SlideShare a Scribd company logo

Active diirecotry

Download as PPT, PDF
Pradeesh Stanislavose
Pradeesh Stanislavose

Active Directory Fundamentals Roles Functions

EducationTechnology
1 of 64
Active Directory for Windows Server
Index  Active Directory Introduction  Active Directory Basics  Components of Active Directory  Active Directory hierarchical structure.  Active Directory Database.  Flexible Single Master Operations (FSMO)Role  Active Directory Services.
 Active Directory Introduction
What is Active Directory ?  Active Directory is Microsoft's version of X.500 recommendations. It 's database and directory service , which maintains the relations ship between resources and enable them to work together. It provide centralized repository for user account information and directory authentication , authorization and assignment of right and permissions.  It store information in hierarchical tree like structure . It depends on two Internet standard one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol and it use Kerberos V5 for authentication.
Do I Need Active Directory  If I want to centrally manage access to resources such as printers, users and group.  If I want to control user accounts from one location.  If I have application that rely on Active Directory.
Active Directory BasicActive Directory Basic
The Basic  X.500 Recommendations  Domain Naming System (DNS)  LDAP  Schema  Replication  Global catalog  Components of Active Directory
What is X.500 Recommendations  To address the needs of organizations, the Institute of Electrical and Electronics Engineers (IEEE) developed a set of recommendations that defined how a directory service should address the needs of administrators and efficiently allow management of network resources . These recommendations, known as the X.500 recommendations
Domain Naming System (DNS)  Domain Naming System (DNS) is the hierarchical naming and a domain name resolution system used on Internet and windows network for naming resolution.  It converts the domain name into its related IP address.  Active Directory is Depends of DNS , both share the same zone-naming conventions. If DSN server fail it cause to fail active directory too fail.
LDAP  LDAP is a directory access protocol , which is used to exchange directory information from server to clients or from server to server .  Port number for LDAP is 389.  It was initially used as front-end to X.500 , but can also be used with Stand-alone and other kinds of directory servers.
Schema  The Schema acts as the building blocks of Active Directory. It holds all of the information needed to created users, groups, computers, and so on within Active Directory . The Schema defines the classes of objects that are allowed within a directory and attributes that are associated with those objects. These must be consistent across domain in order for security policies and access rights to function correctly. It defines how each attribute can be used and the properties associated with the attribute.
Schema Attribute  To Standardize Active Directory , the Schema defines the attributes that can be used when creating objects. These attribute defined only once and can be used for any object.  Defining the attribute once and using it for multiple objects allows for a standardized approach of defining objects,  E.g.. of attribute is name  Each attribute within the schema has to have a unique OID (Object Identifier). To be Continue...........
 These OID are registered and maintained by the Internet Assigned Numbers Authority (IANA). Once assigned , the OID Should not be used by any other attribute.  New attributes will need to be assigned an OID . If you are adding an attribute for use in object , you should register it with the IANA to safeguard the attribute and to make sure that it does not step on any other attributes. Registration is free and as long as your OID is unique , you should be issued an OID for your attribute . To be continue .............
Schema classes.  An object Class is a defined grouping of attributes that make up a unique resource type.  One of the most common object class is the user class. Use the user object class as the template for a user account. When you create a user , the attributes that are defined for the user object class are used to define the new account.
Replication  Replication is Process of making a replica (a copy) of something.  Replication is the automatic synchronization of data that occurs among domain controllers.  Any changes to the user account are made on one of the domain controllers and the sent to every other domain controller within the domain this transfer of data is called replication.  Replication of information can be burden on network to reduce the replication burden on the network Active Directory replicates only the attributes that have been changed not the entire object.
Synchronization  Process of making two or more data storage devices or programs (in the same of different computers) having exactly the same information at a given time.
Global Catalog  Global Catalog maintains indexes about objects. It contains full information of the objects in its own domain and partial information of the objects in other domains. Universal Group membership information will be stored in global catalog servers and replicate to all GC's in the forest.  Port number for Global Catalog is 3268
 Component of Active Directory
Component of Active Directory  There are two type of components − Logical Components  Domain  Tree  Forest  Organizational unit. − Physical Components  Site  Domain Controller.
 Logical Component of Active Directory
Domain  The Domain is the core unit of logical structure in Active Directory. All Objects which share a common directory database, trust relationship with other domain and security policies is know as Domain. Each domain stores information about the objects that belong to that domain. All Security polices and settings , such as Administrative rights, security policies, and Access Control Lists (ACL's), do not cross from one domain to another, Domain Administrator has full rights to set policies only within domain they belong to. Domains provide administrative boundaries for objects; manage security for share resources and unit of replication for objects.
Tree  Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a Single domain or multiple domains in a contiguous namespace.  Adding a domain to a tree becomes a child of the tree root domain. Domain will be called parent domain to which child domain is attached . A child domain can also have its multiple child domains. Child domain uses the name followed by parent domain name and gets a unique Domain Name System (DNS) .
Forest  A Forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration.  The Primary security boundary for Active Directory is Forest, Which contain domain trees  Forests allow organizations to group their divisions which use different naming scheme, and may need to operate independently . But as an organization they want to communicate with the entire organization via transitive trusts, and share the same schema and configuration container.  The first domain you create in the forest is called the forest root domain.
