DNS Server - Self Replication

 DNS Server Self Replicating in Window server 2008 R2 Sever 2012 R2

 

Self Replicating DNS Forwards Problems in window server OS

When we configure DNS forwarders the change you made are write in the computer local registry. The case of conditional forwarders the forwarders setting are not replicate b/w DNS servers. What we configure on one DNS server stays there for ex. You have a physical site with two Domains Name system server where one is configured as a forwarder then in another physical site you have a couple of additional DNS server where one of which is a forwarder . as we found however there is a strange behavior that might happen when you try using multiple DNs Server and this is something that unless you know what is causing it, may  cause quite a few problems

When you are using more than one DNS Server in Active Directory based network it is mostly that your DNS Servers are running on the same machines as your Domain controller. Well for one it makes the life of an Tech person more simple.  Another reason is that when you configure a DNS server on Domain Controller “DC” replicating the DNS Zones becomes a much more robust and secure task much more than if you be hosting the DNS server role on a regular server and Microsoft makes it easy for us to take that path offering us the options of installing the DNS server a part of the DC promotion phase we will get back to that in a moment

Global DNS Forwarding:

If you have a USA site with two or three DNS server that are probably also Domain Controller and you are using a USA based  internet service provider , than it is  most likely that the DNS Server configured to use the USA based ISP DNS server . few month later your organization has acquired a office In UK  and your task is to add their existing network to your company since the acquired company only has around 200 users and runs all their resource locally. Then your organization decide to create a new site in Active Directory and place a DC in that Site you want to also configure It as a DNS Server

So you remote into a server that was created by one of your local IT Person and after some preparation you install the ADDS (Active Directory Directory Services) Role on that server and promote it to become the Domain Controller after some time your are all set up. Then checking Active Directory Replication and other settings and IT person to configure all UK based computers to use the new DNS IP Address as their DNS server IP Configuration. But a few moments later in your organization user lost internet connectivity. What more is that you are hearing complaints about e-mail and browsing in not working, where other internet site is also not working.

Main DNS Server forwarders

Original DNS server forwarders, lists in the new DNS roles: by doing this the server automatically pulled the forwarders list form the Main DNS “Primary DNS Server” Server and it placed these setting in the new DNS Server role. This behavior is by default and cannot be changed . Since it is likely that in the new site you are using different ISP than the USA based ISP the original forwarder settings may not work for you there. The USA based isp will not high respect your DNS Server forwarding request because it doesn’t recognize it a coming form it’s your IP range

What is fault tolerance options are available for Windows DHCP Server

 

DHCP fault tolerance options available in windows Server 2012

Windows DHCP Server support three fault tolerance options. you can install DHCP on a windows fail over cluster set up a split scope DHCP or set up DHCP failover which is a new options introduced in server 2012

Installing DHCP on a windows failover cluster:

you can install DHCP on a two node windows failover cluster so that the second DHCP server takes the DHCP load if the primary DHCP server fail. thsi options uses shared storage and requries additional investment for ensuring storage redundancy

Setting Up DHCP failover:

with the DHCP failover options you can replicate one or more complete HDCP scope to another DHCP Server. to set up you can use the new configure failover option that appers when you right click a DHCP scope in the Server 2012 DHCP management interface in the configure failover configuration screen you can then choose one of the following DHCP failover modes hot standby or load sharing. in hot standby mode the two DHCP servers operate in a failover relationship whereby one active DHCP Server is responsible for leasing Ip configuration data to all clients in a scope or subnet. the secondary DHCP Server accuse this responsibility if the primary DHCP Server becomes unavailable.in the context of a subnet a DHCP Server can assume the primary or secondary role which means that primary DHCP Server in a given subnet can be the secondary DHCP Server in another subnet.

there are two important limitations of DHCP failover:

it is limited to IPV4 configuration data and it can only support two nodes. you can get more information about DHCp failover

Design option for DHCP fault Tolerance 

in load sharing mode the two Servers simultaneously lease Ip configuration date to client on a given subnet. the request are then load balanced and shared between the two Servers.

