starclick

Thursday, 28 November 2013

FSMO
------
flexible single master operations:
All DC can update user db. There is one master domain master, that can operated certian operations. five such operations are
1. schema master (forest role)
2. domain naming master(forest role)
3. RID master(domain role-present in each domain)
4. Infrastructure master(domain role-present in each domain)
5. PDC Emulator(domain role-present in each domain)
1. Schema master  control updates and notifications ( like username group passwords) is the domain controler(dc) that has updated copy of schema(db defination-define how the databse is designed. for example user has UName, UPassword). All other dc are read only. BUT schema master is RW(Read Write). For installing exchange we need eccess to schema master, as exchange will change schema. By default the first dc is schema and domain naming master.
user accounts -stores - user phone no,add,email id etc

computer accounts - stores - computer accounts and groups ,computer name, domain name


2. Domain Naming Master: it checks the domain name configurations, just to make sure that domain names are unique and valid.
3. RID master(Relative Identifier Master): it allocated a pool of mutually exclisive identifier to each dc. Security is based on RID
4. Infrastructure master: is used for intr domain operations to ensure consistency in env, when obj are renamed or when they are moved. its work along with global catolog(gc). Thats why if Infr Master ang gc are on the same server, then infr Master role is switched off, because they performs same role

5. PDC Emulator: ensures that the backward compatibilty is there for BDC(backup domain controler). When we upgrade DC of WinNT to Win2003, then PDC Emulator will provide support

What are the FSMO Roles?

I will talk more about the specific functions of the FSMO roles in the next article in this series. I do however want to quickly mention what these roles are. As you may recall, I mentioned that there are three domain specific roles, and two forest specific roles.
The domain specific roles include the Relative identifier, the Primary Domain Controller Emulator, and the Infrastructure Master. Forest level roles include the Schema Master and the Domain Naming master. Below is a brief description of what these roles do:
Schema Master: maintains the authoritative copy of the Active Directory database schema.
Domain Naming Master: maintains the list of domains within the forest.
Relative Identifier Master: responsible for ensuring that every Active Directory object at a domain receives a unique security identifier.
Primary Domain Controller Emulator: acts as the Primary Domain Controller in domains containing domain controllers running Windows NT.
Infrastructure Master: the Infrastructure Master is responsible for updating an object’s security identifier and distinguished name in a cross domain object reference.

Thursday, 21 November 2013

A Beginner's Guide to DNS 

Since I started a thread on Managed DNS, I figured it would be nice to do a complementary guide to DNS.

So, here is my Starter Guide to DNS (v0.1). It's not all inclussive, so if you think theres something to add... please add it.

Some Definitions

A Domain Name is a human language representation of an IP address.

An IP Address is what every computer on the internet uses to address itself to the other computers on the the Internet (using the network protocol called TCP/IP. IP (v4) Addresses look like 123.123.123.12

When someone types in a domain name like www.domain.com, their browser communicates with a series of root domain name server that act as a dictionary and provides the IP address associated with that domain name. Then the browser can use that IP to communicate to the server that the website is hosted on.


                                               


TLD (or Top Level Domain) is the last part of a domain name... the com, net, org, two letter county domains, and the several other TLDs out there.

SLD (or Second Level Domain) is the most human readable part of the domain name. In a domain name like www.domain.com, domain is the SLD. An SLD can have any alphanumeric character in it (a-z, 0-9), dash or minus ( - ), and underscore ( _ ). But it cannot have spaces between characters.

Sub-Domain (also called third level domains) are technically called Canonical Domains (or CNAMEs) for short. Sub-Domains are like having an extra domain name and can be almost anything you like. In a domain name like subdomain.domain.com, subdomain is the sub-domain.                                                       It works the same as a regular domain name.

A-Records (or Address Record) is the basic and most important DNS record. A-records point to an IP address. Your short domain name (without the www), NS, and FTP should have A-records. Subdomains sometimes have A-Records too. A-records can point to any IP-address.

CNAME-Records (or Canonical Domains) include subdomains and Aliases, CNAMEs are used to point to a domain name or to a file in a domain. However, CNAMEs should always point to an A-record, not another CNAME. It is a common practice to create a CNAME for www and for subdomains that are actually hosted by your domain. CNAMES can also be used as temporary aliases to point your domain to another domain.

Note: when pointing a CNAME, always put a period after the domain (ie: ftp -> CNAME -> domain.com.)

MX-Records (or Mail Exchange) point to the name of an email server and holds a preference number for that server. MX-records must point to an A-record or in some situations an IP-address.


Example DNS Record:


Code:
Host Name          IP Address/URL          Record Type 

@                  123.123.123.12          A-Record
www                domain.com.             CNAME

ftp                123.123.123.12          A-Record
mail               123.123.123.12          A-Record
ns1                123.123.123.12          A-Record
ns2                123.123.123.13          A-Record
subdomain1         domain.com.             CNAME
subdomain2         domain.com.             CNAME     

MX-Record: mail -> domain.com. -| Preference = 10     


@ is short domain (domain.com)
Put period after domain name

DNS Record Types

Most of the time, when someone talks about a DNS record, they are referring to the simple "directory enquiries" way of mapping a computer's name to its IP address, but this isn't always the case. The DNS can be used to find out other information as well by using different DNS record types.

