a domain controller to a different site.

Solution

Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. In the left pane, expand the site that contains the domain controller.

3. Expand the Servers container.

4. Right-click on the domain controller you want to move and select Move.

5. In the Move Server box, select the site to which the domain controller will be moved and click OK.

Using a command-line interface

When using the dsmove command you must specify the DN of the object you want to move. In this case, it needs to be the distinguished name of the server object for the domain controller. The value for the -newparent option is the distinguished name of the Servers container you want to move the domain controller to.

> dsmove "<ServerDN>" -newparent "<NewServersContainerDN>"

For example, the following command would move dc2 from the Default-First-Site-Name site to the Raleigh site.

> dsmove "cn=dc2,cn=servers,cn=Default-First-Site-Name,cn=sites,cn=configuration,[RETURN] rallencorp" -newparent "cn=servers,cn=Raleigh,cn=sites,cn=configuration,rallencorp

Q31. How to Find the Global Catalog Servers in a Forest?

Problem

You want a list of the global catalog servers in a forest.

Solution

Using a graphical user interface

1. Open LDP and from the menu select Connection Connect.2. For Server, enter the name of a DC.

3. For Port, enter 389.

4. Click OK.

5. From the menu select Connection Bind.

6. Enter credentials of a domain user.

7. Click OK.

8. From the menu select Browse Search.

9. For BaseDN, type the DN of the Sites container (e.g., cn=sites,cn=configuration,dc=rallencorp, dc=com).

10. For Scope, select Subtree.

11. For Filter, enter (&(objectcategory=ntdsdsa)(options=1)).

12. Click Run.

Using a command-line interface> dsquery server -forest -isgc

Q32. How to Find Domain Controllers and Global Catalogs via DNS?

Problem

You want to find domain controllers or global catalogs using DNS lookups.

Solution

Domain controllers and global catalog servers are represented in DNS as SRV records. You can query SRV records using nslookup by setting the type=SRV, such as the following:

> nslookupDefault Server: dns01.rallencorp.comAddress: 10.1.2.3

> set type=SRV

You then need to issue the following query to retrieve all domain controllers for the specified domain.

> _ldap._tcp.<DomainDNSName>

You can issue a similar query to retrieve global catalogs, but since they are forest-wide, the query is based on the forest name.

> _gc._tcp.<ForestDNSName>

You can even find the domain controllers or global catalogs that are in a particular site or that cover a particular site by querying the following:

> _ldap._tcp.<SiteName>._sites.<DomainDNSName>> _gc._tcp.<SiteName>._sites.<ForestDNSName>

See Recipe 11.18 for more information on site coverage.

Q33. How about Finding the FSMO Role Holders ????

3.25.1 Problem

You want to find the domain controllers that are acting as one of the FSMO roles.

3.25.2 Solution

3.25.2.1 Using a graphical user interface

For the Schema Master:

1. Open the Active Directory Schema snap-in.

2. Right-click on Active Directory Schema in the left pane and select Operations Master.

For the Domain Naming Master:

1. Open the Active Directory Domains and Trusts snap-in.

2. Right-click on Active Directory Domains and Trusts in the left pane and select Operations Master.

For the PDC Emulator, RID Master, and Infrastructure Master:

1. Open the Active Directory Users and Computers snap-in.2. Make sure you've targeted the correct domain.

3. Right-click on Active Directory Users and Computers in the left pane and select Operations Master.

4. There are individual tabs for the PDC, RID, and Infrastructure roles.

3.25.2.2 Using a command-line interface

In the following command, you can leave out the /Domain <DomainDNSName> option to query the domain you are currently logged on.

> netdom query fsmo /Domain:<DomainDNSName>

For some reason, this command returns a "The parameter is incorrect" error on Windows Server 2003. Until that is resolved, you can use the dsquery server command shown here, where <Role> can be schema, name, infr, pdc, or rid:

> dsquery server -hasfsmo <Role>

Q34. How to Transfer a FSMO Role?

3.26.1 Problem

You want to transfer a FSMO role to a different domain controller. This may be necessary if you need to take a current FSMO role holder down for maintenance.

3.26.2 Solution

3.26.2.1 Using a graphical user interface

1. Use the same directions as described in Recipe 3.25 for viewing a specific FSMO, except target (i.e., right-click and select Connect to Domain Controller) the domain controller you want to transfer the FSMO to before selecting Operations Master.

2. Click the Change button.

3. Click OK twice.

4. You should then see a message stating whether the transfer was successful.

3.26.2.2 Using a command-line interface

The following would transfer the PDC Emulator role to <NewRoleOwner>. See the discussion to see about transferring the other roles.

> ntdsutil roles conn "co t s <NewRoleOwner>" q "transfer PDC" q q

Q35. How to Seize a FSMO Role?

3.27.1 Problem

You need to seize a FSMO role because the current role holder is down and will not be restored.

3.27.2 Solution

3.27.2.1 Using a command-line interface

The following would seize the PDC Emulator role to <NewRoleOwner>:

> ntdsutil roles conn "co t s <NewRoleOwner>" q "seize PDC" q q

Any of the other roles can be transferred as well using ntdsutil by replacing "transfer PDC" in the previous solution with one of the following:

"seize domain naming master" "seize infrastructure master"

"seize RID master"

"seize schema master"

Q36. How on Finding the PDC Emulator FSMO Role Owner via DNS?

3.28.1 Problem

You want to find the PDC Emulator for a domain using DNS.

3.28.2 Solution

3.28.2.1 Using a command-line interface> nslookup -type=SRV _ldap._tcp.pdc._msdcs.<DomainDNSName>

Q37. How toView the Attributes of an Object using LDP?

4.2.1 Problem

You want to view one or more attributes of an object using LDP

4.2.2 Solution

4.2.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller or domain that contains the object.

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials of a user that can view the object (if necessary).

8. Click OK.

9. From the menu, select View Tree.

10. For BaseDN, type the DN of the object you want to view.

11. For Scope, select Base.

12. Click OK.

4.2.2.2 Using a command-line interface> dsquery * "<ObjectDN>" -scope base -attr *

For Windows 2000, use this command:

> enumprop "LDAP://<ObjectDN>"

Q38. How to Use LDAP Controls?

4.3.1 Problem

You want to use an LDAP control as part of an LDAP operation.

4.3.2 Solution

4.3.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Options Controls.

3. For the Windows Server 2003 version of LDP, select the control you want to use under Load Predefined. The control should automatically be added to the list of Active Controls.

For the Windows 2000 version of LDP, you'll need to type the object identifier (OID) of the control under Object Identifier.

4. Enter the value for the control under Value.5. Select whether the control is server- or client-side under Control Type.

6. Check the box beside Critical if the control is critical.

7. Click the Check-in button.

8. Click OK.

9. At this point, you will need to invoke the LDAP operation (for example, Search) that will use the control. In the dialog box for any operation, be sure that the "Extended" option is checked before initiating the operation.

Q39. How to use LDP for Searching for Objects in a Domain?

4.5.1 Problem

You want to find objects that match certain criteria in a domain.

4.5.2 Solution

4.5.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials of a user.

8. Click OK.

9. From the menu, select Browse Search.

10. For BaseDN, type the base distinguished name where the search will start.

11. For Scope, select the appropriate scope.

12. For Filter, enter an LDAP filter.

13. Click Run.

4.5.2.2 Using a command-line interface> dsquery * <BaseDN> -scope <Scope> -filter "<Filter>" -attr "<AttrList>"

Q40. How to use LDP for searching the Global Catalog?

4.6.1 Problem

You want to perform a forest-wide search using the global catalog.

4.6.2 Solution

4.6.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a global catalog server.

4. For Port, enter 3268.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials of a user.

8. Click OK.

9. From the menu, select Browse Search.

10. For BaseDN, type the base distinguished name where to start the search.

11. For Scope, select the appropriate scope.

12. For Filter, enter an LDAP filter.

13. Click Run.

4.6.2.2 Using a command-line interface> dsquery * <BaseDN> -gc -scope <Scope> -filter "<Filter>" -attr "<AttrList>"

Q41 .How to Delegate Control of an OU?

5.9.1 Problem

You want to delegate administrative access of an OU to allow a group of users to manage objects in the OU.

5.9.2 Solution

5.9.2.1 Using a graphical user interface

1. Open the Active Directory Users and Computers snap-in.2. If you need to change domains, right-click on "Active Directory Users and Computers" in the

left pane, select Connect to Domain, enter the domain name, and click OK.

3. In the left pane, browse to the target OU, right-click on it, and select Delegate Control.

4. Select the users and/or groups to delegate control to by using the Add button and click Next.

5. Select the type of privilege to grant the users/groups and click Next.

6. Click Finish.

5.9.2.2 Using a command-line interface

ACLs can be set via a command-line with the dsacls utility from the Support Tools. See Recipe 14.10 for more information.

Q42. How to Link a GPO to an OU?

5.11.1 Problem

You want to apply the settings in a GPO to the users and/or computers within an OU, also known as linking the GPO to the OU.

5.11.2 Solution

5.11.2.1 Using a graphical user interface

1. Open the Group Policy Management (GPMC) snap-in.2. Expand Forest in the left pane.

3. Expand Domain and navigate down to the OU in the domain you want to link the GPO to.

4. Right-click on the OU and select either Create and Link a GPO Here (if the GPO does not already exist) or Link an Existing GPO (if you have already created the GPO).

Q43. How to Create a Site?

11.1.1 Problem

You want to create a site.

11.1.2 Solution

11.1.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. Right-click on the Sites container and select New Site.

3. Beside Name, enter the name of the new site.

4. Under Link Name, select a site link for the site.

5. Click OK twice.

11.1.2.2 Using a command-line interface

Create an LDIF file called create_site.ldf with the following contents:

dn: cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: site

dn: cn=Licensing Site Settings,cn=<SiteName>,cn=sites,cn=configuration, <ForestRootDN>changetype: addobjectclass: licensingSiteSettings

dn: cn=NTDS Site Settings,cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: nTDSSiteSettings

dn: cn=Servers,cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: serversContainer

then run the following command:

> ldifde -v -i -f create_site.ldf

Q44. How to Create a Subnet?

11.4.1 Problem

You want to create a subnet.

11.4.2 Solution

11.4.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. Right-click on the Subnets container and select New Subnet.

3. Enter the Address and Mask and then select which site the subnet is part of.

4. Click OK.

11.4.2.2 Using a command-line interface

Create an LDIF file called create_subnet.ldf with the following contents:

dn: cn=<Subnet>,cn=subnets,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: subnetsiteObject: cn=<SiteName>,cn=sites,cn=configuration,<ForestRootDN>

then run the following command:

> ldifde -v -i -f create_subnet.ldf

Q45. How to Create a Site Link ?

11.7.1 Problem

You want to create a site link to connect two or more sites together.

11.7.2 Solution

11.7.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. Expand the Sites container.

3. Expand the Inter-Site Transports container.

4. Right-click on IP (or SMTP) and select New Site Link.

5. For Name, enter the name for the site link.

6. Under Site is not in this site link, select at least two sites and click the Add button.

7. Click OK.

11.7.2.2 Using a command-line interface

The following LDIF would create a site link connecting the SJC and Dallas sites:

dn: cn=Dallas-SJC,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: siteLinksiteObject: cn=SJC,cn=sites,cn=configuration,<ForestRootDN>siteObject: cn=Dallas,cn=sites,cn=configuration,<ForestRootDN>

If the LDIF file were named create_site_link.ldf, you'd then run the following command:

> ldifde -v -i -f create_site_link.ldf

Q46 .How to Create a Site Link Bridge ?

11.12.1 Problem

You want to create a site link bridge because you've disabled site link transitivity.

11.12.2 Solution

11.12.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.

2. In the left pane, expand Sites Inter-Site Transports.

3. Right-click either the IP or SMTP folder depending which protocol you want to create a site link bridge for.

4. Select New Site Link Bridge.

5. Highlight two or more sites in the left box.

6. Click the Add button.

7. Click OK.

11.12.2.2 Using a command-line interface

Create an LDIF file called create_site_link_bridge.ldf with the following contents, where <Link1> and <Link2> refer to the site links to be bridged:

dn: cn=<BridgeName>,cn=IP,cn=inter-site transports,cn=sites,cn=configuration,<ForestRootDN>changetype: addobjectclass: siteLinkBridgesiteLinkList: cn=<Link1>,cn=IP,cn=Inter-site Transports,cn=sites,cn=configuration,<ForestRootDN>siteLinkList: cn=<Link2>,cn=IP,cn=Inter-site Transports,cn=sites,cn=configuration,<ForestRootDN>

Then run the following command:

> ldifde -v -i -f create_site_link_bridge.ldf

Q47. How to Find the Bridgehead Servers for a Site?

11.13.1 Problem

You want to find the bridgehead servers for a site.

11.13.2 Solution

11.13.2.1 Using a graphical user interface

1. Open the Replication Monitor from the Support Tools (replmon.exe).

2. From the menu, select View Options.

3. In the left pane, right-click on Monitored Servers and select Add Monitored Server.

4. Use the Add Monitored Server Wizard to add a server in the site you want to find the bridgehead server(s) for.

5. In the left pane, right-click on the server and select Show BridgeHead Servers In This Server's Site.

11.13.2.2 Using a command-line interface

> repadmin /bridgeheads [<ServerName>] [/verbose]

The /bridgeheads option is valid only with the Windows Server 2003 version of repadmin. There is no such option in the Windows 2000 version.

11.13.2.3 Using VBScript

Q48. How to Move a Domain Controller to a Different Site?

Problem

You want to move a domain controller to a different site. This may be necessary if you promoted the domain controller without first adding its subnet to Active Directory. In that case, the domain controller will be added to the Default-First-Site-Name site.

Solution

Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. In the left pane, expand Sites, expand the site where the server you want to move is contained,

and expand the Servers container.

3. Right-click on the server you want to move and select Move.

4. Select the site to move the server to.

5. Click OK.

Using a command-line interface> dsmove "cn=<ServerName>,cn=servers,cn=<CurrentSite>,[RETURN]cn=sites,cn=configuration,<ForestRootDN>" -newparent "cn=servers,cn=<NewSite>,[RETURN]cn=sites,cn=configuration,<ForestRootDN>"

Q49. How to Configure a Domain Controller to Cover Multiple Sites?

11.17.1 Problem

You want to configure a domain controller to cover multiple sites, which will cause clients in those sites to use that domain controller for authentication and directory lookups.

11.17.2 Solution

11.17.2.1 Using a graphical user interface

1. Run regedit.exe from the command line or Start Run.

2. In the left pane, expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet

Services Netlogon Parameters.

3. If the SiteCoverage value does not exist, right-click on Parameters in the left pane and select

New Multi-String Value. For the name, enter SiteCoverage.

4. In the right pane, double-click on the value and on a separate line, enter each site the server should cover.

5. Click OK.

11.17.2.2 Using a command-line interface> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]"SiteCoverage" /t REG_MULTI_SZ /d <Site1>\0<Site2>

Q50. How to Trigger the KCC?

11.27.1 Problem

You want to trigger the KCC.

11.27.2 Solution

11.27.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. In the left pane, browse to the NTDS Settings object for the server you want to trigger the KCC

for.

3. Right-click on NTDS Settings, select All Tasks, and Check Replication Topology.

4. Click OK.

11.27.2.2 Using a command-line interface> repadmin /kcc <DomainControllerName>

Q51. How to Determine if the KCC Is Completing Successfully?

11.28.1 Problem

You want to determine if the KCC is completing successfully.

11.28.2 Solution

11.28.2.1 Using a graphical user interface

1. Open the Event Viewer of the target domain controller.2. Click on the Directory Service log.

3. In the right pane, click on the Source heading to sort by that column.

4. Scroll down to view any events with Source: NTDS KCC.

11.28.2.2 Using a command-line interface

The following command will display any KCC errors found in the Directory Service log:

> dcdiag /v /test:kccevent /s:<DomainControllerName>

Q51. How to Disable the KCC for a Site?

11.29.1 Problem

You want to disable the KCC for a site and generate your own replication connections between domain controllers.

11.29.2 Solution

11.29.2.1 Using a graphical user interface

1. Open ADSI Edit.2. Connect to the Configuration Naming Context if it is not already displayed.

3. In the left pane, browse the Configuration Naming Context Sites.

4. Click on the site you want to disable the KCC for.

5. In the right pane, double-click CN=NTDS Site Settings.

6. Modify the options attribute. To disable only intra-site topology generation, enable the 00001 bit (decimal 1). To disable inter-site topology generation, enable the 10000 bit (decimal 16). To disable both, enable the 10001 bits (decimal 17).

7. Click OK.

11.29.2.2 Using a command-line interface

You can disable the KCC for <SiteName> by using the ldifde utility and an LDIF file that contains the following:

dn: cn=NTDS Site Settings,<SiteName>,cn=sites,cn=configuration,<ForestRootDN>changetype: modifyreplace: optionsoptions: <OptionsValue>-

If the LDIF file were named disable_kcc.ldf, you would run the following command:

> ldifde -v -i -f disable_kcc.ldf

Q52 . How to Change the Interval at Which the KCC Runs?

11.30.1 Problem

You want to change the interval at which the KCC runs.

11.30.2 Solution

11.30.2.1 Using a graphical user interface

1. Run regedit.exe from the command line or Start Run.

2. Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services

NTDS Parameters.

3. Right-click on Parameters and select New DWORD Value.

4. Enter the following for the name: Repl topology update period (secs).

5. Double-click on the new value and under Value data enter the KCC interval in number of seconds (900 is the default).

6. Click OK.

11.30.2.2 Using a command-line interface> reg add HKLM\System\CurrentControlSet\Services\NTDS\Parameters /v "Repl topology[RETURN] update period (secs)" /t REG_DWORD /d <NumSecs>

Q53. How to Determine if Two Domain Controllers Are in Sync?

12.1.1 Problem

You want to determine if two domain controllers are in sync and have no objects to replicate to each other.

12.1.2 Solution

12.1.2.1 Using a command-line interface

By running the following two commands you can compare the up-to-dateness vector on the two DCs:

> repadmin /showutdvec <DC1Name> <NamingContextDN>> repadmin /showutdvec <DC2Name> <NamingContextDN>

The Windows 2000 version of repadmin used a different syntax to accomplish the same thing. Here is the equivalent syntax:

> repadmin /showvector <NamingContextDN> <DC1Name>> repadmin /showvector <NamingContextDN> <DC2Name>

Q54.How to View the Replication Status of Several Domain Controllers

12.2.1 Problem

You want to take a quick snap-shot of replication activity for one or more domain controllers.

12.2.2 Solution

12.2.2.1 Using a command-line interface

The following command will show the replication status of all the domain controllers in the forest:

> repadmin /replsum

You can also use * as a wildcard character to view the status of a subset of domain controllers. The following command will display the replication status of only the servers that begin with the name dc-rtp:

repadmin /replsum dc-rtp*

Q55 . How to View Unreplicated Changes Between Two Domain Controllers?

12.3.1 Problem

You want to find the unreplicated changes between two domain controllers.

12.3.2 Solution

12.3.2.1 Using a graphical user interface

1. Open the Replication Monitor from the Support Tools (replmon.exe).

2. From the menu, select View Options.

3. On the General tab, check the box beside Show Transitive Replication Partners and Extended Data.

4. Click OK.

5. In the left pane, right-click on Monitored Servers and select Add Monitored Server.

6. Use the Add Monitored Server Wizard to add one of the domain controllers you want to compare (I'll call it dc1).

7. In the left pane, under the server you just added, expand the naming context that you want to check for unreplicated changes.

8. Right-click on the other domain controller you want to compare (I'll call it dc2) and select Check Current USN and Un-replicated Objects.

9. Enter credentials if necessary and click OK.

10. If some changes have not yet replicated from dc2 to dc1, a box will pop up that lists the unreplicated objects.

11. To find out what changes have yet to replicate from dc1 to dc2, repeat the same steps except add dc2 as a monitored server and check for unreplicated changes against dc1.

12.3.2.2 Using a command-line interface

Run the following two commands to find the differences between two domain controllers. Use the /statistics option to view a summary of the changes:

> repadmin /showchanges <DC1Name> <DC2GUID> <NamingContextDN>> repadmin /showchanges <DC2Name> <DC1GUID> <NamingContextDN>

The Windows 2000 version of repadmin has a different syntax to accomplish the same thing. Here is the equivalent syntax:

> repadmin /getchanges <NamingContextDN> <DC1Name> <DC2GUID>> repadmin /getchanges <NamingContextDN> <DC2Name> <DC1GUID>

Q 56.How to Force Replication from One Domain Controller to Another

12.4.1 Problem

You want to force replication between two partners.

12.4.2 Solution

12.4.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. Browse to the NTDS Setting object for the domain controller you want to replicate to.

3. In the right pane, right-click on the connection object to the domain controller you want to replicate from and select Replicate Now.

12.4.2.2 Using a command-line interface

The following command will perform a replication sync of the naming context specified by <NamingContextDN> from <DC2Name> to <DC1Name>:

> repadmin /replicate <DC1Name> <DC2Name> <NamingContextDN>

The Windows 2000 version of repadmin has a different syntax to accomplish the same thing. Here is the equivalent syntax:

> repadmin /sync <NamingContextDN> <DC1Name> <DC2GUID>

Q57. How to Change the Intra-Site Replication Interval?

12.5.1 Problem

You want to change the number of seconds that a domain controller in a site waits before replicating within the site.

12.5.2 Solution

12.5.2.1 Using a graphical user interface

1. Run regedit.exe from the command line or Start Run.

2. Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services

NTDS Parameters.

3. If a value entry for Replicator notify pause after modify (secs) does not exist, right-click on

Parameters and select New DWORD Value. For the name, enter: Replicator notify pause after modify (secs).

4. Double-click on the value and enter the number of seconds to wait before notifying intra-site replication partners.

5. Click OK.

12.5.2.2 Using a command-line interface

With the following command, change <NumSeconds> to the number of seconds to set the intra-site replication delay to:

> reg add HKLM\System\CurrentControlSet\Services\NTDS\Parameters /v "Replicator[RETURN] notify pause after modify (secs)" /t REG_DWORD /d <NumSeconds>

Q58. How to Change the Inter-Site Replication Interval ?

12.6.1 Problem

You want to set the schedule for replication for a site link.

12.6.2 Solution

These solutions assume the IP transport, but the SMTP transport could be used as well.

12.6.2.1 Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.2. Expand the Inter-Site Transport container.

3. Click on the IP container.

4. In the right pane, double-click on the site link you want to modify the replication interval for.

5. Enter the new interval beside Replicate every.

6. Click OK.

12.6.2.2 Using a command-line interface

To change the replication interval, create an LDIF file named set_link_rep_interval.ldf with the following contents:

dn: cn=<LinkName>,cn=ip,cn=Inter-Site Transports,cn=sites, cn=configuration,<ForestRootDN>changetype: modifyreplace: replIntervalreplInterval: <NewInterval>-

then run the following command:

> ldifde -v -i -f set_link_rep_interval.ldf

Q59. How to Check for Potential Replication Problems?

12.8.1 Problem

You want to determine if replication is succeeding.

12.8.2 Solution

The following two commands will help identify problems with replication on a source domain controller:

> dcdiag /test:replications> repadmin /showrepl /errorsonly

12.8.3 Discussion

For a more detailed report, you can use the Replication Monitor (replmon.exe). The Generate Status Report option will produce a lengthy report of site topology, replication information, and provide details on any errors encountered. The Directory Service event log can also be an invaluable source of replication and KCC problems.

Q60. How to Find Conflict Objects ?

12.11.1 Problem

You want to find conflict objects that are a result of replication collisions.

12.11.2 Solution

12.11.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

4. For Port, enter 389 or 3268 for the global catalog.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials (if necessary) of a user that can view the object.

8. Click OK.

9. From the menu, select Browse Search.

10. For BaseDN, type the base DN from where you want to start the search.

11. For Scope, select the appropriate scope.

12. For Filter, enter (|(cn=*\0ACNF:*)(ou=*\0ACNF:*)).

13. Click Run.

12.11.2.2 Using a command-line interface

The following command finds all conflict objects within the whole forest:

> dsquery * forestroot -gc -attr distinguishedName -scope subtree -filter[RETURN]"(|(cn=*\0ACNF:*)(ou=*\0ACNF:*))"

Q61. How to View Object Metadata?

12.12.1 Problem

You want to view metadata for an object. The object's replPropertyMetaData attribute stores metadata information about the most recent updates to every attribute that has been set on the object.

12.12.2 Solution

12.12.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller or domain that contains the object.

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials (if necessary) of a user that can view the object.

8. Click OK.

9. From the menu, select Browse Replication View Metadata.

10. For Object DN, type the distinguished name of the object you want to view.

11. Click OK.

12.12.2.2 Using a command-line interface

In the following command, replace <ObjectDN> with the distinguished name of the object for which you want to view metadata:

> repadmin /showobjmeta <DomainControllerName> <ObjectDN>

This command was called /showmeta in the Windows 2000 version of repadmin. Also, the parameters are switched in that version, where <ObjectDN> comes before <DomainControllerName>.

Q62.

What is RUS?

The Recipient Update Service (RUS) is responsible for creating and maintaining E-Mail Addresses in your Exchange Organization. The Recipient Update Service creates an Entry (Recipient Update Service (Enterprise Configuration)) for the entire Exchange Organization for modifying objects in the Configuration Container Partition in Active Directory and one RUS for every Exchange enabled Domain in this Forest.

Which contains have in Exchange 2003 Default Recipient policy?Exchange Server 2003 there is one Recipient Policy called Default Policy. The Default Policy contains Proxy addresses for the Default SMTP domain and one address for X.400.

How to Configure MX Records in DNS?Configuration of Outlook to work with Exchange?How to Setup Exchange to Work Behind a Firewall?How to Use GFI Mail Security to Scan Email for Viruses?Setup Outlook Web Access (OWA) for Remote Email?How to a Install SSL Certificate and Secure OWA?How to Setup a Public Folder Structure

1. What is the maximum number of exchange sites in a domain?2. what is the maximum number of Exchange sites can you run in a forest?3. What is the maximum number of containers can you create in an exchange server enterprise?4. what is bridgehead server In Exchange 2000, a bridgehead server is a connection point from a routing group to another routing group, remote system, or other external system

5 What is AD

Active Directory 

The directory service for Windows 2000 Server. It stores information about objects on the network and makes this information available for authorized administrators and users. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides administrators with an intuitive hierarchical view of the network and a single point of administration for all network objects.

What is Administrative group?

administrative group 

A collection of Active Directory objects that are grouped together for the purpose of permissions management. An administrative group can contain policies, routing groups, public folder hierarchies, servers, and chat networks. The content of an administrative group depends on choices you make during installation.

What is circular login?

Circular logging 

A method of logging transactions in Microsoft Web Storage System in which earlier log files are overwritten after the transactions in the log file have been committed to the database.

What is distribution list?

distribution list 

A group of recipients created to expedite mass mailing of messages and other information. When e-mail is sent to a distribution list, all members of that list receive a copy of the message

What is Domain?

domain 

A grouping of servers and other network objects under a single name. Domains provide the following benefits:

•You can group objects into domains to help reflect your company's organization in your computer network.

•Each domain stores only the information about the objects located in that domain. By partitioning the directory information this way, the Active Directory scales up to as many objects as you need to store information about on your network.

•Each domain is an administrative boundarythis means that security policies and settings (such as administrative rights, security policies, and security descriptors) do not cross from one domain to another. Note, however, that the domains within a forest are not security boundaries that guarantee isolation from each other. Only the forest constitues a security boundary.

What is DC

A computer running Windows 2000 Server that manages user access to a network, which includes logging on, authentication, and access to Active Directory and shared resources.

What is DHCP

Dynamic Host Configuration Protocol 

(DHCP) A protocol for assigning Internet Protocol (IP) addresses to computers and other devices on a TCP/IP network. Dynamic addressing permits a computer to have a different address each time it logs on to a network

What is front-end & back-end server?

front-end and back-end architecture 

An Exchange architecture in which clients access a set of protocol servers (the front end) for collaboration information, and these servers in turn request data from separate servers (the back end). A front-end and back-end architecture provides a scalable, single point of contact for all data requests.

front-end server 

A server that receives requests from clients and relays them to the appropriate back-end server.See also: back-end server

What is global address list?

(GAL) A list containing all Exchange users, contacts, groups, conferencing resources, and public folders in an organization. This list is retrieved from the global catalog servers in Active Directory and is used by Outlook clients to address messages or find information about recipients within the organization.

What is GC?

A server that holds a complete replica of the configuration and schema naming contexts for the forest, a complete replica of the domain naming context in which the server is installed, and a partial replica of all other domains in the forest. The global catalog is the central repository for information about objects in the forest.

What is infrastructure master ?

A domain controller that updates cross-domain group-to-user references to reflect a user s new name. The infrastructure master updates these references locally and uses replication to bring all other replicas of the domain up to date. If the infrastructure master is unavailable, these updates are delayed.

What is Lightweight Directory Access Protocol ?

(LDAP) A network protocol designed to work on TCP/IP stacks to extract information from a hierarchical directory such as X.500. It is useful for searching through data to find a particular piece of information.

What is mail exchanger resource record ?

(MX resource record) A Domain Name System (DNS) record that specifies a mail exchange server for a DNS domain name. A mail exchange server is a host that either processes or forwards mail for the DNS domain name. Processing the mail means either delivering it to the addressee or passing it to a different type of mail transport. Forwarding the mail means sending it to its final destination server, sending it using Simple Mail Transfer Protocol (SMTP) to another mail exchange server that is closer to the final destination, or queuing it for a specified amount of time.

What is mail-enabled ?

An Active Directory object that has at least one e-mail address defined. If the user is mail-enabled, the user has an associated e-mail address, but does not have an associated Exchange mailbox

What is message transfer agent ?

(MTA) An Exchange component that routes messages to other Exchange MTAs, information stores, connectors, and third-party gateways. Also referred to as X.400 protocol in Exchange 2000 System Manager.

What is namespace?

namespace 

A set of names associated with a domain or forest that identifies objects that belong to the domain or forest. A DNS name creates a namespace; for example, microsoft.com.

What is recipient, recipient Policy, Recipient Update Service.?

recipient 

An Active Directory object that is mail-enabled, mailbox-enabled, or that can receive e-mail. A recipient is an object within Active Directory that can take advantage of Exchange functionality.

recipient policy 

Policies that are applied to mail-enabled objects to generate e-mail addresses. They can be defined to apply to thousands of users, groups, and contacts in Active Directory by using a Lightweight Directory Access Protocol (LDAP) query interface in a single operation.

Recipient Update Service 

An Exchange 2000 service that updates the recipient objects within a domain with specific types of information. You can schedule appropriate intervals to update the recipient objects. For example, this service updates recipient objects with address list membership and e-mail addresses at intervals scheduled by the administrator.

What is RAID?

Redundant array of independent disks 

(RAID) A mechanism for storing identical data on multiple disks for redundancy, improved performance, and increased mean time between failures (MTBF). RAID provides fault tolerance and appears to the operating system as a single logical drive.

What is Routing Group, routing group bridgehead server & routing group connector ?

routing group 

A collection of Exchange servers that have full-time, reliable connections. Messages sent between any two servers within a routing group go directly from source to destination. Similar to administrative groups, routing groups are optional and are not visible in System Manager unless they are enabled.

routing group bridgehead server 

A server within a routing group that exchanges directory updates with a server in another routing group.

routing group connector 

A connector that specifies the connection of a local routing group to a server in a remote routing group. It also specifies the local bridgehead server, if any, and the connection cost, schedule, and other configuration properties.

What is schema & schema master?

Schema 

A logical model for data; an organizational framework. Schema defines the universe of objects that can be stored in Active Directory. For each object class, the schema defines what attributes an instance of the class must have, what additional attributes it can have, and what object class can be a parent of the current object class.

