IT Learning: February 2016

Monday, February 29, 2016

Managing AD DS Backup and Recovery

In earlier versions of Windows, Active Directory backup involves backing up the created System state, it is a small collection includes Active Directory database file Registry.

In Windows Server 2012, system state concept still exists, but it's bigger. Because of Teamwork server role, the physical configuration and Active Directory are system state now a subset of a full server backup, and some configuration, can be just as big. Backup Domain controller, you must be fully backed up all the critical volumes.

Restoring AD DS Data

When a domain controller or its directory is damaged, damage or failure, you have some with the option to restore the system.

Non-authoritative Restore

Such option is called normal or non-authoritative restore recovery. In a normal recovery In operation, you restore a backup Active Directory as a known good date. In fact, you roll domain controller back in time. When the AD DS domain controller is restarted, the domain controller Communicate with its replication partners, and requests all subsequent updates. In fact, the domain controller Catch by using the standard replication mechanism with the rest of the domain.

When a directory on a domain controller is destroyed normal recovery is useful or damaged, but the problem does not spread to other domain controllers. The circumstances in which the damage was done, and the damage is copied? For example, if you delete one or more and delete objects replicated?

In this case, a normal recovery is not enough. If you restore a known good version Active Directory and restart the domain controller, delete (ie to take place later Backup) is simply copied back to the domain controller.

Authoritative Restore

When a known good copy of AD DS is restored contains something must be covered AD DS database to an existing object, authoritative restore is necessary. At the authoritative restore, Active Directory can restore a known good version, as you would in a normal recovery. However, Restart the domain controller before the object that you have previously marked accidentally deleted or damaged You want to keep as authoritative, they can be copied from the recovery domain controller Replication partners. Behind the scenes, when you mark objects as authoritative back, Windows increment The version number of the characteristics of everything is so high, is almost guaranteed to be higher version Than all the other domain controllers version numbers.

When you restart the recovery domain controller, copy it from all replication partners Directory changes made. It also informs its partners, it has changed, and Change the version number of partners to ensure that the changes take and copy them over Directory service. Enable Active Directory Recycle Bin in the forest, you can use the Active Directory Recycle Bin as a simpler alternative authoritative restore.

Other Restore Options

A third option to restore the directory service is to restore the entire domain controller. It By starting a full backup of the Windows Recovery Environment, and then restore the server to complete Domain Controller. By default, this is a normal recovery. If you need something as powerful, You need to restart the server in Directory Services Restore Mode and set the object as authoritative Before starting the domain controller in normal working conditions.

Finally, you can restore to an alternate location on systemstate backups. This allows you to Check the file and potential, mount the file NTDS.DIT. You should not copy the files from a backup Product versions of files to restore location. Do not take the initiative to make gradual return Directory. If you want to use from the media install option, you can also use this option to create The new domain controller.

Managing Operations Master Roles

AD DS multi-master environment Replication means that all domain controllers And the ability to focus on the same general time Modify the AD DS database. However, some Operation should only be performed by a system. In AD DS, domain operations master The controller performs a specific function within the In a domain environment.

Forest-Wide Operations Master Roles

Schema master and domain naming Master in the forest must be unique. Each Only one paper from the domain controller in the forest.

Domain Naming Master Role

When you add or remove a domain, and application partition, domain, our role is to Forest. When you add or remove a domain or an application partition, the main domain, we must Access to, or the operation will fail.

Schema Master Role

Holds the schema master role is responsible for making any changes to the domain controller Forest architecture. Read-only mode holds a copy of all the other domain controllers. When you need Modify the schema changes must be sent to the domain controller that hosts the schema Master role.

Domain-Wide Operations Master Roles

Each domain maintains three single-master operations: Relative Identifier (RID) master, Owners of infrastructure, the primary domain controller (PDC) emulator. Each role is performed by only one Domain controllers in the domain.

RID Master Role

RID master role RID host security identifier (SID) is generated plays an important part of the security Principals such as users, groups, and computers. SID security principals must be unique. Because of Any domain controller can create an account, and therefore, a SID mechanism is necessary to ensure that SID generated by the domain controller is unique. Active Directory domain controller generates SID By adding a unique domain SI D. Domain RID RID master assigned a unique pool Off each domain controller in the domain. Thus, each domain controller cannot be sure It is unique in that it produces small island developing States.

