AD Reading: Active Directory DNS & Name Resolution

The following are extremely useful resources for understanding the Active Directory DNS & Name Resolution.

DNS & Name Resolution

o   DNS Architecture

o   DNS Protocol

o   DNS Physical Structure

o   DNS Processes and Interactions

o   Network Ports Used By DNS

o   Related Information

o   What Is DNS?

o   How DNS Works

o   DNS Tools and Settings

o   DNS Support for Active Directory Architecture

o   DNS Physical Structure in Support of Active Directory

o   DNS Support for Active Directory Processes and Interactions

o   Network Ports Used by DNS in Support of Active Directory

o   Related Information

o   Introduction

o   DNS Fundamentals

o   New Features of the Windows 2000 DNS

o   Designing a DNS Namespace for the Active Directory

o   Summary

o   Glossary

o   What Is DNS Support for Active Directory?

o   How DNS Support for Active Directory Works

o   DNS Support for Active Directory Tools and Settings

AD Reading: Active Directory DFS & FRS

The following are extremely useful resources for understanding the AActive Directory DFS & FRS.

DFS Namespaces (DFSN) & DFS Replication (DFSR)

o   What Is DFS?

o   How DFS Works

o   DFS Tools and Settings

o   DFS Terminology

o   DFS Client and Server Compatibility

o   Characteristics of Namespace Types

o   DFS Architecture

o   DFS Physical Structures and Caches

o   DFS Processes and Interactions

o   DFS Protocols

o   DFS Interfaces

o   Network Ports Used by DFS

o   Related Information

o   Enable Access-Based Enumeration on a Namespace

o   Enable or Disable Referrals and Client Failback

o   Change the Amount of Time That Clients Cache Referrals

o   Set the Ordering Method for Targets in Referrals

o   Set Target Priority to Override Referral Ordering

o   Optimize Namespace Polling

o   Using Inherited Permissions with Access-Based Enumeration

o   SYSVOL Migration Conceptual Information

o   SYSVOL Migration Procedure

o   Troubleshooting SYSVOL Migration

o   SYSVOL Migration Reference Information

o   1: SYSVOL Migration Series: Part 1 – Introduction to the SYSVOL migration process

o   2: SYSVOL Migration Series: Part 2 – Dfsrmig.exe: The SYSVOL migration tool

o   3: SYSVOL Migration Series: Part 3 – Migrating to the Prepared State

o   4: SYSVOL Migration Series: Part 4 – Migrating to the ‘REDIRECTED’ state

o   5: SYSVOL Migration Series: Part 5 – Migrating to the ‘ELIMINATED’ state

File Replication Service (FRS)

o   FRS Terminology

o   FRS Architecture

o   FRS Protocols

o   FRS Interfaces

o   FRS Physical Structures

o   FRS Processes and Interactions

o   Network Ports Used by FRS

o   Related Information

o   FRS Tools

o   FRS Registry Entries

o   Network Ports Used by FRS

o   What Is FRS?

o   How FRS Works

o   FRS Tools and Settings

AD Reading: Active Directory Client Interaction

The following are extremely useful resources for understanding the Active Directory Client Interaction.

Client Interaction

o   Domain Controller Name Registration

o   SRV Resource Records

o   Domain Controller Location Process

o   Finding a Domain Controller in the Closest Site

o   Types of Locators

AD Reading: Active Directory Backup and Disaster Recovery

The following are extremely useful resources for understanding the Active Directory Backup and Disaster Recovery.