Schema master 

The domain controller that performs write operations to the directory schema. Schema updates are replicated from the schema master to all other domain controllers in the forest. Only the schema master domain controller can perform this task.

What is SID?

Security identifier 

(SID) A data structure of variable length that uniquely identifies user, group, service, and computer accounts within a forest. Every account is issued a SID when the account is first created. Access control mechanisms in Windows 2000 identify security principals by SID rather than by name.

What is SRS?

A directory service (similar to the directory used in Exchange Server 5.5) implemented in Exchange 2000 to allow integration with Exchange 5.x sites that use both remote procedure call (RPC) and mail-

based replication. Site Replication Service works with Active Directory Connector (ADC) to provide replication services from Active Directory to the Exchange 5.x Directory Service.

What is smart host?

smart host 

A designated server through which Exchange routes all outgoing messages. The smart host then makes the remote connection. If a smart host is designated, the Exchange server only needs to transmit to the smart host, instead of repeatedly contacting the domain until a connection is made. Also known as a relay host.

What is transaction log file? 

A file that maintains a record of every message stored in a storage group and provides fault tolerance in the event that a database must be restored.

What is universal group? 

A Windows 2000 group available only in native mode that is valid anywhere in a forest. A universal group appears in the global catalog but contains primarily global groups from domains in a forest. This is the simplest form of group and can contain other universal groups, global groups, and users.See also: domain local group

What is zone? 

In a DNS database, a zone is a contiguous portion of the DNS tree that is administered as a single separate entity by a DNS server. The zone contains resource records for all the names within the zone

What is DomainPrep:

DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes in Active Directory. You must run DomainPrep before installing your first Exchange server in a domain. While the DomainPrep Setup switch may seem to do the same thing as ForestPrep on the surface, its purpose is different. Whereas ForestPrep prepared the schema and configuration partitions of Active Directory, DomainPrep prepares the domain partition. Another key difference is that while ForestPrep is run once (in the forest root domain) for the entire forest, DomainPrep must be run in each of the following domains:

The forest root domain All domains that will contain Exchange Server 2003 All domains that will contain Exchange mailbox-enabled objects (users and groups), even if the

domain does not have its own Exchange Server 2003 server

The DomainPrep switch creates the groups and permissions required by Exchange Server 2003. Two security groups are created by DomainPrep:

Exchange Enterprise Servers: A domain local group that contains all Exchange servers running in the forest.

Exchange Domain Servers: A global group that contains all Exchange servers running in the domain you have selected.

To run DomainPrep, you must use a user account that is a member of the Domain Admins group in the local domain.

What is ForestPrep?

Exchange 2003 ForestPrep extends the Active Directory schema to include Exchange-specific classes and attributes. ForestPrep also creates the container object for the Exchange organization in Active Directory. The schema extensions supplied with Exchange 2003 are a superset of those supplied with Exchange 2000.

In short, ForestPrep prepares the Active Directory forest and the schema for the installation of Exchange Server 2003. ForestPrep must be run only once in the whole forest. ForestPrep extends the schema to include Exchange specific classes and attributes.

What is the difference between a primary and a non-primary connection agreement?

A. A primary connection agreement replicates existing directory objects. It also creates and replicates new directory objects in the destination directory. A non-primary connection agreement only replicates information in pre-existing objects.

A connection agreement type has two check boxes selected by default, even if a connection agreement already exists. These are "This is a primary connection agreement for the connected Exchange organization" and "This is a primary connection agreement for the connected Windows domain."

If you are using more than one connection agreement to replicate Microsoft Windows 2000 user accounts for a single Exchange Server 5.5 organization, there should be only one primary connection agreement. Using multiple primary connection agreements to replicate the same Exchange 5.5 organization will result in creating duplicate objects. Q. What is the name-matching rule, and how do I set it?

A. You can customize directory objectmatching rules on the From Exchange tab and the From Windows tab. The name-matching rule should be set to its default setting. You should change this only when the Active Directory directory service and the Exchange 5.5 directory have several common objects, for example, when inter-forest replication is in place. Matching rules should be changed so that object attributes in each of the directories have different values, for example, a Simple Mail Transfer Protocol (SMTP) address or a security identifier (SID).

Note Attributes you select affect all connection agreements. If you clear the attributes for Exchange 5.5, you clear the same attributes for Windows 2000. Q. What is the function of the Site Replication Service?

A. The Site Replication Service (SRS) was designed to provide directory interoperability between Exchange 5.5 and Exchange 2000. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory. SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory and the Exchange 5.5 directory. To Exchange 5.5, the SRS looks like another Exchange 5.5 configuration/recipients replication partner. Q. Where is additional information on setting up Exchange 2000 available?

A. Get an extensive tour of Exchange 2000 deployment in the Exchange 2000 in Six Steps article on the Microsoft TechNet site. This downloadable article provides useful tips gained from the Microsoft Early Adopter beta testing program. It offers a detailed view of an Exchange 2000 deployment in a mixed-mode Windows 2000 environment. Addressing specific deployment scenarios that can be used as a basis for your own deployment process, this article provides you with a clear picture of how deployment works, placing special emphasis on the most successful order in which to carry out deployment. Q.

A.

StorageQ. What are Storage Groups, and what is the relationship between them and multiple databases?

A. A Storage Group is a virtual container for multiple databases, of which you can have up to five. Q.A.

Backup and RestoreQ. Does Exchange 2000 support Single-Mailbox Restore?

A. Exchange 2000 does not support Single-Mailbox Restore with tools and products from Microsoft. You can find several third-party backup programs that support Single-Mailbox Restore, but the Ntbackup.exe tool cannot perform this function. Exchange 2000 does provide Mailbox Retention, a feature that enables you to retain a deleted mailbox for a specified period of time before permanently deleting it. Q.A.

Instant MessagingQ. What is Instant Messaging?

A. Instant Messaging (IM) is a fundamentally unique medium of communication. This technology gives Exchange 2000 users the ability to communicate with other Instant Messaging users in an immediate, interactive environment that conveys "presence" and "status" information. Q.A.

SMTPQ. How many recipients can be on an SMTP message?

A. The maximum number of recipients is 5,000 by default. When you send a message from one server to another with 5,000 recipients, you want that message body to be carried across the wire only once. The Windows 2000 SMTP server enables the administrator to specify the maximum number of recipients per message. The intention of having a low number is to make it harder for people to send junk mail to many recipients at once. The SMTP standard specifies that messages with more than 100 recipients should be broken into multiple messages.

Note SMTP standards specify that servers must be able to handle at least 100 recipients. Q. Is there any authentication performed when one server running Exchange talks to another through SMTP?

A. In Exchange 5.5, server-to-server communication is authenticated and encrypted using system-level Remote Procedure Call (RPC). With Exchange 2000, each server uses SMTP authentication with Kerberos. Encryption is not done by default. There are two options for encryptionInternet Protocol Security (IPsec), which is built into Windows 2000, and Transport Layer Security (TLS), built into the SMTP service and used by Exchange 2000. TLS is also known as secure sockets layer (SSL).

Q. Isn't SMTP less secure than the X.400-based RPC that Exchange 5.5 had?

A. Many people think that SMTP is not secure because it has a clear-text submission protocol. Exchange 2000 does several things to increase the security of data over SMTP:

Server-to-server communication is always authenticated. The default state of each server will not accept unauthenticated SMTP traffic. Each message is checked to see that the From: field in the submitted message is really the person who authenticated. With IPsec or TLS, encryption of data between servers is as good or better than the encrypted RPC of Exchange 5.5. Much of the intra-organization server-to-server mail traffic is actually somewhat obscured. Messages that originated from MAPI clients or the Web client are a set of MAPI properties that need to be carried from server-to-server. MAPI properties are carried in a Transport-Neutral Encapsulation Format (TNEF) binary large object (BLOB). This is encoded using a publicly available, unencrypted format, but it is not readable. There will be no useful information available from a message in transit. Even if a tool is used to parse a BLOB, data could be decoded. However, it would be extremely difficult to easily look at mail traffic. Q. Is there any way to compress data with Exchange 2000 before sending it to another server?

A. At this time, SMTP servers do not have compression for mail. The specification for mail servers, however, includes a standard for implementing compression. The TLS extension helps maintain message security through both compression and encryption. Encryption is usually more secure if the data is not plain text, and to make compression unpredictable, you should compress before encryption. Exchange Server supports the TLS extension.

Our transport events technology also makes it very easy for Microsoft or a third-party software vendor to release an extension to Exchange 2000 that would automatically compress and decompress messages as they come into or go out of Exchange. In most cases, compression overhead taxes the CPU of the Exchange server. This reduces performance, often offsetting any network bandwidth you gained through compression. Thus, it's probably better to build more functionality into the client, where you may have idle CPU cycles to spare, than to tax the server with compression.

Note Current TLS implementations do not use any compression algorithms. Q. Can Exchange 2000 run on top of a different Microsoft Windows SMTP Server from Microsoft Internet Information Server (IIS) 5.0?

A. No, Exchange 2000 requires and works in concert with the server events extensibility that are built into the SMTP server. This ships as part of IIS 5.0 in Windows 2000. Q. How is the host name of an internal or external server resolved?

A. The SMTP Service takes a name, call it "REMOTE," which might be a server's internal fully qualified domain name (FQDN) or an external FQDN of an e-mail domain. For example, user@domain.com looks up "domain.com" and resolves it. The following steps should be taken to accomplish this:

Check the domain name system (DNS) for the mail exchanger (MX) record for REMOTE.

If DNS returns >0 entries, connect to port 25 on each one, in lowest priority order first. If DNS returns "Authoritative Host Not Found [1]," non-delivery report (NDR) the message immediately. This is returned if the name server accesses the root (.) node of DNS and does not find a record for the domain name. If DNS returns any other error, or returns no MX entries, then fall through to step 2 and call gethostbyname() for REMOTE. This results in both an A record search as well as WINS lookup.

Note By default, Windows 2000 DNS ships with the IP addresses of the InterNIC root name servers pre-populated in its configuration. This means that a request for a domain that is not defined in a zone on the DNS server will be forwarded to one of those servers. If your server is behind a firewall and cannot reach these servers, you will not get "Authoritative Host Not Found," but rather "Server Failed." Q.A.

InteroperabilityQ. What is the definition of site, administrative group, and routing group in a mixed organization?

A. An Exchange site is a server grouping for both administrative and topological purposes. In a mixed organization, the servers running Exchange 5.5 recognize sites, while the servers running Exchange 2000 recognize both administrative and routing groups. The Active Directory Connector automatically replicates each Exchange 5.5 site to Exchange 2000 as both an administrative group with a routing group of the same name. Q. How do legacy servers interact with Exchange 2000 connectors?

A. Within a pure Exchange 5.5 site, one server is designated as the routing calculation server that is responsible for keeping the gateway address resolution table (GWART) up to date and consistent across all servers within the site. When a server running Exchange 2000 is installed into an Exchange 5.5 site, the original server running Exchange 5.5 resumes its routing role. Although Exchange 2000 uses a very different routing mechanism to Exchange 5.5, it creates an Exchange 5.5compatible GWART that will be replicated into the Exchange 5.5 environment through the Active Directory Connector. This information will then be merged with the GWART that the routing calculation server generates. The net result is that users on Exchange 5.5 servers will be able to take advantage of connectors installed on Exchange 2000 servers. Q. How does an Exchange 5.5 site relate to an Exchange 2000 administrative group?

A. In a mixed or native Exchange 2000/Exchange 5.5 topology, these are mapped 1:1. The administrative group is mainly for permissions mapping, although the administrative group is used to create the legacy-distinguished name (DN). Q. How do messages get from an Exchange 2000 server to an Exchange 5.5 server in the same site/routing group?

A. An Exchange 2000 server evaluates whether the server is in the same routing group or not. If it is, then the server sends the message through the Message Transfer Agent (MTA), which creates a direct

local area network (LAN), MTA, RPC connection. If it is not, the server routes the message to the routing group of the destination server through connectors. Q. How do messages get from an Exchange 2000 server to another Exchange 2000 server in a mixed routing group? A. Exchange 2000 servers, whether in a mixed or pure routing group, always use SMTP to send messages from one server to another. The SMTP Service will open a direct connection to the destination server. However, Exchange 2000 servers will route based on routing groups, not administrative groups. Q.A.

RoutingQ. How does an Exchange 5.5 site relate to an Exchange 2000 routing group?

A. In a mixed Exchange 2000/Exchange 5.5 topology, a site is represented as an administrative group and a routing group. An Exchange 2000 routing group, contained within the administrative group, is more analogous to a sub-site than to a site because it is for purely topological groupings. However, it is advisable that servers belonging to sites in Exchange 5.5 also be applied in this case. Members belonging to the same routing group are expected to have very high bandwidth and availability. Q. How does an Exchange 5.5 site relate to an Exchange 2000 administrative group?

A. In a mixed Exchange 2000/Exchange 5.5 topology, these are mapped 1:1. The administrative group is mainly for permissions mapping, although in a mixed-mode of Exchange 2000, the administrative group is used to create the legacy distinguished name (DN). Therefore, it is not as easy to move servers between administrative groups. Q. How does a Windows 2000 site relate to an Exchange 2000 organization?

A. There is no relationship. A Windows 2000 site is defined as a group of resources (computers, servers, etc.) that have high-connectivity to one another. An Exchange organization encompasses the entire forest and bears no relationship to the topological site structure that the Active Directory administrator defines. Q. How does a Windows 2000 domain relate to an Exchange 2000 organization?

A. There is no relationship. All configuration information for Exchange 2000 is stored in the Active Directory configuration naming context. This is replicated to every domain controller to each domain in the forest. Therefore, Exchange Organization information is available for read/write in every domain. Q. How does a Windows 2000 site relate to an Exchange 2000 routing group?

A. An Exchange routing group is a collection of Exchange 2000 servers with high-availability to one another, but not necessarily high bandwidth. Although the concept of the Windows 2000 site and the Exchange routing group are quite similar, there are no alignment prerequisites for deployment. Routing groups are defined in the configuration naming context of the Active Directory. Q. How does a Windows 2000 domain relate to an Exchange 2000 routing group?

A. There is no relationship. An Active Directory domain contains users and computer information for those that reside in that domain. An Exchange routing group contains information about Exchange 2000 servers that have high-availability to one another. Q. How does a Windows 2000 forest relate to an Exchange organization?

A. In Exchange 2000, there is a limitation of exactly one Exchange organization per Windows 2000 Active Directory forest. Conversely, every server within a given Exchange organization must be in the same Active Directory forest. Q.A.

Routing ServiceQ. What is the purpose of a routing group?

A. The routing group is the smallest unit of servers likely to be connected to one another at all times. The routing group is one node on the graph of connector paths with multiple possible connectors between routing groups.

Within a routing group, or before routing has been configured by the creation of a routing group, mail from one server to another goes point-to-point using SMTP.

If you wish to have direct point-to-point routing between a collection of Exchange 2000 servers, you can place them into the same routing group. In general, you design your routing group boundaries based upon connectivity and availability of the network. Between routing groups, you can define connectors that route messages between these routing group collections. It is common practice to use a routing group connector (RGC) to accomplish this. Q. What does it mean for a connector to go down?

A. If the source bridgehead cannot contact the destination bridgehead, then the system, by default, retries for 10 minutes. After 10 minutes, the bridgehead is marked unavailable. If there are other target bridgeheads on the connector, those are tried instead. Once all target bridgeheads on the connector are tagged as unavailable, then the whole connector is marked down and other routes are evaluated. If there are other available routes, message(s) are rerouted. If there are no other routes available, the message will sit in the local queue until the connector comes back up. Q. What does the routing service do when a local connector is down? A. When the SMTP Service or X.400 Service notices that a connector is down, it notifies the routing service of this. The routing service marks the connection as down in its routing state graph. Q. How does the connector get designated as up again?

A. The SMTP Service creates a special connection that has zero messages, but tries the remote side of the connector according to the retry interval for the virtual server. When the connection succeeds, the service updates routing with the new information that the connector is back up. Q. What exactly does a routing master do?

A. The routing master coordinates changes to link state that are learned by servers within its routing group. When one single server coordinates changes, it is possible to treat a routing group as a single

entity and to compute a least-cost path between routing groups. All servers in the routing group advertise and act upon the same information. Q. What happens when it goes down?

A. All servers in the routing group continue to operate on the same information that they had at the time they lost contact with the master. This cannot cause mail to loop, because all servers continue to operate on loop-free information.

When the master comes back up, it starts with all servers and connectors marked up. As it learns about down servers, it reconstructs the link state information and passes it around. Q. Does having a single routing master introduce a single point of failure?

A. No. Exchange 2000 may send mail to a server whose link is down, but mail will continue to flow, since Exchange will automatically switch to sub-optimal routing if a routing master fails. Exchange 2000 enables the administrator to manually change the routing master role from one server to another. Q. How do SMTP and X.400 servers communicate link state information within a routing group?

A. Each server communicates with the master through a TCP-based Link State Algorithm (LSA) protocol developed in the transport core development team. Each server, including the master, is on TCP listening port 691 and registered with Internet Assigned Numbers Authority (IANA) for this purpose. The master broadcasts changes only to all servers in its routing group. Q. How do servers (both SMTP and X.400) communicate link state information between routing groups? A. When two servers communicate through SMTP, Exchange 2000 uses a version of LSA protocol that works as an extension to SMTP through the SMTP Service Extensions (ESMTP) framework. Exchange 2000 servers advertise X-LINK2STATE support during the EHLO. When one Exchange 2000 server sees another advertising that, it attempts to trade routing information. Routing information will only be traded if the two servers are in the same organization (a DIGEST string is compared). This only occurs in the event of per-routing-group differences in transferred information.

Between routing groups, when servers communicate through X.400, Exchange 2000 uses a version of LSA. The MTA constructs a "dummy" X.400 message to transfer this information. Q. How often do servers that connect between routing groups communicate link state updates? Are messages used?

A. In the case of link state updates tunneled through SMTP, messages are not used. Instead, when there is an update, a connection is created to the neighboring routing group. During the course of that connection, the link state information is transferred. In fact, even if there is no new information on the source side, during each SMTP transmission between two Exchange 2000 servers in the same organization, they will exchange link state information.

In the case of link state updates through X.400 between two Exchange 2000 servers, a "dummy message" is created that includes the link state update information. Q. Why have all of this routing? A. Network routers use the Open Shortest Path First (OSPF) protocol to route packets optimally between servers. The single-source, shortest-path algorithm, used by the Exchange routing service, is

very similar to the OSPF internal routing protocol used by many enterprise networks, except that Exchange provides more information than simply IP source and destination. Exchange can route messages according to destination, message size sender, and message priority.

Note The similarity between OSPF, and the routing algorithm used by Exchange 2000, is that they are both derived from Dijkstra's algorithm. Using the same type of algorithms is where this similarity ends. You do not have to deploy OSPF before deploying Exchange 2000.

Another reason to route messages through logical connectors is to optimize message bandwidth. If a single message is destined for recipients on five different servers in a remote location, point-to-point communication causes the message body to be sent five times. By funneling that through a messaging bridgehead, the message body is only sent once, which makes a significant difference with large messages.

Note Certain connectors may be limited as to what size messages they will take. This is not referring to the IP address of the sender, but rather the actual e-mail address of the sender. Certain connectors may be limited by who may use them. Q.Does the storage limit change apply to Windows Small Business Server 2003?

A. Yes. Windows Small Business Server 2003 users can take advantage of the storage limit changes implemented in Exchange Server 2003 SP2 Q. Did the storage limit change for SP2?

A. Based on feedback from customers and because of the evolution of e-mail usage, we are increasing the storage limit for Exchange Server 2003 Standard Edition with SP2 to 75 gigabytes (GB). In order to prevent the database from growing unexpectedly after an upgrade to SP2, the limit is set to 18 GB and can be set up to 75 GB by using a registry key. For more information about setting the limit, see the Exchange Server 2003 Help, updated during the SP2 installation. Q. Does SP2 work on Microsoft Windows Small Business Server 2003?

A. Yes. Windows Small Business Server 2003 with SP1 fully supports Exchange Server 2003 SP2. Exchange Server 2003 SP2 was tested to ensure compatibility. Q. Is the Microsoft Exchange Intelligent Message Filter part of SP2?

A. Yes, it is now built in to Exchange Server 2003 SP2. This new filter extends the antispam capabilities of Exchange Server 2003 to protect your messaging environment from phishing schemes and also from domain spoofing tactics through integration with the Sender ID framework. Q. Do I need to have Exchange Server 2003 SP1 running on my computer in order to install SP2?

A. No. Service packs are cumulative, meaning they include the updates from all previous service packs. No earlier service pack is required to install the latest service pack. In either case, whether you have already installed Service Pack 1 (SP1) or have only the basic Exchange Server 2003 server software, the process to upgrade is the same. You need only install SP2. Q. Are there localized versions of SP2?

A. Yes. SP2 comes in eight supported server languages: Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, and Spanish. Q. Does Exchange ActiveSync require SSL authentication? A. It depends on the device. Windows Mobile 2002 powered devices connect over Secure Sockets Layer (SSL). Windows Mobile 2003 powered devices do not require SSL. However, it is strongly recommended that you use SSL to protect your data and credentials. To enable SSL authentication on Windows Mobile 2003 powered devices, in the ActiveSync Server Synchronization settings, select the This server uses an SSL connection option. Q. How can I control which users have access to Exchange ActiveSync?

A. By default, all users are enabled for Exchange ActiveSync. An Exchange Server administrator can globally disable Exchange ActiveSync for all users in Exchange System Manager by using the Mobile Settings option under Global Settings. You can also enable or disable individual users by using Active Directory Users and Computers. Q. What types of data can be synchronized by using Exchange ActiveSync?

A. Exchange ActiveSync enables you to synchronize your e-mail messages, calendar, and contacts lists in your Exchange Server 2003 mailbox with a Microsoft Windows Mobile powered device.

2

What is Exchange 2003 Forestprep?

Exchange 2003 Forestprep extends the AD schema to include Exchange specific information.

What is Exchange 2003 Domainprep?

Exchange 2003 Domainprep creates the groups and permissions necessary for Exchange servers to read and modify user attributes.

What is a DC?

A DC is a Windows 2000 or 2003 Domain Controller that holds active directory partitions for a domain (used for things like user authentication).

What is a GC?

A GC is a Global Catalog Server. A GC holds a full set of attributes for the domain in which it resides and a subset of attributes for all objects in the Active Directory Forest.

What is DDNS and why do I need it?

Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by

the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.

What is a border server?

A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.

What is a mixed mode Exchange environment?

An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.

How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Administrative Group?

In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a group of Exchange objects sharing a common set of permissions and routing groups define how those servers communicate with one another. A single Administrative Group can contain several Routing Groups. Example: Your North American Exchange servers might be grouped in a single Administrative Group, but subdivided into several Routing Groups to optimize interserver communication. An Administrative Group contains zero or more Routing Groups.

Exchange 2003 > Administration

What happened to the M: drive?The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting.

Do I need Windows XP to use Outlook RPC over HTTP? Yes. Windows XP with Service Pack 1 + KB331320

When will Exchange 2003 SP1 be available?When it is ready

How do I configure the Recovery Storage Group?

In Exchange 2003, there is a new feature called the "Recovery Storage Group" (RSG). This is a special instance of ESE (a 5th instance) which can be spun up to provide:a. Item/Folder/Mailbox level restore without the need for a spare serverb. "Dial tone" (blank mailbox) support if you lose a database and need to get the users quickly up and running for send/receive

To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new Recovery Storage Group.Once the RSG exists, you can add a database to it (any MDB from any Storage Group from any server inside the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use ExMerge to extract the data from the RSG and merge it into the production database (for scenario a.), or you can swap the RSG-restored database for the temporary production database (for scenario b). One of the goals for the Recovery Storage Group

Under Exchange 5.5 I couldn't restore a single mailbox without 3rd party products. With Exchange 2003, is it any easier to restore a single mailbox or back up a single mailbox? Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Windows account is deleted. Although restores have been greatly improved with the new Recovery Storage Group (RSG) and the Volume Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would still require a 3rd party brick level backup utility.

Can I back up the EXIFS drive using NT Backup or another backup application?You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in messages and attachments being inaccessible via the Outlook client.

How can I prevent a user from sending and receiving Internet mail? Follow the steps outlined below:

Create a group called InternalOnly. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the X400 address alone so they can receive internal mail. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s), choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector. Follow the steps in KB277872, regarding Connector Restrictions.[Now they can't use the SMTP connector(s) to send external mail]

What tools are used to administer Exchange 2003?

Active Directory Users & Computers - Used to create users, distribution groups and contacts. Exchange System Manager - Used to manage the Exchange Server, create address lists, recipient policies, and now does some user level actions...

Can I use Exchange 2000 tools to manage Exchange 2003 Servers?

No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000 ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange 2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000

SP3 roll-up to your Admin workstation(s) - http://microsoft.com/downloads/details.aspx?FamilyId=E247C80E-8AFA-4C2A-96B3-F46D1808C790&displaylang=en The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning). Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that the data value is greater than the version of ESM running, it will not allow edits to that object.

The following objects may become damag

Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers? Yes, with the exception of the following Exchange 2000 components; Key Management Server, Exchange Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:Mail Connectors

I created a user in AD Users and Computers, but in the Exchange system manager it doesn't appear under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after it has been created, which would cause it to appear.

I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in Outlook.

Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies can be accessed with the web.

In Exchange 5.5, I could have multiple mailboxes associated with a single user account. How do I do that in Exchange 2003?

Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object 'receive as' and 'send as' permissions to that mailbox.

What is the difference between 'receive as' and 'send as'?

'Receive as' allows a user object to open a mailbox. 'Send as' allows a user to send out a mail message as the mailbox that has been opened.

How do I restrict a user or domain from sending mail to my users?

First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers).

I've created more than one address list. Which list will users see for their GAL?

The following criteria are used when determining what a client will see for the Global Address List. Which Address List do you have permissions to see? Which Address List contains your mailbox object as an entry?If your mailbox appears as an object in more than one address list:

Which of the remaining Address Lists contains more entries?

What do the event IDs mean in the message tracking log?

They are listed in Appendix A

Is Single Instance Storage maintained when moving users between servers | storage groups | databases?

Yes...

In my native E2K3 organization is there any requirement for RPC connectivity between servers?

In order to move users between servers, RPC connectivity is required.

How can I archive messages sent or received by my users?

Messages can be archived on a per store basis by enabling the option on the general properties tab of the Mailbox Store in the Exchange System Manager. Use an event sink (either write your own or use the simple one provided by Microsoft and described in Archive Sink Readme.txt Use a 3rd party message archival tool.

Why when I try to add an additional mailbox store do I receive the following error? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a

You are running the standard version of Exchange 2003 which is limited to a single 16GB private information store.

How do I get the Exchange Advanced Tab in Active Directory Users and Computers?

Open Active Directory Users and Computers. Click on the View menu item at the top of the application. Select Advanced Features on the menu list. When you open a property page for an Active Directory object that has a mailbox associated with it, you will now see the Exchange Advanced tab at the top.

How do I control the format of the addresses before the @ sign in a recipient policy?

You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy. Examples:

User: Tommy Lee JonesDomain: company.com

%g.%s@company.com = Tommy.Jones@company.com%1g%s@company.com = TJones@company.com%g%2s@comapny.com = TommyJo@company.com

Less commonly used variables include, %m (alias) and %d (display name).

How do I make Exchange automatically send a welcome message to all newly created users?

There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is opened after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script.

How do I determine what version of Outlook applies to a build or version number?

http://www.cdolive.com/build.htm

Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the

KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. **** There are 3rd party products that will do this too.

How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script?

You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680

How can you tell the exact version of Exchange you are running?

Here is a list of build numbers for Exchange 2000/2003: Exchange 2000

4417.5 = Exchange 2000 RTM 4712.7 = Exchange 2000 SP1 5762.4 = Exchange 2000 SP2 6249.4 = Exchange 2000 SP3 6396.1 = Exchange 2000 Post-SP3 Super Roll-up 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes Exchange 2003

6728.12 = Exchange 2003 Beta 1 6803.8 = Exchange 2003 Beta 2 6851.10 = Exchange 2003 Release Candidate 0 6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic KB317327

Resource / Conference room scheduling

Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to Direct Booking of Resource Without a Delegate Account There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that will automatically accept/decline meeting requests for conference rooms and other resources.

How do I create users from an Excel table?

There is no built-in way to accomplish that. However, see http://www.cdolive.net/download/bulkaddfromexcel.zip for a Windows Scripting Host script that uses an Excel table to create users and mailbox enable them.

How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me it is in use when I try to create a new user?

Either open Outlook to create a new message with that SMTP address and hit CTRL+K to resolve it, or use a Windows Scripting Host script to find it. For the latter, see http://www.cdolive.net/download/adusermanagement.zip (look for FindUserWithADSI.wsf and FindUserWithCDO.wsf)

How do I disable the "Automatically update e-mail addresses based on recipient policy" on all users or contacts?

' Default setting for "msExchPoliciesExcluded" is empty' Once disabling the automatic e-mail address update it is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

' Default setting for "msExchPoliciesIncluded" is:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" plus a unique GUID for each applied Recipient Policy separated by a comma' And after turning off the automatic update "msExchPoliciesIncluded" is only:' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"

How do I Enable the Security Tab for the Organization Object?

This tab is not enabled by default. For instructions on how to enable it see KB264733

How do I restrict users from Creating Top-Level Folders?

For Exchange 2000 public folders, you can follow the instructions in this article KB256131. But with Exchange 2000, however, any time a new server is added to the organization, these permissions will be reset. In Exchange 2003 these permission are restricted by default so to install Exchange 2003, you will automatically restrict them.

Allow create top-level public folder access control entry for everyone permissions and allow anonymous logon from the organization container permissions are removed during the installation of Exchange 2003.*****

Why do the storage quota settings not take effect immediately?

This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more information see KB327378

How do I limit which Outlook client versions can access my server?

You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more information, see KB288894What are the required components of Windows Server 2003 for installing Exchange 2003? –

ASP.NET, SMTP, NNTP, W3SVC

What must be done to an AD forest before Exchange can be deployed? –

Setup /forestprep

What Exchange process is responsible for communication with AD? –

DSACCESS

What 3 types of domain controller does Exchange access? –

Normal Domain Controller, Global Catalog, Configuration Domain Controller

What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? –

SMTP Connector: Forward to smart host or use DNS to route to each address

How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? –

Add /3Gb switch to boot.ini

What would a rise in remote queue length generally indicate? –

This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers.

What would a rise in the Local Delivery queue generally mean? –

This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space.

What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? –

SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP 389, Global Catalog - 3268

Name the process names for the following: System Attendant? MAD.EXE, Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? –

20 databases. 4 SGs x 5 DBs.

What are the disadvantages of circular logging? –

In the event of a corrupt database, data can only be restored to the last backup.

4

Q. What is Exchange Server 2003 SP2?

A. Microsoft is continually investing in Exchange Server to meet the challenges you face in your messaging environments. Service packs are a convenient package of existing updates for a product. SP2 is, however, more than just an update to the Exchange Server 2003 product. It includes significantly improved mobile messaging as well as a host of new enhancements for even better protection, reliability, and easier administration. To find out more, read the Top 10 Reasons to Install Exchange Server 2003 SP2 or study the Exchange Server 2003 SP2 Overview. Q. How can I get SP2?

A. SP2 is a free upgrade. You can download Exchange Server 2003 SP2 or order the CD for no additional charge. If you reside outside of the United States or Canada and cannot download SP2, you should review your local fulfillment options or contact your local subsidiary. Q. Is there information I should review before installing SP2?

A. Yes. Before installation, you should review the Exchange Server 2003 SP2 Release Notes as well as the Exchange Server 2003 system requirements. Q. Where can I find out more specific information about the updates included in SP2?

A. The details are included in the Fix List for Exchange Server 2003 SP2 in the Microsoft Knowledge Base. Q. Are there localized versions of SP2?