Infrastructure Master Role

Infrastructure master role In a multi-domain environment, which is a phenomenon is something other areas. For example, a group may include members from other domains. Its multi-valued attribute members It contains the distinguished name of each member. If the transfer to another member or domain rename, update infrastructure master domain object reference group.

PDC Emulator Role

PDC emulator role PDC emulator to perform multiple roles, the key functional domains: • In the domain-specific password update process to participate. When the user's password reset or change, make changes to the domain controller will immediately replicate these changes to the PDC Simulator. This particular domain controller replication to ensure understanding of the new password As soon as possible.

• Management domain Group Policy updates. If you change a GPO two domains At about the same time, the controller can have two versions of possible conflicts As GPO replication cannot be reconciled. To avoid this situation, PDC emulator default focus Point out to change all of the group policy.

• The primary time source domain. Many parts of Windows and technology Depending on the time stamp, the system time is synchronized with the entire domain is essential. PDC emulator the forest root domain is the master of time, by default. PDC emulator in each Forest root domain synchronizes time with PDC emulator. Other domain controllers in the domain synchronize their clocks for domain PDC emulator. All other members of the sync domain their time and their preferred domain controller.

• Act as a domain master browser. When you open Windows, you can see a list of Workgroup and domain, when you open a workgroup or domain, you'll see a list of computers.

Guidelines for Placing Operations Master Roles

• The role of high-performance field-level domain controller.

• Do not when the global catalog server domain-level master role, in addition to your forest contains only one domain or forest to all domain controllers are also global Directory.

• stay on a domain controller in the forest root domain of the forest-level two roles.

• PDC emulator workload adjustments, if necessary, by offloading non-AD DS role servers

Overview of the Active Directory Administrative Center

Windows Server 2012 provides an alternative Options for managing AD DS objects. Active Directory Administrative Center provides a Windows -based graphical user interface (GUI) PowerShell’s. This enhanced interface allows you to Implementation of Active Directory object management by using navigation based on job requirements. Your tasks you can perform by using the Active Directory Manager include:

• Create and manage users, computers, and group accounts.

• Create and manage organizational units.

• connect and manage multiple a single instance of Active Directory Administrative Center domain.

• Search and filter by generating query Active Directory data.

• Create and manage fine-grained password policies.

• Recycle Bin objects recovered from Active Directory.

Installation Requirements

Install the Active Directory Administrative Center on the computer where you can run only In Windows Server 2008 R2, Windows Server 2012, Windows 7 or Windows 8; you can install Active Directory Administrative Center by:

• install through Server Manager AD DS server role.

• Install the Remote Server Administration Tools (RSAT)

New Active Directory Administrative Center Features in Windows Server 2012

Active Directory Administrative Center in Windows Server 2012 contains several new features So that the AD DS functional graphical management:

• Active Directory Recycle Bin. Active Directory Administrative Center now offers a complete in the Active Directory Recycle Bin governance. Administrators can use Active Directory View Manager and find deleted objects, and to manage and restore things to their Original or other desired location.

• Fine-grained password policies. Also provides Active Directory Administrative Center for the creation and management of graphical user interface objects to achieve fine-grained password settings AD DS domain password policy.

• History Viewer in Windows PowerShell. Active Directory Manager features Built on Windows PowerShell. You can execute any command or action in Active Directory Center management interface through Windows PowerShell in Windows Server 2012 is underway the cmdlet. When Active Directory Administrative Center administrator performs a task Interface, the viewer is shown in the Windows PowerShell History is the Windows PowerShell command Released task. It allows administrators to re-use the code to create reusable scripts and allows More familiar with Windows PowerShell syntax

Administering Active Directory Domain Service (AD DS)

Overview of the Active Directory Administration Snap-ins

You usually perform the most active by using the following directory management Oh and console:

• Active Directory Users and Computer. The most common management snap it Day -to -day resources, including users, groups, and computer. This is probably the most Used extensively for snap -in Active Directory Administrator.

• Active Directory Sites and Services. This copy management , network topology, and related services .

• Active Directory Domains and Trusts. This relationship of trust and configuration and maintenance Domain and forest functional levels.