Common DNS Record Types

  • NS – specifies which are the DNS servers for your domain;
  • A – specifies IP addresses corresponding to your domain and its subdomains;
  • MX – specifies where the emails for your domain should be delivered;
  • CNAME – specifies redirects from your domain’s subdomains to other domains / subdomains;
  • SPF – Sender Policy Framework (SPF)
A
An A record translates a computer's name to its IP address. Sometimes it may translate to multiple IP addresses when there are many computers perfoming the same role.
gondolin.org.uk A 173.254.28.64
AAAA
An AAAA is the IPv6 version of a A record. This is the future. For now, almost everyone still uses IPv4, so you won't see this much.
Techy note [+]
archive.ubuntu.com AAAA 2001:67c:1360:8c01::1a
PTR
A PTR record translates a computer's IP address to its name. In many cases the A record and PTR record for any machine on the Internet will match (just lookup one to find the other). In practice, the PTR record is often forgotten (which can cause occasional problems) or gives the name of the host computer (in cases where multiple services live on the same computer, as in the example below).
Techy note [+]
173.254.28.64 PTR just64.justhost.com.
MX
An MX record returns the name of the mail server (or servers - there can be more than one) for a domain. This is mainly used by other mail servers so that they know which machine they should deliver outgoing messages to.
MX, or mail exchange, records describe the machines to contact in order to send mail to a given DNS node
Techy note [+]
ubuntu.com MX 10 mx.canonical.com

                 
norbert.dept1.cornell.edu86400A128.253.180.254
norbert.dept1.cornell.edu86400MX10mailhost.dept1.cornell.edu
          
          norbert.dept1.cornell.edu86400MX20mailhost2.dept1.cornell.edu

          norbert.dept1.cornell.edu86400MX30mailhost3.dept1.cornell.edu
NS
This returns the names of the name servers for a domain. Most of the time there should be more than one of these. It is this that allows one name server to refer you to another when needed (e.g. looking up details in a subdomain)
ubuntu.com NS ns1.canonical.com
ubuntu.com NS ns2.canonical.com
TXT
The TXT record stores general-purpose text. Originally this was used for descriptions and other helpful information, but nowadays it is also used to store information for specific services (e.g. the SPF email anti-fraud system) 
slashdot.com TXT "SourceForge, Inc."
 
CNAME
A CNAME record provides a way to give an alias to a host name, typically used to give friendly names for computers with hard-to-remember ones or to provide service names (like "mail" or "www")
www.gondolin.org.uk CNAME gondolin.org.uk
SOA
                 
                  The SOA resource record is always the first record in a DNS zone. Set the Primary Server to your primary nameserver
This one is a bit special and not something many people really need to worry about. SOA stands for "start of authority" and it exists in every single Internet domain, providing information used by other name servers to ensure they carry up to date information about the zones they manage.
Techy note [+]
gondolin.org.uk SOA ns1.pipedns.com. root.cl18.justhost.com. 2013021101 86400 7200 3600000 300
Just to add an extra level of complexity, most of the above types can have more than one value. For example, an MX record can list multiple mail servers along with a preference value to indicate in which order they should be contacted (try one and if it doesn't answer try the next on the list).

Thursday, 7 November 2013

Private IPv6 address range

Here is a unique private IPv6 address range generated just for you (refresh page to get another one):

Prefix/L:  fd
Global ID:  08b6546a5e
Subnet ID:  c9d1
Combined/CID:  fd08:b654:6a5e:c9d1::/64
IPv6 addresses:  fd08:b654:6a5e:c9d1:xxxx:xxxx:xxxx:xxxx

If you have multiple locations/sites/networks, you should assign each one a different "Subnet ID", but use the same "Global" ID for all of them.

The IPv6 address space is so huge (2128) that everyone should be able to get a public IP address for every device they will ever own. So theoretically it shouldn't be necessary to have private IPv6 addresses like the 192.168.x.x and 10.x.x.x addresses in IPv4.

However until you can actually get an IPv6 address range from your ISP, you may want to use "private" addresses for internal networks and testing etc.
In IPv6 there is a special "Unique Unicast" IP range of fc00::/7 which should be used for this as per RFC4193.
The official definition looks like this:
 
| 7 bits |1|  40 bits   |  16 bits  |          64 bits           |
+--------+-+------------+-----------+----------------------------+
| Prefix |L| Global ID  | Subnet ID |        Interface ID        |
+--------+-+------------+-----------+----------------------------+
In practice such address will always start with "fd" because the 8th (L) bit must be one.
The "Global ID" and "Subnet ID" must be random to ensure uniqueness (which is what this page does).
You are free to assign addresses from the rest (Interface ID).

Wednesday, 6 November 2013

How many users are logged on/connected to a server


Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:
    NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternalsPSTools:
    PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /Cswitch) you'll get a list of logged on users instead of just thenumber of users.

Every Admin Should Know These Commands Active Directory 1.   To quickly list all the groups in your domain, with members, run this c...