A. Yes. SP2 comes in eight supported server languages: Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, and Spanish.

Q. Do I need to have Exchange Server 2003 SP1 running on my computer in order to install SP2?

A. No. Service packs are cumulative, meaning they include the updates from all previous service packs. No earlier service pack is required to install the latest service pack. In either case, whether you have already installed Service Pack 1 (SP1) or have only the basic Exchange Server 2003 server software, the process to upgrade is the same. You need only install SP2. Q. What should I do if I have SP1 deployed?

A. When you install SP2, your environment will be upgraded to SP2. Q. What if I installed the Community Technology Preview of SP2?

A. Since the Community Technology Preview is not a supported release and is not intended for a production environment, you need to upgrade to SP2. There is no need to uninstall the Community Technology Previewsimply install SP2 directly. Q. Which devices are compatible with the new mobility features of SP2?

A. Microsoft Windows Mobilebased devices require the Messaging and Security Feature Pack for Windows Mobile 5.0. Devices and upgrades with the Messaging and Security Feature pack will be available sometime in early 2006 through major device makers (OEMs) and mobile operator partners. Contact your device maker or mobile operator for more details regarding availability, or visit the Windows Mobile Web site and learn about signing up for e-mail announcements delivered directly to you. Additionally, Exchange ActiveSync is licensed to other equipment and software manufacturers, enabling them to offer devices and applications that synchronize directly with Exchange Server. To read about Exchange ActiveSync and the devices that interoperate with Exchange Server, see the Exchange Server 2003 and Mobile Devices page. Q. How do you administer the new remote wipe feature in SP2?

A. The new remote wipe capability requires the Microsoft Exchange ActiveSync Mobile Web Administration tool, one of a collection of Web tools that will be available in late 2005. The Exchange ActiveSync Mobile Administration Web tool was created as a separate Web tool so that Help desk staff or nonExchange Server administrators can be delegated the right to manage devices. Q. Is the Microsoft Exchange Intelligent Message Filter part of SP2?

A. Yes, it is now built in to Exchange Server 2003 SP2. This new filter extends the antispam capabilities of Exchange Server 2003 to protect your messaging environment from phishing schemes and also from domain spoofing tactics through integration with the Sender ID framework. Q. Does SP2 work on Microsoft Windows Small Business Server 2003?

A. Yes. Windows Small Business Server 2003 with SP1 fully supports Exchange Server 2003 SP2. Exchange Server 2003 SP2 was tested to ensure compatibility. Q. Did the storage limit change for SP2?

A. Based on feedback from customers and because of the evolution of e-mail usage, we are increasing the storage limit for Exchange Server 2003 Standard Edition with SP2 to 75 gigabytes (GB). In order to prevent the database from growing unexpectedly after an upgrade to SP2, the limit is set to 18 GB

and can be set up to 75 GB by using a registry key. For more information about setting the limit, see the Exchange Server 2003 Help, updated during the SP2 installation. Q. Does the storage limit change apply to Windows Small Business Server 2003?

A. Yes. Windows Small Business Server 2003 users can take advantage of the storage limit changes implemented in Exchange Server 2003 SP2. Q. What should I know about certificate-based authentication for mobile devices?

A. Certificate-based authentication is likely to be unnecessary unless you have unique security needs. With the centralized device password management available in Exchange Server 2003 SP2, it is very easy to set up policies that help secure your mobile device. You should only consider certificate-based authentication when it is not possible to store logon credentials on the device. The Microsoft Exchange ActiveSync Certificate-based Authentication tool that is required for configuration will be available in early 2006. Q. Is it true that the new remote wipe feature in SP2 requires a separate tool?

A. Yes. The new remote wipe capability requires the Microsoft Exchange ActiveSync Mobile Administration Web tool. Q. What system configuration is potentially affected?

A. The only operating environments that may be affected are those with front-end servers running Exchange Server 2003 and separate back-end servers running Exchange Server 2003, Windows Server 2003, and Windows SharePoint Services 2.0. Q. Is Microsoft Windows Small Business Server 2003 affected?

A. No. Windows Small Business Server is by default a single server setup with Outlook Web Access and the Exchange Server 2003 information store on the same server. Q. Are all versions of Exchange Server and Outlook Web Access affected by this issue?

A. No. The only affected version is Outlook Web Access in Exchange Server 2003. Q. Can this occur if I did not change my default Exchange Server 2003 settings?

A. Yes. If a person has installed Windows SharePoint Services 2.0 on an Exchange Server 2003 back-end server. Q. How can I check to see if my system is affected?

A. 1. Check to see if Windows SharePoint Services 2.0 has been installed on your back-end servers running Exchange Server 2003 and Windows Server 2003 through Add/Remove Programs, or the presence of the following registry key:

HKLM \ Software \ Microsoft \ Shared Tools \ Web Server Extensions \ 6.0 \ Sharepoint = "Installed"

2. It is possible to check for the incorrectly configured IIS authentication setting, where Kerberos is explicitly disabled, by inspecting the IIS metabase on the Exchange Server back-end server, by using:

cscript.exe %SystemDrive%\inetpub\adminscripts\adsutil.vbs get w3svc/NTAuthenticationProviders

- or -

cscript.exe %SystemDrive%\inetpub\adminscripts\adsutil.vbs get w3svc/1/root/NTAuthenticationProviders

If the value returned is only "NTLM" instead of the correct value of "Negotiate, NTLM" or the default setting of "The parameter "NTAuthenticationProviders" is not set at this node.", then this may cause the problem. The term "Negotiate" is used to describe Kerberos authentication over HTTP. See the "How do I fix the problem?" section on this page for a description of how to fix this problem.

3. It is important to note that falling back to NTLM does not cause this problem unless Kerberos is explicitly disabled on the Windows Server 2003 back-end. To identify which Exchange Server back-end servers might be affected, check for the presence of this problem by looking at the application Event Log on front-end servers, where EXPROX event # 1000 will appear:

MessageId=1000Severity=WarningFacility=Application

Microsoft Exchange Server has detected that NTLM-based authentication is presently being used between this server and server 'BACK_END_SERVER_NAME'. NTLM is still a secure authentication mechanism and protects users' credentials.However, this indicates that there may be a configuration issue preventing the use of Kerberos authentication.If this condition persists, please verify that both this server and server 'BACK_END_SERVER_NAME'are properly configured to use Kerberos authentication. After applying any changes it may be necessary to restart Internet Information Services on both the front-end and back-end servers. Q. How do I fix the problem?

A. Uninstalling Windows SharePoint Services 2.0 alone will not fix the problem. To return IIS on Exchange Server back-end servers to a default state, you must re-enable and properly configure Kerberos authentication in IIS. For details on how to re-enable Kerberos authentication after installing Windows SharePoint Services 2.0, read HOW TO: Configure Windows SharePoint Services to Use Kerberos Authentication on the Help and Support site.

It is also possible to address the connection re-use problem by temporarily disabling connection re-use from the Exchange Server 2003 front-end server to the Exchange Server 2003 back-end server. Read How to Disable HTTP Connection Reuse on an Exchange Server 2003 Front-End Server on the Help and Support site for details.

Q.A.

Background InformationQ. What is Outlook Web Access?

A. Outlook Web Access is a service of Exchange Server that enables users to access their Exchange Server mailboxes through a Web browser. By using Outlook Web Access, a server that is running Exchange Server can also function as a Web site that enables authorized users to read or send e-mail messages, manage their calendar, or perform other e-mail functions over the Internet. Outlook Web Access can be deployed in an Exchange Server front-end/back-end server deployment. Q. What are front-end and back-end Exchange servers?

A. Exchange Server can be deployed in a front-end and back-end server configuration where the front-end component that serves to authenticate and proxy HTTP requests is deployed on an Exchange front-end server separate from an Exchange back-end server holding the Exchange Server Outlook Web Access functionality and information store, meaning the users' mailboxes and public folders, among other things. Q. What are Kerberos and NTLM?

A. Kerberos and NTLM are two different authentication protocols. Kerberos is the preferred Windows authentication protocol used whenever possible and is the default protocol used by Exchange Server 2003 between front-end and back-end Exchange servers for Outlook Web Access. If for some reason Kerberos authentication would fail or is disabled, Outlook Web Access would fall back to using NTLM between the front-end and back-end Exchange servers. Note that Kerberos is called "Negotiate" when used over HTTP.

Exchange Wipro-Infotech Interview Q-n-A

Q.1 What does the .edb and .stm file contain in Exchange 2000?

Answer:The .Edb File Contains All The Folders, Tables And Indexes            For Messaging Data And Mapi Messages And Attachments           The Stm File (New To Exchange 2000) Contains Internet Content In Its            Native Format. 

  Note:-  (*.Edb + *.Stm) + (*.Log) = Database

Q.2 Where is the Directory Service database stored in Exchange 5.5?

Answer: Dir.edb 

Q.3 Mention the types of Routing Group Connectors in Exchange 2000?

Answer:

A Routing Group is a collection of Exchange servers that communicate with each other directly over the same internal network or reliable connection.

When multiple Routing Groups must be created, each individual group must be connected using one of three available Exchange connection types:

Routing Group Connector This connector is the default connector type. It can be used to connect a single or multiple Exchange bridgehead server for load balancing of message traffic.

SMTP Connector The SMTP connector uses the Simple Mail Transport Protocol to connect and communicate with remote Routing Groups, non-Exchange mail systems, and the Internet mail host.

X.400 Mail Connector Limited to a single local and remote host, the X.400 connector is primarily designed for communications between Exchange Server 2003 and X.400 mail systems.

Mixed Mode

When Exchange Server 2003 is in a mixed environment, Routing Groups can consist of only servers that had been installed directly into the Administrative Group where the Routing Group resides. Additional servers from other Administrative Groups cannot be added to the Routing Group.

Native Mode

After the functional level has been raised to Native Mode, Exchange servers can be managed and moved between Routing Groups.

Also, Routing Groups in a single Administrative Group can contain servers from other Administrative Groups.

Q.4 What are the features of Active Directory in Windows 2000?

Answer: Features of Active Directory in Windows 2000 Can be Categorised as

      Manageability :-Centralized Management, Group Policy, Global Catalog,IntelliMirror Desktop Management,      Automated Software Distribution, Active Directory Service Interfaces, Backward Compatibility,      Delegated Administration,Multi-Master Replication

       Security       :-Kerberos Authentication, Smart Card Support, Transitive Domain Trust,PKI/x.509,LDAP over SSL,      Required Authentication Mechanism ,Attribute-Level Security, Spanning Security Groups,LDAP ACL Support

     Interoperability:-DirSync Support, Active Directory Connectors, Open APIs,Native LDAP,DNS Naming, Open Change History,   DEA Platform, DEN Platform, Extensible Schema

Q.5 What are the features of Exchange 2003 over Exchange 2000?

Answer:- Better Anti-spam tools - comprehensive set of filters   Improved Queue management  Smoother integration with IIS  Enhanced OWA.  Now includes a spell checker and X509 certificates  Outlook Mobile Access (OMA), which functions like OWA for devices  Cached replication of Outlook 2003.  Cached mode creates a local data file  that Outlook uses for all foreground activity. It  then contacts the  Exchange server in the background. Volume Shadow Copy Service for Database Backups/Recovery  Mailbox Recovery Center  Recovery Storage Group  Front-end and back-end Kerberos authentication  Distribution lists are restricted to authenticated users  Queues are centralized on a per-server basis  Move log files and queue data using Exchange System Manager  Multiple Mailbox Move tool  Dynamic distribution lists  1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager)  Deployment and migration tools  

Q.7 How to restore Group policies?

Answer:-

A GPO is a container for policies that are applied on a domain. When you configure a domain, the domain creates a Default Domain Policy for itself. Each GPO that you create has a GUID. When you create a new user-defined GPO, the %SystemRoot%\Sysvol folder contains a folder that has the GUID as its name. This folder represents the newly created GPO. If you accidentally delete a GPO, the corresponding folder is automatically removed from the Sysvol folder. Back up the system state every day so that you can restore the policy files if you accidentally delete the GPO.

Method 1: Copy all the old policy files to a new GPO

To copy all the old policy files to a new GPO, follow these steps.

Note To copy files from the old GPO to a new GPO, you must have the most recent system state backup that contains the Sysvol folder and the old GPO. Also, you must know the GUID of the old GPO.

1. Restore the system state to an alternative location. To do this, follow these steps:

a. Restart the computer.

b. After the basic input/output system (BIOS) information is displayed, press F8.

c. Use the DOWN ARROW key to select Directory Services Restore Mode (Windows 2000 domain controllers only), and then press ENTER.

d. Use the UP ARROW key or the DOWN ARROW key to select your computer, and then press ENTER.

e. Log on by using your administrative name and password.

f. Create a temporary folder in the %SystemDrive% folder.

g. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

h. Click the Restore tab.

i. Click the appropriate backup media.

j. To restore the system state, click to select the System State check box.

k. In the Restore Files to box, click Alternate location.

l. Click Browse, select the temporary folder, and then click OK.

m. Click Start Restore.

n. When the restore process is complete, restart your computer in normal mode.

2. Use Active Directory Users and Computers to create a new GPO. To do this, follow these steps:

a. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

b. Right-click the appropriate domain name, and then click Properties.

c. Click the Group Policy tab.

d. Click New to create a new GPO.

e. Rename the new GPO, and then click Properties.

f. Notice the GUID for the newly created GPO, and then click OK.

g. Click Close.

h. Close Active Directory Users and Computers.

3. Copy all the policy files from the temporary folder to the newly created GPO. To do this, follow these steps:

a. Open the temporary folder that contains the restored system state data, and then locate the following folder: Sys Vol\SystemDriveLetter\Winnt\Sysvol\Domain\Policies

b. Locate the GUID for the GPO that you want to copy policy files from.

c. Copy all the policy files from the old GPO.

d. Locate the GUID for the newly created GPO in the following folder: %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies

e. After you locate the new GPO, replace all the files in the new GPO with the old GPO policy files.

f. Restart your computer.

Q.8 What is the function of NNTP service in Exchange 2000?

Answer:-While installing Exchange 2000, the system creates a default Network News Transfer Protocol (NNTP) virtual  server. You can use this virtual server to house a feed from other newsgroups  This Default NNTP virtual server can be used to create feeds to a Public Folder for storage (Internet Newsgroups).  For other storage media (either a file system or remote share), you must create a new virtual server.  Network News Transfer ProtocolBecause Network News Transfer Protocol (NNTP) is growing in popularity, it would be wise for us to take a brief look at the architecture of this protocol. We'll then discuss the more pragmatic aspects of administering NNTP on your network.NNTP ArchitectureNNTP specifies a way to distribute, query, retrieve, and post news articles on the Internet. A client wanting to retrieve a subset of articles from the database is called a subscriber. NNTP allows a subscriber to request a subset of articles rather than requiring the retrieval of all articles from the database. Before NNTP was developed, two methods of distributing news items were popular: Internet mailing lists and the Usenet news system.An Internet mailing list, commonly known as a list server, distributes news by the use of distribution e-mail lists. A subscriber sends a message to the distribution list, and the message is e-mailed to all of the members of the list. But sending a separate copy of an e-mail to each subscriber can consume a large amount of disk space, bandwidth, and CPU resources. In addition, it can take from several minutes to several hours for the message to be fully distributed, depending on the size of the list and the physical resources available to propagate it. Maintaining the subscriber list also involves significant administrative effort, unless a third-party program is used to automate this function.Storing and retrieving messages from a central location instead of sending an email to each subscriber can significantly reduce the use of these resources. The Usenet news system provides this alternative. In addition, Usenet allows a subscriber to select only those messages he or she wants to read and also provides indexing, cross-referencing, and message expiration.NNTP is modeled on the Usenet news specifications in RFC 850, but it is designed to make fewer demands on the structure, content, and storage of the news articles. It runs as a background service on one host and can accept connections from other hosts on the LAN or over the Internet.When a subscriber connects to an NNTP server, the subscriber issues the NEWSGROUPS command to determine whether any new newsgroups have been created on the server. If so, the server notifies the subscriber and gives the subscriber the opportunity to subscribe to the new newsgroups. After this, the subscriber is connected to the desired newsgroup and can use the NEWNEWS command to ask the server whether any new articles have been posted since the subscriber's last connection. The subscriber receives a list of new articles from the server and can request transmission of some or all of those articles. Finally, the subscriber can either reply to a news article or post a new article to the server by using the POST command.NNTP uses TCP for its connections and SMTP-like commands and responses. The default TCP port for NNTP is 119. An NNTP command consists of a command word followed in some cases by a parameter, and commands are not case sensitive. Each line can contain only one command and may not exceed 512 characters, including spaces, punctuation, and the trailing CR–LF (carriage return/line feed) command. Commands cannot be continued on the next line.Responses from the server can take the form of a text response or a status response. Text responses are displayed in the subscriber's client program, whereas status responses are interpreted by the client program before any display occurs.

 

Q.9.What is Recepient Update Service in Exchange 2000?

Answer:- Recipient Update Service (RUS) is a very important component in your Exchange installation, it is RUS that is  responsible for updating address lists and email addresses in your Active Directory        

 Default Exchange organization will have two RUS objects 

 (a) Enterprise Configuration RUS :-responsible for the updating of the email addresses for the                                                  system objects such as the MTA & System Attendant.

  (b) Domain RUS :-responsible for the updating of the address information for recipient objects    in the domain that it is responsible for

 

Q.10 The function of the Default SMTP Virtual Server in Exchange 2000?

Answer:-

SMTP virtual server plays a critical role in mail delivery.SMTP virtual servers provide the Exchange mechanisms for managing SMTP. the default SMTP virtual server sends messages within a routing group. Additionally, if the server is a domain controller, Active Directory uses this virtual server for SMTP directory replication . An SMTP virtual server is defined by a unique combination of an IP address and port number. The default SMTP virtual server uses all available IP addresses on the server and uses port 25 for inbound connections. A single physical server can host many virtual servers.

1.What are the system folders?

SUMMARYBy default, system folders are not displayed within the Exchange 2000 System Manager. You must explicitly choose to view system folders. Exchange 2000 System Folders include EForms Registry, Events Root, Nntp Control Folder, Offline Address Book, Schedule+ Free Busy, StoreEvents and System Configuration folders.

MORE INFORMATIONTo view system folders:

For Exchange 2000 in Native Mode

1. Start Exchange System Manager.

2. Expand Folders.

3. Click Public Folders.

4. Right-click Public Folders, and then click View System Folders.

For Exchange 2000 in Mixed Mode

1. Start Exchange System Manager on the Exchage 2000 Server.

2. At Site Level, under Administrative Groups, click to expand the Folders Container.

3. Right-click Public Folders, and then click View System Folders

FAQs (that mostly asked by interviewee if you are giving interview for the post of sys admin)  1. Global catalog and how do u create and why it is required 

2. FSMO roles, command and why to seize or transfer FSMO roles 3. AD site and services 4. Ntdsutil command and its use. 5. AD replication and DC responsibilities. 6. Replmon command 7. Ldp.exe command 8. Authorative and non-authorative restoration of AD. 9. AD database file, trasaction log files and its location

Question :- Can anybody explain me the full text indexing feature in details?? ... if i enable it...can it affect my normal setup??..... Answer :- The information store creates and manages indexes for common key fields for faster lookups and searches. When you enable full-text indexing, the index is built before the client search, thus permitting faster searches. Full-text indexing makes it easy for Outlook users to search for documents, including text attachments, in the information store. Each information store can be indexed individually for flexibility. Property promotion allows for advanced searches on any document property, such as Author, Lines, or Document Subject . When Exchange stores a document in a supported file type, the document's properties are automatically parsed and promoted to the information store. Hence, the properties become a part of the document's record in the database. Searches can then be performed on these properties. This feature offers outstanding flexibility. You can build your indexes around those attributes that are most important in your document management structure and expose those attributes for fast searches to your clients.

The index is word-based, not character-based. This characteristic means that if a user performs a search for the word "admin," only those documents that have the word "admin" will be returned. The word "administrator" will not be identified as a match. Both the message and attachments can be indexed. Binary attachments and

document properties are not indexed. Not all file types are indexed either; the following documents are the only types that are indexed:

Word documents (*.doc) Excel documents (*.xls) PowerPoint documents (*.ppt) HTML documents (*.html, *.htm, *.asp) Text files (*.txt) Embedded MIME messages (*.eml)

Indexing is provided by the Microsoft Search service. Both the information store service and the search service must be running for the index to be created, updated, or deleted. Depending on the size of your store, completing a full index could take hours. Therefore, it's best to have this activity occur at a time when your server will be underutilized. Remember that indexing consumes about 20 percent of the disk space of your database. Also, individual indexes cannot be backed up; they must be backed up at the server level. Finally, even though multiple instances of a message might be held in the database, the message is indexed only once. This single-instance message indexing results in smaller indexes that can be created more quickly.

 

Scheduled updates allow granular control over when the index is updated. The advantage of scheduling the index update is that it can be planned for off-peak hours when the server is not heavily accessed by users. The disadvantage is that the index can become out-of-date over the course of a day. However, this may not be a big problem, since most users search for documents that were received and indexed more than 24 hours before the search. Try to schedule your updates to occur at least once each day.

Automatic updates will keep the index up-to-date. Changes to documents are queued for a short period of time, and then the index is updated. All changes that are made during the wait period are incorporated into the index as a batch job. The disadvantage of automatic updates is that you cannot control when server resources are used to perform the index update. If your store is becoming increasingly busy—meaning that an increasing number of documents are being posted, deleted, or changed—the server will expend more resources to keep the index up-to-date. It's best to configure automatic indexing on stores in which

documents change infrequently, or on servers that are not heavily used for purposes other than document management and indexing.

Partition Table Doctor is the only real software for hard disk partitions recovery when you experience a drive

error (other than hardware failure) this versatile tool automatically checks and repairs the Master Boot Record,

partition table, and the boot sector of the partition with an error, to recover the

FAT16/FAT32/NTFS/NTFS5/EXT2/EXT3/SWAP partition on IDE/ATA/SATA/SCSI hard disk drives. It can create

an emergency floppy disk or a bootable CD to recover the bad partition even if your operating system fails to

boot. Partition Table Doctor manager for MS-DOS, Freedos, Windows 95/98/Me, Windows NT 4.0, Windows

2000,Windows XP and Windows 2003.

 

Balder MultiBoot 1.82 Unlimited Users Licensed - Relatively old, but really great software and... a "charming"

patch by BetaMaster!

Password:

BM182uUls0ul

Balder Multiboot is the ideal tool for the system admin. It allows you to make customized installs of Windows

NT based operating systems and is very easy to use. You will save a huge amount of time deploying operating

system installs.

You can have up to 24 operating systems on one CD or DVD and our program uses a special optimization,

saving possibly huge amounts of space so you can have multiple operating systems on CD/DVD’s.

Inbuilt CD/DVD writing assures that it is quick and easy to burn your ISO image onto a CD/DVD!

You can integrate hotfixes, drivers, software installs and unattended scripts to your installs as well as

slipstreaming hotfixes, SCSI/RAID drivers and service packs.

Integrated drivers and software installs apply to all operating systems so you don’t need to add them more than

once. For integrated software installs you have the ability to select what software installs should be installed to

each operating system with the help of checkboxes and in what.

Other features include backup and the ability list the drivers and updates on your local machine and any

networked machines. You can make driver packages of the drivers found and search the internet for information

and/or downloads for all the updates found. Many other features and tools are available as well.

More info: Code:

http://www.balder.ms/multiboot/

PC Diagnostic Software

A feature-rich set of testing routines

Micro-Scope is the top rated pc diagnostic by computer technicians throughout the industry. Micro-Scope was

the first PC diagnostic to run under its own operating system allowing the technician to get in and perform pc

diagnostics on any Intel compatible system without misleading results coming from O/S calls or drivers. With

Micro-Scope, PC diagnostics have been taken to a new level of accuracy.

Diagnostic routines include memory diagnostics with tests for cache memory, extended memory and expanded

memory, hard drive diagnostics, multimedia testing, motherboard diagnostics including CPU, NPU, RTC, CMOS

and DMA controllers, port diagnostics and modem diagnostics.

All diagnostic tests including hard drive testing and memory testing can be run individually, or combined in a

looped batch mode for burn-in testing or diagnosing intermittent problems. And in a product called the

Universal Diagnostic Toolkit, Micro-Scope is combined with Post-Probe, a post reader card for

troubleshooting 'dead' PCs.

 Tune-Up Utilites 2004

The Swiss army knife for your PC. TuneUp Utilities 2004 optimizes the performance of your computer, solves

problems and helps you to customize your system to suit your needs. Extend your operating system's

capabilities: -With TuneUp Utilities 2004, you can make Windows faster, more secure and comfortable. All

important aspects of system configuration, setting up security, cleaning and maintenance are combined under a

modern graphical user interface. Your TuneUp Utilities advantages: -Personalizes your Windows desktop -Frees

your system of unnecessary clutter -Improves the performance of your PC -Accelerates your internet connection

-Defragments your registry -Frees up system memory -Gives tips about hardware and software -Displays

detailed system information -Recovers accidentally deleted files -Destroys sensitive information.

 

Bandwidth Controller v0.31b

Code:

Limit bandwidth using these powerful features Individual and group filtering Limit the speed of a single client to

match their specific requirements. You can also limit entire groups of clients with a single filter. Protocol and port

filtering Control data depending on the protocol and ports being used. This allows you to individually limit IP,

TCP, UDP, HTTP, FTP, Peer-to-Peer and various other types of traffic. Guaranteed bandwidth levels Provide a

guaranteed service level to specified clients and protocols. During times of high network congestion, these

clients will receive a steady stream of bandwidth Priority levels Give high priority traffic all the bandwidth it needs

by assigning it a higher priority level. This is useful for protocols like VOIP (Voice Over IP) where small network

interruptions have a significant effect on the users and much much more...

Both Passware Kit and Passware Kit Enterprise include the following

password recovery modules: 1-2-3 Key, Acrobat Key, ACT Key, Backup

Key, FileMaker Key, Internet Explorer Key, Mail Key, Money Key, MYOB

Key, OneNote Key, Organizer Key, Outlook Express Key, Paradox Key,

Peachtree Key, PowerPoint Key, Quattro Pro Key, QuickBooks Key,

Quicken Key, RAR Key, Schedule Key, WordPerfect Key, WordPro Key and

Zip Key.

 Windows Admin Scripting Little Black Book, Second Edition

This book shows Windows XP and 2003 users and administrators how to perform Windows management and

administrative tasks using powerful scripts for just about every important task imaginable.

http://softdoc.by.ru/books/Windows_Admin_Scripting.rar

Eset's NOD32 Antivirus System is the only product in the world that has not missed a single In the Wild virus

in any test by Virus Bulletin since May 1998. NOD32 Antivirus System provides well balanced, state-of-the-art

protection against threats endangering your PC and enterprise systems running various platforms from Microsoft

Windows 95 / 98 / ME / NT / 2000 / 2003 / XP, through a number of UNIX/Linux, Novell, MS DOS operating

systems to Microsoft Exchange Server, Lotus Domino and other mail servers. Viruses, worms, trojans and other

malware are kept out of striking distance of your valuable data. Advanced detection methods implemented in the

software even provide protection against the future threats from most of the new worms and viruses. The fourth

generation of the NOD32 Antivirus System features a fully integrated software suite characterized by an

unprecedented detection track record, the fastest scanning rates and extremely low utilization of system

resources.

 Remove Toolbar Buddy is a essential utility to delete unwanted toolbars and other Internet Explorer add-ons

such as buttons, menus and browser helper objects. Remove Toolbar Buddy backups configuration data so you

can roll back all changes at any time.

 

 

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS

(EFS) partitions created in Windows 2000, Windows XP and Windows Server 2003. Files are being decrypted

even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys have

been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR

effectively (and instantly) decrypts the files protected under all versions Windows Server 2003 (Standard and

Enterprise), Windows XP (including Service Packs 1 and 2) and Windows 2000 (including Service Packs 1, 2, 3

and 4).  

 VMware Workstation works by enabling multiple operating systems and their applications to run concurrently

on a single physical machine. These operating systems and applications are isolated in secure virtual machines

that co-exist on a single piece of hardware. The VMware virtualization layer maps the physical hardware

resources to the virtual machine's resources, so each virtual machine has its own CPU, memory, disks, I/O

devices, etc. Virtual machines are the full equivalent of a standard x86 machine. VMware Workstation enables

enterprise software developers to develop and test the most complex networked server-class applications

running on Windows, Linux or NetWare all on a single desktop.

 Exchange POP3 Connector POPcon

POPcon Exchange POP3 Connector connects your POP3 mailboxes to your Exchange Server™.

POPcon periodically downloads your emails from POP3 mailboxes and distributes them to exchange mailboxes

according to the recipient information found in the mail headers. It supports multiple domains and multiple POP3

mailboxes of both single-drop and multi-drop type. Best of all: POPcon Exchange POP3 Connector is licensed

on a low per-server basis with no additional fees for users or mailboxes.

1. What is PCI bus (Peripheral Component Interconnect Bus).

Short for Peripheral Component Interconnect, a local bus standard developed by Intel Corporation. Most modern PCs include a PCI bus in addition to a more general ISA expansion bus. PCI is also used

on newer versions of the Macintosh computer.

PCI is a 64-bit bus, though it is usually implemented as a 32-bit bus. It can run at clock speeds of 33 or 66 MHz. At 32 bits and 33 MHz, it yields a throughput rate of 133 MBps.

2. What is cache (Internal & External ) memory.

Cache memory is random access memory (RAM) that a computer microprocessor can access more quickly than it can access regular RAM. As the microprocessor processes data, it looks first in the cache memory and if it finds the data there (from a previous reading of data), it does not have to do the more time-consuming reading of data from larger memory.

Cache memory is sometimes described in levels of closeness and accessibility to the microprocessor. An L1 cache is on the same chip as the microprocessor. (For example, the PowerPC 601 processor has a 32 kilobyte level-1 cache built into its chip.) L2 is usually a separate static RAM (SRAM) chip. The main RAM is usually a dynamic RAM (DRAM) chip.

In addition to cache memory, one can think of RAM itself as a cache of memory for hard disk storage since all of RAM's contents come from the hard disk initially when you turn your computer on and load the operating system (you are loading it into RAM) and later as you start new applications and access new data. RAM can also contain a special area called a disk cache that contains the data most recently read in from the hard disk.

Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.

A memory cache, sometimes called a cache store or RAM cache, is a portion of memory made of high-speed static RAM (SRAM) instead of the slower and cheaper dynamic RAM (DRAM) used for main memory. Memory caching is effective because most programs access the same data or instructions over and over. By keeping as much of this information as possible in SRAM, the computer avoids accessing the slower DRAM.

Cache memory is random access memory (RAM) that a computer microprocessor can access more quickly than it can access regular RAM. As the microprocessor processes data, it looks first in the cache memory and if it

finds the data there (from a previous reading of data), it does not have to do the more time-consuming reading of data from larger memory.

Cache memory is sometimes described in levels of closeness and accessibility to the microprocessor. An L1 cache is on the same chip as the microprocessor. (For example, the PowerPC 601 processor has a 32 kilobyte level-1 cache built into its chip.) L2 is usually a separate static RAM (SRAM) chip. The main RAM is usually a dynamic RAM (DRAM) chip.

In addition to cache memory, one can think of RAM itself as a cache of memory for hard disk storage since all of RAM's contents come from the hard disk initially when you turn your computer on and load the operating system (you are loading it into RAM) and later as you start new applications and access new data. RAM can also contain a special area called a disk cache that contains the data most recently read in from the hard disk.

3. What type of modems are there.

(mō´dem) (n.) Short for modulator-demodulator. A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog waves. A modem converts between these two forms.