• Active Directory Schema. This architecture review and revision of the definition of activities Directory object classes and attributes. Architecture is a blueprint in Active Directory, and you usually do not look at and change it often. Therefore, Active Directory Schema snap -in is not fully installed, by default.

Overview of GPO Security Filtering

Essentially, a GPO for all Container security principle, all at the bottom of the parent container. However, You may want to change this behavior, Some GPO applies only to a specific Safety principles. For example, you can Exemptions from some users on an OU Desktop strict rule. You can do Filtering it through security. Each GPO has access control list (ACL) permissions to the definition of the GPO. The default permissions are validated the user has Read and Apply Group Policy permissions. By adjusting permissions ACL, which can control the approved safety principles applied GPO settings. Also, you may need to do two practices: Deny Access Group Policy, or restrict permissions Group Policy.

Note: Authenticated Users group that includes all users and computer accounts Verify AD DS.
Deny Access to Group Policy

If the principles of policy in the safest container should be set, but some are not, then you cannot let them enter the Group Policy exemptions specific security guidelines. For example, you can have a user should receive all sales except sales OU Group Policy Managers group. You can go to the GPO exemptions ACL group (or user) by adding the group, and then set the permissions to deny.

Limit Permissions to Group Policy

Also, if you have created it should apply only to certain safety principles GPO With a container, you can remove Authenticated Users group from the ACL, add safety principles You must accept the settings of the GPO, and then give them Read and Apply Group Policy permissions. For example, you may have GPO settings computer configuration should apply only to laptops Computer. You can remove the Authenticated Users group from the ACL add a computer account Laptop, and then give them Read and Apply Group Policy permissions.

Note: As a best practice, you should not deny access Authenticated Users group. If you To do this, you will not receive security policy settings GPO.

ACL GPMC GPO GPO Access is to be selected by Group Policy Objects Folder, and then click the Delegation> Advanced tab.

What Are the Default GPOs?

During the installation of AD DS Roles, will create two defaults GPO: Default Domain Policy and Default Domain Controller Strategy.

Default Domain Policy

Default Domain Policy is linked to Domain and affects all the safety principles Domain. It contains password policy Setting the account lockout settings, and Kerberos protocol. As a best practice, which There should be no other policy settings Configuration. If you need to configure additional settings that apply to the entire domain, you must create Set the new policy provided, and then link the domain policy.

Default Domain Controllers Policy

Default Domain Controllers Policy is linked to the domain controller "OU, and only Effect of a domain controller. This policy is designed to provide audit settings and user rights, and should be It cannot be used for other purposes.

Overview of Group Policy Processing Order

GPO will not be applied simultaneously; instead, they are applied in a logical sequence. GPO is applied to the last part of the process GPO is applied to cover all conflicts these policy settings earlier applications.

GPO is applied to the following order:

1. Local GPOs: Each operating system Running Windows 2000 or later you may already have a local Group Policy Configuration.

2. Site GPOs: Linked policy Next to the processing site.

3. Domain GPOs: Linked to the policy domain under treatment. Often More than one policy domain level. Priorities these policies are processed.

4. OU GPOs: Link to OU policy further processing. These included setting policy the sole purpose of the OU. For example, a user may need to sell special settings. You can link strategy, sales OU will provide the setting.

5. Child OU policies: Any policy that is linked to the child OU of final processing.

Everything policy holder receive cumulative effect on their order processing. On Cases of conflict between settings, the last applied policy to take effect.

Applying GPOs in AD DS

Computer configuration settings Applied to startup, and then refresh on a regular basis. Any startup scripts run, the computer starts. The default interval is every 90 minutes, but it can be configured. That Exceptions interval set up a domain the controller, which is also refreshing its settings every five minutes.

User login and application settings periodically refresh interval configuration; the default is 90 minutes. any login And logon script.

Note: Some user settings Login required before the user sees two Influence GPO. This is because the user with cached credentials to log on to the same computer, to accelerate Up to login. This means that even if the policy settings are passed to the computer, the user is you’re already logged in, so setting will not take effect until the next login. Folder Redirection It is to set up an example of this.

You can configure the settings of the Group Policy change the refresh interval. For the computer settings The refresh interval setting is Computer Configuration \ Policies \ Administrative Templates found \ System \ Group Policy node. For the user settings, the refresh interval is found, the appropriate settings User configuration. An exception to the refresh interval is safe setting. Security Settings Part of Group Policy will be refreshed at least every 16 hours, regardless of the time interval you set For the refresh interval.