Setting up a Split Scope DHCP:

split Scope DHCP uses two independent DHCP Servers that share responsibility for the same DHCP scope. one part of the IP Address pool in the DHCP scope is assigned to the primary Server and the other part is assigned to the backup server if client cannot reach the primary server they will get their ip configuration from the secondary Server.

fix network performance problems in Windows Server 2012

Window Server 2012 Operating System is extremely peer network performance. this issue dose not occur on every windows Server deployment but there is no shortage of windows Server 2012 and windows Server 2012 R2 Servers that are impacted by the problem.

we notice the problem shortly after the initial Windows Server 2012. Writing large files to Server Message Block (SMB) network share was very slow. the file copy activity seemed to occur in burst the write process would start out at the expected speed but after begin copying data again bot time out were a big Problem. all both the file copy process would simply fail

Slow and potentially unreliable n/w traffic is a problem that absolutely must be address, some have reportedly been able to fix this problem by switching to a different Network Adapter. However it’s also possible to fix the problem by making some change to you GPO Settings

By Default windows Server 2012, Server 2012 R2 digitally sing Server Message Block packets. Digital signature helps to protect against spoofing bot it is adds some overhead to the traffic stream . you can get rid of this overhead and improve performance by disabling the Server Message Block (SMB) packet signing feature, Keep in mind that disabling (SMB) server message Block signing does reduce security so you should only use to fix this is you are experiencing disruptive performance or reliability problem. TO Disable Server Message Block signing for the computer on in your Domain Network log into a Window Server 2012 , Windows Server 2012 R2 DC (Domain Controller and then open the console Group Policy Management Console “GPMC.Msc” command at the Server Run options. this will help to open the Group Policy management console

Then “Right click on the Default Domain Policy and select the “Edit” command form the Shortcut menu as show below.

In the Group Policy Management Editor to “Computer Configuration” double click on “Windows Setting”   Security Setting > Local policy > Security Option. as show on below,

 

and then “Disable” the “Microsoft network client: Digitally sign communication policy” you will also need to disable the “Domain Member Digitally encrypt or sign secure channel data policy” . as show in below,

Set A custom login Screen Background on Windows 7 Operating System

 

Set logon Screen Background on Windows 7 Operating System

window 7 operating system to change the Welcome Login Screen that appears when you start your Desktop, Laptop or nay Window 7 Machine. you can set any images you like as your Background

Enable the Custom Background Setting :

Background feature is disabled by default so you will have to enable it form the “Registry Editor” you can use the Group Policy editor if you have a Window professional  Edition

Step 1 Go to Start → Run  → type “Regedit” On run command and hit the Enter Key

Step 2 In the Registry Editor

Navigate the following key –

HKEY_Local_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background

 

you will see DWORD value name “OEMBackground” if DWORD is not there then create a new DWORD value with the name “OEMBackground”

double click on the OEMBackgroud Value and set the value 1.

 

Changing the Setting in group policy will it to even when you change your theme but the group policy editor is only available in Window Pro version.

Step 1 go to start → Run  → type “gpedit.msc” and press enter

Step 2 in Group Policy editor wizard following the key

Computer Configuration\Administrative Templates\System\Logon

then you will find a key “Always use custom logon background” Double click on that and select “Enabled” Option and click on apply, OK . and closed all wizard.

Background Image Setting & Size :

your image file size must be less than 256KB.

Backgrounds Image File Location :

 

C:\Windows\System32\oobe\info\backgrounds

in window 7 by default the info an backgrounds folders dose not exist. you need to create folder on it. and copy your Desired image file in the “backgrounds” folder and rename the image file  “backgroundDefault”

 

change will effect immediately, computer not required restart. just try with Window +L then you can see the effect.

Hope it will be helpful for you ..

What is SMB Server Message Block protocol

SMB stands for {Server Message Block} Server Message Block is a network protocol that used by windows based Computers with the same network to share files it allows computers connected to the same networks or domain access files from other local computer a easily as of they were on the computer local hard drive.

SMB (Server Message Block) only does not allow to share files form computer even it is also enables to share printer to computers and serial ports form other computers within the network. for ex. computer connected to a windows network could print a document on printer connected to another computer in a network. same time both machines support to the SMB protocol

In Serve Message Block Protocol was originally developed for windows if can also be used other platforms including Unix, Linux, Mac OS X using a software’s implementation called samba. Using Samba instruction,Windows, Mac Os, Unix and Linux computers can share the sane files folder and printer This is great for those windows based infrastructure. where there is a graphical designer who refuses to use anything but Mac and Technical person who does everything on his Linux System.

What is the GC (Global Catalog)? – Active Directory

Global Catalog :- The Active Directory Catalog Is the central storage information about objects in an Active Directory Forest . Global Catalog is created automatically on the first domain controller in the first Domain in the forest the Domain Controller which is hosting catalog is known as Global Catalog Server. The Global catalog Server stores a full copy of all objects in the Directory for its host Domain and a partial copy of all other DC in the forest GC helps in searching Active Directory Object in the forest more efficiently .