Organizational unit  It is a logical component of Active Directory and is used to organize users, groups and computers.
 Physical Component of Active Directory
Site  Site Contain Active Directory resources that are all connected by reliable high-speed bandwidth a minimum of 10 MB. Site membership is used in the logon process as a computer attempts to locate domain controllers in its own site first, in replication , in accessing global catalogues and in exchange server messaging infrastructure
Domain Controller  Domain Controller is a single computer or Server that hold and controls Active Directory database.  It is the physical components of Active Directory and is used to control and manage the domains in a organization's forest.
Active Directory Hierarchical Structure
Active Directory Hierarchical Structure Forest root domain Domain Tree Domain Tree Domain Tree Forest
Active Directory Hierarchical Structure  The Primary security boundary for Active Directory is Forest, Which contain domain trees.  There can be one or more domain trees in a forest though the first domain is designated as the forest root domain . A domain tree can contain multiple domains that share a common namespace. And regardless of the number of domain trees in a forest, there is centralized administration at the forest level with permissions to all domain trees. Each forest has an Enterprise Admins group as well as to be continue......
To to continue........  Schema Admins group. Member of there groups have authority over all the domain trees in the forest .  All domain controller within the forest share the same schema.  Each domain has a domain Admin group and administrators .  In a parent domain automatically have administrative permissions to all child domains through automatic transitive trust relationships. These type of structure is know as hierarchical structure.
 Active Directory Database
Active Directory Database  Active Directory stores its data in a file name ntds.dit.  In addition to using the database file , Active Directory uses log file that store information prior to committing it to database that are edb.log, edb.chk , res1.log, res2.log. By default , this file is located in %systemroot%/NTDS folder.  During AD installation , Dcpromo lets you specify alternative locations for these log files and database files or you can use ntdsutil to move database to alternate location after installation.
Move database to other location  Start computer in directory service restore mode and log on with directory service restore mode Administrator account and open command prompt. Then type  NtdstuiNtdstuil (press enter)  Files (press enter)  Move DB to <new directory location path> (press enter.)
Move log file to other location  Start computer in directory service restore mode and log on with directory service restore mode Administrator account and open command prompt. Then type  NtdstuiNtdstuil (press enter)  Files (press enter)  Move logs to <new directory location path> (press enter.)
 Flexible Single Master Operations (FSMO Role)
What Are the FSMO Roles?  FSMO roles are specialized services within Active Directory that should be performed only by a single domain controller.  There are five roles make up the FSMO (Flexible Single Master Operations) : − Schema Maser. − Domain Naming Master. − Infrastructure Master. − Relative Identifier (RID )Master. − Primary Domain Controller (PDC) Emulator.  All five of these roles coexist on one domain controller , or you can move them so that they all run on their own independent domain controller.
FSMO Role:- Schema Master  The Schema master domain controller controls all updates and modifications to the schema . Once the schema update is complete, it is replicated from the schema to all other DC in the directory.  To update the schema of a forest, you must have access to the schema master  There can be only one schema master is the whole forest.  To see all FSMO role run the command Netdom query /domain:<domain>
FSMO Role:- Domain Naming Master  The Domain naming master domain controls the addition or removal of domains in the forest.  There can be only one domain naming master in the whole forest.
FSMO Role:- Infrastructure Master  The Infrastructure Master Domain Controller responsible for updating an object's SID and distinguished name in a cross-domain.  There can be only one domain controller acting as the infrastructure master in each domain.  The infrastructure master (IM) role should be held by a domain controller that is not a global catalog Server . IF the infrastructure master runs on a Global catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds To be continue ..........
To be continue ......  A partial replica of every object in the forest . As a result, cross domain object references in that domain will not be updated and a warning to the effect will be logged on that DC event log.  If all domain controllers in domain also host the global catalog, all the domain controllers have the current data and it is not important which domain controller holds the infrastructure master role.
FSMO Role:- RID Master  The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain.  When DC creates a security principle object such as user or group it attaches a unique security ID (SID) to object. This SID consists of domain SID (The same for all SID's created in a domain) , and a relative ID (RID) that is unique for each security principal SID created in a domain.  Each DC in a domain is allocated a pool of RID that it is allowed to assign to the security principal it creates. To be continue....
To be continue ...  When a DC's allocated RID pool falls below a threshold , that DC issues a request for additional RIDs to the Domain's RID Master. The Domain RID master responds to request by retrieving RIDs from the domains unallocated RID Pool and assigns them to the pool of the requesting DC.  At any one time there can be only one domain controller acting as RID master in the domain.
FSMO Role:- PDC Emulator  The PDC emulator is necessary to synchronize time in an enterprise windows.  Windows 2000/2003 includes the W32Time time service that is required by the Kerberos authentication protocol.  All windows 2000/2003 base computes within an enterprise use a common time . The purpose of the time service is to ensure that the windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.  The PDC emulator of a domain is authoritative for the domain the PDC emulator at the root of the forest become authoritative for the enterprise. And should be configured to gather the time from an external source.