You can also manually refresh the group policy. The command-line utility to run gpupdate, and eat all new Group Policy configurations. The gpupdate / force command refreshes all groups Policy settings. There is also a new Windows PowerShell command calls, run gpupdate, it performs The same function.

In a new feature in Windows Server 2012 is the remote policy refresh. This feature allows Administrators can use GPMC force against OU and Group Policy refresh their computers at all They are currently logged in user. To do this, you right-click any OU, and then click the Group Policy Update. Updated occurred within 10 minutes.

Managing Group Policy

GPO Links

When you have created a GPO, All you want to define settings Transport, the next step is to link policy Active Directory container.

GPO links are logical connections the container policy. You can link A GPO to multiple containers GPMC. You can link the GPO to the following

These types of containers:

• Sites

• Domain

• OU in

GPO linked to the container, by default, the policy is applied to all items Container, and then all child containers under the parent object. This is because, by default GPO permission it is authenticated users have Read and Apply Group Policy License. You can change this behavior by the power management GPO.

You can disable link container, thereby eliminating the configuration settings. You can also delete link. Delete link does not delete the actual GPO, only the container logical connection. The GPO cannot be connected directly to the user, group, or computer. In addition, GPO cannot Link System container in AD DS, including built-in, computer, user, or hosted service Account. AD DS system container from the group policy is linked to the GPO settings received only domain level.

What Are Starter GPOs?

Getting the GPO template to help GPO created. When creating a new GPO, you can choose to use as a starter GPO Source. This makes it easier and faster Creating numerous GPO with the same reference Configuration.

Available Settings

Starter GPO can contain settings From the Administrative Templates node whether or user configuration section Computer Configuration section. Software Windows Settings node of Group Policy settings and are not available because the nodes involvement Interactive services and more complex, domain -related.

Exporting Starter GPOs

You can start the GPO exported to a CAB file (.cab) file, and then load it into another .cab file Environment is completely independent of the source domain / forest. Starter GPO export permit you .cab file to other administrators, who can then use it elsewhere. For example, you can create a GPO custom Internet Explorer security setting. If you want all sites and domains with the same settings, then you can start GPO Export to a .cab file, and then distributed.

When to Use Starter GPOs

Where you will use the Starter GPO most common scenario is when you want a group of a class action setting computer. For example, you may want all companies have the same laptop Desktop restrictions, or all of the file server has the same baseline group policy setting, but enable the Changes in different sectors.

Included Starter GPOs

The GPMC includes a link to create a Starter GPO folder, which contains a number of predefined Starter GPO. The rules for enterprise clients for preconfigured security settings (EC) And Specialized Security - Limited Functionality (SSLF) Client for user and computer settings Windows Vista and Windows XP Service Pack 2 (SP2) operating system. You can use the starting point of the policy, when you design a security policy.

What Are Group Policy Preferences?

A group Policy preference is a function In Windows Server 2012 operating system in. Will include more than 20 Group Policy the expanded range extension GPO settings configured. Will help reduce the need for login Script.

Note: Windows XP operating system Systems must have Group Policy client side Install extensions in the treatment group Preference Policy. These can be downloaded Download from Microsoft's Web site.

Characteristics of Preferences

The first has the following characteristics:

• Computer and user preferences exist.

• Group Policy settings, preferences are not performing, the user can change Founded by preference configuration.

• Preferences can be managed by the Remote Server Administration Tools (RSAT).

• Preferences can be applied only once at startup or login, or from time to time to refresh.

• Group Policy settings, preferences are not deleted when the GPO no longer applies, but you can change this behavior.

• Setting can be easily positioned by a variety of methods to specific users or computers, for example, as a member of the security group, or operating system version.

• Preference does not apply to local GPO.

• Group Policy, the settings of the user interface is disabled.

Storage of Domain GPOs (Group Policy Objects)

Group Policy settings are expressed as GPMC GPO, the GPO is actually two but Comprising: a template and Group Policy Group Policy container.

Group Policy Template

Group Policy template is really Collection of settings that you can change. That Group Policy template is a collection of files SYSVOL stored in each domain Controller. SYSVOL located The % SystemRoot % \ SYSVOL \ domain \ policies \ GPOGUID path, this is the GUID GPOGUID Group Policy container. When the new Group Policy template to create a GPO you created SYSVOL folder and a new Group Policy container created in AD DS.