The GC is a Distributed data repository that Is stored in GC Server and issued via-multimaster replication. It basically is composed of an every object in the multi Domain Active Directory forest that can also be searched. The GC is used because searches can be made faster because they don’t need to go through the hassle of involving referrals to different DC. The Global catalog allows finding an object that you wish with out needing the object Domain Name. This is possible because not only does it hold a full writable Domain Directory replica but it is also has partial Read Only replica of all the Active Directory Partitions in the forest. Therefore by being composed of only the most used attributes during searching all objects in every Domain in any small or big forest can be found and represented in the database of one GC server

The Active Directory Global Catalog is responsible for several other important functions of the AD-DS, Such as the below :-

1. Search Capabilities for every object within a forest

2. Login on Validation of universal Group membership.

3. User Principal Name Login validation Through Domain Controller Location.

Function of GC can be compared with a telephone. GC  Store Information like a telephone directory that users can perform queries against to find specific Information

Global Catalog Server used commonly following Network Ports:-

Service Name Port No Protocol

LDAP 3268  Global Catalog TCP

LDAP 3269 Global Catalog SSL TCP

LDAP 389 TCP/UDP

LDAP 636 SSL TCP

DNS 53 TCP/UDP

Kerberos 88 TCP/UDP

SMB Over IP 445 TCP/UDP

RPC/ REPL 135 Endpoint Mapper TCP

How GC “Global Catalog” work?

For Ex. if a user decides to search for all printers with in the forest Network a GC server will process the request submitted by searching through the GC. Then output the result. Had it’s not been for GC Server the user would have had to have searched separately on every forest Domain. When a user tries to  run a certain query for Ex. An interactive domain login the DC (Domain Controller) will authenticate the user by first validating the users  identity and also all group that the user is a part of. This is because the GC is the hold of all membership’s to all groups which mean that access to GC server is necessary to accessing all forests and thus is a requirement for Active Directory Site. This is because then the authenticating DC doesn’t need to transmit queries overs a WAN Network to source information and process task.

What is NTLM and Kerberos? Main Differences between NTLM and Windows Kerberos authentication Protocol.

 

NTLM vs Kerberos Main Differences between NTLM and  Kerberos

NTLM: – NTLM (NT LAN Manager) is a suite authentication and session security protocol used in various Microsoft Network Protocol implementations and supported by NTLM security provider originally used for authentication and negotiation of secure DCE/RPC.  NTLM also used throughout Microsoft systems as an integrated single on mechanism it is probably best recognized as part of the integrated Windows Authentication stack for HTTP Authentication  however, it is also used in Microsoft implementations of SMTP, IMAP. POP3 and all port of the Exchange server

Kerberos :- Kerberos is a secure method for service in a computer network Kerberos was developed in the Athena Project at the MIT (Massachusetts Institute of Technology Kerberos was three headed dog who guarded the gates of hades  The Kerberos lets a user request an encrypted Ticket form an Authentication process that can then be used to request a particular service from a server. User password does not have to pass through in the network.

NTLM is the challenge response based authentication protocol that is the default authentication protocol of The Windows NT. The Backward compatibility reasons Microsoft still support NTLM in authentication provider every Windows Operating System That means the besides a NTLM authentication providers Windows Operating System since windows 2000 are includes a client Kerberos authentication provider. The Kerberos and NTLM in the default authentication protocol of NT or earlier Windows Operating System

NTLM Features:-

Cryptographic Technology :- Symmetric Cryptography

Trusted Third Party :- Domain Controller

Microsoft OS Supported Platforms :- Windows NT, Windows 95, 98 windows 2000, windows Server 2003 or windows vista

Features :-

• Slower authentication Because of pass through authentication

• No Mutual authentication

• No support for delegation of authentication

• No native protocol support for smart card login

• Proprietary Microsoft authentication protocol

Kerberos Features :-

Cryptography Technology :- Basic Kerberos symmetric cryptography. Kerberos PKINIT this is Kerberos sub-protocol that supports smart card login. Symmetric and asymmetric cryptography

Trusted Third Party :- Basic Kerberos DC with Kerberos key Destruction center service Kerberos PKINIT Domain Controller with KDC service and Windows Enterprise certification Authority

Microsoft OS support Platforms:- Windows XP, Windows Server 2003, Server 2008 or above Operating System

Feathers :-

• Faster Authentication, because of unique ticketing system

• Optional Mutual Authentication

• Support for delegation of authentication

• Native Protocol for smart card Login

• Open Standard Protocol

Faster Authentication Protocol :  The Resource server gets Kerberos authentication information in Kerberos speak tickets and authentications form a client the Resources has enough information to authentication the client the NTLM authentication protocol requires resource servers that are not DC to contact a DC to validate a User unique ticketing system. Kerberos Does not need pass though authentication and therefore accelerates the authentication process

Kerberos is an open standard :- Kerberos implementation on the standard defined in request for comments 4120. RFC defines version 5 of the Kerberos protocol. Because the Kerberos is defined in an open standard it can provide SSO (single sing on) login between windows and other Operating System supporting an RFC 4120 based Kerberos implementation.

