How do you view all the GCs in the forest?

DSQUERY server can be used to locate global catalogs

To search the entire forest

dsquery server -forest -isgc

To locate global catalogs in your current (logon) domain

dsquery server -isgc

To locate global catalogs in a specific domain

dsquery server -domain NISHANT.BIZ -isgc

Here, you search for global catalog servers in the tech.cpandl.com domain.

You can also search for global catalog servers by site, but to do this, you must know the full site name, and cannot use wildcards. For example, if you wanted to find all the global catalog servers for Default-First-Site-Name, you would have to type

dsquery server -site Default-First-Site-Name .

The resulting output is a list of DNs for global catalogs, such as

"CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=NISHANT,DC=BIZ"

How to Add or Remove the Global Catalog?

You can use the Active Directory Sites and Services snap-in to add or remove the global catalog.

1. Open Active Directory Sites and Services. (Click Start, click Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. (Active Directory Sites and Services\Sites\SiteName\Servers)
3. In the details pane, right-click NTDS Settings of the selected server object, and then click Properties.
4. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.

What is the Global Catalog?

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest . The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.

Common Global Catalog Scenarios

The following events require a global catalog server:

• Forest-wide searches. The global catalog provides a resource for searching an AD DS forest. Forest-wide searches are identified by the LDAP port that they use. If the search query uses port 3268, the query is sent to a global catalog server.
• User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:
• In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
• When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
• Universal Group Membership Caching : In a forest that has more than one domain, in sites that have domain users but no global catalog server, Universal Group Membership Caching can be used to enable caching of logon credentials so that the global catalog does not have to be contacted for subsequent user logons. This feature eliminates the need to retrieve universal group memberships across a WAN link from a global catalog server in a different site.
• Exchange Address Book lookups . Servers running Microsoft Exchange Server rely on access to the global catalog for address information. Users use global catalog servers to access the global address list (GAL).

How do you view replication properties for AD partitions and DCs?

You can use the Active Directory Replication Status Tool (ADREPLSTATUS) or Repadmin command line tool to view the replication.

How do you create a new application partition?

You can create an application directory partition by using the create nc option in the domain management (partition management in windows 2008) menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of the domain DNS object that indicates the specific application that will use the partition. For example, if the application directory partition will be used to store data for a Microsoft accounting program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the creation of a description.

To create or delete an application directory partition

The sample commands below were written for Windows Server 2008. If you're using Windows 2003, you don’t need to include the ACTIVE INSTANCE NTDS command, and you would use DOMAIN MANAGEMENT instead of PARTITION MANAGEMENT.

ntdsutil: activate instance ntds
Active instance set to "ntds".
ntdsutil: partition management
partition management: connections
Connected to \\server1.contoso.com using credentials of locally logged on user.
server connections: connect to server server1.contoso.com
Disconnecting from \\ server1.contoso.com...
Binding to server1.contoso.com ...
Connected to server1.contoso.com using credentials of locally logged on user.
server connections: quit
partition management: list
Note: Directory partition names with International/Unicode characters will only display correctly if appropriate fonts and language support are loaded Found 5 Naming Context(s)
0 - CN=Configuration,DC= contoso,DC=com
1 - CN=Schema,CN=Configuration,DC= contoso,DC=com
2 - DC=contoso,DC=com
3 - DC=DomainDnsZones,DC=contoso,DC=com
4 - DC=ForestDnsZones,DC=contoso,DC=com
partition management: create nc dc=app1,dc=contoso,dc=com
server1.contoso.com
adding object dc=app1,dc=contoso,dc=com
partition management: list
Note: Directory partition names with International/Unicode characters will only display correctly if appropriate fonts and language support are loaded Found 5 Naming Context(s)
0 - CN=Configuration,DC= contoso,DC=com
1 - CN=Schema,CN=Configuration,DC= contoso,DC=com
2 - DC=contoso,DC=com
3 - DC=DomainDnsZones,DC=contoso,DC=com
4 - DC=ForestDnsZones,DC=contoso,DC=com
5 - DC=app1,DC=contoso,DC=com

Create an application directory partition by using the DnsCmd command

Use the following syntax:

DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps:

1. Click Start, click Run, type cmd, and then click OK.
2. Type the following command, and then press ENTER: dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com

When the application directory partition has been successfully created, the following information appears:

DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully.

Configure an additional domain controller DNS server to host the application directory partition

Configure an additional domain controller that is acting as a DNS server to host the new application directory partition that you created. To do this, use the following syntax with the DnsCmd command:

DnsCmd ServerName /EnlistDirectoryPartition FQDN of partition

To configure the example domain controller that is named DC-2 to host this custom application directory partition, follow these steps:

1. Click Start, click Run, type cmd, and then click OK.
2. Type the following command, and then press ENTER: dnscmd DC-2 /enlistdirectorypartition CustomDNSPartition.contoso.com

DNS Server DC-2 enlisted directory partition: CustomDNSPartition.contoso.com Command completed successfully.