Group Policy Container

Group Policy container at an Active Directory object THE Falling store SA's Active Directory, database. Each container Group Policy ACE contains a unique global identifier (GUID) PROPERTIES OF Arian, Uniquely identifies an object in AD DS. Basic characteristics TO Wu defined by Group Policy container GPO, in NUMBER versions, but IT IS not set out any such OF THE link.

By default, when Group Policy refresh occurs, the Group Policy client-side extensions (CSEs)

apply settings in a GPO only if the GPO has been updated

What Are Multiple Local GPOs?


Before the Windows operating system, WindowsVista , there is only one person available Local user configuration Group Policy . This configuration is applied to all users Log in from a local computer. It is still

True, but WindowsVista and newer Windows Client and Windows Server operating system 2008 and newer Windows Server operating system the system has an additional feature, a plurality of local GPO. Windows 8 and Windows Server In 2012, you can now have different user Local settings for different users, but it is only one it can be used to profile users, Group Policy.

In fact, only one set of the configuration of the computer, you can Windows 8 and Windows Server 2012, and affect all computer users.

Windows 8 and Windows Server 2012 provide the ability to the following three levels of local GPO’s:
• Local Group Policy (including computer configuration settings)
• Administrators and non- administrators Local Group Policy
• User- specific Local Group Policy
How to deal with layers
The layers of local GPO are processed in the following order:
1. Local Group Policy
2. The administrator and non- administrator group policy
3. The Local Group Policy user-specific
With the exception of the members of the category or administrator, it is impossible for local groups, but only for individual local user account GPO. Domain users are subject to the Local Group Policy, or an administrator or administrator to set appropriately.

Overview of Group Policy

Components of Group Policy

Group Policy settings are configured Settings, enabling administrators to perform By changing the settings of the computer –specific Registry settings and user-specific domainbased Computer. You can be compiled Group Policy settings that GPO, which then, you can apply to users or computers.

GPOs

GPO is an object that contains one or more appropriate policy configuration settings for a user, computer, or both settings. GPO Templates are stored in SYSVOL and the GPO DS storage container object in AD. The GPO by using the Group Policy Management to manage Console (GPMC). In GPMC, you can open and edit the GPO by using Group Policy Management Editor. GPO is logically linked with the settings to Active Directory container the container object.

Group Policy Settings

Group Policy settings the most delicate part A Group Policy setting Group Policy. It refers to a particular Changes to the configuration object in Active Directory domain (or computer user, or both) Services (AD DS). Group Policy has thousands of configuration settings. The settings can affect almost each area of the computing environment. Not all settings apply to all older versions of Windows Server and Windows operating systems. Each new release introduces new features and settings It applies only to the specific version. If the settings of the computer group policy application, it cannot Process, it just ignores it.

Most policy setting has three states:

• Not Configured. The GPO will not change the existing configuration settings specific User or computer.

• Enabled. The policy settings are applied.

• Disabled. The policy setting specifically reversed. By default, most of the settings are set to not configure.

What Is a DNS Zone Transfer?

Zone transfer happens when you Copy the DNS zone on a single server Another DNS server.

Regional transmission and synchronization master Secondary DNS server for the zone. This is how DNS

Establish its elasticity over the Internet. This is It is important to keep updating DNS zone Primary and secondary servers. Difference Primary and secondary service areas can lead to Interrupts and host name is resolved Incorrect.

Zone transfers can occur in one of three ways:

• Full zone transfer. When you exit from the entire area of a copy of a DNS zone transfer complete Server to another. A complete all transfer zones is called a zone transfer (AXFR).

• Incremental zone transfer. Incremental zone transfer occurs when there is an update of Resource record DNS server only change is replicated to other servers. This is a Incremental zone transfer (IXFR).

• Rapid transmission. Windows DNS servers for fast delivery, which is a regional transfer Use compression and send multiple resource records per serving.

Not all DNS server implementation supports fast incremental zone transfer. When Integration with Berkeley Internet Name Domain (BIND) DN DNS server in Windows 2012.

