windows servers and active directory

windows servers and active directory
"..temporary and constantly changing human relationships which never come from the heart"
-Franz Kafka, The Metamorphosis
^verify
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
windows 2008 & AD:
AD data store on a DC: c:\windows\ntds\ntds.dit
ntds and logs should be on seperate volumes
partitioned: schema, configuration, GC, data about objects

domain functional levels:
windows 2000 native, 2003, 2008

forest functional levels:
2003, 2008

launch configuration for a DC:
dcpromo.exe

password:
minimum of 7 characters
must have at least 3 of 4 of these character types: lowercase, uppercase, numeric, symbols

setting NTP source:
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type <NTP>
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags <5>
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer <NTP source IP address,0x1>
net stop w32time
net start w32time
w32tm /resync /rediscover

backing up AD (ntds.dit):
ntdsutil
snapshot
activate instance ntds
create
quit
quit

restoring AD:
ntdsutil

snapshot
list all

utilities:
dcdiag
repadmin /replsummary
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
core server
change admin password - net user administrator *
set IP config - netsh interface ipv4
netsh interface ipv4 set address "Local Area Connection" static IP SM GW 1
netsh interface ipv4 set dnsserver "Local Area Connection" static DNS-Server-IP primary
netsh interface ipv4 set dnsserver "Loca Area Connection" DNS-Server-IP 2 <----secondary DNS server
join domain - netdom join %computername% /domain:domain-name /userd:domain-user passwordd:domain-password
ocsetup.exe - install server roles
oclist.exe - display installed roles
enable remote desktop - cscript c:\windows\system32\scregedit.wsf /AR 0
disable firewall - netsh firewall set opmode disable
timedate.cpl - change time settings
shutdown -r -t 0 - restart computer

updates:
check automatic updates status - cscript scregedit.wsf /au /v
enable automatic updates - cscript scregedit.wsf /au 4
disable automatic updates - cscript scregedit.wsf /au 1

activation:
cscript slmgr.vbs -ipk MAK
cscript slmgr.vbs -ato

dhcp:
ocsetup.exe DHCPServerCore
sc config dhcpserver start= auto
net start dhcpserver
netsh dhcp add server serverDNSname serverIP (authorize server in AD)
netsh dhcp delete server serverDNSname serverIP (unauthorize server in AD)
netsh dhcp show server (list authorized servers for current domain)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
dhcp export from win2000
net stop dhcpserver
cd c:\winnt\system32\dhcp
jetpack dhcp.mdb temp.mdb
run dhcpexim to export database (all scopes)
on 2003: netsh dhcp server import c:\dhcpdb.txt all
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test smtp connectivity
telnet smtpserver 25
mail from:email@address.com
rcpt to:email@address.com
data
subject: test
[enter][enter]
body message
[enter] . [enter]
quit
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
disks
extending a volume
diskpart
select volume 1 (or other #)
extend
exit

basic/dynamic disk info + mirroring
quick dismount is needed to convert a basic disk to dynamic
a disk mirrored to a larger disk will leave the excess space unallocated
both disks must be dynamic for mirroring
removing a mirror deletes one whole volume
breaking a mirror leaves two seperate volumes(copies)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
administratively access remote computers local disk
\\hostname or ip address\c$
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
shares/permissions
set shares to full control, remove everyone and set to authenticated users.
set granular permissions via NTFS permissions.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
win2003 specific
system reqs:
133mhz/550mhz
128MB/256MB+
HDD 3GB

domain functional levels:
windows 2000 mixed (default) - 2k, nt4, 2k3
windows 2000 native - 2k, 2k3
windows 2003 interim - 2k3, nt4
windows 2003 - 2k3
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
local workstation log-on process:
winlogon credentials -> LSA (local security authority)
LSA checks with the SAM (security accounts manager)
LSA creates access token, passes it to winlogon
winlogon completes logon process with newly created token