What are application partitions? When do I use them?

An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.

Application directory partitions are usually created by the applications that will use them to store and replicate data. TAPI is an example it. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool.

Application directory partitions can contain any type of object, except security principals. The data in it can be replicated to different domain controllers in a forest (for redundancy, availability, or fault tolerance).

What is Active Directory Naming Context or Directory Partition?

Each domain controller in a domain forest controlled by Active Directory Domain Services includes directory partitions. Directory partitions are also known as naming contexts. A directory partition is a contiguous portion of the overall directory that has independent replication scope and scheduling data. By default, the Active Directory Domain Service for an enterprise contains the following partitions:

1. Schema Partition - One per forest. The schema naming context contains the definitions of all objects that can be instantiated in Active Directory. It also stores the definitions of all attributes that can be a part of objects in Active Directory. Every domain controller has one fully writeable copy of the schema directory partition, although schema updates are allowed only on the domain controller that is the schema operations master.
2. Configuration Partition - One per forest. It stores forest-wide configuration data that is required for the proper functioning of Active Directory as a directory service. The configuration partition contains replication topology and other configuration data that must be replicated throughout the forest. Every domain controller has one fully writeable copy of the configuration directory partition.
3. Domain Partition - One per domain. The domain partition contains the directory objects, such as users and computers, and other objects for that domain. All domain controllers that are joined to the domain share a full writeable copy of the domain directory partition. Additionally, all domain controllers in the forest that host the global catalog also host a partial read-only copy of every other domain naming context in the forest.

Windows Server 2003 introduces the Application Directory Partition, which provides the ability to control the scope of replication and allow the placement of replicas in a manner more suitable for dynamic data.

How to recover a deleted file from SYSVOL folder?

Microsoft Windows 2003 Server domain controllers use the File Replication service (FRS) to automatically replicate data between domain controllers. In Windows 2003 Server, the contents of the Sysvol folder are replicated to all the domain controllers in your organization. The Sysvol folder stores logon scripts, default domain profiles, and system policies. If a change is made to a logon script, a default domain profile, or a system policy, the change is replicated to all the domain controllers. This practice keeps the Sysvol folder content the same in all the domain controllers.

Note You have to stop the NT File Replication Service (NTFRS) service, and then set the startup type for NTFRS to Manual on the domain controller where you want to perform the non-authoritative restore. This prevents the service from starting unintentionally while this operation is performed.

To force a non-authoritative restore of the data in the Sysvol folder on a domain controller, follow these steps.

Start a command prompt. To do this, click Start, click Run, type cmd, and then click OK.

1. At the command prompt, type net stop ntfrs, and then press ENTER.
2. Click Start, click Run, type services.msc, and then click OK.
3. In the Services snap-in, double-click File Replication, click Manual under Startup Type, click Apply, and then click OK.
4. Click Start, click Run, type regedit, and then click OK.
5. Locate and then click the BurFlags value under the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
6. IF the key that is mentioned in step 6 does not exist, create it. To do this, click Edit, click New, click DWORD Value, type BurFlags, and then click OK.
7. In the right pane, right-click BurFlags, click Modify, In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritative restore, and then click OK.
8. Locate and then expand the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Sysvol Seeding\Domain System Volume (Sysvol share)
   Note: If this registry entry does not exist, you must create it.
   
9. On the Edit menu, click New, click String Value, type Replica Set Parent, and then click OK.
10. In the right pane, right-click Replica Set Parent, click Modify, type the name of a domain controller that has the Sysvol data that you want to replicate in the Value data box, and then click OK.
11. Quit Registry Editor.
12. At a command prompt, type net start ntfrs, and then press ENTER.
13. Click Start, click Run, type services.msc, and then click OK.
14. In the Services snap-in, double-click File Replication, click Automatic under Startup Type, click Apply, and then click OK.

What is the SYSVOL folder?

System Volume (SYSVOL) is a shared directory that stores the server copy of the domain public files (Policies and scripts) that must be shared for common access and replication throughout a domain. It must be located in NTFS volume (because junctions are used within the SYSVOL folder structure)

Where is the AD database held? What other files are related to AD?

The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for active directory isntds.dit. Along with this file there are other files also present in this folder. These files are created when you run dcpromo. These are the main files controlling the AD structure

• ntds.dit : This is the main database file for active directory.
• edb.log : Transaction performed to ad stored in this file.
• res1.log : Used as reserve space in the case when drive had low space.
• res2.log : Same as res1.log.
• edb.chk : This file records the transactions committed to ad database.

When a change is made to the AD database, triggering a write operation, AD records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down; all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will use the edb.log file to update the AD database.

The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we've discussed