 All pdc fsmo role holders follow the hierarchy of domains in selection on their in bound time partner.  The PDC emulator role holder retains the following function. − Password changes performed by other DC's in the domain are replicated preferentially to the PDC emulator. − Authentication failures that occur at the given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. − Account lockout is processed on PDC emulator − Editing or creation of group policy objects (GPO) is always done from the GPO copy found in the PDC emulator's SYSVOL share, unless configured not to do so by the administer.  An any one time there can be only one DC acting as PDC emulator master in each domain in the forest.
Viewing FSMO holder  Command to check all fsmo Role holder in domain domain.local Netdom query fsmo /domain:domain.local  Using Dcdiag: Dcdiag /test:knowsofroleholders /v  You can find individual role holders with the dsquery command:- − To find the Schema master dsquery server -hasfsmo schema − To find the Domain naming master dsquery server -hasfsmo name − To find the infrasturcture master dsquery server -hasfsmo infr − To find the RID Master dsquery server -hasfsmo rid − To find the PDC Emulator dsquery server -hasfsmo pdc
Active Directory Services
Active Directory services  Distributed File System  Domain name System (DNS) server  File Replication  Intersite messaging  Kerberos key Distribution Center  Remote Procedure Call (RPC) Locator  Active Directory Domain Service (ADDS)  Active Directory Lightweight Directory Services  Active Directory Federation Services  Active Directory Right management Service  Active Directory Certificate Service
Active Directory services  Distributed File System :- Manages logical volumes across local and wide are network  Domain name System (DNS) server:- Responds to DNS queries and dynamic DNS Requests.  File Replication :- Allows files to be copied and maintained across multiple Servers.  Intersite messaging:- Allows Messages to be exchanged between windows servers.  Kerberos key Distribution Center:- Enables user to log onto domain using the Kerberos authentication protocol To be Continue ............
Active Directory services  Remote Procedure Call (RPC) Locator:- Enables RPC clients using RpcNS*APIs to locate RPC Servers.  Active Directory Domain Service (ADDS):- Stores all information about resources on the network , such as user, computer and other devices.  Active Directory Lightweight Directory Services:- Allows administers to create small version of Active Directory that run as non-operating system services.  Active Directory Federation Services:- Provides Web single Sign-on (SSO) technologies to authenticate users to multiple web applications in a single session. To be continue ...
Active Directory services  Active Directory Right management Service:- Protect and secure information from unauthorized use online and offline, inside and outside of the environment.  Active Directory Certificate Service :- Allows the mapping of users and resources to private key to help secure identity in public key infrastructure PKI base environment.
Finding highly privileged group membership  You can view membership into highly privileged domain group using net.ext utility at command prompt.  net.ext group <domain-group-name> /DOMAIN For eg to view membership in Domain Admins Group command is like : net.exe group “Domain Admins” /Domain
Finding users that have not logged on since last month  You can find such account in your organization's domain by using net.exe command  net.exe user <username> /Domain  It return the domain account information about the user such as whaen user's password was last set , when the user's current password expires and when the user last logged on. net.exe user Testuser /Domain OR net.exe user Testuser /Domain | findstr “Last logon”
SOME USEFULL UTILITY  Repadmin  NetDiag  DCDiag  DNSCMD  DNSLint  Account lockout and management tool.
Repadmin  the replication diagnostic tool more commonly known by its short name repadmin, can help to diagnose Active Directory replication problem between Domain Controllers  Its Verify replication consistency between replication partners , monitor replication status , display replication metadata, and force replication events and topology recalculation.  Using this tool administrators can look at the replication topology as seen from the point of view of each domain controller.  You can also use repadmin to force replication between domain controller or to manually create a replication topology.
Netgiag  Check end to end network connectivity and distributed services functions.  The command line tool can be used to help diagnose and isolate connectivity issues in your network. It does this by performing a number of tests on the system and displaying network and configuration information
DCDiag  DCDiag is a command line utility that will run diagnostic test s against the domain controller. It runs several tests , and output can span many screen. If you want to perform specific tests against the domain controller, use the /test: switch for instance. If you want to make sure that the replication topology is fully interconnected issue the following command Dcdiag /test:topology To test that replication is functioning properly; issue the command Dcdiag /test:replications To view the status of global catalog replication use the command dcdiag /v /s:domain_controller_name | find “%”
DNSCMD  This command line tool is found in the support tools folder of the windows server CD and enable you to create , modify , and delete resource records and zones.  If you want to view the DNS information and statistics of server type − Dnscmd <Sever name > /info other useful switches with dnscmd are as follows /Zoneinfo : this will display information about the target zone. /DirectoryPartitioninfo : this command will display the directory partition information for target partition.
DNSLint This is a command line utility for windows server 2003 and higher and is located in the support tools folder of the windows server cd .  It can be used to check for and verify DNS records and server functionality and to generate a report in HTML dnsline /d domain_name | /ad [LDAP_IP_Address] | /ql input_file [/c] A [smtp,pop,imap] [/no_open] [/r report_name] [/t] [/test_tcp] A[/s DNS_IP_address] [/v] [/y] eg:- dnsline /AD  When using DNSLint you must specify one of three switches - /d, /ql , or /ad /d : Diagnoses problem , /ql : verifies a user defined set of DNS records , /ad : verifies DNS records specifically used for active directory replication
Account Lockout and Management Tool  The acctinfo.dll file is actuall part of the Account Lockout and management tools you can download from Microsoft.  Acctinfo.dll includes an additional property page for the user-account properties. This additional property page will allow you to determine when the account's password was set, when the password expires, when the user last logged on or off the domain as well as other lockout information.  LockoutStatus.exe display information concerning a locked out account. Use this tool to determine which computer were involved in the lockout by the account and when the lockout occurred.
Reference  Google  Mastering Active Directory for windows server 2008 by john A.Price  Microsoft press Exchange server 2003
THE END PSA