Support For Authentication Delegation: – A Service can access remote resource on behalf of a user. That delegation really means is that user a can give right to an intermediary machine 1 to authenticate to an application server as if machine 2 to authenticate to an application server

Mutual Authentication :- the Kerberos can support mutual authentication, Mutual authentication means that not only the client authentication to the Services The Services authentication to the client Mutual Authentication is a Kerberos options that the line can request the support for mutual authentications a key difference between Kerberos and NTLM challenge response mechanism only provides client authentication.

 

What Is Read Only Domain Controller (RODC) Windows Server 2008

 

Read Only Domain Controller (RODC) Windows Server 2008

RODC is one of the New features in Windows Server 2008 This new type if DC as its name imples host read only partitions of the Active Directory Database. The RODC Makes it possible for organizations to easily deploy a DC in scenarios where physical security cannot be guaranteed such ad branch office location. Or in scenarios where local storage of all Domain passwords is considered a primary thret such as in an application facing passwords is considered a primary threat such as in an application facing role. When used in conjunction with the Microsoft Windows Server core installation

The Organization that can guarantee the physical security of a branch Domain Controller might also deploy an RODC because of its reduced management requirements that are provided by such feature as Administrator role separation Because RODC administration can be delegated to a Domain user or security group an RODC is well suited for a site that should not have user who is member of Domain Administrator Group. The RODC have the following characteristic:

Read Only AD-Ds Database:-

Except for account password an RODC hold most of the Active Directory object and attributes that a writable DC holds however change cannot be made to the Database that is stored on the Read Only Domain Controller. Change must be made on a writable domain controller and then replicated back to the Read Only Domain Controller. In the local applications that Read access to the directory can obtain access. Lightweight Directory Application protocol application that request write access receive an LDAP referral response. This response directs them to a writable Domain Controller normally in a site.

RODC Filtered Attribute Set :-

The only some attributes are replicated to the RODC, you can dynamically configure a set of attributes called the RODC filtered attribute set so that its attributes are not replicated to an RODC attributes that are define in the RODC filtered attribute set are not allowed to replicate to any RODC in the Forest Domain a malicious user who compromises an RODC can attempt to configure it in such a way that it tries to replicate attributes that are defined in the RODC filtered attributes set if the RODC tries to replication those attributes from a DC that is running Windows Server 2008 the replication request is denied. The security precaution you plan to configure the RODC filtered attribute set when the forest function level is windows server 2008 an RODC that is compromised cannot be exploited in this manner because domain controller that are running windows server 2003 are not allowed in the forest Domain Network

RODC Unidirectional Replication:-

In that no change are written directly to the RODC on change originate at the RODC accordingly writable DC that are replication partners do not have to pull change user the RODC this means that any change or corruption that a malicious user might make at branch that any locations cannot replicate form the RODC to the rest of the forest. This also reduces the workload to bridgehead servers in the hub and the effort required to monitor replication. The RODC unidirectional replication applies to both ADDS and Distributed file system Replication. The RODC performs normal inbound replication for AD-DS and DFS Replication change

RODC Credential Caching :-

The Credential caching is the storage of user or computer credentials including the user password expressed as a number of hashed values. By default the RODC does no store user or computer credentials Exceptions are the computers of the RODC and a special account that each RODS has the you can configure credential caching on the RODC by modifying the password replication policy for the specific DC. For ex.  If we want the RODC to cache the credentials for all users in the branch office who routinely log on the office location yon can add all user accounts for users will be able to login to the Dc even if the WAN connection to writable Domain controller is unavailable. Connection wise you can add all of the Brach office computers account so that these accounts can authenticate to the RODC even when the WAN link is down. In both of the previous scenarios the WAN connection to a writable domain controller must be available during the first logon for the credentials to be cached to the Read Only Domain controller environment.

Administrator Role Separation –RODC:-

Delegate local Administrative permissions for an RODC to any Domain user without granting that user any user right for the Domain or other DC. This permits a local Brach user to log on to an RODC and perform maintenance work on the server such as upgrading a drier however the branch user cannot log on to any other domain controller or perform any other administrative task in the Domain.in this way the ability to effectively manage the RODC in a branch office can be delegated to a branch user without compromising the security of the rest of the DC.