DNS Zone Delegation

DNS is a hierarchical system, and district DNS delegation layers together. A Regional delegation points to the next level down, and identifies the name of the server Responsible for lower -level domain.

In deciding whether to divide DNS name space, so that other areas, He believes the following reasons to use additional area:

• You need to delegate management DNS namespace to other parts of Tissue location or department.

• You can divide a large area in smaller areas, so you can distribute traffic load between multiple servers. This improves DNS name resolution Performance, and creates a more fault - tolerant DNS environment.

• Do you need room for expansion by adding numerous subdomains immediately to accommodate the opening of a new branch or site.

Overview of the DNS Namespace

How easy DNS namespace DNS resolver fined a computer. That Namespace hierarchy organization Distribution of information to multiple servers.

Root Domain

Dot (.) Represents the root domain, but did not enter it in the Web browser. That suppose dot (.). Next time, you Type the address of a computer; try to add at the end of the period (for example, www.google.com). A total of 13 vessels Global domain server.

Top-Level Domain

The first top-level domain (TLD) DNS name space. Examples of top-level domain Internet including .COM, .NET, .ORG, .BIZ and Biz. Most recognized domain name .com, .net and .org, and .gov, this is the US government. There are several domain names at this level, and each country has top-level domain. For example, Canada's .CA TLD, and is used in combination with TLD Kingdom .uk. A method of fixing the domain organization, referred to as the Internet Corporation for Assigned Names and Numbers (ICANN), occasionally adds a new top-level domain.

Second-Level Domain

Appeared before the domain name portion of the secondary domain name TLDs. An example of two domain names in the field of Microsoft www.microsoft.com. That second domain name registration organization to control them. Anyone can sign up for a two Internet domain name registration services. Many second- level domain only rules What kind of individual or organization can register a domain name. For example, only non-profit organizations

Use .ORG.

Subdomain
Subdomain before the second and top- level domain. An example WWW subdomain domain name is www.google.com . Subdomain DNS servers specified the second level of the DNS server to save the organization.
Fully Qualified Domain Name
Fully qualified domain name (FQDN) is a computer specific DNS name Subdomains and root domain name. For example, if the computer is designated as server 1 Thesales.south.contoso.com FQDN of domain computers server1.sales.south.cambodia.com.

What Are Dynamic Updates of DNS Record?

DNS dynamic update in real time. Dynamic updates are essential DNS client to change position, because they dynamically register and update their Resource record, without human intervention. Dynamic Host Configuration

Protocol (DHCP) Client Service Executive Registration, regardless of the client's IP Address was obtained from a DHCP server, or fixed. Registration took place during the following event:

• When the client starts, and DHCP Customer service is started

• When an IP address configuration, add or change any network connection

• When the administrator runs the command -line command ipconfig / registerdns or execution Registered Windows PowerShell cmdlets, DNSClient

Managing DNS Zones and Zone Transfers

What Are DNS Zone Types?
   There are four DNS zone types:
   • Primary
   • Secondary
   • Stub
   • Active Directory–integrated
Primary Zone

The main area is a place where DNS server is the host and masters this source of information about the area. In addition, storing DNS server a master copy Any data files or AD DS in the local area. When the primary DNS server zone file at the storage file , by default named zone_name.dns , And is located in % WINDIR % \ System32 \ DNS folder on the server . When the area is not stored in AD he DS, which is a unique copy of the database writable DNS server.

Secondary Zone

Second place was a place where DNS server host, but for the second resource Information Area. You need to get information about it from another remote server for the zone also bringing the DNS server for the zone. This DNS server must have network access to remote DNS servers receiving updated information area. Because a secondary zone is a copy of another major area Server host secondary zones cannot be stored in AD DS. If you have a second zone may be useful Copy data from non -Windows DNS zone.


     Stub Zone

A stub zone is a zone that contains only those resource records replica it is necessary to identify the authoritative DNS server for the zone. Stub zone to resolve a single name DNS namespace, when a corporate merger requires that the DNS server may be required Customer Name two separate DNS namespaces resolve two namespace.
A stub zone consists of the following components:
• Delegate places SOA resource record, NS resource records, and a resource records.
• You can use the IP address to update the stub zone one or more master servers.
Master server stub zone is a child of one or more authoritative DNS server’s zone.
It is usually delegated domain DNS server hosting the primary zone.
     Active Directory–Integrated Zone
If AD DS stores the zone data, then DNS can use the multimaster replication model to replicate
the primary zone data. This enables you to edit zone data on more than one DNS server simultaneously.