Recommended

Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Active directory
Active directoryActive directory
Active directory
Muuluu
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directory
Muuluu
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
6425 c 01
6425 c 016425 c 01
6425 c 01
tanvutha
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structure
John Carlo Catacutan
 
Active directory interview questions
Active directory interview questionsActive directory interview questions
Active directory interview questions
Anand Dhouni
 

Recommended

Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Active directory
Active directoryActive directory
Active directory
Muuluu
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directory
Muuluu
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
6425 c 01
6425 c 016425 c 01
6425 c 01
tanvutha
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structure
John Carlo Catacutan
 
Active directory interview questions
Active directory interview questionsActive directory interview questions
Active directory interview questions
Anand Dhouni
 
Active directory ii
Active directory iiActive directory ii
Active directory ii
deshvikas
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
70 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 04100970 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 041009
Coffeyville Community College
 
Activedirecotryfundamentals
ActivedirecotryfundamentalsActivedirecotryfundamentals
Activedirecotryfundamentals
Shekhar Singh
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
kuldeep singh shishodia
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
Jani Sabtriady
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
Harsh Sethi
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
Festus Oriaku
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
Fundamentals
FundamentalsFundamentals
Fundamentals
vamsi1986
 
Sql interview questions and answers
Sql interview questions and answersSql interview questions and answers
Sql interview questions and answers
sheibansari
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
anilinvns
 
70 640 Lesson05 Ppt 041009
70 640 Lesson05 Ppt 04100970 640 Lesson05 Ppt 041009
70 640 Lesson05 Ppt 041009
Coffeyville Community College
 
Oracle dba interview
Oracle dba interviewOracle dba interview
Oracle dba interview
Naveen P
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guide
webhostingguy
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
rahuldaredia21
 
Oracle archi ppt
Oracle archi pptOracle archi ppt
Oracle archi ppt
Hitesh Kumar Markam
 
MCSA 70-410 5 introduction to active directory and basic installation
MCSA 70-410 5 introduction to active directory and basic installationMCSA 70-410 5 introduction to active directory and basic installation
MCSA 70-410 5 introduction to active directory and basic installation
Tarek Amer
 
What is active directory
What is active directoryWhat is active directory
What is active directory
rajasekar1712
 

More Related Content

What's hot

Active directory ii
Active directory iiActive directory ii
Active directory ii
deshvikas
 
Activedirecotryfundamentals
ActivedirecotryfundamentalsActivedirecotryfundamentals
Activedirecotryfundamentals
Shekhar Singh
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
Jani Sabtriady
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
Harsh Sethi
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guide
webhostingguy
 

What's hot (20)

Active directory ii
Active directory iiActive directory ii
Active directory ii
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Active Directory
Active Directory Active Directory
Active Directory
 
70 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 04100970 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 041009
 