Read Only Domain Naming System (DNS):-

We can install the DNS Server service on an RODC. The RODC is able to replicate all application directory partition that DNS uses including forest DNS Zone and Domain DNS Zone if the DNS server is installed in an RODC client and query it for name resolution as they query any other DNS Server

The DNS server on an RODC does not support client update directory consequently the RODC does not register name server resource records for ant AD integrate zone that it host when a client attempts to update its DNS records against an RODC the DNS server that is provided in the referral in the background. The DNS Server returns a referral the client can attempt the update against the DNS Server on the RODC attempts to replicate the update is only for a single object. The entire list of changed zone or domain data does not get replicated during this special replicate single object request. To enhance security the beach office RODZC needs to register its DC records with a windows server 2008 Domain controller. If the RODC then gets compromised it will not be able to change DNS records and impersonate another DC or to advertise itself to clients

how to Maintain Active Directory- Directory Services

 

Maintain Active Directory- Directory Services

The Maintaining Active Directory is very important task that one must schedule regularly to ensure you can recover your lost or corrupted data and can repair in the AD Database storage engine is the active Directory Database which manage all Active Directory object in the active Directory any of the data modification affects database performance, data integrity and the Data fragmentation  in the active directory database

AD-DS (Active Directory-Directory Services) Log files and Database.

Active Directory Extensible Storage Engine user’s transaction and log file to ensure the integrity of the Ad database. Active Directory (AD) database file and log file are as following:-

NTDS.DIT :-  The NTDS.dit is Active Directory (AD) database which sore the entire active directory (AD) objects on the DC (Domain Controller). The .DIT extension refers to the directory information tree. Ad (Active Directory) database default location is the C:\Windows\NTDS folder or %systemroot%\NTDS folder. AD (Active Directory) records each and every transaction log files that are associated with in the NTDS.DIT file

EDB.CHK :- The edb.chk is a check point file which is use by Active Directory Database engine to track the data which is not yet written to the AD database. The checkpoint file act as a pointer that maintains the status between memory and database file on disk. It indicates the starting point in the log from which the information must be recovered if the failure.

EDB.LOG :- the Edb.log in the transaction file. The each transaction file is approx. 10 MB when edb.log file is full active Directory (AD) renames it is to edbn.log where “n” is an increasing number.

RES1.Log And RES2.Log :- the Reg1.log & Reg2.log are recovered transition log files . There amount of the Disk space that is reserved on a drive or folder for this log is “20 MB” this reserved disk space provides a sufficient space to shout down if all the other disk space is being used

Active Directory-Directory Services Moving Database and Log file :-

For the moving database and log file you move a database to an new location when you defragment the database moving the database does not delete original Database. You can use the use original database if the defragmented database does not work or becomes corrupted. If your disk space is limited you can add another harddisk dire and move the database to it, additionally you move the database files in order to perform hardware maintenance you can move the files to another location temporarily or permanently

Defragmenting the Active Directory (AD) database:

Defragmenting over a period of time fragmentation occurs as records in the AD database are deleted and new records are added when then records are fragmented. The computer must search the AD database to find all the records each time the AD database is opened. The search slows the response time fragmentation also degraded the overall performance of the AD operations.

You defragment the AD database defragmentation is the process of rewriting records in the AD database to contiguous sectors to increase the speed of access and retrieval when the records are updated AD saves these updates on the largest contiguous space in the AD Database

The Difference between ESXi, vSphere, vCenter:-

The VMWARE is Software Company. VMware develops many suite of applications products specially for providing various virtualization solutions VMware has many virtualization software like, Cloud Product, Datacenter Products, and desktop virtualization software’s

ESXi : The ESXi server is the most important part of vSphere. The ESXi, vCenter, vSphere client are the components of vSphere. ESXi is a virtualization server it Is type 1 hypervisor. The All virtual Server, Virual Machine or Guest operating system are installed on ESXi server. To Install Access and Manage those VM which is create and store in ESXi Server, you will need other part of vSphere client or vCenter. Vsphere client allows administrators to connect to ESXi Servers and access or manage virtual Host. vSphere client is installed on the client machine for e g  admin desktop or laptop. The vSphere client is used from client machine to connect to ESXi server and do management tasks.

vCenter : The vCenter is similar to vSphere client but it is  server with more powerful. vCenter server is installed on windows Server or Linux Server Operating system. The VMWARE vCenter server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally vSphere client is used to Access vCenter Server and ultimately manage ESXi Server. vCenter server is compulsory for enterprise to have enterprise features likes e g you can easily clone existing virtual machine in vCenter server so vCenter is nother important part of vSphere package.

vSphere : The vSphere is a software suite that comes under data center product vSphere is like MS office suite packages  which has many  packages  like MS word, MS Excel, MS Power point, MS Access or so on the vSphere is also software Packages that has many software components is vSphere. vSphere is not a particular software that you can install and use it’s just a package name which has other sub components. vSphere is a product suite ESXi is a hypervisor installed on a physical Server. vSphere client installed on the Desktop or laptop and used to access ESXi Server to install and sever is vSphere component which is mostly used in large environment where there are many ESXi server and dozens of VM. The vCenter server is also accessed by vSphere client for management purpose. The vSphere client is used to access ESXi server directly in small environment in larger environment vSphere client is used again to access vCenter server within ultimately manages ESXi Server

Hyper-V Installation steps in Windows Server 2012

To install hyper v in server 2012 open the “Server Manager” console Wizard

In the “Server Manager” Welcome Screen click on “Add Roles and Features” to add features

Now Select Installation type I am going to select “Role-based or feature-based installation” then click next.