Fortunately, there is one standard interface for connecting external modems to computers called RS-232. Consequently, any external modem can be attached to any computer that has an RS-232 port, which almost all personal computers have. There are also modems that come as an expansion board that you can insert into a vacant expansion slot. These are sometimes called onboard or internal modems.

4. What is RAID and its types and mirroring.

(rād) Short for Redundant Array of Independent (or Inexpensive) Disks, a category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers but aren't generally necessary for personal computers.

There are number of different RAID levels:

Level 0 -- Striped Disk Array without Fault Tolerance: Provides data striping (spreading out blocks of each file across multiple disk drives) but no redundancy. This improves performance but does not deliver fault tolerance. If one drive fails then all data in the array is lost. Level 1 -- Mirroring and Duplexing: Provides disk mirroring. Level 1 provides twice the read transaction rate of single disks and the same write transaction rate as single disks. Level 2 -- Error-Correcting Coding: Not a typical implementation and rarely used, Level 2 stripes data at the bit level rather than the block level. Level 3 -- Bit-Interleaved Parity: Provides byte-level striping with a dedicated parity disk. Level 3, which cannot service simultaneous multiple requests, also is rarely used. Level 4 -- Dedicated Parity Drive: A commonly used implementation of RAID, Level 4 provides block-level striping (like Level 0) with a parity disk. If a data disk fails, the parity data is used to create a replacement disk. A disadvantage to Level 4 is that the parity disk can create write bottlenecks.

Level 5 -- Block Interleaved Distributed Parity: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance. Level 5 is one of the most popular implementations of RAID. Level 6 -- Independent Data Disks with Double Parity: Provides block-level striping with parity data distributed across all disks. Level 0+1 – A Mirror of Stripes: Not one of the original RAID levels, two RAID 0 stripes are created, and a RAID 1 mirror is created over them. Used for both replicating and sharing data among disks. Level 10 – A Stripe of Mirrors: Not one of the original RAID levels, multiple RAID 1 mirrors are created, and a RAID 0 stripe is created over these. Level 7: A trademark of Storage Computer Corporation that adds caching to Levels 3 or 4. RAID S: EMC Corporation's proprietary striped pairty RAID system used in its Symmetrix storage systems.

Mirroring

Mirroring involves having two copies of the same data on separate hard drives or drive arrays. So basically the data is effectively mirrored on another drive. The system basically writes data simultaneously to both hard drives. This is one of the two data redundancy techniques used in RAID to protect from data loss. The benefit is that when one hard drive or array fails, the system can still continue to operate since there are two copies of data. Downtime is minimal and data recovery is relatively simple. All you need to do is rebuild the data from the good copy.

The following diagram illustrates how mirroring actually works. Of course, this is a simplified diagram. A, B, and C are separate files that reside on each disk. Disk 1 and 2 in this diagram don't necessarily have to be disks themselves. They can be arrays of drives. The main thing to remember here is that the RAID controller writes the same data blocks to each mirrored drive. Each drive or array has the same information in it. You can even add another level of complexity by introducing striping, which will be discussed shortly. I'm not going to get into what striping is now if you're not familiar with it, but just know it increases performance. If you have one striped array, you can mirror the array at the same time on a second striped array. It can get very complicated. To set up mirroring the number of drives will have to be in the power of 2 for obvious reasons.

The drawback here is that both drives are tied up during the writing process which limits parallelism and can hurt performance. In contrast, mirroring has a performance increase when dealing with reads. A good RAID controller will only read from one of the drives since the data on both are the same. While the other is used to read, the free drive can be used for other requests. This increases parallelism, which is pretty much the concept behind the performance increase of RAID.

Mirroring may seem like a good solution to ensure the safety of data. However, the trade off here is the cost and wasted space involved with having two copies of the same data. You will need twice as much storage space to mirror the data. It can be cost effective for some applications where downtime can mean the downfall of a company or even loss of human life. Most of the time, however, it might not be worth it. Data might not be that critical to warrant spending twice as much on storage. The alternative to mirroring is parity, which is what the next section deals with.

5. How motherboard communicate with OS (through I/O port & IRQS)

An IRQ (Interrupt ReQuest) is a physical connection on the motherboard through which a piece of hardware communicates with the CPU and the OS; the CPU responds through an I/O (input/output) memory address. The so-called Standard IRQ assignments date back to the early days of DOS and Windows 3.x.

In the bad old days, IRQs had to be assigned manually, either by means of physical switches, jumpers, or with software. Even now, you may occasionally have to assign an IRQ manually.

6. Difference between FAT16, Fat32 & NTFS

FATFile Allocation Table. A disc filing system used by Windows to establish the 'layout' of your hard drive. There are two different types of FAT: FAT16 and FAT32, differentiated by the fact that FAT16 is 16-bit and FAT32 is 32-bit. In essence, FAT16 gives faster disc access, while FAT32 delivers more space due to the smaller minimum data cluster size.

7. Tell something on TCPIP / OSI Model (ISO).

Summary: TCP and IP were developed by a Department of Defense (DOD) research project to connect a number different networks designed by different vendors into a network of networks (the "Internet"). It was initially successful because it delivered a few basic services that everyone needs (file transfer, electronic mail, remote logon) across a very large number of client and server systems. Several computers in a small department can use TCP/IP (along with other protocols) on a single LAN. The IP component provides routing from the department to the enterprise network, then to regional networks, and finally to the global Internet. On the battlefield a communications network will sustain damage, so the DOD designed TCP/IP to be robust and automatically recover from any node or phone line failure. This design allows the construction of very large networks with less central management. However, because of the automatic recovery, network problems can go undiagnosed and uncorrected for long periods of time.

As with all other communications protocol, TCP/IP is composed of layers:

IP - is responsible for moving packet of data from node to node. IP forwards each packet based on a four byte destination address (the IP number). The Internet authorities assign ranges of numbers to different organizations. The organizations assign groups of their numbers to departments. IP operates on gateway machines that move data from department to organization to region and then around the world.

TCP - is responsible for verifying the correct delivery of data from client to server. Data can be lost in the intermediate network. TCP adds support to detect errors or lost data and to trigger retransmission until the data is correctly and completely received.

Sockets - is a name given to the package of subroutines that provide access to TCP/IP on most systems.

There are three levels of TCP/IP knowledge

1. The IP address assigned to this personal computer 2. The part of the IP address (the subnet mask) that distinguishes other machines on the same

LAN (messages can be sent to them directly) from machines in other departments or elsewhere in the world (which are sent to a router machine)

3. The IP address of the router machine that connects this LAN to the rest of the world.

8. What is the difference between switch and Hub.

A hub is a fairly simple device that connects the computers. If we use the example of a phone system, it is like a constant conferance call. Every one can talk and listen to every one else, and if I speak to Jack, Jerry can here what I say, even if he does not care about what I am talking about. Everyone must take turns speaking.

With a switch however, things are more controled and it is more like the way the phone works most of the time. If you want to talk to someone, you dial their number, and if they are not screening their calls (to avoid you...) they answer and you can talk.

The switch keeps track of the MAC addresses of all the computers that are connected to it and when one computer wants to talk to another, the switch transfers the data between the two. I think the switch also allows other computers to also talk to each other at the same time.

While most people may never know the difference, it is always better to have a switch than a hub, and for some environsments where there is a LOT of network traffic it can really help quite a bit (no pun intended).

Gateway:  Connects two different data protocols.  A cable modem or DSL modem are gateways.  In the cable modem example, the coax cable is converted to a CAT5 ethernet cable, and a DSL modem converts a telephone cable to CAT5

Routers:  Routers connect two different subnets together, allowing the ability for different networks under different domains to talk.  A network with a 255.255.255.0 subnet can talk to a 255.255.254 subnet via the router.

Hubs:  Split the network connection x amount of ways.  For example, a 20 port hub will literally switch one connection 20 ways.  The problem?  Packet collisions.  There are revisions to fix this as set forth in the IEEE 802.3 standard

Switches:  Smart hubs with memory, processors, and little operating systems.  Switches recognize what device is broadcasting what.  If a computer makes a request, say an internet page, the switch will grab the page and send it to the proper computer, not all.  Also, switches are MAC address oriented while routers, hubs, and gateways are all IP address based.

9. What is Domain

A domain in AD is nothing but logical grouping of objects like users, computers, printers, O.U.

Active DirectoryA network service that identifies all resources on a network and makes them accessible to users and applications. Resources include e-mail addresses, computers, and peripheral devices such as printers. Ideally, the directory service should make the physical network topology and protocols transparent so that a user on a network can access any resource without knowing where or how it is physically connected.

There are a number of directory services that are used widely. Two of the most important ones are LDAP, which is used primarily for e-mail addresses, and Netware Directory Service (NDS), which is used on Novell Netware networks. Virtually all directory services are based on the X.500 ITU standard, although the standard is so large and complex that no vendor complies with it fully.

Directory SERVICE IN NT

A directory service is an important part of a distributed computing environment that provides a way to locate and identify the users and resources available in the system. In its simplest form, directory services are like the white pages of a telephone book: Using specific input (a person's name), a user can receive specific output (a person's address and telephone number). Directory services also provide the functionality of the yellow pages-using general input (that is, where are the printers?), a user can receive a browsable listing of printer resources.

Windows NT Directory Service in version 4.0 accommodates a larger number of objects. Previously, the recommended maximum number of trusted domains was 128. In Windows NT Server 4.0, the Local Security Authority component has been enhanced to allow a greater number of trusted domains and to allow that number to scale with server memory.

10. What do you know about ADC

Active Directory Concepts

Active Directory has several components that work together to provide a complete directory service. They are as under :

Objects and Attributes : In ADS every component is called as Objects and every objects as some Attributes. Eg. users, computer, printers are called as objects and properties related to it is called as Attributes

Class : A Class is nothing but a container or a object containing sub objects like Forest, Tree, Domain, O.U. etc.

Schema : Schema in nothing but a structure which define what objects and their attributes can be stored in ADS. When a domain is setup it contains a default schema know as DIT (Directory Information Tree). There are over 140 predefines classes and over 840 attributes stored in DIT. SCHMMGMT.MSC is used to view the schema of ADS

Domains : A domain in AD is nothing but logical grouping of objects like users, computers, printers, O.U.

Trees : They are logical grouping of Domains and Sub-Domains under a single hiraracery.

Forest : They are logical grouping of Trees having multiple namespace.

Organisation Unit : It is a sub-division of domain into multiple logical classes by administration for easy administration and management of objects in a container.

Domain Controller : DC is an object or Computer which runs Windows 2000 Serve Operating Systems and which maintains a copy of AD. In a domain we can have multiple DCs according to our requirement.

Global Catalog : GC is called as index file which helps to find objects in a large ADS. It is maintained by DC. When a users logs on the a machine the GC searches for object match and send the object query to the specific domain.

11. Explain DNS, WINS DHCP.

TCP/IPTransmission Control Protocol/Internet Protocol (TCP/IP) is the most popular protocol, and the basis for the Internet. Its routing capabilities provide maximum flexibility in an enterprise-wide network. On a TCP/IP network, you must provide IP addresses to clients. Clients may also require a naming service or a method for name resolution like DNS or WINS. Every computer on a TCP/IP network must have a unique computer name and IP address. The IP address (together with its related subnet mask) identifies both the host computer and the subnet to which it is attached. TCP/IP address composed of 32 bit IP address from range of 0.0.0.0. to 255.255.255.255.

DNSThe Domain Name System (DNS) is an Internet and TCP/IP standard name service. The DNS service enables client computers on your network to register and resolve DNS domain names to IP address.

DHCPDynamic Host Configuration Protocol (DHCP) is a TCP/IP standard for simplifying management of host IP configuration. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other related configuration details to DHCP-enabled clients on your network.When you move a computer to a different subnet, the IP address must be changed. DHCP allows you to dynamically assign an IP address to a client from a DHCP server IP address database on your local network:

WINSWindows Internet Name Service (WINS) provides a dynamic replicated database service that can register and resolve NetBIOS names to IP addresses used on your network. Windows 2000 Server provides WINS, which enables the server computer to act as a NetBIOS name server and register and resolve names for WINS-enabled client computers on your network as described in the NetBIOS over TCP/IP standards.

12. How do you do trust relationship between 2 or domains in NT

Trust Relationships

A trust relationship is a link between two domains in which the trusting domain honors the logon authentication of the trusted domain. Active Directory supports two forms of trust relationships

Types of Trust• Implicit two-way transitive trust• Explicit one-way non-transitive trust

Implicit two-way transitive trust. A relationship between parent and child domains within a tree and between the top-level domains in a forest. This is the default; trust relationships among domains in a tree are established and maintained implicitly (automatically). Transitive trust is a feature of the Kerberos authentication protocol, which provides the distributed authentication and authorization in Windows 2000. Transitive trust between domains eliminates the management of interdomain trust accounts. Domains that are members of the same tree automatically participate in a transitive, bidirectional trust relationship with the parent domain. As a result, users in one domain can access resources to which they have been granted permission in all other domains in a tree.

ExampleA Kerberos transitive trust simply means that if Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A trusts Domain C. As a result, a domain joining a tree immediately has trust relationships established with every domain in the tree. These trust relationships make all objects in the domains of the tree available to all other domains in the tree.

Example of Trust Relationship

Explicit one-way nontransitive trust. A relationship between domains that are not part of the same tree. A nontransitive trust is bounded by the two domains in the trust relationship and does not flow to any other domains in the forest. In most cases, you must explicitly (manually) create nontransitive trusts. A one-way, nontransitive trust is shown where Domain C trusts Domain 1, so users in Domain 1 can access resources in Domain C. Explicit one-way nontransitive trusts are the only form of trust possible with

• A Windows 2000 domain and a Windows NT domain• A Windows 2000 domain in one forest and a Windows 2000 domain in another forest. • A Windows 2000 domain and an MIT Kerberos V5 realm, allowing a client in a Kerberos

realm to authenticate to an Active Directory domain in order to access network resources in that domain

13. What is the use of host & lmhost file and what does it contain

HOST FILE

The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

Try to locate any existing hosts file on your computer:

Windows 95/98/Me c:\windows\hosts

Windows NT/2000/XP Pro  c:\winnt\system32\drivers\etc\hosts

Windows XP Home c:\windows\system32\drivers\etc\hosts

Benefits of the Hosts File:

(1.) Uses less resources:

By using a function built into your computer, you will be able to block advertising sites (or any other site you wish) without the need for any extra programs. This will cut down on memory and processor usage, which will free up your resources for other tasks.

 

(2.) Works on connections other than HTTP:

Most ad-blocking programs will only intercept IP calls going to the HTTP (or web) port on your computer. Other transfers can still get through. The Hosts file, however, will block IP calls on any port, whether it is HTTP, FTP, or whatever else you happen to be doing.

 

(3.) Eliminate many tracking and privacy concerns:

By intercepting the IP calls before they ever leave your computer, the Hosts file can prevent advertising and tracking companies from ever even knowing you are viewing a web page. This will keep them from profiling you and help you keep your privacy. All sites in the Hosts file entered with a 127.0.0.1 address will never be accessed. Sites that are not in the Hosts file may still track you and send you ads. See the notes section for more information.

To find out which advertisers may be tracking you, please visit this excellent web site.

 

(4.) The Hosts file is configurable:

Rather than relying on others to decide what sites to block for you, you may edit the Hosts file entirely on your own. This means you can put any site you wish into the Hosts file and that site will not be able to be accessed. You can use this to block advertisers, trackers, or sites you would not want your small children to see. You get to decide entirely what you wish to block, and you don't have to depend on someone else's judgement!

 

(5.) Increased browsing speed:

By placing sites into your Hosts file with their correct addresses, your computer does not need to ask another computer where to find a site. This can significantly speed up your surfing experience because your computer will go straight to that site instead of having to ask directions. Also, by keeping ads from being loaded using the blocking technique in the Hosts file, web pages will be viewable much more quickly since they won't have to load a lot of fancy graphics.

 

Some restrictions on the Hosts file:

(1.) It will not work with wildcards, such as *.whateveryouwantgoeshere.com.

 

(2.) It will not work with URL's that begin with IP numbers.

IP numbers are the numerical equivalent of the www.somesitenamehere.com address, and that is what your computer actually uses to find the web page. The names are there so that humans don't have to remember long strings of numbers. You would need to find the www.whatever.com address that the IP number represents, and then block that name instead of using the IP number. For example, Yahoo!'s address is www.yahoo.com, and its IP address is 204.71.200.67 We can block www.yahoo.com but not the IP address. The reason for this is that Hosts is used to determine IP addresses. If we already know the IP address, Hosts will not be consulted and so can not block the site. I do not recommend actually blocking Yahoo! though, as it is a great search engine!

 

(3.) It will not work with ads that are served from the same site you are viewing.

The reason for this is that the Hosts file must block an entire site, and can not block subdirectories or pathnames on a site. For example, you could not block www.netscape.com/ads/ because you can't block subdirectories. You would need to block the entire www.netscape.com server, and that would leave you without access to Netscape's site. So you will have to use a different method to eliminate ads that come from the site you are viewing, such as an ad-blocking program.

 

(4.) It may cause some sites to quit working properly.

If you put the wrong server into your hosts file, it may mean that certain websites will no longer be viewable as they normally would be. To remedy this, remove the entry of the site you wish to unblock from your hosts file. Please see the FAQ section for more on this. In particular, you may notice sites that rely on Akamai's servers will not function properly if Akamai is in your Hosts file.

 

The LMHOSTS FileThe LMHOSTS file is a static ASCII file used to resolve NetBIOS names to IP addresses of remote computers running Windows NT and other NetBIOS-based hosts. This method is oldest method of resolving computer name to IP address. Every client must have this file in order to resolve NetBIOS names. It is located in winnt\system32\drivers\etc directory.

Contents of LMHOST File

#PRE : Defines which entries should be initially preloaded as permanent entries in the name cache. Preloaded entries reduce network broadcasts, because names are resolved from cache rather than from broadcast or by parsing the LMHOSTS file. Entries with a #PRE tag are loaded automatically at initialization or manually by typing nbtstat -R at a command prompt. #DOM:[domain_name] : Facilitates domain activity, such as logon validation over a router, account synchronization, and browsing. #NOFNR : Avoids using NetBIOS-directed name queries for older LAN Manager UNIX systems. #BEGIN_ALTERNATE & #END_ALTERNATE : Defines a redundant list of alternate locations for LMHOSTS files. The recommended way to #INCLUDE remote files is using a Universal Naming Convention (UNC) path, to ensure access to the file. Of course, the UNC names must exist in the LMHOSTS file with a proper IP address to NetBIOS name translation. #INCLUDE : Loads and searches NetBIOS entries in a separate file from the default LMHOSTS file. Typically, an #INCLUDE file is a centrally located shared LMHOST file. #MH : Adds multiple entries for a multihomed computer.

14. what are the benefits of file and print server

print server

The benefit of having a print server is you can have many Macintoshes print to one LaserWriter. By using the direct method, you get into a waiting game. The first one who looks for it when it is idle gets it. The Print Server queues up all printing requests and makes sure the printer has no idle time as long as a print job is ready. The Queue above shows there is one print job printing and the server is waiting for another print job. The Log above shows you any messages which came from the Printer

15. What is ISDN / Lease line

ISDN

(Integrated Services Digital Network) - Digital telephony scheme that allows a user to connect to the Internet over standard phone lines at speeds higher than a 56K modem allows.

Abbreviation of integrated services digital network, an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. ISDN supports data transfer rates of 64 Kbps (64,000 bits per second).

There are two types of ISDN:

Basic Rate Interface (BRI) -- consists of two 64-Kbps B-channels and one D-channel for transmitting control information.

Primary Rate Interface (PRI) -- consists of 23 B-channels and one D-channel (U.S.) or 30 B-channels and one D-channel (Europe).

The original version of ISDN employs baseband transmission. Another version, called B-ISDN, uses broadband transmission and is able to support transmission rates of 1.5 Mbps. B-ISDN requires fiber optic cables and is not widely available.

Lease line

A dedicated Common carrier circuit providing point-to-point or multipoint network connection, reserved for the permanent and private use of a customer . Also called a Private Line. A dedicated Common carrier circuit providing point-to-point or multipoint network connection, reserved for the permanent and private use of a customer . Also called a Private Line.

A Leased Line, also known as a ‘private circuit’ or ‘T1 leased line’, is a permanent dedicated communication link between two points. The link is separate from the public telephone network and is reserved exclusively for the leased line purchaser. Where a company's Internet usage is intensive, a leased line provides a far more cost-

effective connectivity solution than more traditional ones such as ISDN.

A leased line can be a twisted pair, coax or fibre optic cable and may involve all sorts of other hardware such as coils, transformers, amplifiers and regenerators. Leased lines have varying data transfer rates the highest being a T1 line, which provides a maximum speed of 1.544Mbps. These transfer rates can be divided between voice

and data signals using multiplexing techniques. If the leased line is being used to carry voice data then the line can also be connected to a phone system.

Large companies generally use leased lines to connect several geographically different networks within their organisation. The lease line is also widely used to connect offices to the web via a point of presence (POP),

which is a fast connection directly to the Internet. A T1 leased line can connect over hundreds of users to the Internet effortlessly as long they are just browsing, a problem would only occur if they were to all start

downloading files like MP3s.

16. what is Clustering

Clustering is a nonlinear activity that generates ideas, images and feelings around a stimulus word. As students cluster, their thoughts tumble out, enlarging their word bank for writing and often enabling them to see patterns in their ideas. Clustering may be a class or an individual activity.

Clustering is the use of multiple computers and storage devices to create what seems to be a single system. Clustering is often used to increase a system's availability and for load balancing on highly-trafficked Web sites.A server architecture that emulates multiprocessing by interconnecting two or more individual computers in order to share the application processing load. Microsoft's future clustering technology

for Windows NT now carries the code name Wolfpack. A number of third parties offer proprietary clustering hardware and software for Windows NT Server 4.0.A technique in which two or more servers are interconnected and can access a common storage pool. Clustering prevents the failure of a single file server from denying access to data and adds computing power to the network for large numbers of users.

17. What is PDC & BDC

A PDC is a Primary Domain Controller, and a BDC is a Backup Domain Controller. You must install a PDC before any other domain servers. The Primary Domain Controller maintains the master copy of the directory database and validates users. A Backup Domain Controller contains a copy of the directory database and can validate users. If the PDC fails then a BDC can be promoted to a PDC. Possible data loss is user changes that have not yet been replicated from the PDC to the BDC. A PDC can be demoted to a BDC if one of the BDC's is promoted to the PDC.

18. what is POP3 and IMAP

POP3

POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail, probably using POP3. This standard protocol is built into most popular e-mail products, such as Eudora and Outlook Express. It's also built into the Netscape and Microsoft Internet Explorer browsers.

POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be thought of as a "store-and-forward" service.

An alternative protocol is Internet Message Access Protocol (IMAP). IMAP provides the user more capabilities for retaining e-mail on the server and for organizing it in folders on the server. IMAP can be thought of as a remote file server.

POP and IMAP deal with the receiving of e-mail and are not to be confused with the Simple Mail Transfer Protocol (SMTP), a protocol for transferring e-mail across the Internet. You send e-mail with SMTP and a mail handler receives it on your recipient's behalf. Then the mail is read using POP or IMAP.

The conventional port number for POP3 is 110.

A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. For the Transmission Control Protocol and the User Datagram Protocol, a port number is a 16-bit integer that is put in the header appended to a message unit. This port number is passed logically between client and server transport layers and physically between the transport layer and the Internet Protocol layer and forwarded on.

For example, a request from a client (perhaps on behalf of you at your PC) to a server on the Internet may request a file be served from that host's File Transfer Protocol (FTP) server or process. In order to pass your request to the FTP process in the remote server, the Transmission Control Protocol (TCP) software layer in your computer identifies the port number of 21 (which by convention is associated with an FTP request) in the 16-bit

port number integer that is appended to your request. At the server, the TCP layer will read the port number of 21 and forward your request to the FTP program at the server.

Some services or processes have conventionally assigned permanent port numbers. These are known as well-known port numbers. In other cases, a port number is assigned temporarily (for the duration of the request and its completion) from a range of assigned port numbers. This is called an ephemeral port number.

IMAP

IMAP (Internet Message Access Protocol) is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP Version 4) is a client/server protocol in which e-mail is received and held for you by your Internet server. You (or your e-mail client) can view just the heading and the sender of the letter and then decide whether to download the mail. You can also create and manipulate multiple folders or mailboxes on the server, delete messages, or search for certain parts or an entire note. IMAP requires continual access to the server during the time that you are working with your mail.

A less sophisticated protocol is Post Office Protocol 3 (POP3). With POP3, your mail is saved for you in a single mailbox on the server. When you read your mail, all of it is immediately downloaded to your computer and, except when previously arranged, no longer maintained on the server.

IMAP can be thought of as a remote file server. POP3 can be thought of as a "store-and-forward" service.

POP3 and IMAP deal with the receiving of e-mail from your local server and are not to be confused with Simple Mail Transfer Protocol (SMTP), a protocol used for exchanging e-mail between points on the Internet. Typically, SMTP is used for sending only and POP3 or IMAP are used to read e-mail.

19. How will you move mailbox from one site to other

The Users have outlook 2000 point to the DomainA.COM Mailbox.  Exchange is set to forward and not leave a copy any messages sent to the DomianB.Net mailbox to the DomainA.COM Mailbox.

It is done this way due to our Corporate Structure.  DomainA is the Corporate Entity, and Domain B is our Division.We Primarily Communicate as DomainA, but occasionally we need to send messages out as Domain B.  THe users know to enter their Domain B account in Sent From so it goes out correctly.

This Method works great except for one thing.We have GFI Main Essentials as our SPAM filter.It is automatically set up to put any SPAM messages in a SPAM folder in the Mailbox it was sent to.  The SPAM messages for the Domain B mailbox are not being forwarded to the Domain A mailbox.  

My only solution so far (THAT MAY WORK) is to set thier Outlook to also open mailbox B, and put the SPAM folder in the Outlook Bar. However not all users use the Outlook Bar and I do not want them having to look at multiple folders for SPAMI tried to put a Rule in the SPAM folder to move it, but Rules only applied to the Inbox.  I also tried on the Exchage server to go to the M Drive, Navigated to the SPAM folder and move the messages to the Correct SPAM folder.  I get an error that the messages already exhists when I do that.  If I Copy, than Delete I can move them in the M Drive, but when checking Outlook they are still in the Origianal SPAM foler..

20. How will you restore the backup in exchange (offline / Online )

Email systems depend on many hardware and software components. If any element fails to operate in the required manner, if the hardware suffers a catastrophic failure, or if a physical disaster such as an electricity outage afflicts the hardware, you must have good system backups to get users back online as quickly as possible.

The Exchange 2000 Server installation procedure enhances the standard Windows 2000 Server Backup utility (ntbackup.exe) to support the Exchange Store's transactional nature. These enhancements add support for Exchange 2000's .edb and .stm file formats, let backup agents (i.e., ntbackup.exe or third-party products) copy databases to tape without shutting down Exchange services, and let you select which servers and databases to back up or restore. Understanding the basics of the most important and useful disaster-recovery processes—including full backups, snapshot and clone backups, and the general recovery procedure—can help you prepare for disasters and recover from them quickly.

21. What is VPN

pronounced as separate letters) Short for virtual private network, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

A virtual private network (VPN) is a way to use a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.

A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocol s such as the Layer Two Tunneling Protocol ( L2TP ). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

22. Difference P2, P3, P4, Celeron

Pentium 4

The term you selected is being presented by searchMobileComputing.com, a TechTarget site for Mobile Computing professionals.

Pentium 4 (P4) is the Intel processor (codenamed Willamette) that was released in November 2000. The P4 processor has a viable clock speed that now exceeds 2 gigahertz (GHz) - as compared to the 1 GHz of the Pentium 3.

P4 had the first totally new chip architecture since the 1995 Pentium Pro. The major difference involved structural changes that affected the way processing takes place within the chip, something Intel calls NetBurst microarchitecture. Aspects of the changes include: a 20-stage pipeline, which boosts performance by increasing processor frequency; a rapid-execution engine, which doubles the core frequency and reduces latency by enabling each instruction to be executed in a half (rather than a whole) clock cycle; a 400 MHz system bus, which enables transfer rates of 3.2 gigabytes per second (GBps); an execution trace cache, which optimizes cache memory efficiency and reduces latency by storing decoded sequences of micro-operations; and improved floating point and multimedia unit and advanced dynamic execution, all of which enable faster processing for especially demanding applications, such as digital video, voice recognition, and online gaming.

P4's main competition for processor market share is the AMD Athlon processor.

23. What is Ldap.

. LDAP (Lightwight Directory Acess Protocol)LDAP is protocol that define how AD service is designed and how objects are managed in ADs. It defines the schema of AD. It defines how objects are organized in AD. It also defines how objects or resources can be access from AD. All objects naming in AD is based on LDAP protocol.

LDAP Namaing of objectsCN=Schema,CN=Configuration,DC=forest name,DC=forest root

eg : CN=Ajay Raul, CN=Users, DN=Vision, DC=com

In the above example Ajay Raul is username Full name and Vision.com is domain name

LDAP Ports

The connections via the LDAP protocol between a client and DSA use either a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). The table below lists the protocol sockets used in different access modes:

Function PortLDAP 389LDAP Secure Sockets Layer (SSL) 636Global Catalog (GC) 3268Global Catalog Secure Sockets Layer 3269

24) What is ADS.

Active Directory Support FilesThe engine used by Active Directory is based on Microsoft's Jet database technology. Jet uses a b-tree file structure with transaction logs to ensure recoverability in the event of a system or drive failure.

When you promote a server to a domain controller, you select where to put the Active Directory files. The default path is in the boot partition under \Windows\NTDS. Generally, it is a good idea to put them on a separate volume from the operating system files to improve performance.

25)What is directory service ? and what is active directory service ?

In simple a directory service can be define as "The friendly telephone operator who guides or looks up people's phone numbers for your assistance.". If the directory is the actual data—the list of people and telephone numbers—the operators and the method for calling them is the directory service. In windows 2000 Active Directory is a database while the computers which maintains this database are called as Domain Controllers.

In the field of computing there are various types of directory developed the development of networking begins, likeMicrosoft - Active Directory ServiceXerox - GrapevineITU - X.500IEEE - DNS (Domain Naming Service)Netware - NDS (Novell Directory Service)RFC - LDAP (Light Weight Directory Access Protocol)

Active Directory Service

ADS is a truly network directory that includes all the features and benefits of traditional directory service. In November 1996, Microsoft delivered the first preview of Active Directory for developers at the Professional Developers Conference held in Long Beach, California. Active Directory is designed to be a

single directory for any size of network. The informational (data) model of the LDAP protocol is a base for AD. Active Directory is based on X.500 — the International Standards Organization (ISO) special standard defining elements of a distributed directory service. This standard proposes an object-oriented data model; therefore, it uses such terms as class, objects and attributes

26)How big is active directory service ?

Active Directory : 100,000 users, 100,000 computers, 10,000 groups, 10,000 printers, and 10,000 volumes. The size of the resulting Ntds.dit is about 1,400 MB, or 1.4 gigabytes! This is with minimal attributes set on the objects. If all the attributes are set and new schema is update then the size can grow too long.

27) What is Schema ?

Schema in nothing but a structure which define what objects and their attributes can be stored in ADS. When a domain is setup it contains a default schema know as DIT (Directory Information Tree). There are over 140 predefines classes and over 840 attributes stored in DIT. SCHMMGMT.MSC is used to view the schema of ADS

28) What is encryption? And how encryption works ?

Encryption :

Encryption is a process of disguising a message or data in such a way as to hide its substance. Encryption is the process of converting data into a format that cannot be read by another user. Once a user has encrypted a file, the file automatically remains encrypted whenever the file is stored on disk and no other user can decrypt it.

Decryption is the process of converting data from encrypted format back to its original format. Once a user has decrypted a file, the file remains decrypted whenever the file is stored on disk.