Activedirecotryfundamentals
ActivedirecotryfundamentalsActivedirecotryfundamentals
Activedirecotryfundamentals
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 
Fundamentals
FundamentalsFundamentals
Fundamentals
 
Sql interview questions and answers
Sql interview questions and answersSql interview questions and answers
Sql interview questions and answers
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
 
70 640 Lesson05 Ppt 041009
70 640 Lesson05 Ppt 04100970 640 Lesson05 Ppt 041009
70 640 Lesson05 Ppt 041009
 
Oracle dba interview
Oracle dba interviewOracle dba interview
Oracle dba interview
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guide
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
 
Oracle archi ppt
Oracle archi pptOracle archi ppt
Oracle archi ppt
 

Similar to Active diirecotry

Active directory basics
Active directory basicsActive directory basics
Active directory basics
Sanjeev Gupta
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1
tameemyousaf
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questions
subhashmr
 
Hunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting SessionHunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting Session
hacknpentest
 
Active Directory Ii
Active Directory IiActive Directory Ii
Active Directory Ii
deshvikas
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Active Directory I
Active Directory IActive Directory I
Active Directory I
deshvikas
 
Please follow the data and description Active Directory In gen.pdf
Please follow the data and description Active Directory In gen.pdfPlease follow the data and description Active Directory In gen.pdf
Please follow the data and description Active Directory In gen.pdf
apleathers
 

Similar to Active diirecotry (20)

MCSA 70-410 5 introduction to active directory and basic installation
MCSA 70-410 5 introduction to active directory and basic installationMCSA 70-410 5 introduction to active directory and basic installation
MCSA 70-410 5 introduction to active directory and basic installation
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questions
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questions
 
Hunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting SessionHunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting Session
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
Active Directory Ii
Active Directory IiActive Directory Ii
Active Directory Ii
 
X.500 More Than a Global Directory
X.500 More Than a Global DirectoryX.500 More Than a Global Directory
X.500 More Than a Global Directory
 
Active directory
Active directory Active directory
Active directory
 
Active Directory I
Active Directory IActive Directory I
Active Directory I
 
Active Directory Site And Services.pdf
Active Directory Site And Services.pdfActive Directory Site And Services.pdf
Active Directory Site And Services.pdf
 
Active Directory Site And Services.pdf
Active Directory Site And Services.pdfActive Directory Site And Services.pdf
Active Directory Site And Services.pdf
 
DC
DCDC
DC
 
active directory.pptx
active directory.pptxactive directory.pptx
active directory.pptx
 
Please follow the data and description Active Directory In gen.pdf
Please follow the data and description Active Directory In gen.pdfPlease follow the data and description Active Directory In gen.pdf
Please follow the data and description Active Directory In gen.pdf
 
Active directory
Active directoryActive directory
Active directory
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Recently uploaded (20)

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactistics
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 

