karthik's blog

. Active Directory (AD) uses DNS as its locator service to support the various types of services that AD offers, such as Global Catalog (GC), Kerberos, and Lightweight Directory Access Protocol (LDAP). Other non-Microsoft services can be advertised in the DNS, including--but not restricted to--non-Microsoft implementations of LDAP and GC. However, sometimes clients might need to contact a Microsoft-hosted service. For that reason, each domain in DNS has an _msdcs subdomain that hosts only DNS SRV records that are registered by Microsoft-based services. The Netlogon process dynamically creates these records on each domain controller (DC). The _msdcs subdomain also includes the globally unique identifier (GUID) for all domains in the forest and a list of GC servers. If you install a new forest on a system that runs Windows Server 2003 and let the Dcpromo wizard configure DNS, Dcpromo will actually create a separate zone called _msdcs.&ltforest name&gt on the DNS s

All of the objects in the Active Directory forest are represented in the Directory Tree. A Directory Tree is a hierarchy of objects and containers in a directory that can be viewed graphically as an upside-down tree, with the root object at the top. A tree shows how objects are connected in terms of the path from one object to another. The Directory Tree of Active Directory tree is partitioned to allow sections to be distributed (replicated) to domain controllers in different domains within the forest. Each domain controller stores a copy of a specific part of the directory tree, called a “Naming Context” also know as Directory Partition. “Naming Context” is replicated as a unit to other domain controllers in the forest that contain a replica of the same sub tree. A “Naming Context” is also called a Directory Partition. In Active Directory, a single server always holds at least three naming contexts: Schema Naming Context Sche

OU are logical containers in a domain. They can contain users group, computers and other OUs, but only from home domain. you cant put gloal groups or computers from other domains into your domains OU An OU is a container , but not just as container like the users container in DSA.MSC. you can delegate control of container , ut you cant apply group policy to one. How are OU different from groups? a user can e a member of many groups but can only e in one OU at a time. Like groups OU can contain other OU. Groupname appear in ACL (Access control list) but not OU

What’s New in Windows Server 2008 Active Directory Domain Services? Active Directory Domain Services in Windows Server 2008 provides a number of enhancements over previous versions, including these: Auditing —AD DS auditing has been enhanced significantly in Windows Server 2008. The enhancements provide more granular auditing capabilities through four new auditing categories: Directory Services Access, Directory Services Changes, Directory Services Replication, and Detailed Directory Services Replication. Additionally, auditing now provides the capability to log old and new values of an attribute when a successful change is made to that attribute. Fine-Grained Password Policies —AD DS in Windows Server 2008 now provides the capability to create different password and account lockout policies for different sets of users in a domain. User and group password and account lockout policies are defined and applied via a Password Setting Object (PSO). A PSO has attributes for all

The debugging information can be written to different file formats (also known as memory dump files) when your computer stops unexpectedly because of a Stop error (also known as a "blue screen," system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file. Windows can generate any one of the following memory dump file types: Complete memory dump Kernel memory dump Small memory dump (64 KB) Complete memory dump A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected. If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB). If a second problem occurs and another complete memory dump (or kernel memory dump) file is c

Windows includes a registry-activated logging service to help diagnose Windows Installer issues. This article describes how to enable this logging service. Windows Installer can use logging to help assist in troubleshooting issues with installing software packages. This logging is enabled by adding keys and values to the registry. After the entries have been added and enabled, you can retry the problem installation and Windows Installer will track the progress and post it to the Temp folder. The new log's file name is random, but begins with the letters "Msi" and end with a .log extension. To locate the Temp folder location, type the following line at a command prompt: cd %temp%  Let me fix it myself Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added prote

ADSI Edit (adsiedit.msc) Updated: March 19, 2010 Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2 Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. This topic includes the following sections: Installing ADSI Edit Using ADSI Edit

WMI filtering using GPMC Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 WMI filtering Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer. When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied (except if the client computer is running Windows 2000, in which case the filter is ignored and the GPO is always applied). If the WMI filter evaluates to true, the GPO is applied. WMI makes data about a target computer available for administrative use. Such data can include hardware and software inventory, settings, and configuration information. For example, WMI exposes hardware configuration data such as CPU, memory, disk space, and manufactur

A  hive  is a logical group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. Each time a new user logs on to a computer, a new hive is created for that user with a separate file for the user profile. This is called the  user profile hive . A user's hive contains specific registry information pertaining to the user's application settings, desktop, environment, network connections, and printers. User profile hives are located under the  HKEY_USERS  key. Registry files have the following two formats: standard and latest. The standard format is the only format supported by Windows 2000. It is also supported by later versions of Windows for backward compatibility. The latest format is supported starting with Windows XP. On versions of Windows that support the latest format, the following hives still use the standard format:  HKEY_CURRENT_USER ,  HKEY_LOCAL_MACHINE\SAM , HKEY_LOCAL_MACHINE\Security , and  HKEY_USE