Windows 2000 includes Encrypting File System (EFS) allows users to store their on-disk data in encrypted format. Encryption facility is available on for NTFS partition only.

EFS provides the following features:

Users can encrypt their files when storing them on disk. Encryption is as easy as selecting a check box in the file's Properties dialog box.

Accessing encrypted files is fast and easy. Users see their data in plain text when accessing the data from disk.

Encryption of data is accomplished automatically, and is completely transparent to the user.

Users can actively decrypt a file by clearing the Encryption check box on the file's Properties dialog box.

Administrators can recover data that was encrypted by another user. This ensures that data is accessible if the user that encrypted the data is no longer available or has lost their private key.

EFS only encrypts data when it is stored on disk. To encrypt data as it is transported over a TCP/IP network, two optional features are available--Internet Protocol security (IPSec) and PPTP encryption

How Encryption works

Encryption of files works as follows:

Each file has a unique file encryption key, which is later used to decrypt the file's data.

The file encryption key is in itself encrypted--it is protected by the user's public key corresponding to the user's EFS certificate.

The file encryption key is also protected by the public key of an authorized recovery agent.

Decryption of files works as follows:

To decrypt a file, the file encryption key must first be decrypted. The file encryption key is decrypted when the user has a private key that matches the public key.

The user is not the only person that can decrypt the file encryption key. A recovery agent can also decrypt the file encryption key, by using the recovery agent's private key.

Once the file encryption key is decrypted, it can be used by either the user or the recovery agent to decrypt the data in the file.

NOTE : Encrypted data is not encrypted when in transit over the network, but only when stored on disk. The exception to this is when your system includes Internet Protocol security (IPSec). IPSec encrypts data while it is transported over a TCP/IP network. Encrypted files are not accessible from Macintosh clients. You cannot encrypt a compress file.

29) what is DFS and reasons for using dfs? (distributed file system )

Distributed file system overviewThe Distributed file system (Dfs) allows system administrators to make it easier for users to access and manage files that are physically distributed across a network. With Dfs, you can make files distributed across multiple servers appear to users as if they reside in one place on the network. Users no longer need to know and specify the actual physical location of files in order to access them.

For example, if you have marketing material scattered across multiple servers in a domain, you can use Dfs to make it appear as though all of the material resides on a single server. This eliminates the need for users to go to multiple locations on the network to find the information they need.

Reasons for using DfsYou should consider implementing Dfs if:

Users who access shared folders are distributed across a site or sites.

Most users require access to multiple shared folders.

Server load balancing could be improved by redistributing shared folders.

Users require uninterrupted access to shared folders.

Your organization has Web sites for either internal or external use.

Types of DFsUsing the Dfs console, you can implement a distributed file system in either of two ways--either as a stand-alone distributed file system, or as a domain-based distributed file system.

A stand-alone Dfs root:

Does not use Active Directory.

Cannot have root-level Dfs shared folders.

Has a limited hierarchy. A standard Dfs root can have only a single level of Dfs links.

Replication facility is not available.

A domain-based Dfs root: Must be hosted on a domain member server.

Has its Dfs topology automatically published to Active Directory.

Can have root-level Dfs shared folders.

Does not have a limited hierarchy. A domain-based Dfs root can have multiple levels of Dfs links.

Replication facility is available.

30)How DHCP works? And what is DHCP relay agent?

DHCP stands for "Dynamic Host Configuration Protocol".

DHCP automatically assigns IP addresses to computers. DHCP overcomes the limitations of configuring TCP/IP manually. DHCP is an extension of the Boot Protocol (BOOTP). BOOTP enables diskless clients to start up and automatically configure TCP/IP. DHCP centralizes and manages the allocation of TCP/IP configuration information by automatically assigning IP addresses to computers configured to use DHCP. Implementing DHCP eliminates some of the configuration problems associated with manually configuring TCP/IP.

Each time a DHCP client starts, it requests IP addressing information from a DHCP server, including the IP address, the subnet mask, and optional values. The optional values may include a default gateway address, Domain Name System (DNS) address, and Windows Internet Name Service (WINS) server address. When a DHCP server receives a request, it selects IP addressing information from a pool of addresses defined in its database and offers it to the DHCP client. If the client accepts the offer, the IP addressing information is leased to the client for a specified period of time. If there is no available IP addressing information in the pool to lease to a client, the client cannot initialize TCP/IP.

How DHCP WorksDHCP uses a four-phase process to configure a DHCP client as given below

1) IP lease discover : The client initializes a limited version of TCP/IP and broadcasts a request for the location of a DHCP server and IP addressing information.

2) IP lease offer : All DHCP servers that have valid IP addressing information available send an offer to the client.

3) IP lease request : The client selects the IP addressing information from the first offer it receives and broadcasts a message requesting to lease the IP addressing information in the offer.

4) IP lease acknowledgment : The DHCP server that made the offer responds to the message, and all other DHCP servers withdraw their offers. The IP addressing information is assigned to the client and an acknowledgment is sent. The client finishes initializing and binding the TCP/IP protocol. Once the automatic configuration process is complete, the client can use all TCP/IP services and utilities for normal network communications and connectivity to other IP hosts.

DHCP Relay Agent

A relay agent is a small program that relays DHCP/BOOTP messages between clients and servers on different subnets. The DHCP Relay Agent component provided with the Windows 2000 router is a BOOTP relay agent that relays DHCP messages between DHCP clients and DHCP servers on different IP networks. For each IP network segment that contains DHCP clients, either a DHCP server or a computer acting as a DHCP relay agent is required.

To add the DHCP Relay Agent Click Start, point to Programs, point to Administrative Tools, then click Routing And Remote

Access. In the console tree, click Server name\IP Routing\General. Right-click General, then click New Routing Protocol. In the Select Routing Protocol dialog box, click DHCP Relay Agent, then click OK.

31) On disk management explain basic disk vs Dynamin disk?

Basic disks are the logical disk structure that use the same disk structure used in Windows NT 4.0 and previous operating systems all the way back to MS-DOS. That is, they are divided into primary and extended partitions, and logical drives can be created within extended partitions.

Dynamic disks use a new disk structure that was introduced in Windows 2000 and now in windows 2003 .In dynamic disk partitions are called as Volumes. With dynamic disks, you can extend simple volumes (make them bigger without reformatting and losing data) to any empty space on any dynamic disk, create

spanned volumes across multiple physical disks and create fault tolerant (RAID 1 and 5) volumes.

Unlike basic disk, dynamic disk does not use MBR to store partition table. Instead they use a private database at the end of the disk called as LVM (Logical Volume Manager). This database is of 1MB and replicated to all dynamic in a machine. Windows 2003 does not support Windows NT partition that uses RAID level when you upgrade from NT to 2003.

The following are some limitations of using dynamic disks: Dynamic disks are currently not supported on laptop computers. Removable media and disks attached via FireWire (IEEE 1394), Universal

Serial Bus (USB), or shared SCSI buses cannot be converted to dynamic. You can install Windows Server 2003 only onto a dynamic volume that was

converted from a basic boot or system partition.You cannot install onto a dynamic volume that was created from free space.This is because there must be an entry in the partition table for the setup program to recognize the volume, and such an entry does not exist on a newly created dynamic volume.

Even though Windows 2000, XP Professional, and Server 2003 all use dynamic disks, you cannot convert a basic disk that holds multiple instances of these operating systems to dynamic.The operating systems installed on the disk will not start if you do this.

Dynamic disks are not supported by Windows Cluster Service. If you need the features of dynamic disks on a clustered shared disk, you can use a third-party program called Veritas Volume Manager 4.0 to accomplish this.

31) What is ICS ( intrnet connection sharing.)

Internet connection sharing

With the Internet connection sharing feature of Network and Dial-up Connections, you can use Windows 2000 to connect your home network or small office network to the Internet. For example, you might have a home network that connects to the Internet by using a dial-up connection. By enabling Internet connection sharing on the computer that uses the dial-up connection, you are providing network address translation, addressing, and name resolution services for all computers on your home network. After Internet connection sharing is enabled, and users verify their networking and Internet options, home network or small office network users can use applications such as Internet Explorer and Outlook Express as if they were already connected to the Internet Service Provider (ISP). The Internet connection sharing computer then dials the ISP and creates the connection so that the user can reach the specified Web address or resource. To use the Internet connection sharing feature, users on your home office or small office network must configure TCP/IP on their local area connection to obtain an IP address automatically. Also, home office or small office network users must configure Internet options for Internet connection sharing. The Internet connection sharing feature is intended for use in a small office or home office where network configuration and the Internet connection are managed by the computer running Windows 2000 where the shared connection resides. It is assumed that on its network, this computer is the only Internet connection, the only gateway to the Internet, and that it sets up all internal network addresses.

You might need to configure applications and services on the Internet connection sharing computer to work properly across the Internet. For example, if users on your home network want to play the Diablo game with other users on the Internet, you must configure the Diablo application on the connection where Internet connection sharing is enabled. Conversely, services that you provide must be configured so that Internet users can access them. For example, if you are hosting a Web server on your home network and want Internet users to be able to connect to it, you must configure the Web server service on the Internet connection sharing computer.

Important Points To configure Internet connection sharing, you must be a member of the Administrators group. You should not use this feature in an existing network with other Windows 2000 Server

domain controllers, DNS servers, gateways, DHCP servers, or systems configured for static IPaddresses. If you are running Windows 2000 Server, and one or more of these components exist, you must use network address translation to achieve the same result.

A computer with Internet connection sharing needs two connections. One connection, typically a LAN adapter, connects to the computers on the home network. The other connection connects the home network to the Internet. You need to ensure that Internet connection sharing is enabled on the connection that connects your home network to the Internet. By doing this, the home network connection appropriately allocates TCP/IP addresses to its own users, the shared connection can connect your home network to the Internet, and users outside your home network are not at risk of receiving inappropriate addresses from your home network. By enabling Internet connection sharing on a connection, the Internet connection sharing computer becomes a Dynamic Host Configuration Protocol (DHCP) allocator for the home network. DHCP distributes TCP/IP addresses to users as they start up. If Internet connection sharing is enabled on the wrong network adapter, users outside your home network might be granted TCP/IP addresses by the home network DHCP allocator, causing problems on their own networks.

When you enable Internet connection sharing, the adapter connected to the home or small office network is given a new static IP address configuration. Consequently, TCP/IP connections established between any small office or home office computer and the Internet connection sharing computer at the time of enabling Internet connection sharing are lost and need to be reestablished.

Notes You cannot modify the default configuration of Internet connection sharing. This includes

items such as disabling the DHCP allocator or modifying the range of private IP addresses that are distributed, disabling the DNS proxy, configuring a range of public IP addresses, or configuring inbound mappings. If you want to modify any of these items, you must use network address translation.

If your home office users need to access a corporate network that is connected to the Internet by a tunnel server from an Internet connection sharing network, they need to create a virtual private network connection to tunnel from the computer on the Internet connection sharing network to the corporate tunnel server on the Internet. The VPN connection is authenticated and secure and creating the tunneled connection allocates proper IP addresses, DNS server addresses, and WINS server addresses for the corporate network. For more information about creating a virtual private network (VPN) connection.

32) What is RAS(remot access service).

Remote Access Service (RAS)Windows 2000 Server remote access server(RAS), part of the integrated Routing and Remote Access service, connects remote or mobile workers to organization networks. Remote users can work as if their computers are physically connected to the network. Remote access is nothing but provide remote

users to dial-in in our RAS server i.e. it allows inbound connection to RAS server using dial-up connection and various auth. protocol like PAP, MS-CHAP, SPAP, etc.Users run remote access software (Dail-up connection) and initiate a connection to the remote access server(RAS Server). The remote access server, which is a computer running Windows 2000 Server and the Routing and Remote Access service, authenticates users and services sessions until terminated by the user or network administrator. All services typically available to a LAN-connected user (including file and print sharing, Web server access, and messaging) are enabled by means of the remote access connection.

A remote access server running Windows 2000 provides two different types of remote access connectivity:

1) Dial-up networking Dial-up networking is when a remote access client makes a non-permanent, dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider such as analog phone (PSTN), ISDN, or X.25. The best example of dial-up networking is that of a dial-up networking client who dials the phone number of one of the ports of a remote access server.Dial-up networking over an analog phone or ISDN is a direct physical connection between the dial-up networking client and the dial-up networking server. You can encrypt data sent over the connection, but it is not required.

2) Virtual private networking (VPN)Virtual private networking is the creation of secured, point-to-point connections across a private network or a public network such as the Internet. A virtual private networking client uses special TCP/IP-based protocols called tunneling protocols to make a virtual call to a virtual port on a virtual private networking server. The various tunnelling protcol used for VPN are PPTP(Point to point tunneling protocol), L2TP (Layer-2 tunneling protocol). The best example of virtual private networking is that of a virtual private networking client who makes a virtual private network connection to a remote access server that is connected to the Internet. The remote access server answers the virtual call, authenticates the caller, and transfers data between the virtual private networking client and the corporate network.

33) What is NOS(network operating system) ?

Network Operating System (NOS)Network Operating Systems are availble to support a PC server based network.All Microsoft Windows based operating systems support peer-to-peer networking. Specialized network operating system (NOS) software is required for a server-based network.

ExampleUnix :- A popular, robust operating system that comes in several forms from different vendors.

Microsoft - Win NT-Server, Windows 2K Server

Apple Talk : - Mac OS

Lan Manager & Lan Server :- Developed by Microsoft and IBM that no longer very common.

34) What is topology?

Network Topologies

What is Topology?It is physical way of communication, the configurations formed by the connections between devices on a Local Area Network (LAN) or between two or more LAN's.

It is important to make a distinction between a topology and an architecture. A topology is concerned with the physical arrangement of the network components.

There are three basic Network Topologies The Bus The Star The Ring

35) What is difference between SD-RAM AND DD-RAM .

SD Ram is actually SDR SDRAM, and DD Ram is actually DDR SDRAM, though the former does not usually have the SDR in front of it. The letters SDR and DDR stand for Single Data Rate and Double Data Rate, and the letters SDRAM stand for Synchronous Dynamic Random Access Memory.

The main difference between SDR and DDR memory is speed. There are a lot of little differences, but the main one (IMHO) that affects the user is speed: DDR can transfer data at roughly twice the speed of SDR. More speedy data rates = better performance.

Just remember, the motherboard you are using must include the appropriate chipset to support the different RAM types. They are not interchangeable.

SDR SDRAM comes in three main flavors: PC66, PC100 and PC133. Each successive number refers to the bus speed of the RAM in MHz, thus PC66 runs at 66 MHz, PC100 runs at 100 MHz, etc. SDR SDRAM has 168 pins at the connector.

DDR SDRAM has 184 pins at the connector, which is one reason you can't just use DDR instead of SDR, and comes in many different flavors; PC2100 which runs at 266 MHz, PC2700 which runs at 333 MHz, PC3200 which runs at 400 MHz, etc. In order to know which type of RAM you need, you must know what your motherboard supports

36) What is difference between DD-RAM AND RD-RAM.

Short for Rambus DRAM, a type of memory (DRAM) developed by Rambus, Inc. Whereas the fastest current memory technologies used by PCs (SDRAM) can deliver data at a maximum speed of about 100 MHz, RDRAM transfers data at up to 800 MHz.

In 1997, Intel announced that it would license the Rambus technology for use on its future motherboards, thus making it the likely de facto standard for memory architectures. However, a consortium of computer vendors is working on an alternative memory architecture called SyncLink DRAM (SLDRAM).

RDRAM is already being used in place of VRAM in some graphics accelerator boards. As of late 1999, Intel has been using RDRAM in its Pentium III Xeon processors and more recently in its Pentium 4 processors. Intel and Rambus are also working a new version of RDRAM, called nDRAM, that will support data transfer speeds at up to 1,600 MHz.

The Pentium 4 is known to crave memory bandwidth above and over everything else. The

processor throws fits like a baby when there is not enough memory bandwidth, something which

can often keep it from performing up to its potential. This was evident when Intel released their

original i845 chipset which allowed a Pentium 4 to be run with conventional SDRAM (hint: avoid

like the plague).

Often a P4 equipped with SDRAM, running at similar clock speeds could not beat a P3 at 1 GHz in

terms of performance! DDR alleviated the memory bandwidth bottleneck somewhat with the

i845D, delivering 2.1 GB/s worth of bandwidth as opposed to the 1.08 GB/s SDRAM offered. That is

still a far cry from the 3.2 GB/s RDRAM can supply though, and today we're going to take a look at

whether the i850 "RDRAM" chipset is that much faster then the i845D "DDR" chipset.

Many times readers have been writing in to ask; "Is RDRAM really necessary for a Pentium 4?" or

maybe "I can't afford RDRAM, can I get by on DDR?" My personal favorite is; "I'm a speed freak on

a budget, but can I get good performance with a P4/DDR combo? ".

Well today I hope we set these questions to rest and answer what has been on the minds of many;

if Spiderman and Superman were in a battle who would win? We also plan on pitting RDRAM vs.

DDR RAM and seeing which memory will be victorious - it is a battle royal that even the great

Spidy can 'sense'.

There are a whole bunch of DDR chipsets now for the Pentium 4, but we're going to be focusing on

Intel's own i845D. Why you ask? Intel has always produced fast and very stable chipsets (other

then the i820) and the i845D is no exception. Based on the earlier i845 which was a very stable

chipset in it's own, the i845D only brings DDR capability to the table and nothing else. Actually

there are no real differences between the i845 or i845D. Sure there's an official revision

difference, but basically the i845D is the i845 with DDR enabled.

The i850 board we are testing with is the nice red MSI 850 Pro5 which has official support for 400

MHz based Pentium 4's using the Socket 478 format. We had a few i845D based motherboards to

choose from and eventually decided to keep it in the family and test on the MSI 845 Ultra. Our

testing processor is a Pentium 4 2.0 GHz Williamette with 256KB L2 cache.

Question: I just bought a computer that has SDRAM and now I'm hearing that DDR and Rambus memory are better. What are these new types of memory and how do they work? Did I buy the wrong thing? Help!

Answer: You heard right, DDR and Rambus DRAM are two new types of memory promising to make computers run faster. But before we discuss them, relax! They will NOT make SDRAM obsolete in the near future.

First, let's start with a quick review. In the last few years, SDRAM(synchronous DRAM) has become the standard type of memory for PCs. The main reason for this is that SDRAM is tied to the front-side bus clock in your system. SDRAM and the bus execute instructions at the same time rather than one of them having to wait for the other. As bus speeds have increased beyond 100MHz, this has improved system performance.

DDR SDRAMDDR (double data rate) memory is the next generation SDRAM. LikeSDRAM, DDR is synchronous with the system clock. The big difference between DDR and SDRAM memory is that DDR reads data on both the rising and falling edges of the clock signal. SDRAM only carries information on the rising edge of a signal. Basically this allows the DDR module to transfer data twice as fast as SDRAM. For example, instead of a data rate of 133MHz, DDR memory transfers data at 266MHz.

DDR modules, like their SDRAM predecessors, are called DIMMs. They use motherboard system designs similar to those used by SDRAM; however, DDR is not backward compatible with SDRAM-designed motherboards. DDR memory supports both ECC (error correction code, typically used in servers) and non-parity (used on desktops/laptops.)

If your system or motherboard requires DDR, you can purchase the upgrades you need through Crucial's Memory Selector™.

Rambus DRAMRambus memory (RDRAM®) is a revolutionary step from SDRAM. It's a new memory design with changes to the bus structure and how signals are carried. Rambus memory sends less information on the data bus (which is 18 bits wide as opposed to the standard 32 or 64 bits) but it sends data more frequently. It also reads data on both the rising and falling edges of the clock signal, as DDR does. As a result, Rambus memory is able to achieve effective data transfer speeds of 800MHz and higher.

Another difference with Rambus memory is that all memory slots in the motherboard must be populated. Even if all the memory is contained in a single module, the "unused" sockets must be populated with a PCB, known as a continuity module, to complete the circuit.

Rambus DRAM modules are known as RIMM™ modules (Rambus inline memory modules). Rambus memory supports both ECC and non-ECC applications.

Production ChallengesOne of the challenges Rambus memory currently faces is that it is expensive to produce compared to SDRAM and DDR. Rambus memory is proprietary technology of Rambus Inc. Manufacturers that want to produce it are required to pay a royalty to Rambus Inc., whereas DDR designs are open architecture. Other cost factors for Rambus memory include additional module manufacturing and testing processes and a larger die size. Rambus die (chips) are much larger than SDRAM or DDR die. That means fewer parts can be produced on a wafer.

Performance Now for the million-dollar question: How do DDR and Rambus memory compare performance wise? Sorry, I know you don't want to hear this — that depends. Both technologies have their own ardent supporters and we have seen several different benchmarks to date that provide conflicting results.

On the surface, it seems simple: Data flow at 800MHz is faster than data flow at 266MHz, right? Unfortunately, it isn't that simple. While Rambus modules may have the ability to transfer data faster, it appears to have higher latency (the amount of time you have to wait until data flows) than that of a DDR system. In other words, the first data item transferred in a Rambus transaction takes longer to initiate than the first data item moved in a DDR system. This is due in part to how the systems are constructed.

In a DDR or SDRAM system, each DIMM is connected, individually and in parallel, to the data bus. So whether you have a single DIMM or multiple DIMMs, the amount of time it takes to initiate a data transfer is effectively unchanged.

In a Rambus system, RIMM modules are connected to the bus in a series. The first data item transferred must pass through each RIMM module before it reaches the bus. This makes for a much longer distance for the signal to travel. The result is higher latency. That's not necessarily a problem in an environment where data transactions involve lengthy streams of data, such as gaming. But it can become an issue in environments where many small transactions are initiated regularly, such as a server.

To further explain, here's an example that we can all relate to — driving your car to the store. You can take the roundabout freeway and drive 20 miles at 70 MPH. Or, you can take a more direct route and drive just 5 miles at 50 MPH. You might go faster on the freeway but you'll get to the store (Memory Controller) faster on the straight-line route.

Looking to the FutureSo which technology will become the memory of choice for the computer industry? That probably won't be clear until sometime in the near future. However, it really doesn't matter to a certain extent.

Generally speaking, motherboards are built to support one type of memory. You cannot mix and match more than one type of SDRAM, DDR, or Rambus memory on the same motherboard in any system. They will not function and will not even fit in the same sockets. The right type of memory to use is the one that your motherboard takes! And no matter what type of memory you use, more is typically better. A memory upgrade is still one of the most cost-effective ways to improve system performance.

At this point in time, the market for DDR and Rambus memory is relatively small. However, it is growing. Crucial currently offers DDR and will offer other new technologies as the market dictates.

37) What is peer to peer network.

A network in which there are no dedicated servers among the computers. All computers share resources such as files and printers therefore acting as both client and server.

A communication network without a dedicated server. Each computer in the network can act as a client and a server. Any computer can access files on any other computer in the network.

Windows Peer-to-Peer Networking

Windows Peer-to-Peer Networking is an operating system component that enables the creation of new peer-to-peer (P2P) applications for computers running Windows XP (Service Pack 1 and later). P2P applications can utilize the powerful personal computers that exist at the edge of the Internet to create exciting, distributed experiences. P2P networking can also allow existing applications to work together in new and useful ways.

"Microsoft's peer-to-peer technology, integrated in Corel Grafigo 2, allows real-time collaboration with anyone across the table or around the world, and has the ability to radically improve the way professionals create and exchange graphical content in a mobile setting" —Graham Brown, Vice President, Software Development, Corel Corporation

peer-to-peer architecture

Often referred to simply as peer-to-peer, or abbreviated P2P, a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures, in which some computers are dedicated to serving the others. Peer-to-peer networks are generally simpler, but they usually do not offer the same performance under heavy loads.

38) What is CMOS ?

Short for complementary metal oxide semiconductor. Pronounced see-moss, CMOS is a widely used type of semiconductor. CMOS semiconductors use both NMOS (negative polarity) and PMOS (positive polarity) circuits. Since only one of the circuit types is on at any given time, CMOS chips require less power than chips using just one type of transistor. This makes them particularly attractive for use in battery-powered devices, such as portable computers. Personal computers also contain a small amount of battery-powered CMOS memory to hold the date, time, and system setup parameters.

The CMOS or Complementary  Metal Oxide Semiconductor is an on-board semiconductor chip. Which requires very low power generated from various types of CMOS batteries which are shown below. This chip is used to store important system information and configuration settings while the computer is off and on.

Types of CMOS batteries - The following is a listing of the types of batteries found in computer to power the CMOS memory. The most common type of battery is the Coin cell battery (Lithium Battery)  the coin cell battery is the size of a dime, as shown below.

Life time of a CMOS battery - The standard life time of a CMOS battery is around 10 Years, however this amount of time can change depending on the use and environment that the computer resides.

In CMOS (Complementary Metal-Oxide Semiconductor) technology, both N-type and P-type transistors are used to realize logic functions. Today, CMOS technology is the dominant semiconductor technology for microprocessors, memories and application specific integrated circuits (ASICs). The main advantage of CMOS over NMOS and bipolar technology is the much smaller power dissipation. Unlike NMOS or bipolar circuits, a CMOS circuit has almost no static power dissipation. Power is only dissipated in case the circuit actually switches. This allows to integrate many more CMOS gates on an IC than in NMOS or bipolar technology, resulting in much better performance.

The following applets demonstrate the N-type and P-type transistors used in CMOS technology, the basic CMOS inverter, NAND and NOR gates, and an AOI32 complex gate. Finally, it demonstrates the CMOS transmission-gate and a transmisson-gate D-latch.

The first applet illustrates the function of both N-type and P-type MOS transistors.

Click on the source and gate contacts of the transistors to toggle the corresponding voltage levels and watch the resulting output value on the drain contacts. The applet uses colors to display the different voltages.

A logical '1' corresponding to electrical level VCC (typical values for current technolgies are +5V or +3.3V) is shown in red,

a logical '0' (corresponding to 0V or GND) in blue. A floating wire (not connected to either VCC or GND) is shown in orange.

How BIOS Works

One of the most common uses of Flash memory is for the basic input/output system of your computer, commonly known as the BIOS (pronounced "bye-ose"). On virtually every computer available, the BIOS makes sure all the other chips, hard drives, ports and CPU function together.

Every desktop and laptop computer in common use today contains a microprocessor as its central processing unit. The microprocessor is the hardware component. To get its work done, the microprocessor executes a set of instructions known as software (see How Microprocessors Work for details). You are probably very familiar with two different types of software:

The operating system - The operating system provides a set of services for the applications running on your computer, and it also provides the fundamental user interface for your computer. Windows 98 and Linux are examples of operating systems. (See How Operating Systems Work for lots of details.)

The applications - Applications are pieces of software that are programmed to perform specific tasks. On your computer right now you probably have a browser application, a word processing application, an e-mail application and so on. You can also buy new applications and install them.

It turns out that the BIOS is the third type of software your computer needs to operate successfully. In this article, you'll learn all about BIOS -- what it does, how to configure it and what to do if your BIOS needs updating.

Configuring BIOSIn the previous list, you saw that the BIOS checks the CMOS Setup for custom settings. Here's what you do to change those settings.

To enter the CMOS Setup, you must press a certain key or combination of keys during the initial startup sequence. Most systems use "Esc," "Del," "F1," "F2," "Ctrl-Esc" or "Ctrl-Alt-Esc" to enter setup. There is usually a line of text at the bottom of the display that tells you "Press ___ to Enter Setup."

Once you have entered setup, you will see a set of text screens with a number of options. Some of these are standard, while others vary according to the BIOS manufacturer. Common options include:

System Time/Date - Set the system time and date Boot Sequence - The order that BIOS will try to load the operating system Plug and Play - A standard for auto-detecting connected devices; should be set to

"Yes" if your computer and operating system both support it Mouse/Keyboard - "Enable Num Lock," "Enable the Keyboard," "Auto-Detect

Mouse"... Drive Configuration - Configure hard drives, CD-ROM and floppy drives Memory - Direct the BIOS to shadow to a specific memory address Security - Set a password for accessing the computer Power Management - Select whether to use power management, as well as set the

amount of time for standby and suspend Exit - Save your changes, discard your changes or restore default settings

CMOS Setup

Be very careful when making changes to setup. Incorrect settings may keep your computer from booting. When you are finished with your changes, you should choose "Save Changes" and exit. The BIOS will then restart your computer so that the new settings take effect.

The BIOS uses CMOS technology to save any changes made to the computer's settings. With this technology, a small lithium or Ni-Cad battery can supply enough power to keep the data for years. In fact, some of the newer chips have a 10-year, tiny lithium battery built right into the CMOS chip!

Updating Your BIOSOccasionally, a computer will need to have its BIOS updated. This is especially true of older machines. As new devices and standards arise, the BIOS needs to change in order to understand the new hardware. Since the BIOS is stored in some form of ROM, changing it is a bit harder than upgrading most other types of software.

To change the BIOS itself, you'll probably need a special program from the computer or BIOS manufacturer. Look at the BIOS revision and date information displayed on system startup or check with your computer manufacturer to find out what type of BIOS you have. Then go to the BIOS manufacturer's Web site to see if an upgrade is available. Download the upgrade and the utility program needed to install it. Sometimes the utility and update are combined in a single file to download. Copy the program, along with the BIOS update, onto a floppy disk. Restart your computer with the floppy disk in the drive, and the program erases the old BIOS and writes the new one. You can find a BIOS Wizard that will check your BIOS at BIOS Upgrades.

Major BIOS manufacturers include:

American Megatrends Inc. (AMI) Phoenix Technologies ALi Winbond

As with changes to the CMOS Setup, be careful when upgrading your BIOS. Make sure you are upgrading to a version that is compatible with your computer system. Otherwise, you

could corrupt the BIOS, which means you won't be able to boot your computer. If in doubt, check with your computer manufacturer to be sure you need to upgrade.

Booting the ComputerWhenever you turn on your computer, the first thing you see is the BIOS software doing its thing. On many machines, the BIOS displays text describing things like the amount of memory installed in your computer, the type of hard disk and so on. It turns out that, during this boot sequence, the BIOS is doing a remarkable amount of work to get your computer ready to run. This section briefly describes some of those activities for a typical PC.

After checking the CMOS Setup and loading the interrupt handlers, the BIOS determines whether the video card is operational. Most video cards have a miniature BIOS of their own that initializes the memory and graphics processor on the card. If they do not, there is usually video driver information on another ROM on the motherboard that the BIOS can load.

Next, the BIOS checks to see if this is a cold boot or a reboot. It does this by checking the value at memory address 0000:0472. A value of 1234h indicates a reboot, and the BIOS skips the rest of POST. Anything else is considered a cold boot.

If it is a cold boot, the BIOS verifies RAM by performing a read/write test of each memory address. It checks the PS/2 ports or USB ports for a keyboard and a mouse. It looks for a peripheral component interconnect (PCI) bus and, if it finds one, checks all the PCI cards. If the BIOS finds any errors during the POST, it will notify you by a series of beeps or a text message displayed on the screen. An error at this point is almost always a hardware problem.

The BIOS then displays some details about your system. This typically includes information about:

The processor The floppy drive and hard drive Memory BIOS revision and date Display

Any special drivers, such as the ones for small computer system interface (SCSI) adapters, are loaded from the adapter, and the BIOS displays the information. The BIOS then looks at the sequence of storage devices identified as boot devices in the CMOS Setup. "Boot" is short for "bootstrap," as in the old phrase, "Lift yourself up by your bootstraps." Boot refers to the process of launching the operating system. The BIOS will try to initiate the boot sequence from the first device. If the BIOS does not find a device, it will try the next device in the list. If it does not find the proper files on a device, the startup process will halt. If you have ever left a floppy disk in the drive when you restarted your computer, you have probably seen this message.

This is the message you get if a floppy disk is in the drive when you restart your computer.

The BIOS has tried to boot the computer off of the floppy disk left in the drive. Since it did not find the correct system files, it could not continue. Of course, this is an easy fix. Simply pop out the disk and press a key to continue.