Then Select destination Server, here I am going to choose “select a server from the Server pool” and then click on “Next”

Then tick Mark On “Hyper-V” box and click on “Next”

The add roles and features wizard will appear “the following tools are required to manage this feature but do not have to be installed on the same server” then click on “Add Features”

Hyper-V allows you to virtualize your server workloads by running those workloads on virtual machines you can use virtual machine to consolidate multiple workloads on one physical server to improve server availability and to increase efficiency in developing and testing software this to note:-

Before you install this role you should identify which network connections on this server you want to use for setting up virtual switches

After you install hyper-V you can use Hyper-v Manager to create and configure your virtual machine.

Click on next button in above Hyper V windows

Now “Create Virtual Switches” virtual machines required virtual switches to communicate with other computers after you install this role you can create machines and attach them to a virtual switch.

One virtual switch will be created for each network adapter you select. We recommend that you create at least one virtual switch now to provide virtual machine with connectivity to a physical network you can add remove and modify your virtual switches later by using the virtual switch manager

Now select network adapter for virtual switches. Then click “Next” button in virtual live migration windows you can configure live migration it now or later. I will configure later so click on “Next”

Then Hyper-V uses default location to store virtual hard drive files and virtual machine configuration files unless you specify different location when you create the file you can change these default locations now or you can change them later by modifying hyper-v setting. After configuring it click on “Next”

Now you can see the installation information and confirm it by clicking button. Now installation beins after installation completes restart the server now open hyper-V manager from the start Menu to Configure VM

Configure Microsoft Hyper V Virtual Machine with internet connection

The Hyper virtualization is virtualization Technic introduced by Microsoft Hyper V allows you to run multiple operating system on a same physical machine. To configure hyper

You can configure virtual switch for virtual machine before or after creating the virtual machine the process of creating virtual machine in server Hyper V and client Hyper-V is same, it is always better to create virtual switches before configuring the virtual machine. The Virtual switch is a global switch where virtual machine are connected. There are there types of virtual switch

1. External

2. Internal

3. Private

1 External : External switch is used to connected the virtual machines to external network and internet. Host and virtual machine will be on the same network. If Host have multiple network adapters then multiple networks can be configured for virtual machines

2 Internal :  Internal Switch is used to create network connection between virtual machines and the Host only

3 Private : Private switch is used to create network connection between virtual machines only.

Configure Internal connection 

Open the hyper-V management console, on the action panel click on “Virtual Switch Manager” 

Virtual switch manager will open here select “New Virtual network switch” form left corner and then select “External” as type of the virtual switch and click on “Create virtual Switch” box to create virtual switch that binds to physical network adapters so that virtual machines can access a physical network.

Then type the virtual Switch Name in the Name box and select the connect type as a “ External network” then select your physical network interface like Realtek PCIe Family controller

Now install the Virtual machine if you have not I have already installed Windows Server 2012 as virtual machine. Then we have to put this virtual machine on the virtual switch we just created. After the installing VM go to setting of virtual machine. Under the setting virtual machine options setting of server 2012 virtual machine is show below now click network adapter on the left side pane under the Hardware options. Then choose the virtual switch created earlier from the drop down click on “OK” and then again click “OK”

 Migration to AD 2008

The Microsoft is providing a series to grant Migration tools from Microsoft Windows Server 2003 and Windows Server 2008 to Windows Server 2008R2 and not for just AD (Active Directory) Migrations but for all other windows Server migrations,

Physical Server to Physical Server Migration: – The Migration tools can be used to migrate physical servers to new 64 bit physical servers.

Physical Server to Virtual Server Migration:- Same migration tools can be used to migrate physical servers to Virtual server or virtual server to virtual server  running on Microsoft Hyper V or VMware server.

File Server Migration:- Including Migrating Windows Server 2003 filed server file permissions, Directory Structure etc. to windows 2008R2 fileservers

32 Bit OS to 64 Bit OS or 64 bit to 64 bit Migrations:- The Migration tools can migrate both 32 bit os and 86bit os sources to the new Windows server 2008R2 64bit systems

Virtual Hyper-v 2008 to Hyper-v 2008r2 Migration :- the guest sessions of previous Microsoft virtual sessions can be migrated directly to Windows server 2008R2 Hyper-V R2

Active Directory 2003 to Active Directory 2008r2 Migration:- The Migration tools include migration Wizards, tools and migration procedures for migrating to the latest version of AD (Active Directory)

DHCP and DNS Server Migration:- The Migration of utility servers like DNS and DHCP can be migrated to Windows Server 2008r2 with the DHCP migration tools migrating not only DHCP scopes but also DHCP leases.

