Free
HOME OVER VIEW TUTORIALS TESTS BOOKS CONTACT US  
   
Google
 
Windows Tips
ACTIVE DIRECTORY
TCP / IP
SECURITY
RECOVERY
SYSTEM CONFIGURATIONS
PRINTING
NETWORK
RAID
RAS
SERVICE PACKS


Windows XP : Windows 2003 : Windows 2000
 

Active Directory
What is the Global Catalog?

The Global Catalog (GC) contains an entry for every object in an enterprise forest but only a few properties for each object. An entire forest shares a GC, with multiple servers holding copies. You can perform an enterprisewide forest search only on the properties in the GC, whereas you can search for any property in a user’s domain tree. Only Directory Services (DSs) or domain controllers (DCs) can hold a copy of the GC.

Configuring an excessive number of GCs in a domain wastes network bandwidth during replication. One GC server per domain in each physical location is sufficient. Windows NT sets servers as GCs as necessary, so you don’t need to configure additional GCs unless you notice slow query response times.

Because full searches involve querying the whole domain tree rather than the GC, grouping the enterprise into one tree will improve your searches. Thus, you can search for items not in the GC.

What is the schema?

The schema is a blueprint of all the objects in a domain. When you create a new forest, a default schema contains definitions for users, computers, and domains. Because you can’t have multiple definitions of an object, you can have only one schema per domain.

The file schema.ini contains the default schema’s definition, as well as the initial structure for the file ntds.dit (which stores directory data). The %systemroot%\ntds directory contains the file schema.ini. The file is in plain ASCII format so that you can type it.

What is the Windows 2000 Active Directory (AD) Migration Tool (ADMT)?

The Win2K ADMT can help you migrate from Windows NT 4.0 domains to Win2K Active Directory (AD). The tool identifies possible problems before you start the migration. After migration, ADMT helps you consolidate domains, convert NT resource domains to organizational units (OUs), simplify trusts, and do many other wizard-based tasks.

What's Rendom.exe?

Windows 2000 domains, trees, and forests have several limitations, the biggest of which are

  • You can't change the DNS or NetBIOS name of a domain
  • You can't move a domain within a tree or forest

Windows Server 2003 will include a new utility named Rendom that will address many of these limitations. For example, rendom.exe will let you change both the DNS and NetBIOS name and move domains within the forest.

The tool operates in a 3-stage process:

  1. The /list switch creates an XML file with the current forest structure.
  2. The /prepare switch edits the XML file to the desired structure, then runs the file on each domain controller (DC) to ensure the DCs are ready.
  3. The /upload switch uploads the new structure.

To use the utility, you must ensure that all DCs in the forest are running Windows 2003 and that the forest functionality mode is at least Windows .NET. Additional information about Rendom is available at the Microsoft Web site.

Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?

When you attempt to use the Active Directory Users and
Computers snap-in, Active Directory Sites and Services snap-in,
or Active Directory Domains and Trusts snap-in, you might receive
one of the following errors:

  • "Naming information cannot be located because: Logon attempt failed.
    Contact your system administrator to verify that your domain is properly
    configured and is currently online."
  • "The configuration information describing this enterprise is not available.
    The logon attempt failed."

These errors can occur if your security settings have been corrupted.
To repair these settings, perform the following steps:

  1. Start a command session--go to Start, Run and type cmd
  2. Enter the commands secedit /configure /cfg %systemroot%\repair\secsetup.inf /db secsetup.sdb and
    secedit /configure /cfg %systemroot%\repair\secdc.inf /db secdc.sdb
  3. Close the command session.

The commands can take in excess of 10 minutes to process, so be patient.
If you receive the following warning about a task that the system couldn't
complete, you can safely ignore the warning:

"Task is completed. Some files in the configuration are not found on this system so
security cannot be set/queried. It's ok to ignore. See log %windir%\security\logs\scesrv.log for detail info."

  2    3    4    5    6    7    8    9    10    11    12    13    14   [>>]

Contact Us | Bookmark This Page | Make Your Home Page