39 ) What is the difference between a Pentium and a Celeron processor?

Here are the most important similarities and differences between the Pentium 4 and the Celeron chips coming out today:

Core - The Celeron chip is based on a Pentium 4 core. Cache - Celeron chips have less cache memory than Pentium 4 chips do. A Celeron

might have 128 kilobytes of L2 cache, while a Pentium 4 can have four times that. The amount of L2 cache memory can have a big effect on performance.

Clock speed - Intel manufactures the Pentium 4 chips to run at a higher clock speed than Celeron chips. The fastest Pentium 4 might be 60 percent faster than the fastest Celeron.

Bus speed - There are differences in the maximum bus speeds that the processors allow. Pentium 4s tend to be about 30 percent faster than Celerons.

When you sort all this out and compare the two chips side by side, it turns out that a Celeron and a Pentium 4 chip running at the same speed are different beasts. The smaller L2 cache size and slower bus speeds can mean serious performance differences depending on what you want to do with your computer. If all you do is check e-mail and browse the Web, the Celeron is fine, and the price difference can save you a lot of money. If you want the fastest machine you can buy, then you need to go with the Pentium 4 to get the highest clock speeds and the fastest system bus.

40) How Microprocessors Work ?

If you have been shopping for a computer, then you have heard the word "cache." Modern computers have both L1 and L2 caches. You may also have gotten advice on the topic from well-meaning friends, perhaps something like "Don't buy that Celeron chip, it doesn't have any cache in it!"

It turns out that caching is an important computer-science process that appears on every computer in a variety of forms. There are memory caches, hardware and software disk

caches, page caches and more. Virtual memory is even a form of caching. In this article, we will explore caching so you can understand why it is so important.

RAM and ROMThe previous section talked about the address and data buses, as well as the RD and WR lines. These buses and lines connect either to RAM or ROM -- generally both. In our sample microprocessor, we have an address bus 8 bits wide and a data bus 8 bits wide. That means that the microprocessor can address (28) 256 bytes of memory, and it can read or write 8 bits of the memory at a time. Let's assume that this simple microprocessor has 128 bytes of ROM starting at address 0 and 128 bytes of RAM starting at address 128.

ROM chip

ROM stands for read-only memory. A ROM chip is programmed with a permanent collection of pre-set bytes. The address bus tells the ROM chip which byte to get and place on the data bus. When the RD line changes state, the ROM chip presents the selected byte onto the data bus.

RAM stands for random-access memory. RAM contains bytes of information, and the microprocessor can read or write to those bytes depending on whether the RD or WR line is signaled. One problem with today's RAM chips is that they forget everything once the power goes off. That is why the computer needs ROM.

By the way, nearly all computers contain some amount of ROM (it is possible to create a simple computer that contains no RAM -- many microcontrollers do this by placing a handful of RAM bytes on the processor chip itself -- but generally impossible to create one that contains no ROM). On a PC, the ROM is called the BIOS (Basic Input/Output System). When the microprocessor starts, it begins executing instructions it finds in the BIOS. The BIOS instructions do things like test the hardware in the machine, and then it goes to the hard disk to fetch the boot sector (see How Hard Disks Work for details). This boot sector is another small program, and the BIOS stores it in RAM after reading it off the disk. The microprocessor then begins executing the boot sector's instructions from RAM. The boot sector program will tell the microprocessor to fetch something else from the hard disk into RAM, which the microprocessor then executes, and so on. This is how the microprocessor loads and executes the entire operating system.

RAM chip

41) How Ethernet Works

In today's business world, reliable and efficient access to information has become an important asset in the quest to achieve a competitive advantage. File cabinets and mountains of papers have given way to computers that store and manage information electronically. Coworkers thousands of miles apart can share information instantaneously, just as hundreds of workers in a single location can simultaneously review research data maintained online.

Computer networking technologies are the glue that binds these elements together. The public Internet allows businesses around the world to share information with each other and their customers. The global computer network known as the World Wide Web provides services that let consumers buy books, clothes, and even cars online, or auction those same items off when no longer wanted.

In this article, we will take a very close look at networking, and in particular the Ethernet networking standard, so you can understand the actual mechanics of how all of these computers connect to one another.

Why Network?Networking allows one computer to send information to and receive information from another. We may not always be aware of the numerous times we access information on computer networks. Certainly the Internet is the most conspicuous example of computer networking, linking millions of computers around the world, but smaller networks play a role in information access on a daily basis. Many public libraries have replaced their card catalogs with computer terminals that allow patrons to search for books far more quickly and easily. Airports have numerous screens displaying information regarding arriving and departing flights. Many retail stores feature specialized computers that handle point-of-sale transactions. In each of these cases, networking allows many different devices in multiple locations to access a shared repository of data.

Before getting into the details of a networking standard like Ethernet, we must first understand some basic terms and classifications that describe and differentiate network technologies -- so let's get started!

How Internet Search Engines Work

The good news about the Internet and its most visible component, the World Wide Web, is that there are hundreds of millions of pages available, waiting to present information on an amazing variety of topics. The bad news about the Internet is that there are hundreds of millions of pages available, most of them titled according to the whim of their author, almost all of them sitting on servers with cryptic names. When you need to know about a particular subject, how do you know which pages to read? If you're like most people, you visit an Internet search engine.

Internet search engines are special sites on the Web that are designed to help people find information stored on other sites. There are differences in the ways various search engines work, but they all perform three basic tasks:

They search the Internet -- or select pieces of the Internet -- based on important words.

They keep an index of the words they find, and where they find them. They allow users to look for words or combinations of words found in that index.

Early search engines held an index of a few hundred thousand pages and documents, and received maybe one or two thousand inquiries each day. Today, a top search engine will index hundreds of millions of pages, and respond to tens of millions of queries per day. In this article, we'll tell you how these major tasks are performed, and how Internet search engines put the pieces together in order to let you find the information you need on the Web.

How Internet Infrastructure Works

One of the greatest things about the Internet is that nobody really owns it. It is a global collection of networks, both big and small. These networks connect together in many different ways to form the single entity that we know as the Internet. In fact, the very name comes from this idea of interconnected networks.

Since its beginning in 1969, the Internet has grown from four host computer systems to tens of millions. However, just because nobody owns the Internet, it doesn't mean it is not monitored and maintained in different ways. The Internet Society, a non-profit group established in 1992, oversees the formation of the policies and protocols that define how we use and interact with the Internet.

In this article, you will learn about the basic underlying structure of the Internet. You will learn about domain name servers, network access points and backbones. But first you will learn about how your computer connects to others.

Collision DetectionCarrier-sense multiple access gives us a good start in regulating our conversation, but there is one scenario we still need to address. Let’s go back to our dinner table analogy and imagine that there is a momentary lull in the conversation. You and I both have something we would like to add, and we both "sense the carrier" based on the silence, so we begin speaking at approximately the same time. In Ethernet terminology, a collision occurs when we both spoke at once.

In our conversation, we can handle this situation gracefully. We both hear the other speak at the same time we are speaking, so we can stop to give the other person a chance to go on. Ethernet nodes also listen to the medium while they transmit to ensure that they are the only station transmitting at that time. If the stations hear their own transmission returning in a garbled form, as would happen if some other station had begun to transmit its own message at the same time, then they know that a collision occurred. A single Ethernet segment is sometimes called a collision domain because no two stations on the segment can transmit at the same time without causing a collision. When stations detect a collision, they cease transmission, wait a random amount of time, and attempt to transmit when they again detect silence on the medium.

The random pause and retry is an important part of the protocol. If two stations collide when transmitting once, then both will need to transmit again. At the next appropriate chance to transmit, both stations involved with the previous collision will have data ready to transmit. If they transmitted again at the first opportunity, they would most likely collide again and again indefinitely. Instead, the random delay makes it unlikely that any two stations will collide more than a few times in a row.

How Computer Viruses Work

Computer viruses are mysterious and grab our attention. On the one hand, viruses show us how vulnerable we are. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become.

For example, the thing making big news right now is the Mydoom worm, which experts estimate infected approximately a quarter-million computers in a single day (Times Online).

Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. That's pretty impressive when you consider that the Melissa and ILOVEYOU viruses are incredibly simple.

In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself. Viruses in general are on the wane, but occasionally a person finds a new way to create one, and that's when they make the news.

42) Tell me about ntbackup type ?

1)normal backup

Backs up all selected files and marks each file as backed up.

2)copy backup

Backs up all selected files, but does not mark any as backed up.

3)Differential

Backs up selected files only if they have not been backed up, or have been changed, but does not mark any as backed up.

4)IncrementalBacks up selected files only if they have not been backed up , or have been changed , and marks them as backed up.

5)Daily--------------------Backs up only files which have been changed today, but

does not mark them as backed up.

43) Difference Regedit and regedt32

When Windows 95 came out, the registry was one of the big new features offered with that operating system. Instead of storing system and application configuration information in a whole slew of .INI files scattered across the hard drive, the registry moved all of that information into one place. Knowing how to

plow through the registry is probably something any decent Windows NT/ Windows 2000 sysadmin should know about.

One of the not-very-well-explained quirks about editing the registry is that there are two tools available by default for doing this in NT and 2K: REGEDIT and REGEDT32. The two have some marked differences that need to be kept in mind.

REGEDIT is basically a copy of the original registry-editing utility found in Windows 95, and is kept around in other versions of Windows for the sake of backward compatibility. REGEDT32, on the other hand, was only shipped with NT, 2K and XP. The main difference between the two is that REGEDT32 allows you to set and clear permissions in the registry, while REGEDIT doesn't.

Each key in the registry in NT and 2K (and XP, of course) has an access control list or ACL -- in exactly the same manner that files and folders on an NTFS volume have ACLs. The reason for this applies as it does on files and folders: to allow or deny access to certain objects based on a given user's credentials. This way a given user could be provided access to one particular subtree of the registry, but not another.

To edit the permissions for a particular key in REGEDT32, right-click on the key in the left-hand pane and select Permissions. A dialog box similar to the kind used to set permissions on files and folders will come up. This lets you set basic or advanced permissions, and also set or reset the inheritability of those permissions on any subkeys of the key you're editing. You may need to clear permissions for a subkey if you are, for instance, trying to uninstall an application from another user account and need to purge the keys as an administrator to do it.

Windows NT 4.0 and Windows 2000

Regedit.exe

Regedit.exe is included with Windows NT 4.0 and Windows 2000 primarily for its search capability. You can use Regedit.exe to make changes in the Windows NT 4.0 and Windows 2000 registry, but you cannot use it to view or edit all functions or data types on Windows NT 4.0 and Windows 2000.

The following limitations exist in the Regedit.exe version that is included with Windows NT 4.0 and Windows 2000:

• You cannot set the security for registry keys.

• You cannot view, edit, or search the value data types REG_EXPAND_SZ and REG_MULTI_SZ. If you try to view a REG_EXPAND_SZ value, Regedit.exe displays it as a binary data type. If you try to edit either of these data types, Regedit.exe saves it as REG_SZ, and the data type no longer performs its intended function.

• You cannot save or restore keys as hive files.

Microsoft recommends that you use Regedit.exe only for its search capabilities on a Windows NT 4.0-based or Windows 2000-based computer.

Regedt32.exe

Regedt32.exe is the configuration editor for Windows NT 4.0 and Windows 2000. Regedt32.exe is used tomodify the Windows NT configuration database, or the Windows NTregistry. This editor allows you to view or modify the Windows NT registry.The editor provides views of windows that represent sections of theregistry, named hives. Each window displays two sections. On the leftside, there are folders that represent registry keys. On the right side,there are the values associated with the selected registry key. Regedt32 isa powerful tool, and you must use it with extreme caution when you changeregistry values. Missing or incorrect values in the registry can make theWindows installation unusable.

Note Unlike Regedit.exe, Regedt32.exe does not support importing and exporting registration entries (.reg) files.

44) In which file the directory and information store is saved

edb - exchange database

Exchange Server is a complex beast, to say the least. It's just a fact of life that we can't escape and if one is to work with Exchange it's just best to accept it and move on. As easy as Exchange 2000 is to work with, it's still not the easiest or most pleasurable thing to do on a Saturday afternoon (or any day for that matter). Understanding the underlying processes and construction of Exchange can go a long way towards increasing your happiness factor-which is, after all, the only thing that really matters in life!

The DatabasesEverything these days requires a database of some sort. The Internal Revenue Service, Active Directory, even the local supermarket-they all use a database. Databases are great, but they are not always easy to understand. Figure 1 shows an example of what the Exchange Server database looks like.

Figure 1 - The current database (from Chapter 28 of the Exchange 2000 Server Resource Kit).

As you can see from Figure 1, there are actually three files that make up a current Exchange database for a storage group, as explained below.

The .edb file contains all the folders, tables and indexes for messaging data and MAPI messages and attachments.

The .stm file (new to Exchange 2000) contains Internet content in its native format. The .log files (transaction logs) maintains a record of every message stored in a storage group

and provides fault tolerance in the event that a database must be restored. Exchange 2000 log files are always 5MB in size (5,252,880 bytes) and if not, then they are damaged. Each storage group also reserves to log files, Res1.log and Res2.log that are placeholders for extra disk place that can be used if the service runs out of space.

The Checkpoint FileIn addition to the files previously mentioned, there is one other file of special note that plays a big role in keeping your Exchange Server database in order. The checkpoint file (edb.chk) tracks which entries in the transaction log files have already been recorded, and thus which ones will need to be replayed

during a restoration situation. The checkpoint file thus speeds up recovery by telling the ESE exactly which log file entries need to be replayed and which do not-thus preventing extra writing during the restoration process.

Circular LoggingTypically, when a log file is filled, Exchange renames it and moves on to another, fresh log file. In this way, log files are not erased and thus continue to use space in 5MB increments. As the number of transactions grows, a set of log files is created. If a database fails, the transactions can be recovered by restoring the data from the log files. When circular logging is enabled, the first log file is overwritten and reused after the data that it contains has been written to the database. Circular logging is available to you, but is disabled by default. Should you enable circular logging, you cannot recover anything more recent than the last full backup. For this reason, circular logging is not normally recommended for use in a mission-critical production environment, with the possible exception of the Public folder that will house your NNTP news feeds, where log file sets are not required.

The ChecksumThe concept of a checksum is not a new one. Checksums have been used for years to enable determination of file validity. Exchange Server makes use of checksums to verify the validity of the .edb files. Every .edb file is made up 4-KB pages and the integrity of each page is verified through a checksum and a 4-byte page number in the header of the database page. On each page in the database, the first 82 bytes contain the header information, which contains flags for the type of page and information about what kind of data the page contains. When the pages are read out of the database, they are compared for the correct page number and for the checksum. The checksum is calculated to ensure that the page being read is undamaged. If damage is detected, an error is returned, the database is stopped and an event is written in the to the event logs, thus ensuring that the database is operating with optimal integrity.

Other Important FilesAlthough not part of the actual Exchange database, the following two additional files may also be present on an Exchange Sever:

The .srs files that permit backwards compatibility with Exchange 5.5 Server by emulating an Exchange 5.5 directory service. This will only be present if the Exchange ADC is installed and you then configure a Site Replication Server.

The .kms files which provide security and encryption services. This will only be present on Exchange servers that have the KMS installed.

Yeah, But So What?OK, so now we've got an idea of what makes up the Exchange Server databases and what special features they have. But who cares? What good does this do? Well:when I alluded earlier to working with Exchange on a Saturday afternoon, that seemed like a good time for the Exchange Server to crater and you find yourself in the midst of restoring it so that business can go on as normal on Monday. That's why you've got that pager after all, isn't it?

I discussed Exchange recovery in another article, Disaster Recovery, but I never really got into detail about setting up the backup system or how the restore action occurs.

Before we can get to the process of performing the backup, and more specifically, how Exchange handles a backup request, we need to understand what each type of backup will do for.

Backup TypesThere are five basic types of backups that can be performed using ntbackup.exe, but only four of those apply to Exchange Server. They are summarized below:

Full (normal) backups backup the entire Web Storage System and the Exchange log files. All transaction logs that contain transactions already committed to the database are deleted. Restoring from a full backup required only the full backup media. Full backups are the preferred means of backing up the Exchange databases.

Copy backups act the same of full backups with the exception that the transaction log files are not deleted. You can perform a copy backup at any time without disturbing the status of any other type of backup.

Incremental backups backup all log files prior to the checkpoint log and then delete them. Additionally, incremental backups back up all transaction log files and delete the log files that contain transactions that have been committed to the database. Restoring from an incremental

backup requires that you have the last full backup and each subsequent incremental backup. If one incremental backup is damaged, you cannot restore any incremental backups made after that point as one damaged log file prevents replaying subsequent log files. It is critical that all incremental backups be restored prior to starting log file replay to prevent losing data or damaging the database.

Differential backups backup all log files prior to the checkpoint file, but does not delete them. Due to this, each backup file will be larger in size than the previous file. Restoring from a differential backup requires that you have the last full backup and the last differential backup. Differential backups are the second most preferred method of performing backups, after full backups.

The Backup ProcessWhen the backup process is started (using the ntbackup.exe), the Web Storage System informs the ESE that it is entering a backup mode and a patch file is created for each database in the backup (if for a full backup, otherwise a patch file is not created). The currently open log file is closed out and renames and new log file is opened at this time as well. This indicates the point at which the ESE can truncate the logs after the backup process has completed. Figure 2 illustrates the backup process.

Figure 2 - The backup process (from Chapter 28 of the Exchange 2000 Server Resource Kit).

When the backup is started, the agent requests that the database read and sequence all database pages from the ESE. As the database reads the pages, the ESE verifies them through a checksum to ensure that they are valid. If they are invalid, the backup stops to prevent the storage of damaged data. After the backup is complete and all the pages are read, the backup copies the logs and patch files to the backup set. The log files are then truncated or deleted at the point when the new generation started at the beginning of the backup. The backup set closes, the ESE enters normal mode, and the backup is complete.

The preceding description assumed that you were performing an online backup (databases online at the time of backup), which is the preferred mode since it allows the databases to remain online and usable. You can, however, perform an offline backup by taking the databases offline. Offline backups are always full backups as the databases are dismounted and therefore not available for writing by network clients.

Of course, the backup is just the first half of the solution. Being able to restore the data would be nice as well.

The Restoration Process The restoration process pretty much mirrors the backup process, but obviously in reverse. Before you can perform a restoration, you will need to take the database (or storage group) offline by dismounting it. When the restoration process begins, the ESE enters restore mode. The backup agent copies the database from the backup media to the target location. The associated log and patch files are copied to a temporary location (as specified by the backup operator) so they aren't saved to the same location as current files in the Exchange or Production Database directory. Should the log and patch files happen to be places in the same location, log files can be overwritten which will cause corruption of the database. After the files are restored, a special instance of the ESE starts for the specific purpose of restoring the database. It applies the patch file and log files to bring the database up to date. After the restore is complete, the log and patch files are deleted from the temporary location and the storage group is mounted and made available for use. Figure 3 summarizes the restoration process.

Figure 3 - The restoration process (from Chapter 28 of the Exchange 2000 Server Resource Kit).

One Last Thing:A point worth mentioning is that the version of ntbackup.exe that ships with Windows 2000 (5.0.2172.1) cannot be used to perform Exchange 2000 Server backups. You will need to have version 5.0.2195.1117 or later installed on your system. Figure 4 shows the version of ntbackup.exe that ships with Windows 2000 (unmodified) and Figure 5 shows the version that comes with Service Pack 2.

Figure 4 - ntbackup.exe original file.

Figure 5 - ntbackup.exe in Service Pack 2.

Wrap-Up:As we've seen, the Exchange Server database arrangement is a fairly complex one, although one that has safeguards built into it to minimize damage and prevent the use of damaged databases. The backup and restore processes are quite complex, although for the most part hidden away from us. The most important thing that I can leave you with is this: do not arbitrarily delete your transaction logs or checkpoint log-doing so may really, really screw up your weekend. Let Exchange and the backup process handle purging these files-its just better that way.

45) In which file mails are stored in outlook express and Netscape navigator

.dbx files in which Outlook Express stores folders and identifies e-Mails stored in them. A .dbx file is the proprietary database format in which Outlook Express stores the emails. If Outlook Express crashes and you cannot find a given dbx file or recover given message from the dbx file.

46) Why gateway is used. 47) What is the difference between NT Domain and W2K Domain

48) What is Active Directory and Directory SERVICE IN NT49) What are core component of exchange 5.5 and 2000? What are connectors 50)What protocol are used in exchange

51) Why the concept of client and server is introduced52) What is the use of maintaining static or manual IP53) What is the main difference between exchange 5.5 and exchange 2000 server54) If a create a new user in W2K , its comes in which group55)Can we define bandwidth for the synchronization on domain56)Difference between WIN2K server and advance server and WIN 200357)How to create Roaming profile 58)How to take the server registry backup. What is system state (backup)59) What is difference between WIN95,98,2K,XP60) What is the main function of router (Type)61)

1 Backing Up Active Directory

16.1.1 Problem

You want to back up Active Directory to tape or disk.

16.1.2 Solution

Back up the System State, which includes the Active Directory-related files on the domain controller. Here are the directions for backing up the System State using the NtBackup utility that comes installed on Windows 2000 and Windows Server 2003 computers:

16.1.2.1 Using a graphical user interface

1. Go to Start All Programs (or Programs for Windows 2000) Accessories System

Tools Backup.2. Click the Advanced Mode link.

3. Click the Backup tab.

4. Check the box beside System State.

5. Check the box beside any other files, directories, or drives you would also like to back up.

6. For Backup destination, select either File or Tape depending on where you want to back up the data to.

7. For Backup media or file name, type either the name of a file or select the tape to save the backup to.

8. Click the Start Backup button twice.

16.1.2.2 Using a command-line interface

The NtBackup utility supports several command-line parameters that you can use to initiate backups without ever bringing up the GUI.

For the complete list of supported commands on Windows 2000, see MS KB 300439 (How to Use Command Line Parameters With the "Ntbackup" Command).

For the complete list of supported commands on Windows Server 2003, see MS KB 814583 (HOW TO: Use Command Line Parameters with the Ntbackup Command in Windows Server 2003).

2 Restarting a Domain Controller in Directory Services Restore Mode

16.2.1 Problem

You want to restart a domain controller in DS Restore Mode.

16.2.2 Solution

To enter DS Restore Mode, you must reboot the server at the console. Press F8 after the power-on self test (POST), which will bring up a menu, as shown in Figure 16-1. From the menu, select Directory Services Restore Mode.

Figure 16-1. Boot options

3.Resetting the Directory Service Restore Mode Administrator Password

16.3.1 Problem

You want to reset the DS Restore Mode administrator password. This password is set individually (i.e., not replicated) on each domain controller, and is initially configured when you promote the domain controller into a domain.

16.3.2 Solution

16.3.2.1 Using a graphical user interface

1. For this to work you must be booted into DS Restore Mode (see Recipe 16.2 for more information).

2. Go to Start Run.

3. Type compmgmt.msc and press Enter.

4. In the left pane, expand System Tools Local Users and Computers.

5. Click on the Users folder.

6. In the right pane, right-click on the Administrator user and select Set Password.

7. Enter the new password and confirm, then click OK.

16.3.2.2 Using a command-line interface

With the Windows Server 2003 version of ntdsutil, you can change the DS Restore Mode administrator password of a domain controller while it is live (i.e., not in DS Restore Mode). Another benefit of this new option is that you can run it against a remote domain controller. Here is the sample output when run against domain controller DC1.

> ntdsutil "set dsrm password" "reset password on server DC1"ntdsutil: set dsrm passwordReset DSRM Administrator Password: reset password on server DC1Please type password for DS Restore Mode Administrator Account: **********

Please confirm new password: **********Password has been set successfully.

Microsoft added a new command in Windows 2000 Service Pack 2 and later called setpwd. It works similarly to the Windows Server 2003 version of ntdsutil by allowing you to reset the DS Restore Mode password while a domain controller is live. It can also be used remotely.

4 Performing a Non authoritative Restore

16.4.1 Problem

You want to perform a nonauthoritative restore of a domain controller. This can be useful if you want to quickly restore a domain controller that failed due to a hardware problem.

16.4.2 Solution

16.4.2.1 Using a graphical user interface

1. You must first reboot into Directory Services Restore Mode (see Recipe 16.2 for more information).

2. Open the NT Backup utility; go to Start All Programs (or Programs for Windows 2000)

Accessories System Tools Backup.

3. Click the Advanced Mode link.

4. Under the Welcome tab, click the Restore Wizard button and click Next.

5. Check the box beside System State and any other drives you want to restore and click Next.

6. Click the Advanced button.

7. Select Original location for Restore files to.

8. For the How to Restore option, select Replace existing files and click Next.

9. For the Advanced Restore Options, be sure that the following are checked: Restore Security Settings, Restore junction points, and Preserve existing mount volume points. Then click Next.

10. Click Finish.

11. Restart the computer.

5 Performing an Authoritative Restore of an Object or Subtree

16.5.1 Problem

You want to perform an authoritative restore of one or more objects, but not the entire Active Directory database.

16.5.2 Solution

Follow the same steps as Recipe 16.4, except after the restore has completed, do not restart the computer.

To restore a single object, run the following:

> ntdsutil "auth restore" "restore object cn=jsmith,ou=Sales,dc=rallencorp,dc=com" q

To restore an entire subtree, run the following:

> ntdsutil "auth restore" "restore subtree ou=Sales,dc=rallencorp,dc=com" q

Restart the computer.

There are some issues related to restoring user, group, computer, and trust objects that you should be aware of. See MS KB 216243 and MS KB 280079 for more information.

6 Performing a Complete Authoritative Restore

16.6.1 Problem

You want to perform a complete authoritative restore of the Active Directory database because something very bad has happened.

16.6.2 Solution

Follow the same steps as Recipe 16.4, except after the restore has completed, do not restart the computer.

Run the following command to restore the entire database:

> ntdsutil "auth restore" "restore database" q

Restart the computer.

7 Checking the DIT File's Integrity

16.7.1 Problem

You want to check the integrity and semantics of the DIT file to verify there is no corruption or bad entries.

16.7.2 Solution

16.7.2.1 Using a command-line interface

First, reboot into Directory Services Restore Mode. Then run the following commands:

> ntdsutil files integrity q q> ntdsutil "semantic database analysis" "verbose on" go

8 Moving the DIT Files

16.8.1 Problem

You want to move the Active Directory DIT files to a new drive to improve performance or capacity.

16.8.2 Solution

16.8.2.1 Using a command-line interface

First, reboot into DS Restore Mode. Then, run the following commands, in which <DriveAndFolder> is the new location where you want to move the files (e.g., d:\NTDS):

> ntdsutil files "move db to <DriveAndFolder>" q q> ntdsutil files "move logs to <DriveAndFolder>" q q

9 Repairing or Recovering the DIT

16.9.1 Problem

You need to repair or perform a soft recovery of the Active Directory DIT because a power failure or some other failure caused the domain controller to enter an unstable state.

16.9.2 Solution

16.9.2.1 Using a command-line interface

First, reboot into DS Restore Mode.

Run the following command to perform a soft recovery of the transaction log files:

> ntdsutil files recover q q

If you continue to experience errors, you may need to run a repair, which does a low level repair of the database, but can result in loss of data:

> ntdsutil files repair q q

If either the recover or repair are successful, you should then check the integrity (see Recipe 16.7).

10 Performing an Online Defrag Manually

This recipe must be run against a Windows Server 2003 domain controller.

16.10.1 Problem

You want to initiate an online defragmentation. This can be useful if you want to expedite the defrag process after deleting a bunch of objects.

16.10.2 Solution

16.10.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of the target domain controller.

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials of a user from one of the administrator groups.

8. Click OK.

9. From the menu, select Browse Modify.

10. Leave the Dn blank.

11. For Attribute, enter DoOnlineDefrag.

12. For Values, enter 180.

13. For Operation, select Add.

14. Click Enter.

15. Click Run.

16.10.2.2 Using a command-line interface

Create an LDIF file called online_defrag.ldf with the following contents:

dn:changetype: modifyreplace: DoOnlineDefragDoOnlineDefrag: 180

11 Determining How Much Whitespace Is in the DIT

16.11.1 Problem

You want to find the amount of whitespace in your DIT. A lot of whitespace in the DIT may mean that you could regain enough space on the disk to warrant performing an offline defrag.

16.11.2 Solution

16.11.2.1 Using a graphical user interface

1. Run regedit.exe from the command line or Start Run.

2. Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services

NTDS Diagnostics.

3. In the right pane, double-click on 6 Garbage Collection.

4. For Value data, enter 1.

5. Click OK.

16.11.2.2 Using a command-line interface> reg add HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics /v "6 Garbage[RETURN] Collection" /t REG_DWORD /d 1

12 Performing an Offline Defrag to Reclaim Space

16.12.1 Problem

You want to perform an offline defrag of the Active Directory DIT to reclaim whitespace in the DIT file.

16.12.2 Solution

16.12.2.1 Using a command-line interface

1. First, reboot into Directory Services Restore Mode.2. Next, check the integrity of the DIT, as outlined in Recipe 16.7.

3. Now, you are ready to perform the defrag. Run the following command to create a compacted copy of the DIT file. You should check to make sure the drive on which, you create the copy has plenty of space. A rule of thumb is that it should have at least 115% of the size of the current DIT available.

> ntdsutil files "compact to <TempDriveAndFolder>" q q

4. Next, you need to delete the transaction log files in the current NTDS directory.

> del <CurrentDriveAndFolder>\*.log

5. You may want to keep a copy of the original DIT file for a short period of time to ensure nothing catastrophic happens to the compacted DIT. If you are going to copy or move the original version, be sure you have enough space in its new location.

6. > move <CurrentDriveAndFolder>\ntds.dit <TempDriveAndFolder>\ntds_orig.dit> move <TempDriveAndFolder>\ntds.dit <CurrentDriveAndFolder>\ntds.dit

7. Repeat the steps in Recipe 16.7 to ensure the new DIT is not corrupted. If it is clean, reboot into normal mode and monitor the event log. If no errors are reported in the event log, make sure the domain controller is backed up as soon as possible.

13 Changing the Garbage Collection Interval

16.13.1 Problem

You want to change the default garbage collection interval.

16.13.2 Solution

16.13.2.1 Using a graphical user interface

1. Open ADSI Edit.

2. In the left pane, expand cn=Configuration cn=Services cn=Windows NT.

3. Right-click on cn=Directory Service and select Properties.

4. Edit the garbageColPeriod attribute and set it to the interval in hours that the garbage collection process should run (the default is 12 hours).

5. Click OK.

16.13.2.2 Using a command-line interface

Create an LDIF file called change_garbage_period.ldf with the following contents:

dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN>changetype: modifyreplace: garbageCollPeriodgarbageCollPeriod: <IntervalInHours>-

then run the following command:

> ldifde -v -i -f change_garbage_period.ldf

14 Logging the Number of Expired Tombstone Objects

16.14.1 Problem

You want to log the number of expired tombstone objects that are removed from Active Directory during each garbage-collection cycle.

16.14.2 Solution

16.14.2.1 Using a graphical user interface

1. Run regedit.exe from the command line or Start Run.

2. Expand HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services

NTDS Diagnostics.

3. In the right pane, double-click on 6 Garbage Collection.

4. For Value data, enter 3.

5. Click OK.

16.14.2.2 Using a command-line interface> reg add HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics /v "6 Garbage[RETURN] Collection" /t REG_DWORD /d 3

16.14.2.3 Using VBScript' This code enables garbage collection logging.' ------ SCRIPT CONFIGURATION ------strDCName = "<DomainControllerName>"intValue = 3 ' ------ END CONFIGURATION ---------

const HKLM = &H80000002strNTDSReg = "SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics"set objReg = GetObject("winmgmts:\\" & strDCName & "\root\default:StdRegProv")objReg.SetDWORDValue HKLM, strNTDSReg, "6 Garbage Collection," intValueWScript.Echo "Garbage Collection logging enabled"

15 Determining the Size of the Active Directory Database

16.15.1 Problem

You want to determine the size of the Active Directory database.