domain log-on process (slightly different):
local workstation winlogon -> LSA -> local netlogon
passes on...
domain controller netlogon -> domain controller's SAM, SAM checks with directory database
SAM -> DC netlogon .... back to workstation

and so on.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
computer name/workgroup name cannot be more than 15 characters, cannot contain the following characters . , @ / \ # <space>
default workgroup is: WORKGROUP
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
hosts file: %windir%\system32\drivers\etc\hosts
lmhosts file: %windir%\system32\drivers\etc\lmhosts, a sample file is located there as lmhosts.sam
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
disabling NetBIOS howto - here
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
mmc shortcuts:
devmgmt.msc
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
commands:
nbtstat - with switches lists various NetBIOS over TCP/IP information
nbtstat -A <ip address> (lists remote machine's name table)
nbtstat -c (cache - lists NBT's cache of remote names and IP addresses):
Wireless Network Connection:
Node IpAddress: [192.168.1.31] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    STORAGE        <20> UNIQUE          192.168.1.10        575

net view (list workgroup computers)
net view \\computername (list shared resources on that computer)

Server Name            Remark

-------------------------------------------------------------------------------
\\EMOBILE
\\STORAGE              120gb mirror
The command completed successfully.

tracert (windows version of traceroute)
example:

C:\WINDOWS\system32>tracert google.com

Tracing route to google.com [64.233.187.99]
over a maximum of 30 hops:

1     1 ms     1 ms     1 ms router [192.168.1.1]
2    39 ms    32 ms    33 ms 64-193-0-2.dtb.clearwire-dns.net [64.193.0.2]
3    26 ms    50 ms    29 ms tampfl1wcx1-pos12-2.wcg.net [65.77.96.109]
4    72 ms    41 ms    45 ms btrgla1wce010-pos4-0-wcg.net [64.200.210.246]
5    49 ms    54 ms    53 ms hstntx1wcx3-pos10-0-oc48.wcg.net [64.200.210.53]
6    57 ms    58 ms    54 ms dllstx1wcx3-pos14-0-oc192.wcg.net [64.200.210.65]
7    62 ms    66 ms    66 ms 64.200.249.130
8   104 ms    58 ms    58 ms te-4-2.car2.Dallas1.Level3.net [4.68.110.13]
9    51 ms    58 ms    58 ms ae-1-51.bbr1.Dallas1.Level3.net [4.68.122.1]
10    71 ms    74 ms    75 ms as-1-0.bbr1.Atlanta1.Level3.net [209.247.9.101]
11    74 ms    74 ms    75 ms ae-11-55.car1.Atlanta1.Level3.net [4.68.103.130]
12    75 ms    74 ms    83 ms 4.78.208.114
13    68 ms    74 ms    75 ms 72.14.239.21
14    86 ms    74 ms    75 ms 216.239.49.226
15    74 ms    74 ms    84 ms 64.233.187.99

Trace complete.

ipconfig
C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : emobile
        Primary Dns Suffix . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix . :
        Description . . . . . . . . . . . : Dell Wireless 1350 WLAN Mini-PCI Card
        Physical Address. . . . . . . . . : 00-0B-7D-0A-B1-10
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.31
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 64.193.0.5
        Lease Obtained. . . . . . . . . . : Sunday, May 14, 2006 6:02:36 PM
        Lease Expires . . . . . . . . . . : Monday, May 15, 2006 6:02:36 PM

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
security templates:
located in c:\winnt\security\templates

basic
basicdc - standard domain controller
basicsv - standard file and print server
basicwk - standard workstation

higher security
securedc - secure domain controller
securews - secure workstation/server

highest security
hisecdc - high security domain controller
hisecws - high security workstation/server

misc
ocfiless - secure optional components for servers
ocfilesw - secure optional components for workstations
setup security - default security configuration

some local security settings of note:
computer configuration->windows settings->local policies->security options
"Do not display last user name"