Multi Architect

                                 T he netlogon service in DC is responsible for registering SRV records in the DNS server under _tcp.dc._msdcs. domain.com . It then registers the SRV records of Domain Controller under _sites.dc._msdcs. domain.com . based on their site location.

                          I n an Active Directory environment where you have at least a single Domain Controller, the clients in that site will contact this Domain Controller for handling service requests. But suppose, you have a site without a Domain Controller (yes, it is possible). In that scenario, which Domain Controller does the client contact for handling its service requests. This is where the Automatic Site Coverage comes into play!!! Using Automatic Site Coverage, each Domain Controller checks all sites in the domain and calculate replication cost matrix. Thus the Domain Controller from a site which appears as the closest one (using site link cost calculation) to the site without Domain Controller will advertise itself as the authoritative one. If there are multiple sites with the same cost link to the site without Domain Controller, then the site with the most number of Domain Controllers will be chosen. If the tie appears here as well, the site which comes in first alpha

          W henever someone asks me ' What is SysVol ?', my answer would be - the folder which stores group policy.  But is it just a folder ??..Let us find it out. What is Sysvol ? Sysvol is a special folder which is available in C:\Windows\SYSVOL directory in all domain controllers within the domain. This special folder contains the domain's Group Policy settings, default profiles and logon/logoff/startup/shutdown scripts. 

F ocus: Active Directory Recycle Bin Active Directory Recycle Bin This is a new feature of Windows 2008 R2 which is disabled by default. This feature will be available only if your forest functional level is Windows 2008 R2 and above. Once you enable this feature, it cannot be disabled. How to enable? There is no GUI to enable AD recycle bin Open powershell execute the below: Import-Module ActiveDirectory Enable-ADOptionalFeature -Identity "Recycle Bin Feature" -Scope ForestOrConfigurationSet -Target "globomantics.local" -whatif

F ocus:  Active Directory Tombstone, TSL, Tombstone reanimation Active Directory Tombstone When an object is removed from Active Directory, it is said to be tombstoned.  Tombstone is something which a Domain Controller uses to notify other Domain Controllers about an object deletion.

F ocus: USN, USN Rollback, DSA GUID and Invocation GUID Unique Sequence Number (USN) USN is an AD database change tracking number. Any change or transaction made in a DC is represented by a USN increment. The USN of DCs in the same domain need not be same.

F ocus: Active Directory Replication, USN, HWMV and UTDV                                    Intrasite replication replicates changes made in one DC to all other DCs in the same site. AD replications are generally  pull  operations. For example (A site with two DCs : DC1 & DC2) , If a change is made on DC1 then DC1 will inform DC2 about the change.

T his can be done in 2 methods Assigning Publishing

T he content of the system state backup includes: Registry COM+ Class Registration database Boot files, including the system files

The most confusing question in Active Directory. Will try to explain this in a simpler way. Infrastructure Master role is responsible for managing any cross domain references. When we discuss about cross domain references, its essential to discuss about Phantom objects. An AD group is something which can hold members of its own domain and groups from other domain(Eg: Global group and Universal group). For a group in one domain to contain members from another domain, a pointer or cross-domain reference is required. This cross-domain reference is called a Phantom object .

F ocus : Active Directory FSMO Roles FSMO - Expansion and its relevance FSMO is the short representation of Flexible Single Master Operations. Each of these word has its own significance. Operation Master is a set of roles which handles a separate operation. So why ‘Flexible’ & ‘Single’ used?

F ocus: Global Catalog Server Global catalog (GC) is a role handled by domain controllers in an Active directory model.  The global catalog stores a full copy of all objects in the directory for its host domain and a partial copy of all objects for all other domains in the forest. 

F ocus: Active Directory Backup and restore Taking backup 1. Open command prompt and execute  “wbadmin start systemstatebackup -backuptarget:e:\”  - In Windows 2008, need to install the Windows server backup feature, as it is not installed by default. 2. Confirm that the backup is successful using the command  “wbadmin get versions”  Restoration 1. Restart the server in  Directory Service Restore Mode (DSRM) 2. Get the version ID of the available backup using  “wbadmin get versions”  3. Run the restoration using the command  “wbadmin start systemstaterecovery -version: versionID " Making the Restoration Authoritative 1. At a command prompt, type  ntdsutil , and then press ENTER. 2. Type  authoritative restore , and then press ENTER. 3. You will be prompted as "Active Instance not set. To set an active instance use "Activate Instance ". 4. Type  activate instance ntds  and then press ENTER 5. Then type the command  restore subtree dc=Domain_Name,dc=xxx and then pr

Step 1 Run the  repadmin /showrepl  command on the domain controller that received the error to determine which domain controller has been disconnected for longer than a tombstone lifetime. Step 2 Modifying the registry

Scenario I've an environment with Windows 2003 & Windows 2008 servers in  Windows 2000 Native mode . If I try to add any AD group in a folder security group of a Windows 2008 server, the AD group name won't get resolved.

F ocus : Active Directory KCC and ISTG KCC (Knowledge consistency checker) is responsible for generating site replication toplolgies between domain controllers. KCC runs in each DC of a domain and creates a