16.15.2 Solution

16.15.2.1 Using a command-line interface

If you are in DS Restore Mode, you can use ntdsutil to report the size of the Active Directory database:

> ntdsutil files info

If you are not in DS Restore Mode and run this command, you will receive the following error message:

*** Error: Operation only allowed when booted in DS restore mode "set SAFEBOOT_OPTION=DSREPAIR" to override - NOT RECOMMENDED!

As you can see, it is possible to override this failure by setting the SAFEBOOT_OPTION environment variable to DSREPAIR, but I do not recommend this unless you know what you are doing. By setting

that environment variable, the ntdsutil command will not stop you from performing other commands. This can be very dangerous.

Another method, which is safer and easier, is to bring up a command shell by going to Start Run, typing cmd.exe, and pressing Enter. Then type cd <NTDSDir>, where <NTDSDir> is the full path to the ntds.dit file. Finally, run the dir command; the output will show the size of the files.

then run the following command:

> ldifde -v -i -f online_defrag.ldf

16 Searching for Deleted Objects

16.16.1 Problem

You want to search for deleted objects.

16.16.2 Solution

16.16.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller you want to target (or leave blank to do a serverless bind).

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Connect.

7. Enter credentials of a user that is an administrator for the domain.

8. Click OK.

9. From the menu, select Options Controls.

10. For Windows Server 2003, select the Return Deleted Objects control under Load Predefined.

11. For Windows 2000, type 1.2.840.113556.1.4.417 for the Object Identifier and click the Check In button.

12. Click OK.

13. From the menu, select Browse Search.

14. For BaseDN, enter: cn=Deleted Objects,<DomainDN>.

15. For Scope, select One Level.

16. For Filter, enter: (isDeleted=TRUE).

17. Click the Options button.

18. Under Search Call Type, select Extended.

19. Click OK.

20. Click Run.

16.16.2.2 Using a command-line interface

As of this writing, none of the standard command-line tools provide a way to search for deleted objects.

17 Restoring a Deleted Object

This recipe must be run against a Windows Server 2003 domain controller.

16.17.1 Problem

You want to restore an object that was previously deleted.

16.17.2 Solution

16.17.2.1 Using a graphical user interface

1. Open LDP.

2. From the menu, select Connection Connect.

3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

4. For Port, enter 389.

5. Click OK.

6. From the menu, select Connection Bind.

7. Enter credentials of a user that can restore the deleted object (only administrators for the domain by default).

8. Click OK.

9. From the menu, select Options Controls.

10. Select Return deleted objects from the Load Predefined selection.

11. Click OK.

12. From the menu, select Browse Modify.

13. For Dn, enter the distinguished name of the deleted object you want to restore.

14. For Attribute, enter distinguishedName.

15. For Values, enter the original DN of the object.

16. For Operation, select Replace.

17. Click Enter.

18. For Attribute, enter isDeleted.

19. For Values, remove any text.

20. For Operation, select Delete.

21. Click Enter.

22. Add mandatory attributes as necessary:

23. For Attribute, enter <ManadatoryAttribute>.

24. For Values, enter <MandatoryAttributeValue>.

25. For Operation, select Add.

26. Check the box beside Extended.

27. Click Run.

28. The results will be displayed in the right pane.

18 Modifying the Tombstone Lifetime for a Domain

16.18.1 Problem

You want to change the default tombstone lifetime for a domain.

16.18.2 Solution

16.18.2.1 Using a graphical user interface

1. Open ADSI Edit.

2. In the left pane, expand cn=Configuration cn=Services cn=Windows NT.

3. Right-click on cn=Directory Service and select Properties.

4. Set the tombstoneLifetime attribute to the number of days that tombstone objects should remain in Active Directory before getting removed completely (the default is 60 days).

5. Click OK.

16.18.2.2 Using a command-line interface

Create an LDIF file called change_tombstone_lifetime.ldf with the following contents:

dn: cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,<ForestRootDN>changetype: modifyreplace: tombstoneLifetimetombstoneLifetime: <NumberOfDays>-

then run the following command:

> ldifde -v -i -f change_tombstone_lifetime.ldf

1. Exchange 5.5 Server

Is it possible to restrict users of either a mailbox or public folder fromreplying or forwarding emails in the mailbox or folder?  We have adepartment which needs some users to be able to view the contents of mailboxor public folder without being able to do anything with them.  The mostcontrol I can get with the standard permissions is "read" but this stillallows users to reply and forward.

Also, I keep seeing references made to being able to publish the contents ofa public folder to a website.  This would probably work, unless they arejust referring to OWA.  Anyhow, I can find documentation that this can bedone, but cannot seem to find instructions on doing so.

2. Exchange 5.5 system and an Exchange 2000 systemI've got an Exchange 5.5 system and an Exchange 2000 system connected byX400 connector. I have added the appropriate X400 address space on each sideof the connector to route mail to/from each system correctly. I am using anin-house written app to maintain directory information. It creates customrecipients (Ex5.5) and contacts (Ex2000) in each directory with an X400target address corresponding to mailboxes in the remote directory. My problem is how recipient addresses are recognised by the Exchange 5.5system. For example:User on Exchange 2000 system chooses my contact from their address list andsends mail. The target address is the X400 address of my mailbox. The mailis routed over the X400 connector to my mailbox. When I open the mail andlook at the properties of the sender, it correctly resolves to the customrecipient that we have in our directory (because the sender X400 addressmatches to the custom recipient) When I look at properties of the recipienthowever, they just show the "legacyexchangedn" value from the contact on theexch2000 system. It doesn't resolve to any object from our directoy.

So it appears that the sender field is received as an X400 value, which wecan resolve to our directory, but the recipients field is received as anX500 value, which we can't.

Can anyone explain the reason for this behaviour to me? Why aren't therecipients addresses also seen as X400?

This becomes a problem where the the original mail is sent to multiplerecipients on the Exch5.5 system. If any of the recipients chooses to"reply-all", only the sender address is resolved correctly. The otheroriginal recipients are not then properly addressed.

Apologies for the ramble, but I hope it makes sense. Thanks in advance forany insight.

3. OWA Login Problem

We have one user that can not logion into OWA. When they login usingdomain\user and password they get the 404 page not found. This is a E2K2000 Front end server. Funny the page that pops up shows the outline ofthe two panes for OWA with the error message listed twice. This is theonly user having this issue and it does not matter what desktop sheuses. Other people can login using her PC ok. However if I have her usethe https://webmail.domain.com/exchange/username/ it works fine. I havelooked on the IIS server and didn't see anything. Seems I saw this onthis list before and I do not remember what the problem was.

4. Outlook 2000

I have run into a problem with some of my Outlook 2000 clients. I haveExchange 2003 running with 3 front-end servers and 7 backend servers.When I configure the Outlook profile it can not resolve the name on 9 ofthe 10 servers. The 1 server that does work was the first server in theorganization. Any ideas what could cause this?

5. Xchange 200 on 2000

I am running exchange 200 on 2000 server fully spack'd.I would like to add a disclaimer to every email that leaves thisbuilding.How do I do this ?

I am searching on my own as well.

6. One:

AAdmin pack installed on an XP workstation with SP1. Connecting to a 2000domain with an Exchange 2000 server. Very often when I use AD U&G to modifyExchange addresses of a user when I hit apply/ok I get:

RPC Server UnavailableMS Active Directory - Exchange Connector

This happens even if I point AD U&G at the Exchange server, which is also aDC. Using AD U&G directly on the Exchange server and I never get this error.

7. Two:

The brought up a new server (Exchange 2000), moved the mailboxes, GAL's andpublic folders over to the new server no problem. Then at some point the oldserver either smoked or they just shut it down without removing it from thesite. So there is a server in there that does not and will not ever be back.So extra routing containers everything for it. Can't right click and deleteit as it errors with server can not be contacted. Would really like to cleanthis up before I bring up another and migrate to 2003.

8. Windows 2000 Active Directory, Exchange2000, Outlook2003 and OWAclients

I have to hide a common Active Directory attribute (Office) from displaying in the Global Address List. Is there any way to do this? I have tried removing it from the details template and I have tried modifying the permissions in the AD schema using ADSI Edit but neither of these seem to work.

9.Has anyone used the Recover Mailbox Data Feature from EX2K3 on SP1successfully on a Recovery Storage

Group where the names of the mailboxes include a comma?  Evidently there is a bug in the program so that it fails if there is a comma in the display name.  I was wondering if anyone had figured out how to get around this or had heard of a hotfix?

I thought maybe I could use the ADSI Viewer (ADSVW.exe) to fix the commaissue, but it doesn't appear that the RSG mailboxes are available inthat interface.

10 Automatically start perfmon alerts

I am trying to find a way to automatically start perfmon alerts on Windows2000 server (if the perfmon service is restarted or if the server isrebooted, all alerts are stopped and I have to start each one manually)

Is there a way?

11. All inbound

Is there a way to accept all inbound mail to a given domain that doesn'tmatch another directory entry into one maibox in Exchange 5.5?  We've a needto accept wildcard inbound mail - i know, not a pretty idea, but there's a'business need'.   Is it doable in Exchange or do I need to rewrite the mailat the gateway?

12. Post Appointments

I can't figure this out. When I post appointments to ourshared calendar the appointment times that display on myversion of the shared calendar are correct, however, onanyone else's instance of the calendar all theappointments appear to be one hour later. All machines are runningXPPro With outlook 2003

13. The Checkbox

On a W2K workstation, the checkbox "Manager can update membership list"is missing.  This checkbox should be available for distribution groupson the Managed By tab.

How can I enable this checkbox?

Solution :-

Install Windows 2000 adminpak on that workstation.

14. Create a single email that contains the addresses for all NDRs

Is there any way to configure Exchange 2003 to create a single emailthat contains the addresses for all NDRs to messages? The goal is ratherthan receive an individual email for each recipient that is notreachable to instead have a single email that contains all the addressesthat failed. That single email could then be used with GREP to pull allthe email address and scrub the database or email addresses that are notvalid. Anyone have a way of doing such a thing?

15. NT4 domain (FOO) to Active Directory running on Windows Server 2003

In our organization (say foo.bar.com) we have recently upgraded our singleNT4 domain (FOO) to Active Directory running on Windows Server 2003Enterprise Edition, with two domain controllers (server names: DC-1, DC-2),running DNS (AD-integrated).

We also have Ex 5.5 running on NT4SP6 (originally member of the old NT4domain, now member of the AD domain) that we wish to migrate to ExchangeServer 2003, also running on Windows Server 2003 (server name: ES-1).

We've been using the ExDeploy tool to migrate the Ex5.5 server. Aftersuccessfully finishing the required steps for Phase-1, we tried to run setup/ForestPrep. Having reached to the component selection screen, ForestPrepdoes not appear selected in the Action combo (filled with ...) and when wetried to select it, we got the following error message: "  The component"Microsoft Exchange Forest Preparation"  cannot be assigned the actionForestPrep because:- Either you do not have permission to update the  Active Directory schema or Active Directory service  is currently too busy."However, the account under which the tool has been run actually has therequired permissions, since it is member of the following groups in thedomain: Domain Admins Enterprise Admins Schema Adminsand the Administrators group of the ES-1 machine.

Any ideas? Are we missing something?

Additional Notes:- The file LDIF.ERR referenced in the log does not exist.- NTDS Service Parameter (registry) value "Schema Update Allowed" is set to '1'.- All OS hot-fixes up to MS04-25 have been installed on all new WS2K3 servers.- All machines mentioned form an isolated lan using a 100Mbps switch, for testing purposes (not connected to the internet.)- Test mentioned in Q319944 (DCDIAG /test:KnowsOfRolesHolders /v) succeeds.- Potentially interesting excerpts from the Setup Progress log file follow.

16. SMTP Virtual Server

We have our Exchange server connected directly to theinternet. I have specified that the SMTP Virtual Serverresolve DNS names through external servers. But It will notsend mail out. We get the following  error:

The e-mail address could not be found.  Perhaps therecipient moved to a different e-mail organization, or therewas a mistake in the address.  Check the address and tryagain.           <mail.dsst.hs #5.1.8 smtp;553 5.1.8<michele.cooper@dsst.hs>... Domain of sender addressmichele.cooper@dsst.hs does not exist>

It neither sees the external domain AND gives an error about

the internal domain.

Mail to users internally works fine.

Solution :-

That must be because those users have the @earthlink.com address definedlocally on your Exchange server, so when mail is sent internally, Exchangeserver finds a match and puts the message into the appropriate mailbox.

I think you should be able to configure your users' Outlook profilesdifferently so that Exchange is not the primary transport, but the ISP'sPOP3/SMTP account is. Then mail will shoot out via ISP instead of trying toget resolved by the Exchange server.

P.S. Are you sure that you really need Exchange if you don't want to use itsbiggest component? (sending/receiving mail)

P.S. #2 you know, you can also give your Exchange server's POP3 protocol atry.

17. Disable OWA Access

Is there a way to disable owa access externally for a specific group ofdomain users but allow them access internally?  I know it can be done bydisabling the http protocol but the users should have access to owa whenlogged on to the internal network. Any ideas?

18. Over the last couple of days

We have had three or four e-mails that have we have had three or four e-mails that have ,been rejected with the error below. Note that the recipient address is an external address. Also, many, many e-mails are getting out, there are just afew with this problems.

1. E-mails are bring sent from Outlook 2000 MAPI client.2. Server is Exchange 2000 SP3 on Win2000 SP4.

Your message did not reach some or all of the intended recipients.

19. Exchange 2003 STD Edition

Any one know the fix for this issue or know of a posted fix?

Exchange 2003 STD Edition, OWA with SSL working fine.

I have enabled the change password option when the system was E2K. I getthe asp form used to change the account information and input all pertinent data for user to change password. When I submit it the following error comes up.

     Error: General access denied error.

If I use the wrong domain it will let me know that is does not exist so that leads me to think it is talking to my domain when I do have the right information but will not let me make the change for some reason.

This has been posted on many tech sites...none have a resolution. Seems to be an issue when upgrading from E2K to E2K3 with an in-place upgrade.

20. Send Mail command In Unix, you can use the Send Mail command to automatically forward a TXTfile on a server to an Exchange mailbox.  Is there an NT Send Mail commandor something comparable, for forwarding a TXT file to an Exchange 5.5server?

21. Migrated from GroupWise and Novell to Exchange 2000

I have a customer we migrated from GroupWise and Novell to Exchange 2000 and Windows 2000.  We used the MS GroupWise connector for the migration and the Wingra software.

Now that the migration is complete, and all Novell and GroupWise servers aredown we are doing some cleanup.  In the GAL, in the Email type field, itshows "EX" and all email addresses show up in the X.500 format of/o=DOMAIN/ou=First Administrative Group/cn=Recipients/cn=UserName

Any suggestions on how to change the type so it shows up as SMTP and theemail addresses show up with an SMTP address? TIA

 22. MTACHECK

I am having problems running MTACHECK to try and get my MTA back up andrunning after an online restore. I am using the following syntax fromthe exchsrvr\bin folder -

mtacheck /v /f mtacheck.log and I get the following error message -

Integrety checker was unable to create MTACHECK.OUT directory. Thisdirectory does exist in the MTADATA directory and I have tried deletingthe existing logs in there.

Windows 2K SP4 w/hotfix roll-up Exchange 2k SP3 w/hotfix rollup.

Am I missing something obvious in the syntax or is there anotherproblem.

23. We are having difficulty when we try to delegate ownership of a mailbox to another user.

IE, user A leaves the organization we disable user A's AD login thendelegate (through AD/Exchange Advanced user rights) Mailbox Owner privilegesto user B.  User B then tries to open the user A inbox in their Outlook andreceives "The folder can't be opened...".  Is there another step I'm missinghere?

Disabling the user results in the mailbox not having a master account SID.The mailbox is more or less unusable without one and you won't be able toopen it.  What you need to do is go back into the permissions for thatmailbox under Exchange Advanced tab and assign the 'Associated ExternalAccount' permission to SELF.

Probably when you disable User A, the "Self" entity gets wiped out of thepermissions to User A's mailbox. The lack of "Self" is causing the problemwith others not being able to access the mailbox. Re-add "Self" with thepermissions Full Control and Associated External Account.

24. EXmerge

If I have two mailboxes, both with data in them, is it possible to useexmerge to take the data from one mailbox and "merge" it to the other without losing data.In other words if I take the contents of UserA mailbox, can I put them intoUserB mailbox and when finished UserB has all there original message plusthe messages from UserA

I am assuming this is how it works, but I want to confirm before I try it

ExMerge looks at the name of the PST file during import and matches it withthe mailbox nickname (alias) of the target mailbox - that's where it dumpsthe imported data.

You put your email inYou take your email outYou put your email inAnd then you PST it out.You do exmerge and your turn yourself around.That's what its all about!

25. when using /disasterrecovery I seem to remember a requirement when using /disasterrecovery that you hadto be using the same type of hardware when rebuilding, i.e. if the originalserver was on a Proliant DL580 G2 attached to a SAN the new server also hadto be a DL580 G2 attached to a SAN, but the KB article on using/disasterrecovery (297289) doesn't mention this.  Am I rememberingincorrectly?  We're in the process of planning for Hurricane Ivan and thehardware given to us for a rebuild of the main mailbox server is a DL580 G1instead of a G2, and I was wondering if this would cause a problem. I've done plenty of recovery's with /disasterrecovery before but always tothe exact same type of hardware.

Solution :- I think this is because before doing setup /disasterrecovery you will needto perform a system state restore to bring the OS to the same level as theoriginal machine. A system state restore on different hardware will probablyhave some strange effects.

From what I understand, a direct move from Exch2000 Enterprise edition to Exch2003 Standard edition upgrade is not possible on the existing machine. Instead could I do the following:

1. Install Exchange 2003 Standard on a second server2. Do a move mailbox from the Exc2000 to the new Exc2003 server (I think they call it a "swing"?)3. Remove Exc2000 from the original server4. Install Exh2003 server on the original machine5. Swing the data back to the original server6. Kill the temporary server

26. OWA Front End multiple server

I have a customer with 2 Exchange 2003 servers running on Windows 2003Server.  They don't want to have a front-end server.  Is this possible? Iwas under the impression it was. The firewall only points to one of theservers from the outside, when on the other server (the 1 the firewall isn'tpointed to) tries to connect they get a "Cannot find server or DNS ErrorInternet Explorer" error. Or do they need to have a front end server or do Ihave something setup wrong? They are still in the middle of the 5.5 upgradedo I need to wait for native for this to work? Thanks!

Solution 1 :-

Yes it is possible. Make sure that both servers are accessible fromoutside the firewall. You'll need to enable port 80 (ideally port 443for HTTPS) access to both servers through the firewall. You'll also needto make sure that the relevant DNS entries for both servers are visibleto the outside world.

What's happening here is that when your user connects to server 1, buttheir mailbox is on server 2, server  performs an HTTP redirect toserver 2. However, you are getting those errors because your web clientcan't perform a DNS resolution for the object in the HTTP redirect.

Solution 2 :-

Your firewall probably points to the IP address, not the name. Bring upthe second server move everything then after the dust settles swap theIP addresses.

Doubt your MX record would need to be changed. If it names the serverthen there is an A record for that servername/hostname that points to anIP. If that IP is your firewall you have to change nothing. If it isyour server that has the public IP address then the IP address swapabove takes care of that.

All depends how you are set up at the firewall. If Exchange is sittingin a DMZ with public addresses or if you are behind NAT.

But either way the name of the server looks to be irrelevant. But likeyou said even if you change MX and reconfig the firewall you are farahead of the game in time and effort.

Just run both servers for awhile so your users with Outlook start up andlog on and automatically pick up the mailbox move to the new server.

27. Exchange 5.5 to Exchange 2003

A question for those of you that have gone thru the migration fromExchange 5.5 to Exchange 2003. We are planning to have a win2k3 nativedomain and exchange 5.5/EX2k3 mixed mode. From what I've read in doing

my research for our migration is that when we migrate the Exchange 5.5DL's that we use for permissions on Public Folders that they areconverted to Universal Security Groups.Are these mail enabled security groups or do I have to created anotherDistribution group to replace the ones that we used for permissions andare converted?

28.1 forest, 1 tree, multiplechilddomains

Some of the childomains are in "windows2000 mixed" some others in"Windows2000 native mode" some others in "Windows2003 functional mode",each domain has its own Exchange55 server all the exchange55 serversbelong to the same Exchange Organization.

The forest has been "setup /forestrprep" for exchange2003. I can confirmthe "rangeupper" attribute value is already 6870.

Please can I use the following sequence to install ADC on thechilddomains running windows2000 AD (either mixed or native), noticeExchange2003 "setup /forestprep" has been already executed at the root.

on the childdomains:1) install ADC on a member server (using EA credentials) using theexchange2003 cd, configure two-way CAs. (exchange55 <-->DC)2) execute "setup /adprep" using the windows2003 cd3) execute "setup/ domainprep" using the exchange2003 cd.4) upgrade the dcs to windows2003 and switch to windows2003 functionalmode5) install exchange2003 by joining the existent exchange55 server inthat childdomain.  

Or do you think this sequence *must* be different for any technicalrequirement that I am missing. For example --I am just suppossing--ADC-exchange2003 cannot be installed on a Windows2000AD...unlesswindows2003 /adprep has been executed..or some other possible technicalrequirement.

29. Exchange 2000 SP3 on a Windows 2000 server

I am running Exchange 2000 SP3 on a Windows 2000 server, 2003 domain. My problem is that exchange will not deliver mail to domains that do not list a specific mx record. Is there a setting somewhere to prompt exchange to try

connecting to other types of records listed instead?

Thanks for your insights.

30. OWA Problem.

I have several MS small business clients and while sbs2000 was out (itincludes isa2000 and exch2000) I could not connect from one client toanother using OWA. With sbs2003 that is no longer and issue BUT....I have anout sourced finance group who come to my client and try to connect to theircompanies OWA (on a exch 2000 machine) and while passing through my isa 2000they get "Access Denied" I can connect to any owa 2003 and their companiestechs assure me that they are not locked out. In a nut shell: Is there aport I have to open in ISA to access a exch 2000 based OWA site?

Solution:- Microsoft Knowledge Base Article – 280823

31. "https//servername/exchange"

I have two domains that I want to service with one front end server, The twodomains are HG and HI.  HG and HI are different administrative groups anddifferent domains, but they all share the harman.com address. The front endserver is located within the HG domain.  Anyone in the HG domain can use thefront end server without any issues when they type in "https".  When peoplein the HI domain attempt to use the front end server (again using https),they get the normal security warning and the authentication box.  They putin HI\username and password, and then a message comes back "The page must beviewed over a secure channel". Below that is a message that says "the pageyou are trying to view requires the use of https in the address".  The funnything is you see in the address bar "https//servername/exchange" (I took thecolons out to kill the link in the email)!

Can anyone point me in the right direction??  I looked at Google and TechNetwithout any success.

Thanks.

32. HG and HI

I have two domains that I want to service with one front end server; thetwo domains are HG and HI.  HG and HI are different administrativegroups and different domains, but they all share the harman.com address.The front end server is located within the HG domain.  Anyone in the HGdomain can use the front end server without any issues when they type in"https".  When people in the HI domain attempt to use the front endserver (again using https), they get the normal security warning and the

authentication box.  They put in HI\username and password, and then amessage comes back "The page must be viewed over a secure channel".Below that is a message that says "the page you are trying to viewrequires the use of https in the address".  The funny thing is you seein the address bar "https//server name/exchange" (I took the colons outto kill the link in the email)

Can anyone point me in the right direction??  I looked at Goggle andTechNet without any success.

Thanks

33. NT 4.0 sp 6

Our PDC is crashing and the Exchange server is supposed to be the BDC.  Wehave to take the PDC down, can the Exchange server be promoted to PDC? Also,it does not appear as though the Exchange server has been acting as BDC,when PDC goes down, no one can log in or access email from exchange server.I did not set any of this up, so I am not sure why it is acting this way.

34. Kerberos/NTLM Authentication..I have a problem with a few users that I can not figure out. I amrunning Exchange 2003 SP1 in native mode with Windows 2003 AD in nativemode and Outlook 2003.

The problem is that this user can not logon using OWA. She gets an errorsaying "Bad Request (Request Header Too Long)". If I turn on FriendlyHTTP errors then the error is "HTTP 400 - Bad Request".

This user also can not open their mailbox from the client when logged onto a computer on the domain. If I change the profile to use "PasswordAuthentication (NTLM)" rather than "Kerberos/NTLM PasswordAuthentication" then she can get into her mailbox. If I give myself fullcontrol of her mailbox and set it to prompt for credentials with"Kerberos/NTLM..." then I can get into the mailbox with no problem.

I have used LDP to compare attributes with other an account that worksfine but I don't see any major difference other than things that shouldbe different.

This leads me to believe the problem is related to Kerberos. Any ideawhat I can do to resolve this issue?

Interview Question ‘N’ Answer Bank

Q.1 What is the latest Service Pack for Exchange 2000?

Ans : Service Pack 3.

Q.2 What are the versions of ISA servers and their service packs?

Ans : ISA Server 2000 SP1 ISA Server 2004 SP1

Q.3 What are the core services that run a ISA server?

Ans : Microsoft ISA Server Control Microsoft Web Proxy

Q.4 What is the function of the .edb and .stm files in Exchange 2000?

Ans: .edb files :-

Q.5 What is the core function of the Active directory Connector in Exchange 2000?

Ans: The ADC is the service that lets you perform directory synchronization between the Exchange Server 5.5 DS and AD. The ADC uses connection agreements (CAs) to define individual configurations for replication.

Q.6 What is the SRS service in Exchange 2000?

Ans : The SRS is an Exchange 2000 service that allows integration with Exchange Server 5.5 sites. The SRS runs on an Exchange 2000 server but presents itself as an Exchange Server 5.5 DS to other Exchange Server 5.5 servers. You can use the SRS only if you're running Exchange 2000 in mixed mode.

The SRS in Intrasite Replication :-

Figure 1.

Figure 1 shows an Exchange Server 5.5 site (i.e., a site that contains only Exchange Server 5.5 servers) with a CA homed against one of the servers, S4. The CA to the AD is well defined because it has a valid source of Exchange Server 5.5 directory information. The ADC obtains information from the Exchange Server 5.5 DS on server S4.

But what happens when you upgrade the server S4 from Exchange Server 5.5 to Exchange 2000? Upgrading compromises the integrity of the CA because S4 doesn't have an Exchange Server 5.5 DS (because Exchange 2000 uses AD), and the CA becomes unusable. Your only option is to rehome the Exchange Server 5.5 end of the CA to another server (e.g., server S5). This action would reestablish the integrity of the CA, but you would need to rehome this CA when you subsequently upgrade server S5 to Exchange 2000. This rehoming activity could repeat itself for some time unless you initially homed your CA against a server that you knew would be the last one in the site you migrate to Exchange 2000.

Retaining CA integrity. Let's assume that server S4 is the first Exchange Server 5.5 server in the site you're upgrading to Exchange 2000. This assumption

satisfies one of the rules for enabling the SRS: You're upgrading the first server in the site. When you perform the upgrade in this situation, the SRS (which is the Exchange Server 5.5 DS in disguise) becomes active. And because the SRS takes part in Exchange Server 5.5 directory replication just like any other Exchange Server 5.5 service, it has a valid view of the Exchange Server 5.5 directory in its SRS database.

Figure 2.

Figure 2 shows the SRS active on S4.

Because the SRS is active on server S4, you can retain the existing CA that is homed against S4. Because the SRS is there, you have a valid source of Exchange Server 5.5 directory information, so you don't need to manually rehome the CA. Having one server that you know can always provide a source of Exchange Server 5.5 directory information is a big plus.

When you home a CA against a regular Exchange Server 5.5 server, you must bind the Exchange Server 5.5 end of the CA against the Lightweight Directory Access Protocol (LDAP) of the Exchange Server 5.5 DS. The ADC uses LDAP to access the Exchange Server 5.5 DS. By default, the Exchange Server 5.5 LDAP listens on port 389, but you can enable LDAP on another port (e.g., if you're running an Exchange Server 5.5 server on a Windows 2000 domain controller). AD on a Win2K domain controller also listens on port 389, and as Win2K is starting up, it seizes control of port 389 before the Exchange Server 5.5 DS can get to it.

The SRS behaves similarly. The SRS runs only on a Win2K system, and this system might be a domain controller. A CA always wants to connect to a source of Exchange Server 5.5 directory information over LDAP. To avoid confusion, the Exchange engineering team designed the SRS so that it offers its LDAP service from port 379. Therefore, if you had previously homed your CA against an Exchange Server 5.5 DS on port 389, you must modify the CA so that it now points to port 379 to get to the SRS DS. "More Tips for Using the Active Directory Connector," Reader to Reader, April 2000, explains how to change the LDAP port.

This modification requires only that you use the CA management tool to redirect the CA to a different port after the upgrade to Exchange 2000. However, this

modification is a small change to an existing CA, compared with rehoming the CA to an altogether different server.

Within an Exchange Server 5.5 site, an Exchange Server 5.5 server communicates with other Exchange Server 5.5 servers to keep the information in its DS consistent with the information in the other Exchange Server 5.5 servers' directories. This behavior is the essence of intrasite replication. The component responsible for controlling this process is the Knowledge Consistency Checker (KCC)—which is on every Exchange Server 5.5 server. The KCC maintains a table of all Exchange Server 5.5 servers that take part in the replication chain.

As you upgrade many Exchange Server 5.5 servers in the site to Exchange 2000, most servers won't have the SRS enabled. In these cases, the upgrade code removes the entry for each respective server from the KCC table. For example, for the systems you see in Figure 2 (presuming that they're not bridgehead servers), the code removes servers S1, S2, S3, and S5 from the Exchange Server 5.5 intrasite replication chain. (More precisely, the code removes the servers' directory service agent—DSA—object from the KCC table.) Removing the servers' DSA ensures that they no longer take part in Exchange Server 5.5 intrasite replication because they're no longer Exchange Server 5.5 servers. If the upgrade process didn't remove these DSA objects from the KCC table, you'd see many errors in the event log, signifying that Exchange Server 5.5 directory replication failed against the newly upgraded servers.

The SRS in Intersite Replication :-

When you upgrade an Exchange Server 5.5 directory replication bridgehead server to Exchange 2000, the bridgehead server must maintain a means for communicating site information to its Exchange Server 5.5 bridgehead replication partner. The SRS provides this means because it appears to the replication partner as an Exchange Server 5.5 DS to communicate with.

Figure 3.

Two Exchange Server 5.5 directory replication bridgehead servers (S9 and S1) communicating across a DRC.

When you upgrade server S1 from Exchange Server 5.5 to Exchange 2000, as Figure 4 shows, the SRS becomes indispensable because once again, it reduces the administrative effort associated with upgrading servers. Because the pure Exchange Server 5.5 site (i.e., Site B) has no CA, all site and topology information for Site B must come from traditional Exchange Server 5.5 directory replication.

In the absence of an SRS service, you need to rehome Exchange Server 5.5 DRCs onto different servers as you upgrade bridgehead servers from Exchange Server 5.5. In this example, upgrading server S1 to Exchange 2000 without an SRS service would require rehoming the DRC to another server in the site (e.g., S2).

Components of the SRS even optimize CAs and DRCs. If a CA becomes available to Site B, Exchange can deliver directory information into that site two ways: across a DRC and through a CA. Exchange Server 5.5 directory replication is object-based, whereas replication through a CA is attribute-based. Therefore, using CAs to provide directory information is more efficient than using DRCs because attribute-based replication involves less data on the wire. If you use a CA, as Figure 5 shows, the SRS disables the DRC between the two Exchange Server 5.5 sites and uses ADC-based replication instead.