Tuesday, February 23, 2016

How to Install the DNS Server Role

Is not installed on the DNS server role by default, in Windows Server 2012. Instead, you must be in the role -based way, when you add Configure the server to perform the role. You add to install the DNS server role by using Roles and Features Wizard in Server Manager. You can also add a DNS server role When the server in a domain Controller. Do it from the domain Controller Options page in Active Directory Domain Services Installation Wizard. Once you install the DNS server role DNS Manager snap -in is available to add to your management console. Add a snap Automatic Server Manager console and the DNS Manager console. You can run DNS Start by typing dnsmgmt.msc case manager.

What Is DNS Forwarding?

Repeater is a network of DNS servers forwarding external name query DNS server outside their network. You too you can create and use conditional forwarders Forward queries according to specific areas Name.

When you specify a DNS network Server as a forwarder, and then the other DNS servers Discover them on the network forward it cannot be solved locally to the server. By using a Repeater can manage name resolution your name outside the network, such as name Online.

This improves network name resolution for your computer's efficiency. Transponder located on the Internet should be able to communicate with the DNS server. It this means that either configured to forward the request to another DNS server, or configure it to use the root Tips for communication.

Conditional Forwarder

A conditional forwarder is based on the network to send DNS queries a DNS server Queried DNS domain name. For example , you can configure a DNS server forward all queries it Receive an IP address is used to end corp.contoso.com specific DNS server name or IP Multiple DNS server address . When you are in more than one DNS namespace can be useful Forest.

Conditional forwarding In Windows Server 2008 R2 and Windows Server 2012

The conditional forwarding configuration it was moved to the node in the DNS console. You can copy this information to other DNS servers Integrated DNS with Active Directory.

What Are Root Hints?

Root hints are a list of 13 FQDN Your DNS server, whether it is on the Internet Unable to resolve the DNS query or by using its Own zone data , DNS forwarding, or their Cache . Root hints listed in the highest server DNS hierarchy, and can provide DNS server information needed Iterative query execution to the next lowest DNS name space layer.

Root servers are automatically installed when you install the DNS role. They are copied From Cache.dns file is included in said DNS role installed files. You can also add the root Tip DNS server to support non- contiguous domain in the forest to find.

How a Client Resolves a Name?

Windows Operating System Support A number of different methods for solving Computer name, such as DNS, WINS and Host name resolution process.

DNS: As previously discussed, DNS it is used to resolve host names to IP standard Microsoft Address. For more information about DNS, see what lesson back in the second theme DNS.

WINS: WINS provides a centralized database for Register a dynamic network mapping NetBIOS names. Windows operating system support maintenance WINS to provide backward compatibility.

You can resolve NetBIOS names by using:

§ Broadcast Message: Broadcast news, however, does not work well on large networks Because routers do not propagate broadcasts. All files on your computer

§ LMHOSTS file: NetBIOS name resolution using the LMHOSTS file is a High maintenance solution, because you have to manually maintain all documents Computer.

All files on the computer

§ Host file: Similar LMHOSTS file, you can also use a host file NetBIOS name resolution. This file is also stored locally on each machine, and it is used for the name is mapped to a fixed IP address, local network segment.

Host Name Resolution Process

When specifying an application 's host name , and use the Windows Sockets , TCP / IP to use DNS resolver cache, and when trying to resolve host names . Host file is loaded into the DNS Resolver cache. If NetBIOS is enabled by TCP / IP, TCP / IP also uses NetBIOS name resolution methods when resolving host names. 
Through the window to perform the following tasks in particular operating system to resolve the hostname order:
1. Checking whether the host name is the same as the local host name.
2. Searching the DNS resolver cache. In the DNS client resolver cache, entries from hosts file are preloaded.
3. Sending a DNS request to its configured DNS servers.
4. Searching the network using LLMNR, if it is enabled.
5. Converting the host name to a NetBIOS name and checking the local NetBIOS name cache.
6. Contacting the host’s configured WINS servers.
7. Broadcasting as many as three NetBIOS name query request messages on the subnet that isattached directly.
8. Searching the Lmhosts file.