Active diirecotry

  • 1. Active Directory for Windows Server
  • 2. Index  Active Directory Introduction  Active Directory Basics  Components of Active Directory  Active Directory hierarchical structure.  Active Directory Database.  Flexible Single Master Operations (FSMO)Role  Active Directory Services.
  • 4.
  • 5. What is Active Directory ?  Active Directory is Microsoft's version of X.500 recommendations. It 's database and directory service , which maintains the relations ship between resources and enable them to work together. It provide centralized repository for user account information and directory authentication , authorization and assignment of right and permissions.  It store information in hierarchical tree like structure . It depends on two Internet standard one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol and it use Kerberos V5 for authentication.
  • 6. Do I Need Active Directory  If I want to centrally manage access to resources such as printers, users and group.  If I want to control user accounts from one location.  If I have application that rely on Active Directory.
  • 8. The Basic  X.500 Recommendations  Domain Naming System (DNS)  LDAP  Schema  Replication  Global catalog  Components of Active Directory
  • 9. What is X.500 Recommendations  To address the needs of organizations, the Institute of Electrical and Electronics Engineers (IEEE) developed a set of recommendations that defined how a directory service should address the needs of administrators and efficiently allow management of network resources . These recommendations, known as the X.500 recommendations
  • 10. Domain Naming System (DNS)  Domain Naming System (DNS) is the hierarchical naming and a domain name resolution system used on Internet and windows network for naming resolution.  It converts the domain name into its related IP address.  Active Directory is Depends of DNS , both share the same zone-naming conventions. If DSN server fail it cause to fail active directory too fail.
  • 11. LDAP  LDAP is a directory access protocol , which is used to exchange directory information from server to clients or from server to server .  Port number for LDAP is 389.  It was initially used as front-end to X.500 , but can also be used with Stand-alone and other kinds of directory servers.
  • 12. Schema  The Schema acts as the building blocks of Active Directory. It holds all of the information needed to created users, groups, computers, and so on within Active Directory . The Schema defines the classes of objects that are allowed within a directory and attributes that are associated with those objects. These must be consistent across domain in order for security policies and access rights to function correctly. It defines how each attribute can be used and the properties associated with the attribute.
  • 13. Schema Attribute  To Standardize Active Directory , the Schema defines the attributes that can be used when creating objects. These attribute defined only once and can be used for any object.  Defining the attribute once and using it for multiple objects allows for a standardized approach of defining objects,  E.g.. of attribute is name  Each attribute within the schema has to have a unique OID (Object Identifier). To be Continue...........
  • 14.  These OID are registered and maintained by the Internet Assigned Numbers Authority (IANA). Once assigned , the OID Should not be used by any other attribute.  New attributes will need to be assigned an OID . If you are adding an attribute for use in object , you should register it with the IANA to safeguard the attribute and to make sure that it does not step on any other attributes. Registration is free and as long as your OID is unique , you should be issued an OID for your attribute . To be continue .............
  • 15. Schema classes.  An object Class is a defined grouping of attributes that make up a unique resource type.  One of the most common object class is the user class. Use the user object class as the template for a user account. When you create a user , the attributes that are defined for the user object class are used to define the new account.
  • 16. Replication  Replication is Process of making a replica (a copy) of something.  Replication is the automatic synchronization of data that occurs among domain controllers.  Any changes to the user account are made on one of the domain controllers and the sent to every other domain controller within the domain this transfer of data is called replication.  Replication of information can be burden on network to reduce the replication burden on the network Active Directory replicates only the attributes that have been changed not the entire object.
  • 17. Synchronization  Process of making two or more data storage devices or programs (in the same of different computers) having exactly the same information at a given time.
  • 18. Global Catalog  Global Catalog maintains indexes about objects. It contains full information of the objects in its own domain and partial information of the objects in other domains. Universal Group membership information will be stored in global catalog servers and replicate to all GC's in the forest.  Port number for Global Catalog is 3268
  • 20. Component of Active Directory  There are two type of components − Logical Components  Domain  Tree  Forest  Organizational unit. − Physical Components  Site  Domain Controller.
  • 22. Domain  The Domain is the core unit of logical structure in Active Directory. All Objects which share a common directory database, trust relationship with other domain and security policies is know as Domain. Each domain stores information about the objects that belong to that domain. All Security polices and settings , such as Administrative rights, security policies, and Access Control Lists (ACL's), do not cross from one domain to another, Domain Administrator has full rights to set policies only within domain they belong to. Domains provide administrative boundaries for objects; manage security for share resources and unit of replication for objects.
  • 23. Tree  Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a Single domain or multiple domains in a contiguous namespace.  Adding a domain to a tree becomes a child of the tree root domain. Domain will be called parent domain to which child domain is attached . A child domain can also have its multiple child domains. Child domain uses the name followed by parent domain name and gets a unique Domain Name System (DNS) .
  • 24.
  • 25. Forest  A Forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration.  The Primary security boundary for Active Directory is Forest, Which contain domain trees  Forests allow organizations to group their divisions which use different naming scheme, and may need to operate independently . But as an organization they want to communicate with the entire organization via transitive trusts, and share the same schema and configuration container.  The first domain you create in the forest is called the forest root domain.