RRAS Migration:- for organizations that have routing and remote access servers setup in their environment “typically for VPN access but sometimes for site to site VPN” there is a step by step guide along with a series of Migration tools that help organizations migrate from RRAS on Windows Server 2003 and Windows 2008 to RRAS on Windows Server 2008R2.

Certificate of Authority Migration:-  this help you to migrate your certificate Server 2008r2 off a windows server 2003 or windows server 2008 box. to a new windows 2008r3 box yet keep all of your certificate policy configurations etc includes a VB script that assists with the Migration

Print Server Migration :-  tools and a step by step guide is provided to help with the migration of existing of existing print servers running on windows server 2003 and windows server 2008r2 print server including migrating printer definition files configuring new drivers configuring print setting reapplying user and administrative permissions etc.

The tools can be installed on a windows server 2008R2 system from the “Add Features Wizard” in the “Server Manager” as well as new tools as updated tools can be download from the Microsoft Site www.microsoft.com/migrationtools .

 

Migrating to Active Directory Server 2008 R2 :- The Microsoft only provides a migration method from AD (Active Directory) 2003 Native mode and higher to AD (Active Directory) Server 2008R2 you cannot be running AD 200p or in some form of mixed mode in AD ( Active Directory) 2003 to get to Active Directory 2008R2 using the tools from Microsoft server. Also as part of the Migration process is validate the impact of update the AD (Active Directory) schema to the latest 208R2 version. The Most applications are not impacted by an AD schema update or version update of Active Directory as most applications just use a services account at a Domain level that is not impacted by migration of AD.  The applications that are impacted are application that modified the Active Directory schema when the applications that modified the AD schema when the product was installed. The Exchange updates the AD scheme to add in objects to support Email Account addresses and other massaging components.  The office communications server modifies the AD schema to add in an IM (Instant Massaging) address for AD users. SCCM (System Center Management) product typically update the schema center Management products typically update the schema to add schema objects for computers accounts and computers users profile options. Third party products like Exchange mail server or Cisco Voicemail updates the schema to create voicemail box objects

After all the various considerations regarding application and hardware compatibility have been thoroughly validated the most common method of migrating from AD server 2003 or AD Server 2008 to Active Directory Server 2008R2 is to add a new Windows Server 2008R2 server as a member server run “DCPROMO” to make the member server a DC (Domain Controller) and the Process AD (Active Directory) is updated to support AD Server 2008R2. This initial Server installation extends the schema which is the main switch in the migration process and builds up the first Active Directory server 2008R2 DC. Once the first Global catalog Server is in place other global catalog, Domain controller systems in the organizations can be retired with new Active Directory Server 2008R2 Domain controller, GC (global catalog) server systems. The step by step process to add first Active Directory 2008R2 DC (Domain Controller) in the system starts with having a Microsoft Windows Server 2008R2 server added as a Member server of the Domain and then performing the following step for migration process in server 2008R2:-

• Step 1st logon to the new server as an Administrator Account

• Open the “Server Manager” wizard form the start menu

• Go to roles And click on “Add Roles” click next

• Select the Active Directory Domain Services check box then click on next

• Add the .Net Framework 3.5.1 features form the Add Features (The .NET Framework 3.5.1 features are required)

• Click on “install” to install the role this installs the binaries necessary for the Server to become a DC ( Domain Controller)

• Then Click on the Installations Results page. In the server manager wizard expand the Roles and select the “Active Directory Domain Services Node”

• Then In the summary process click on the “RUN the Active Directory Domain Services” installation wizard or you can run “DCPROMO” command for the run command.

• The click on the welcome page and select existing forest option tab.

• Click on the “add a Domain Controller” to an existing Domain option and click on “next”

• Then Enter The name of Domain

• Then Click on “set to specify alternate credentials” to use for the operation

• Type the credentials of a Domain Admin on the target Domain and click ok, then click on continue

• Select the appropriate domain for the new Domain controller and click on “next”

• Then select the site for the Domain and hit on “Next”

• Then Select the “Additional Domain Controller” options and which are the DNS Server and GC (Global Catalog) by Default. The Read Only Domain Controller (RODC) options is not available if this is the first Windows Server 2008r2 Domain Controller in the Domain, then click on “Next”

• Then click on “Yes” if presented with a DNS delegation warning box.

