Domain Controller roles
Ili FSMO roles (Flexible Single Master Operation), mogu se preneti na bilo koj DC u domenu.
* Schema master – DC responsible for performing updates to the directory schema
* Domain naming master – This DC is the only one that can add or remove a domain from the directory
* RID master – the single DC responsible for processing RID Pool requests from all DCs within a given domain. RID – relative ID vezan za dati server, i svaki server ima dozvoljenu količinu RID-ova. Kada mu ponestane, traži još od RID master DC servera.
* PDC emulator – necessary to synchronize time in an enterprise. The PDC emulator of a domain is authoritative for the domain. Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
Account lockout is processed on the PDC emulator.
* Infrastructure master – DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC).
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
The global catalog is built and updated automatically by the AD DS replication system.
Groups are characterized by a scope that identifies the extent to which the group is applied in the domain tree or forest. The following three group scopes are defined by AD :
* Universal – Use groups with universal scope to consolidate groups that span domains. Groups with domain local scope help you define and manage access to resources within a single domain.
* Global – groups with global scope are not replicated outside their own domain
* Domain Local – Members of these groups can be assigned permissions only within a domain.
We strongly recommend that you use global groups or universal groups instead of domain local groups when you specify permissions on domain directory objects that are replicated to the global catalog.
Neki cmdlets koji se često javljaju u pitanjima :
* Add-AdPrincipalGroupMembership – Adds a member to one or more Active Directory groups
* Install-AddsDomainController – Installs a domain controller in Active Directory
* Install WindowsFeature – Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2.
* Install AddsDomain – Installs a new Active Directory domain configuration.
* Rename-AdObject – Changes the name of an Active Directory object
* Set-AdAccountControl – Modifies user account control (UAC) values for an Active Directory account.
* Set-AdGroup – Modifies an Active Directory group.
* Set-User – on Exchange 2016, modify user attributes
* Add-NetLbfoTeamMember – Specifies if an account is enabled, Adds a new member (network adapter) to a specified NIC team.
* Send-SmigServerData – Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. The destination server must be in the same subnet as the source server, and the cmdlet Receive-SmigServerData must be run on the destination server at the same time Send-SmigServerData is running on the source server.
* Add-AppxProvisionedPackage – Adds an app package (.appx) that will install for each new user to a Windows image.
* The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
* Virtual machine checkpoints (formerly known as virtual machine snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored. Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.
* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup
* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V: Passthrough disks, iSCSI disks, or Fibre Channel disks.
Storage pools – A collection of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration. Storage Pools use unallocated space
Storage spaces – Virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control.
* All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created.
Za neke ranije mrežne crtice, videti moj raniji post.
You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
You can verify SRV locator resource records by viewing Netlogon.dns.
Edge traversal allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation (NAT) router or firewall.
The legacy network adapters do not support bandwidth management.
When the DHCP role is installed, the firewall rules are automatically added.
If its own IP address is not in the list of authorized DHCP servers (“Allow” filter list) , the DHCP Server service does not complete its startup sequence and automatically shuts down.
netsh.exe is used to configure IPv4 from CLI.
Virtual hard disks are stored as .vhd files. Diskpart is a CLI for creating virtual hard discs.
Thin provisioning – it is a disk type, just-in-time allocation, thin provisioning and trim are enabled by default in Windows Server 2012, thin provisioned Storage Space does not support being clustered. It is a method of optimizing the efficiency with which the available disk space is utilized and the ability to reclaim storage that is no longer needed (also known as trim).
Basic disks – have partitions (primary and extended), supports MBR and GPT, must be NTFS file system
Dynamic disks – enhanced disk type, support RAID, have volumes (which may be on multiple disks), supports MBR and GPT, dynamic disks are not generally used to contain system boot volumes, only on Win 2000 and newer
Disk initialization/partition style :
MBR – the database is contained in the last 1 megabyte (MB) of the disk, up to 4 partitions
GPT – the database is contained in a 1-MB reserved (hidden) partition, partitions may be larger than 2TB, up to 128 partitions
The pass-through disk is a LUN that is connected directly to the controller of a virtual machine, located in the settings of that virtual machine’s virtual hardware. Passthrough disks were designed for the case when you need a large data disk.
Command line commands
* Winrs.exe – This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
* Redircmp.exe – Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
* sc.exe retrieves and sets control information about services.
006 DNS servers option – IP Address of your DNS Server, e.g, 10.10.10.1
015 DNS Domain Name – Specifies the connection-specific DNS domain suffix to be used by the DHCP client.
119 DNS Domain Name – that is for example test.local (your AD domain name)
* The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever
* To be able to fully manage remote servers that run Windows Server 2008 or the R2 Service Pack 1 operating system, you should install the .NET Framework 4 on Server2 first followed by the Windows Management Framework 3.0.
* SAM account name – sAMAccountName — a logon name that supports previous version of Windows.
* From the properties of User1, select Store password using reversible encryption – which is for applications that require user pass for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted.
* Skener spada (za upravljanje) pod “Print and Document Services”
* Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. Starting with the .NET Framework 4.5, WIF has been fully integrated into the .NET Framework.