  • 26. Organizational unit  It is a logical component of Active Directory and is used to organize users, groups and computers.
  • 28. Site  Site Contain Active Directory resources that are all connected by reliable high-speed bandwidth a minimum of 10 MB. Site membership is used in the logon process as a computer attempts to locate domain controllers in its own site first, in replication , in accessing global catalogues and in exchange server messaging infrastructure
  • 29. Domain Controller  Domain Controller is a single computer or Server that hold and controls Active Directory database.  It is the physical components of Active Directory and is used to control and manage the domains in a organization's forest.
  • 31. Active Directory Hierarchical Structure Forest root domain Domain Tree Domain Tree Domain Tree Forest
  • 32. Active Directory Hierarchical Structure  The Primary security boundary for Active Directory is Forest, Which contain domain trees.  There can be one or more domain trees in a forest though the first domain is designated as the forest root domain . A domain tree can contain multiple domains that share a common namespace. And regardless of the number of domain trees in a forest, there is centralized administration at the forest level with permissions to all domain trees. Each forest has an Enterprise Admins group as well as to be continue......
  • 33. To to continue........  Schema Admins group. Member of there groups have authority over all the domain trees in the forest .  All domain controller within the forest share the same schema.  Each domain has a domain Admin group and administrators .  In a parent domain automatically have administrative permissions to all child domains through automatic transitive trust relationships. These type of structure is know as hierarchical structure.
  • 35. Active Directory Database  Active Directory stores its data in a file name ntds.dit.  In addition to using the database file , Active Directory uses log file that store information prior to committing it to database that are edb.log, edb.chk , res1.log, res2.log. By default , this file is located in %systemroot%/NTDS folder.  During AD installation , Dcpromo lets you specify alternative locations for these log files and database files or you can use ntdsutil to move database to alternate location after installation.
  • 36. Move database to other location  Start computer in directory service restore mode and log on with directory service restore mode Administrator account and open command prompt. Then type  NtdstuiNtdstuil (press enter)  Files (press enter)  Move DB to <new directory location path> (press enter.)
  • 37. Move log file to other location  Start computer in directory service restore mode and log on with directory service restore mode Administrator account and open command prompt. Then type  NtdstuiNtdstuil (press enter)  Files (press enter)  Move logs to <new directory location path> (press enter.)
  • 39. What Are the FSMO Roles?  FSMO roles are specialized services within Active Directory that should be performed only by a single domain controller.  There are five roles make up the FSMO (Flexible Single Master Operations) : − Schema Maser. − Domain Naming Master. − Infrastructure Master. − Relative Identifier (RID )Master. − Primary Domain Controller (PDC) Emulator.  All five of these roles coexist on one domain controller , or you can move them so that they all run on their own independent domain controller.
  • 40. FSMO Role:- Schema Master  The Schema master domain controller controls all updates and modifications to the schema . Once the schema update is complete, it is replicated from the schema to all other DC in the directory.  To update the schema of a forest, you must have access to the schema master  There can be only one schema master is the whole forest.  To see all FSMO role run the command Netdom query /domain:<domain>
  • 41. FSMO Role:- Domain Naming Master  The Domain naming master domain controls the addition or removal of domains in the forest.  There can be only one domain naming master in the whole forest.
  • 42. FSMO Role:- Infrastructure Master  The Infrastructure Master Domain Controller responsible for updating an object's SID and distinguished name in a cross-domain.  There can be only one domain controller acting as the infrastructure master in each domain.  The infrastructure master (IM) role should be held by a domain controller that is not a global catalog Server . IF the infrastructure master runs on a Global catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds To be continue ..........
  • 43. To be continue ......  A partial replica of every object in the forest . As a result, cross domain object references in that domain will not be updated and a warning to the effect will be logged on that DC event log.  If all domain controllers in domain also host the global catalog, all the domain controllers have the current data and it is not important which domain controller holds the infrastructure master role.
  • 44. FSMO Role:- RID Master  The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain.  When DC creates a security principle object such as user or group it attaches a unique security ID (SID) to object. This SID consists of domain SID (The same for all SID's created in a domain) , and a relative ID (RID) that is unique for each security principal SID created in a domain.  Each DC in a domain is allocated a pool of RID that it is allowed to assign to the security principal it creates. To be continue....
  • 45. To be continue ...  When a DC's allocated RID pool falls below a threshold , that DC issues a request for additional RIDs to the Domain's RID Master. The Domain RID master responds to request by retrieving RIDs from the domains unallocated RID Pool and assigns them to the pool of the requesting DC.  At any one time there can be only one domain controller acting as RID master in the domain.
  • 46. FSMO Role:- PDC Emulator  The PDC emulator is necessary to synchronize time in an enterprise windows.  Windows 2000/2003 includes the W32Time time service that is required by the Kerberos authentication protocol.  All windows 2000/2003 base computes within an enterprise use a common time . The purpose of the time service is to ensure that the windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.  The PDC emulator of a domain is authoritative for the domain the PDC emulator at the root of the forest become authoritative for the enterprise. And should be configured to gather the time from an external source.