• Select the locations for the database. Log files and SYSVOL file and click on “NeXT”

• Then enter the Directory Services restore mode Administrator password and confirm the Password and click on “Next”

• Then review the summary and click on “next” installation page wizard will create the Domain controller and replicate the Active Directory database. This process will take some time. After that the wizard completes the installation hit on “Finish”

• Then restart the server

The Windows Server 2008R2 is a 64 bit only operating system there is no support to perform an upgrade from a windows server 2003 or Server 2008 32 bit Operating System Domain controller. The typical process is to build and update a windows Server 2008R2 server as a new Domain controller thus replacing 2003 and server 2008 Domain controller with new server 2008r2 systems. As the part update process many organization are choosing to replace physical servers with virtual servers and as such systems are replaced during the AD upgrade process

The Speed of computer of processer is measured in which of the following

The Central Processing Unit (CPU):-

The CPU “Central Processing Unit” and also known as a Processor. A CPU speed or processor speed is the amount of that CPU can perform per second. This is otherwise known as a Hz (Hertz). i.e. one Hertz means that one cycle can be completed in one second. MHz (Megahertz) means that one million cycles can be completed in a second.  The GHz (gigahertz) the most common form of the processor speed means that one billion cycles can be completed per second. Does this mean that 2GHz CPU s twice as fast as a 1GHz CPU “Central Processing Unit”? Not necessarily this depends on how much work each CPU “Central Processing Unit” accomplishes in each clock cycle

A 1 GHz CPU “Central Processing Unit” might very well be faster in practice than the 2 Hz CPU “Central Processing Unit” if it is more efficient or can process more tasks in the Each CPU “Processor” cycle which depends on its architecture. The Modern CPU’s “Processer” typically have multiple core such as “Dual core, Quad Core, Octa Core CPUs”. This multiples the amount of cycles a CPU “Processor” can make per second as each core can perform its cycles in parallel to the other cores. That just one way two CPUs “Processor” both rated at 2 GHz, i.e. can still have different real speeds if one has more core than the other it can do more in less time there are other elements of the CPU “Processor” architecture that factor in its real world speed however

The Cache Memory in CPU “Processor” :-

The Cache enables the CPUs to access recently used information very quickly. The ache significantly affects Processer “CPUs” performance. However cache also represent some difficulties in simple comparison.  Some caches are bigger than others. A L1 cache is 256 KB a typical L2 cache is 1 MB and L3 cache is 8 MB.

Generally speaking the larger the cache the better the system performance boost however this is not always the case. A cache operates at a certain speed just like the Processor “CPU” core some caches operate at the full speed of the processor. While others operate at half that speed of less. The small caches that operates at full speed may be much more useful than a cache that is twice as large but operates at only half the speed of the CPU. Even duplicated in the L2 cache only the CPU that employ exclusive caches will have the full capacity of their L2 caches available

FSB – Front Side BUS:-

A front side Bus is the connection between the CPU and system memory. The front side bus operates at a speed that is a percentage of the CPUs clock speed. The faster speed at which the front side bus allows data transfer the better the Processor performance

The System Memory:-

The RAM “Random Access Memory” has an access speed. Faster RAM means that the Processor has to wait less often for data. This effectively makes the CPU faster. The amount of the system memory maters as well. The more system memory is available more applications can run at the same time requiring less reliance on swapping or the use of hard drive space for virtual memory swapping can seriously affect the performance of the system because hard drive have far lower access speeds then RAM

CPU Overclocking:-

The CPU “Processor” is intended to run safely at a certain clock rate set by the manufacturer if can often support even greater rates and these maximum values are typically published by manufactures for those who would wish to force Processor “CPU” to run faster. This practice is known as overclocking and result in the Processor running even more cycles per second than it is rated for doing more work in less time. This could mean making the CPU rated at 2 GHz run at 2.5GHz instead, i.e. if one processor has a better and more efficient architecture than the other but both run at 2 GHz the one with the better architecture will be faster in practice however if the processor with the worse architecture is overclocked to run on 2.4 GHz. It could possibly make up for or exceed the performance gap

The Overclocking however carries some risks since it typically involves pushing the Processor to operate beyond the rates deemed safe by the manufacture even if the CPU “Processor” can theoretically handle them. It can cause the Processor “CPU” to give off more heat and in the process possibly lower its life span. The more heat can also lead to some instability in its operation. This is way overclocking typically fit better cooling mechanisms on their Processor “CPU” to further help cool the Processor.

Benchmarking:-

The next possible answer for measuring Processor Speed and overall system performance is benchmarking. Unfortunately benchmarks are necessarily flawed a benchmark can only prove how quickly a system runs the benchmark a benchmark cannot show how quickly a system will run a user mix of application in the real world