You can see that, with respect to intersite replication, the SRS is a useful tool. Without it, the management of DRCs would increase administrative overhead. The SRS proves its worth just for managing CAs within a site, but coupled with managing connections between Exchange Server 5.5 bridgehead servers, it's essential.

Behind a Bridgehead Server Upgrade :-

When you upgrade server S1 to Exchange 2000, the Setup program modifies the existing local dir.edb database (i.e., the traditional Exchange Server 5.5 DS), copies the new executables for the SRS service from the installation CD-ROM, and creates several objects in AD's configuration-naming context. (The configuration-naming context contains all Exchange 2000 configuration information.)

Specifically, an instance of an object of class ms-Exch-Site-Replication-Service within the Exchange tree in the AD configuration-naming context represents the SRS. Figure 6 shows an example of a default SRS object, Microsoft DSA, from ADSI Edit. ADSI Edit, part of the Microsoft Windows 2000 Resource Kit, is a useful tool for looking at objects, attributes, and their values in AD.

In this case (i.e., when S1 is the first Exchange 2000 server in the site), the Setup process also creates a Configuration Connection Agreement (ConfigCA) between AD and the new SRS service installed locally. The SRS takes on the ownership of the DRC to server S9. Because the SRS object in AD has a legacyExchangeDN attribute of /o=<OrgName>/ou=<Site>/cn=/cn=Servers/cn=S1/cn=Microsoft DSA and is a mail-enabled object, the SRS becomes the destination for replication messages from server S9. In fact, you can use any transport (e.g., X.400, RPCs) to send mail to the SRS object. Figure 7 shows the value of the mail attribute of the SRS. As you can see, this attribute has an SMTP address (i.e., STOISDN-SRS@cpqcorp.com), which means that any other Exchange Server 5.5 DS can send directory information to it over an SMTP connector.

The SRS connects to bridgehead server S9 over a DRC and to AD through a ConfigCA. The ConfigCA is two-way, replicating configuration information for the Exchange Server 5.5 view of Site A from the SRS to AD and back-replicating information for administrative group A (the Exchange 2000 view of the site) from AD to the SRS.

Q.7 Where are the NTFRS transactions stored?

Ans : In the Ntfrs.jdb Jet database and in a set of log files in the default paths %SystemRoot%\Ntfrs\Jet\Log.

Q.8 What are the different MS Exchange server 5.5. files that are installed after running setup?

Ans : 1. Private Information Store ( C:\exchsrvr\MDBDATA)

2. Public Information Store (C:\exchsrvr\MDBDATA)

3. Information Store Logs (C:\exchsrvr\MDBDATA)

4. Directory Service (C:\exchsrvr\DSADATA)

5. Directory Service Logs (C:\exchsrvr\DSADATA)

6. MTA (C:\exchsrvr\MDBDATA)

Q.9 What are the core MS exchange 5.5 services/components?

Ans :- 1. Directory Service (DS) Microsoft Exchange Directory

2. Microsoft Exchange Event Service

3. Information Store (IS) Microsoft Exchange Information Store

4. Message Transfer Agent (MTA)Microsoft Exchange Message Transfer Agent

5. System Attendant (SA) Microsoft Exchange System Attendant.

Q.10 What is the latest Service Pack for Windows NT Server 4.0?

Ans : Service pack 6a

Q.11 What is the latest Service Pack for Windows 2000 Server?

Ans : Windows 2000 Service Pack 4

Q.12 What is the IIS version on Win2K servers?

Ans : IIS 5.0 On Windows 2000 Server

IIS 6.0 On Windows 2003 Server

Q.13 What is the TCP/IP port for A Global Catalogue Server (GC)?

Ans : Port 3268

Q.14 Explain the Active Directory Log files?

Ans : The key files are:

ntds.dit edb.log res1.log res2.log edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t present, AD will use the edb.log file to update the AD database.

The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in %systemroot%\NTDS, along with the other files we’ve discussed. During the installation of AD (by running DCpromo), you can specify that the log files and database files be installed in different locations, as shown in Figure 1.

Figure 1. The default locations for the Active Directory database and log files.

Technical round

ADS Overview,definitions of Trees, Forest, Domain, Organizational Unit, Global Catalog, Sites, Domain Controller,you will have to explain him the differences between any of the asked question.

make sure that you know the FSMOS roles, that is Schema Master, RID Master, Domain Naming Master, PDC Emulator Master and Infrastructure Master.

the basic of Exchange server Administrator, like How to create address list,users. How to install Exchange server,Requirements for installing Exchange server. Why do we run forestprep, domainprep before actually installing exchange server. The basic of TCPIP, Routing Protocols, Nat, Subnet, Layer3 Switch, Layer2 Switch, Hub, Router.

You should be aware of theDNS Integration with Active Directory and also DHCPauthorizing with Active directory.

What Is system state backup?Difference between admin groups and routing groups?Difference between incremental and differential backup?What is DNS?What are forward Look up and reverse lookup?What is difference between 10 base 2 and 10 base 5 cable?UR overall job profile in current industryHow to GC in new additional domain controller?(Pocedure how u practically do it)?

What is a Domain and Workgroup? Highlight advtgs and disadvtgs.

Domain:“A domain is a group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.” - www.murdoch.edu.au/cwisad/glossary.html

There is no real limit to the amount of computers on a domain, it is common to see domains with over 2000 computers/devices (Nodes) in it. For networks with that many workstation, you will need enterprise level software such as SMS, Exchange etc. to

effectively manage it. If you are using Windows XP as an OS... ONLY Windows XP Pro is capable of operating in a Domain environment. You can mix OS clients on a domain, you can have Macintosh, Windows, Linux, Unix all under the same domain sharing resources as needed.

A domain usually costs more money to setup because there is more hardware and software required (Such as a Domain Controller and a Server Level OS) to get it configured properly.

In a domain, all the machines have domain level admin accounts on the local administrator group. What this means is, you can effectively manage any and all of the computers on the domain as long as your user account is a member of the Domain Admin group.

Workgroup:Workgroup computing occurs when all the individuals have computers connected to a network (a group of two or more computer systems linked together) that allows them to send e-mail to one another, share data files, and other resources such as printers. Normally, a workgroup is limited to 10 network devices/computers. Also, both Windows XP Pro and Home can function in a workgroup environment.Your typical "out of box" system is setup to be used on a workgroup. If you want, you can change the network type from workgroup to domain and viceversa. Machines setup in a Domain environment are much easier to manage than workgroups when it comes to network resources (Shared Files, Shared Printers, etc.) Since workgroup machines might have different account names, you really have to know the admin acccount for each specific machine in order to effectively manage the workgroup.

What are the Different types of RAID?8. What does RAID stand for ?

In 1987, Patterson, Gibson and Katz at the University of California Berkeley, published a paper entitled "A Case for Redundant Arrays of Inexpensive Disks (RAID)" . This paper described various types of disk arrays, referred to by the acronym RAID. The basic idea of RAID was to combine multiple small, inexpensive disk drives into an array of disk drives which yields performance exceeding that of a Single Large Expensive Drive (SLED). Additionally, this array of drives appears to the computer as a single logical storage unit or drive.

The Mean Time Between Failure (MTBF) of the array will be equal to the MTBF of an individual drive, divided by the number of drives in the array. Because of this, the MTBF of an array of drives would be too low for many application requirements. However, disk arrays can be made fault-tolerant by redundantly storing information in various ways.

Five types of array architectures, RAID-1 through RAID-5, were defined by the Berkeley paper, each providing disk fault-tolerance and each offering different trade-offs in features and performance. In addition to these five redundant array architectures, it has become popular to refer to a non-redundant array of disk drives as a RAID-0 array.

9. Data Striping

Fundamental to RAID is "striping", a method of concatenating multiple drives into one logical storage unit. Striping involves partitioning each drive's storage space into stripes which may be as small as one sector (512 bytes) or as large as several megabytes. These stripes are then interleaved round-robin, so that the combined space is composed alternately of stripes from each drive. In effect, the storage space of the drives is shuffled like a deck of cards. The type of application environment, I/O or data intensive, determines whether large or small stripes should be used.

Most multi-user operating systems today, like NT, Unix and Netware, support overlapped disk I/O operations across multiple drives. However, in order to maximize throughput for the disk subsystem, the I/O load must be balanced across all the drives so that each drive can be kept busy as much as possible. In a multiple drive system without striping, the disk I/O load is never perfectly balanced. Some drives will contain data files which are frequently accessed and some drives will only rarely be accessed. In I/O intensive environments, performance is optimized by striping the drives in the array with stripes large enough so that each record potentially falls entirely within one stripe. This ensures that the data and I/O will be evenly distributed across the array, allowing each drive to work on a different I/O operation, and thus maximize the number of simultaneous I/O operations which can be performed by the array.

In data intensive environments and single-user systems which access large records, small stripes (typically one 512-byte sector in length) can be used so that each record will span across all the drives in the array, each drive storing part of the data from the record. This causes long record accesses to be performed faster, since the data transfer occurs in parallel on multiple drives. Unfortunately, small stripes rule out multiple overlapped I/O operations, since each I/O will typically involve all drives. However, operating systems like DOS which do not allow overlapped disk I/O, will not be negatively impacted. Applications such as on-demand video/audio, medical imaging and data acquisition, which utilize long record accesses, will achieve optimum performance with small stripe arrays.

A potential drawback to using small stripes is that synchronized spindle drives are required in order to keep performance from being degraded when short records are accessed. Without synchronized spindles, each drive in the array will be at different random rotational positions. Since an I/O cannot be completed until every drive has accessed its part of the record, the drive which takes the longest will determine when the I/O completes. The more drives in the array, the more the average access time for the array approaches the worst case single-drive access time. Synchronized spindles assure that every drive in the array reaches its data at the same time. The access time of the array will thus be equal to the average access time of a single drive rather than approaching the worst case access time.

10. The different RAID levels

RAID-0 RAID Level 0 is not redundant, hence does not truly fit the "RAID" acronym. In level 0, data is split across drives, resulting in higher data throughput. Since no redundant information is stored, performance is very good, but the failure of any disk in the array results in data loss. This level is commonly referred to as striping. RAID-1 RAID Level 1 provides redundancy by writing all data to two or more drives. The performance of a level 1 array tends to be faster on reads and slower on writes compared to a single drive, but if either drive fails, no data is lost. This is a good entry-level redundant system, since only two drives are required; however, since one drive is used to store a duplicate of the data, the cost per megabyte is high. This level is commonly referred to as mirroring. RAID-2 RAID Level 2, which uses Hamming error correction codes, is intended for use with drives which do not have built-in error detection. All SCSI drives support built-in error detection, so this level is of little use when using SCSI drives. RAID-3 RAID Level 3 stripes data at a byte level across several drives, with parity stored on one drive. It is otherwise similar to level 4. Byte-level striping requires hardware support for efficient use. RAID-4 RAID Level 4 stripes data at a block level across several drives, with parity stored on one drive. The parity information allows recovery from the failure of any single drive. The performance of a level 4 array is very good for reads (the same as level 0). Writes, however, require that parity data be updated each time. This slows small random writes, in particular, though large writes or sequential writes are fairly fast. Because only one drive in the array stores redundant data, the cost per megabyte of a level 4 array can be fairly low. RAID-5 RAID Level 5 is similar to level 4, but distributes parity among the drives. This can speed small writes in multiprocessing systems, since the parity disk does not become a bottleneck. Because parity data must be skipped on each drive during reads, however, the performance for reads tends to be considerably lower than a level 4 array. The cost per megabyte is the same as for level 4.

Summary:

o RAID-0 is the fastest and most efficient array type but offers no fault-tolerance. o RAID-1 is the array of choice for performance-critical, fault-tolerant environments. In addition, RAID-1 is the only

choice for fault-tolerance if no more than two drives are desired. o RAID-2 is seldom used today since ECC is embedded in almost all modern disk drives. o RAID-3 can be used in data intensive or single-user environments which access long sequential records to

speed up data transfer. However, RAID-3 does not allow multiple I/O operations to be overlapped and requires synchronized-spindle drives in order to avoid performance degradation with short records.

o RAID-4 offers no advantages over RAID-5 and does not support multiple simultaneous write operations. o RAID-5 is the best choice in multi-user environments which are not write performance sensitive. However, at

least three, and more typically five drives are required for RAID-5 arrays. 11. Possible aproaches to RAID

12. Hardware RAIDThe hardware based system manages the RAID subsystem independently from the host and presents to the host only a single disk per RAID array. This way the host doesn't have to be aware of the RAID subsystems(s).

13. The controller based hardware solutionDPT's SCSI controllers are a good example for a controller based RAID solution.The intelligent contoller manages the RAID subsystem independently from the host. The advantage over an external SCSI---SCSI RAID subsystem is that the contoller is able to span the RAID subsystem over multiple SCSI channels and and by this remove the limiting factor external RAID solutions have: The transfer rate over the SCSI bus.

14. The external hardware solution (SCSI---SCSI RAID)An external RAID box moves all RAID handling "intelligence" into a contoller that is sitting in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI controller and apears to the host as a single or multiple disks.This solution has drawbacks compared to the contoller based solution: The single SCSI channel used in this solution creates a bottleneck. Newer technologies like Fiber Channel can ease this problem, especially if they allow to trunk multiple channels into a Storage Area Network.4 SCSI drives can already completely flood a parallel SCSI bus, since the average transfer size is around 4KB and the command transfer overhead - which is even in Ultra SCSI still done asynchonously - takes most of the bus time.

o Software RAID The MD driver in the Linux kernel is an example of a RAID solution that is completely hardware

independent.The Linux MD driver supports currently RAID levels 0/1/4/5 + linear mode.

Under Solaris you have the Solstice DiskSuite and Veritas Volume Manager which offer RAID-0/1 and 5.

Adaptecs AAA-RAID controllers are another example, they have no RAID functionality whatsoever on the controller, they depend on external drivers to provide all external RAID functionality. They are basically only multiple single AHA2940 controllers which have been integrated on one card. Linux detects them as AHA2940 and treats them accordingly.Every OS needs its own special driver for this type of RAID solution, this is error prone and not very compatible.

o Hardware vs. Software RAIDJust like any other application, software-based arrays occupy host system memory, consume CPU cycles and are operating system dependent. By contending with other applications that are running concurrently for host CPU cycles and memory, software-based arrays degrade overall server performance. Also, unlike hardware-based arrays, the performance of a software-based array is directly dependent on server CPU performance and load.

Except for the array functionality, hardware-based RAID schemes have very little in common with software-based implementations. Since the host CPU can execute user applications while the array adapter's processor simultaneously executes the array functions, the result is true hardware multi-tasking. Hardware arrays also do not occupy any host system memory, nor are they operating system dependent.

Hardware arrays are also highly fault tolerant. Since the array logic is based in hardware, software is NOT required to boot. Some software arrays, however, will fail to boot if the boot drive in the array fails. For example, an array implemented in software can only be functional when the array software has been read from the disks and is memory-resident. What happens if the server can't load the array software because the disk that contains the fault tolerant software has failed? Software-based implementations commonly require a separate boot drive, which is NOT included in the array.

What is NAT?

Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.

NAT serves three main purposes:

Provides a type of firewall by hiding internal IP addresses

Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations. Allows a company to combine multiple ISDN connections into a single Internet connection.

Also see dynamic NAT and static NAT.

Backup Procedures: The Different Types of Backup Related links: Backup University | Frequently Asked Questions | Whitepapers

Full Backup:A Full backup is simply backing up all files on the system. Users may choose to update archive attributes if they plan on doing any of the following 2 types of partial backups.

Incremental Backup:An incremental backup is a backup that backs up only the files modified since the last backup. When running an incremental backup, users need to update the archive attribute while backing up only modified files. Often the incremental backups are appended to the full backup set. The result is a tape with the changes that occurred daily. This type of backup is useful if the user wishes to have an audit trail of file usage activity on their system and will enable them to restore a specific days work without restoring any changes made since that point in time. To do a full restore for 4 days after a full backup they must restore the full backup and all 4 data sets after it. Unlike the next type of backup.

Differential Backup:A differential backup is a cumulative backup of changes made since the last full backup. It backs up modified files only but does not update the archive attribute. The list of files grows each day until the next full backup is performed clearing the archive attributes. This enables the user to restore all files changed since the last full backup in one pass. These backups can be appended to the full as well, but they will have to keep in mind that each set can contain a different version of a file if that file changes daily. The data sets will always be at least as big as the previous differential (if no changes were made) and will continue to grow as files change. Once a files archive attribute is set it will be backed up each day until after the full backup resets it's attribute bit.

What is TCP/IP?

Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.

Defining a Cluster in Windows 2000

A cluster is a group of independent computers that work together to run a common set of applications and provide the image of a single system to the client and application. The computers are physically connected by cables and programmatically connected by cluster software. These connections allow computers to use failover and load balancing, which is not possible with a stand-alone computer.

Windows 2000 clustering technology provides high availability, scalability, and manageability:

High availability. The cluster is designed to avoid a single point of failure. Applications can be distributed over more than one computer, achieving a degree of parallelism and failure recovery, and providing more availability.

Scalability. You can increase the cluster's computing power by adding more processors or computers. Manageability. The cluster appears as a single-system image to end users, applications, and the

network, while providing a single point of control to administrators. This single point of control can be remote.

Two Types of Clusters in Windows 2000

In the Windows 2000 Advanced Server and Datacenter Server operating systems, Microsoft introduces two clustering technologies that can be used independently or in combination, providing organizations with a complete set of clustered solutions that can be selected based on the requirements of a given application or service. Windows clustering technologies include:

Cluster service. This service is intended primarily to provide failover support for applications such as databases, messaging systems, and file/print services. Cluster service supports 2-node failover clusters in Windows 2000 Advanced Server and 4-node clusters in Datacenter Server. Cluster service is ideal for ensuring the availability of critical line-of-business and other back-end systems, such as Microsoft Exchange Server or a Microsoft SQL Server™ 7.0 database acting as a data store for an e-commerce Web site.

Network Load Balancing (NLB). This service load balances incoming IP (Internet Protocol) traffic across clusters of up to 32 nodes. Network Load Balancing enhances both the availability and scalability of Internet server-based programs such as Web servers, streaming media servers, and Terminal Services. By acting as the load balancing infrastructure and providing control information to management applications built on top of Windows Management Instrumentation (WMI), Network Load Balancing can seamlessly integrate into existing Web server farm infrastructures. Network Load Balancing will also serve as an ideal load balancing architecture for use with the Microsoft release of the upcoming Application Center in distributed Web farm environments.

Network Related Questions.

What is hub?

A. A concentrator that joins multiple clients by means of a single link to the rest of the LAN. A hub has several ports to which clients are connected directly, and one or more ports that can be used to connect the hub to the backbone or to other active network components. A hub functions as a multiport repeater; signals received on any port are immediately retransmitted to all other ports of the hub. Hubs function at the physical layer of the OSI Reference Model

What is switch?

A. In networking, a switch is a small device that joins multiple computers together at a low-level network protocol layer. Technically, network switches operate at Layer Two (Data Link Layer) of the OSI model.

Difference Between Hub Switch?

A. . Technically speaking, hubs operate using a broadcast model and switches operate using a virtual circuit model. When four computers are connected to a hub, for example, and two of those computers communicate with each other, hubs simply pass through all network traffic to each of the four computers. Switches, on the other hand, are capable of determining the destination of each individual traffic element (such as an Ethernet frame) and selectively forwarding data to the one computer that actually needs it. By generating less network traffic in delivering messages, a switch performs better than a hub on busy networks.

What is Router?

A. A device that determines the next network point to which a data packet should be forwarded enroute toward its destination. The router is connected to at least two networks and determines which way to send each data packet based on its current understanding of the state of the networks it is connected to. Routers create or maintain a table of the available routes and use this information to determine the best route for a given data packet..

What is Network Bridge?

A. A bridge device filters data traffic at a network boundary. Bridges reduce the amount of traffic on a LAN by dividing it into two segments. Bridges operate at the data link layer (Layer 2) of the OSI model. Bridges inspect incoming traffic and decide whether to forward or discard it. An Ethernet bridge, for example, inspects each incoming Ethernet frame - including the source and destination MAC addresses, and sometimes the frame size - in making individual forwarding decisions. Bridges serve a similar function as switches, that also operate at Layer 2. Traditional bridges, though, support one network boundary, whereas switches usually offer four or more hardware ports. Switches are sometimes called "multi-port bridges" for this reason.

What is Mac Address?

A. The MAC address is a number used by network adapters to uniquely identify themselves on a LAN. MAC addresses are 12-digit hexadecimal numbers. MAC addresses work at the data link layer of OSI and map to IP addresses through an address resolution port.

What is subnet ?

A. A subnet is a logical grouping of connected network devices. When a subnet is properly implemented, both the performance and security of networks can be improved.ORA portion of a network that shares a common address component. On TCP/IP networks, subnets are defined as

all devices whose IP addresses have the same prefix. For example, all devices with IP addresses that start with 100.100.100. would be part of the same subnet. Dividing a network into subnets is useful for both security and performance reasons. IP networks are divided using a subnet mask.

What is TCP/IP ?

A. Transmission Control Protocol/Internet Protocol is a combined set of protocols that performs the transfer of data between two computers. TCP monitors and ensures correct transfer of data. IP receives the data from TCP, breaks it up into packets, and ships it off to a network within the Internet. TCP/IP is also used as a name for a protocol suite that incorporates these functions and others

Mother Board Related Question

What is Bus?

A. ) A collection of wires through which data is transmitted from one part of a computer to another. You can think of a bus as a highway on which data travels within a computer. When used in reference to personal computers, the term bus usually refers to internal bus. This is a bus that connects all the internal computer components to the CPU and main memory. There's also an expansion bus that enables expansion boards to access the CPU and memory.

All buses consist of two parts -- an address bus and a data bus. The data bus transfers actual data whereas the address bus transfers information about where the data should go.

The size of a bus, known as its width, is important because it determines how much data can be transmitted at one time. For example, a 16-bit bus can transmit 16 bits of data, whereas a 32-bit bus can transmit 32 bits of data.

Every bus has a clock speed measured in MHz. A fast bus allows data to be transferred faster, which makes applications run faster. On PCs, the old ISA bus is being replaced by faster buses such as PCI.

Nearly all PCs made today include a local bus for data that requires especially fast transfer speeds, such as video data. The local bus is a high-speed pathway that connects directly to the processor.

Several different types of buses are used on Apple Macintosh computers. Older Macs use a bus called NuBus, but newer ones use PCI.

1. What's the difference between local, global and universal groups?

Domain local groups assign access permissions to global domain groupsfor local domain resources. Global groups provide access to resources

in other trusted domains. Universal groups grant access to resources inall trusted domains.

2. I am trying to create a new universal user group. Why can't I?

Universal groups are allowed only in native-mode Windows Server 2003environments. Native mode requires that all domain controllers bepromoted to Windows Server 2003 Active Directory.

3. What is LSDOU?

It's group policy inheritance model, where the policies are appliedto Local machines, Sites, Domains and Organizational Units.

4. Why doesn't LSDOU work under Windows NT?

If the NTConfig.pol file exist, it has the highest priority among thenumerous policies.

5. Where are group policies stored?

%SystemRoot%System32\GroupPolicy

6. What is GPT and GPC?

Group policy template and group policy container.

7. Where is GPT stored?

%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID

8. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?

The computer settings take priority.

9. You want to set up remote installation procedure, but do not wantthe user to gain access over it. What do you do?

gponame-> User Configuration-> Windows Settings-> Remote Installation Services->Choice Options is your friend.

10. What's contained in administrative template conf.adm?

Microsoft NetMeeting policies

11. How can you restrict running certain applications on a machine?

Via group policy, security settings for the group, then SoftwareRestriction Policies.

12. You need to automatically install an app, but MSI file is not available. What do you do?

A .zap text file can be used to add applications using the SoftwareInstaller, rather than the Windows Installer.

13. What's the difference between Software Installer and Windows Installer?

The former has fewer privileges and will probably require userIntervention. Plus, it uses .zap files.

14. What can be restricted on Windows Server 2003 that wasn't there in previous products?

Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.

15. What does IntelliMirror do?

It helps to reconcile desktop settings, applications, and stored filesfor users, particularly those who move between workstations or thosewho must periodically work offline.

16. Where is secedit?

It's now gpupdate.

17. You want to create a new group policy but do not wish to inherit.

Make sure you check Block inheritance among the options when creatingthe policy.

18. What is "tattooing" the Registry?

The user can view and modify user preferences that are not stored inmaintained portions of the Registry. If the group policy is removed orchanged, the user preference will persist in the Registry.

19. How do you fight tattooing in NT/2000 installations?

You can't.

20. How do you fight tattooing in 2003 installations?

User Configuration - Administrative Templates - System - Group Policy -enable - Enforce Show Policies Only.

21. What does IntelliMirror do?

It helps to reconcile desktop settings,applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline.

22. What's the major difference between FAT and NTFS on a local machine?

FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.

23. How do FAT and NTFS differ in approach to user shares?

They don't, both have support for sharing.

24. Explan the List Folder Contents permission on the folder in NTFS.

Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.

25. I have a file to which the user has access, but he has no folder permission to read it. Can he access it?

It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can't drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run... window.

26. For a user in several groups, are Allow permissions restrictive or permissive?

Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission.

27. For a user in several groups, are Deny permissions restrictive or permissive?

Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions.

28. What hidden shares exist on Windows Server 2003 installation?

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

29. What's the difference between standalone and fault-tolerant DFS (Distributed File System) installations?

The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders.

30. We're using the DFS fault-tolerant installation, but cannot access it from a Win98 box.

Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.

31. Where exactly do fault-tolerant DFS shares store information in Active Directory?

In Partition Knowledge Table, which is then replicated to other domain controllers.

32. Can you use Start->Search with DFS shares?

Yes.

33. What problems can you have with DFS installed?

Two users opening the redundant copies of the file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated through DFS.

34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS.

Yeah, you can't. Install a standalone one.35. Is Kerberos encryption symmetric or asymmetric?

Symmetric.

36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?

Time stamp is attached to the initial client request, encrypted with the shared key.

37. What hashing algorithms are used in Windows 2003 Server?

RSA Data Security's Message Digest 5 (MD5), produces a 128-bit hash, and theSecure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.

38. What third-party certificate exchange protocols are used by Windows 2003 Server?

Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with third-party certificate authorities.

39. What's the number of permitted unsuccessful logons on Administrator account?

Unlimited. Remember, though, that it's the Administrator account, not any account that's part of the Administrators group.

40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists,specifically the ones using NTLMv1?

A cracker would launch a dictionary attack by hashing every imaginable term used for password and then compare the hashes.

41. What's the difference between guest accounts in Server 2003 and other editions?

More restrictive in Windows Server 2003.

42. How many passwords by default are remembered when you check "Enforce Password History Remembered"?

User's last 6 passwords.

Q.1 What is the role of the “MDBDATA” folder in Exchange 2000?

Answer: - It contains the transaction log files and the EDB/STM databases.

Q.2 What is the role of the “MTADATA” folder in Exchange 2000?

Answer: - Any message that goes to the message transfer agent (MTA) is written to the “MTADATA” directory on an NTFS partition and passed to the Store.exe process.

Q.3 Is there a way to know what emails have been sent or received into one mailbox without accessing the users mailbox?

Answer: - Check the “Archive all messages sent or received by mailboxes on this store” checkbox. Thus “Message Archiving” has been enabled.

Q.4 Is there a way to suspend an Exchange 2000 mailbox without affecting logging into network?

Answer: - Delete the user’s mailbox.

Q.5 What is the basic role of transaction log files in Exchange 2000?

Answer: - The log files you see in the mdbdata directory are used to restore a previous nights database backups to the point of failure, in the event that the server fails. When you back up the store the log files are purged and are of no use anymore assuming the backup was valid.

Q.6 Recently moved E2K over to a new server(W2K+SP4). Have E2K+SP3 and post-SP3 Rollup installed. The store.exe process starts small (100MB or so) and slowly, but surely, takes more and more RAM until there's only about 30MB left.Once that happens, the SMTP VM queues start backing up until the store basically stops responding. Only rebooting seems to help and this is necessary approx. every 30 hours.

Answer: - 1. If you have over 1Gb of memory, try the /3GB switch in Boot.ini to allow more memory for Store.exe.

2. Groupsheild for exchange, as it does a background scan on the mailbox and public stores. This causes store.exe to use up all the virtual memory and the information store fall over.

Q.7 How does one grant permissions for a user to send and receive mails to a particular DL ( e.g Emp of ICICI Bank@UK )?

Answer: - To enable sending: 1. Go to ADFindEmp of ICICI Bank@UK2. PropertiesExchange General Tab3. Message RestrictionsAccept messages:Only from4. Add5. ApplyOK

To enable receiving:1. Go to ADFindEmp of ICICI Bank@UK2. PropertiesMembers3. Add4. ApplyOK

Q.8 How would you define a SMTP Queue? What is the default location?

Answer:- The SMTP queue is simply a directory with files representing mail items in it. The default (when installing on drive C:\) is C:\Program Files\Exchsrvr\Mailroot\Vsi 1

Q.9 What are the 3 directories inside the above location?

Answer: - The 3 directories are1. Pickup2. Queue3. Badmail.

Q.10 What does the “Badmail” folder comprise of? Can one delete the “Badmail” folder?If yes how?

Answer: - The Badmail folder contains messages that cannot be delivered into your organisation, and also cannot be returned back to the sender. Therefore, the folder typically contains spam, and the files within the folder can usually just be deleted.

DO NOT OPEN THE BadMail FOLDER. Depending on how much spam the Small Business Server 2000 computer processes, this folder may contain several hundred thousand files. If you open this folder, the server may appear to have stopped responding.2.. Right-click the BadMail folder, click Rename, and then change the name to BadMailOld.3.. In the VSI 1 folder, create a new folder that is named BadMail.4.. Permanently delete the BadMailOld folder. To do this, click the BadMailOld folder, hold down the SHIFT key, and then press DELETE.5.. Click Yes when you are prompted with the question of whether you want to delete the BadMailOld folder. Deleting this folder may take a long time,depending on the number of files in this folder

Q.11 I moved some emails from the queue to another directory to solve my queuing corroupted queue problem, now that queue is working, I moved back the messages, but would not be delivered.

Answer: -

Q.12 What is the quickest way to find all hidden mailboxes on the system in Exchange 2000?

Answer: - Hidden mailboxes are identified by the fact that the attribute msExchHideFromAddressLists is set to a value of TRUE. All we have to do is perform a custom LDAP query against our AD to search for users with the above attribute set accordingly.

This can easily be done with Active Directory Users & Computers:

1. Bring up Active Directory Users & Computers.2. Right-click your domain name at the top, and choose Find.3. In the Find combo box at the top, select Custom Search.4. Click the Advanced tab.5. Paste in the following LDAP query and then click Find Now.

(&(objectclass=user)(msExchHideFromAddressLists=TRUE))

The list of hidden mailboxes will then be displayed. Don't forget that this will include System Mailboxes. Be sure to leave those alone!

Q. 13 Explain “Messages awaiting Directory Lookup” and how would you troubleshoot the same?

Answer: - Description: This queue contains messages to recipients who have not yet been resolved against the Microsoft Active Directory service. Messages are also held in this queue while distribution lists are expanded. Troubleshooting: 1. Generally, messages accumulate in this queue because the advanced queuing engine cannot categorize the message. 2. The advanced queuing engine may not be able to access the global catalog servers or to access the recipient information. 3. Or, the global catalog servers are unreachable or are performing slowly.4. Increase diagnostic logging for the MSExchangeDSAccess service and for the MSExchangeTransport service to collect information about Categorizer components.

Q.14 Why do we need to “Run cleanup Agent”?

Answer: - 1. To see the orphaned mailbox. 2. To connect to a recreated account so as to retrieve mail.