  • 47.  All pdc fsmo role holders follow the hierarchy of domains in selection on their in bound time partner.  The PDC emulator role holder retains the following function. − Password changes performed by other DC's in the domain are replicated preferentially to the PDC emulator. − Authentication failures that occur at the given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. − Account lockout is processed on PDC emulator − Editing or creation of group policy objects (GPO) is always done from the GPO copy found in the PDC emulator's SYSVOL share, unless configured not to do so by the administer.  An any one time there can be only one DC acting as PDC emulator master in each domain in the forest.
  • 48. Viewing FSMO holder  Command to check all fsmo Role holder in domain domain.local Netdom query fsmo /domain:domain.local  Using Dcdiag: Dcdiag /test:knowsofroleholders /v  You can find individual role holders with the dsquery command:- − To find the Schema master dsquery server -hasfsmo schema − To find the Domain naming master dsquery server -hasfsmo name − To find the infrasturcture master dsquery server -hasfsmo infr − To find the RID Master dsquery server -hasfsmo rid − To find the PDC Emulator dsquery server -hasfsmo pdc
  • 50. Active Directory services  Distributed File System  Domain name System (DNS) server  File Replication  Intersite messaging  Kerberos key Distribution Center  Remote Procedure Call (RPC) Locator  Active Directory Domain Service (ADDS)  Active Directory Lightweight Directory Services  Active Directory Federation Services  Active Directory Right management Service  Active Directory Certificate Service
  • 51. Active Directory services  Distributed File System :- Manages logical volumes across local and wide are network  Domain name System (DNS) server:- Responds to DNS queries and dynamic DNS Requests.  File Replication :- Allows files to be copied and maintained across multiple Servers.  Intersite messaging:- Allows Messages to be exchanged between windows servers.  Kerberos key Distribution Center:- Enables user to log onto domain using the Kerberos authentication protocol To be Continue ............
  • 52. Active Directory services  Remote Procedure Call (RPC) Locator:- Enables RPC clients using RpcNS*APIs to locate RPC Servers.  Active Directory Domain Service (ADDS):- Stores all information about resources on the network , such as user, computer and other devices.  Active Directory Lightweight Directory Services:- Allows administers to create small version of Active Directory that run as non-operating system services.  Active Directory Federation Services:- Provides Web single Sign-on (SSO) technologies to authenticate users to multiple web applications in a single session. To be continue ...
  • 53. Active Directory services  Active Directory Right management Service:- Protect and secure information from unauthorized use online and offline, inside and outside of the environment.  Active Directory Certificate Service :- Allows the mapping of users and resources to private key to help secure identity in public key infrastructure PKI base environment.
  • 54. Finding highly privileged group membership  You can view membership into highly privileged domain group using net.ext utility at command prompt.  net.ext group <domain-group-name> /DOMAIN For eg to view membership in Domain Admins Group command is like : net.exe group “Domain Admins” /Domain
  • 55. Finding users that have not logged on since last month  You can find such account in your organization's domain by using net.exe command  net.exe user <username> /Domain  It return the domain account information about the user such as whaen user's password was last set , when the user's current password expires and when the user last logged on. net.exe user Testuser /Domain OR net.exe user Testuser /Domain | findstr “Last logon”
  • 57. Repadmin  the replication diagnostic tool more commonly known by its short name repadmin, can help to diagnose Active Directory replication problem between Domain Controllers  Its Verify replication consistency between replication partners , monitor replication status , display replication metadata, and force replication events and topology recalculation.  Using this tool administrators can look at the replication topology as seen from the point of view of each domain controller.  You can also use repadmin to force replication between domain controller or to manually create a replication topology.
  • 58. Netgiag  Check end to end network connectivity and distributed services functions.  The command line tool can be used to help diagnose and isolate connectivity issues in your network. It does this by performing a number of tests on the system and displaying network and configuration information
  • 59. DCDiag  DCDiag is a command line utility that will run diagnostic test s against the domain controller. It runs several tests , and output can span many screen. If you want to perform specific tests against the domain controller, use the /test: switch for instance. If you want to make sure that the replication topology is fully interconnected issue the following command Dcdiag /test:topology To test that replication is functioning properly; issue the command Dcdiag /test:replications To view the status of global catalog replication use the command dcdiag /v /s:domain_controller_name | find “%”
  • 60. DNSCMD  This command line tool is found in the support tools folder of the windows server CD and enable you to create , modify , and delete resource records and zones.  If you want to view the DNS information and statistics of server type − Dnscmd <Sever name > /info other useful switches with dnscmd are as follows /Zoneinfo : this will display information about the target zone. /DirectoryPartitioninfo : this command will display the directory partition information for target partition.
  • 61. DNSLint This is a command line utility for windows server 2003 and higher and is located in the support tools folder of the windows server cd .  It can be used to check for and verify DNS records and server functionality and to generate a report in HTML dnsline /d domain_name | /ad [LDAP_IP_Address] | /ql input_file [/c] A [smtp,pop,imap] [/no_open] [/r report_name] [/t] [/test_tcp] A[/s DNS_IP_address] [/v] [/y] eg:- dnsline /AD  When using DNSLint you must specify one of three switches - /d, /ql , or /ad /d : Diagnoses problem , /ql : verifies a user defined set of DNS records , /ad : verifies DNS records specifically used for active directory replication
  • 62. Account Lockout and Management Tool  The acctinfo.dll file is actuall part of the Account Lockout and management tools you can download from Microsoft.  Acctinfo.dll includes an additional property page for the user-account properties. This additional property page will allow you to determine when the account's password was set, when the password expires, when the user last logged on or off the domain as well as other lockout information.  LockoutStatus.exe display information concerning a locked out account. Use this tool to determine which computer were involved in the lockout by the account and when the lockout occurred.
  • 63. Reference  Google  Mastering Active Directory for windows server 2008 by john A.Price  Microsoft press Exchange server 2003