PSO is an active directory object created in the ADSI edit that allows for an alternative password policy to be applied to a user or a group.
Fine grained Password policy is achieved through PSO(Password Setting Objects).PSO can only be attached or linked to users or Group not OU.
This is done through ADSI edit .ADSI edit is a low level utility used for editing the Active Directory Database directly rather than using GUI tools
Microsoft Dream works.World Leading Software Provider.
Tuesday, July 12, 2011
Fine Grained password Policy
A feature of server 2008 that allows an override of Domain Password policy requirements.
Fine Grained Password Polices used to exempt users that are part of executive group and also reduce
password complexity requirements and extend expiration date.
To use this feature all your DC should be in 2008 so the domain functional level should be 2008.
Fine Grained Password Polices used to exempt users that are part of executive group and also reduce
password complexity requirements and extend expiration date.
To use this feature all your DC should be in 2008 so the domain functional level should be 2008.
Sunday, July 10, 2011
File Server
SMB:Server Message Block A protocol used for share permissions on a folder can not restrict file level access.(Shared Permissions )
NTFS :New Technology File sytem we can restrict or block inheritance of permissions with NTFS permissions for folders AND Files for really specific control of who gets to do what inside a shared folder.
Step1: GO to File or FOlder
Step2:Properties,Security
Step3:Advanced
Step4:uncheck inheritance permissions
Step: Add your NTFS names and groups you want finish.
Effective permission in Advanced tab will help to check NTFS permission.
SMB Share level permissions work only at the folder level .
NTFS permissions work at the Folder AND at the File Level.
Documents inside the Shared Folder inherit the Permissions (share level or NTFS) unless you stop
the inheritance directly and apply new permissions.
Moving the folder in shared or NTFS permission will raffle all the permissions.
NTFS :New Technology File sytem we can restrict or block inheritance of permissions with NTFS permissions for folders AND Files for really specific control of who gets to do what inside a shared folder.
Step1: GO to File or FOlder
Step2:Properties,Security
Step3:Advanced
Step4:uncheck inheritance permissions
Step: Add your NTFS names and groups you want finish.
Effective permission in Advanced tab will help to check NTFS permission.
SMB Share level permissions work only at the folder level .
NTFS permissions work at the Folder AND at the File Level.
Documents inside the Shared Folder inherit the Permissions (share level or NTFS) unless you stop
the inheritance directly and apply new permissions.
Moving the folder in shared or NTFS permission will raffle all the permissions.
Domain Controller,Namespace & Forest
Domain Controller is a Windows Server Machine that runs Active Directory Domain Services ROle.
Any windows servers which runs AD role is called Active Direcotory Domain Services.
Domain Controller usally has only two roles :Active Directory Domain Services & DNS
Namespace:
Root domain is called Name space which is the primary doamin .
Forest :
All the domains in your enterprise is called a forest.
Any windows servers which runs AD role is called Active Direcotory Domain Services.
Domain Controller usally has only two roles :Active Directory Domain Services & DNS
Namespace:
Root domain is called Name space which is the primary doamin .
Forest :
All the domains in your enterprise is called a forest.
Active Directory
Active Directory is the brain of Windows server Network which contains the database of users,computer
and other resources and helps us to manages them from centralized location and keep track of the changes
and other resources and helps us to manages them from centralized location and keep track of the changes
Monday, July 4, 2011
DC 2003 have the four major partitons that replicate
DC 2003 have the four major partitons that replicate :
1)Schema Partition:replicated among the forests through all the DC's
2)configuration Partition:Domain names and all the configuration structure of the forest
3)Domian Partition for the local doamin:Users,groups created are within the domain only and do not replicate among the forest.
4)Application Directory Partition :Only some 2003 DC's and GC do not at all
Apart from all the above GC replicate a subset of properties for all the directory objects in the forest.
1)Schema Partition:replicated among the forests through all the DC's
2)configuration Partition:Domain names and all the configuration structure of the forest
3)Domian Partition for the local doamin:Users,groups created are within the domain only and do not replicate among the forest.
4)Application Directory Partition :Only some 2003 DC's and GC do not at all
Apart from all the above GC replicate a subset of properties for all the directory objects in the forest.
Schema
Defines the types of objects that can be created within Active Directory and the kind of attributes that each objects can have.
To add Scheme Snapinn :
1)MMC in run and check if the schema snapin is present
2)C:/Admin >regsvr32 schmmgmt.dll
3)go to MMC ->Add/Remove snapinn and add the scheme Snapinn.
To add Scheme Snapinn :
1)MMC in run and check if the schema snapin is present
2)C:/Admin >regsvr32 schmmgmt.dll
3)go to MMC ->Add/Remove snapinn and add the scheme Snapinn.
Universal Group memebership caching
Cuts down the need to Global Catalog servers
Universal Group memebership cache is enaled for site in active directory sites and services .It acts as a cache and it stores group info so that second time a user logins he can use the cache credentials rather than contacting the remote Gobal Catalog server.
Universal Group memebership cache is enaled for site in active directory sites and services .It acts as a cache and it stores group info so that second time a user logins he can use the cache credentials rather than contacting the remote Gobal Catalog server.
Global Catalog Server
GLobal Catlog server:
Special Domain Controllers in Windows 2000 & Server 2003 that store partial Active Directory
object infromation from all the domains in a forest.
GC servers save on bandwidth and result in domain logins and queries becomming more effcient.
When a user first logins in he autheticates with Global Catalog server.
The First GC is automatically installed on the first DC in domain/forest and addtional can be installed
using Active Directory Sites & Services
Special Domain Controllers in Windows 2000 & Server 2003 that store partial Active Directory
object infromation from all the domains in a forest.
GC servers save on bandwidth and result in domain logins and queries becomming more effcient.
When a user first logins in he autheticates with Global Catalog server.
The First GC is automatically installed on the first DC in domain/forest and addtional can be installed
using Active Directory Sites & Services
Cross Forest Trusts
When a Company A merges with company B and want to share the resource like user name,groups and other objects and trust need to established when the two forests and requires all the domian controller to be in WIN 2003 level.
Subscribe to:
Posts (Atom)