Backup and Disaster Recovery

o   What’s New in AD DS Backup and Recovery?

o   Known Issues for AD DS Backup and Recovery

o   Best Practices for AD DS Backup and Recovery

o   General Requirements for Backing Up and Recovering AD DS

o   Scenario Overviews for Backing Up and Recovering AD DS

o   Steps for Backing Up and Recovering AD DS

o   New Features, Assumptions, and Prerequisites for Using This Guide for Planning Active Directory Forest Recovery

o   Devising a Custom Forest Recovery Plan

o   Recovering Your Active Directory Forest

o   Appendix A: Forest Recovery Procedures

o   Appendix B: Frequently Asked Questions

o   Appendix C: Recovering a Single Domain within a Multidomain Forest

o   Appendix D: Forest Recovery with Windows Server 2003 Domain Controllers

o   Additional Resources

o   Restore Active Directory from backup

o   Mark the object or objects authoritative

o   Synchronize replication with all partners

o   Run an LDIF file to recover back-links

o   Restart the domain controller in Directory Services Restore Mode locally

o   Create an LDIF file for recovering back-links for authoritatively restored objects

o   Turn off inbound replication

o   Turn on inbound replication

AD Reading: Active Directory Authentication & Logon

The following are extremely useful resources for understanding the Active Directory Authentication & Logon.

Authentication & Logon

o   Digest Authentication Technical Reference

o   Interactive Logon Technical Reference

o   Kerberos Authentication Technical Reference

o   TLS/SSL Technical Reference

o   Introduction

o   Overview of the Kerberos Protocol

o   Kerberos Components in Windows 2000

o   Authorization Data

o   Interactive Logon

o   Remote Logon

o   Interoperability

o   Introduction (Kerberos Protocol Transition and Constrained Delegation)

o   Authenticating Web Application Users

o   Windows Server 2003 Kerberos Extensions

o   Sample Scenario Source Files

o   Summary (Kerberos Protocol Transition and Constrained Delegation)

o   Conclusion (Kerberos Protocol Transition and Constrained Delegation)

o   Security Descriptors and Access Control Lists Technical Reference

o   Access Tokens Technical Reference

o   Permissions Technical Reference

o   Security Principals Technical Reference

o   Security Identifiers Technical Reference

o   What is Interactive Logon?

o   How Interactive Logon Works

o   Interactive Logon Tools and Settings

o   User Profiles Overview in User Data and Settings Management

o   User Profile Structure

o   Enhancements to User Profiles in Windows Server 2003 and Windows XP

o   How to Configure a Roaming User Profile

o   Security Considerations when Configuring Roaming User Profiles

o   Best Practices for User Profiles

o   Folder Redirection Overview

o   How to Configure Folder Redirection

o   Security Considerations when Configuring Folder Redirection

o   Best Practices for Folder Redirection in User Data and Settings Management

o   Related Technologies: Offline Files and Synchronization Manager

o   Common Scenarios for IntelliMirror User Data and Settings Features

o   Appendix: Group Policy Settings for Roaming User Profiles

o   Related Links for User Data and Settings Management

AD Reading: Active Directory Database

The following are extremely useful resources for understanding the Active Directory Database.

AD Database

o   Data Store Architecture

o   Data Store Protocols

o   Data Store Interfaces

o   Data Store Logical Structure

o   Data Store Physical Structure

o   Data Store Processes and Interactions

o   Network Ports Used by the Data Store

o   Related Information

o   Directory Tree

o   Storage Limits

o   Directory Data Store

o   Object-Based Security

o   Growth Estimates for Active Directory Users and Organizational Units

o   Data Characteristics

o   Windows 2000 SAM Storage

o   Data Model

o   Container Objects and Leaf Objects

o   Directory Partitions

o   Transaction Log Files

o   Temporary Transaction Log Files

o   Reserved Transaction Log Files

o   Checkpoint Files

o   Database Files

o   Temporary Databases

AD Reading: Active Directory Core Concepts

The following are extremely useful resources for understanding Active Directory Core Concepts.

Core Directory Concepts & Key Items

o   Attributes

o   Containers and Leaves

o   Object Names and Identities

o   Naming Contexts and Directory Partitions

o   Domain Trees

o   Forests

o   Active Directory Servers and Dynamic DNS

o   Replication and Data Integrity

o   Active Directory Logical Structure

o   Active Directory Data Storage

o   Name Resolution in Active Directory

o   Active Directory Schema

o   Service Publication in Active Directory

o   Active Directory Replication

o   Managing Flexible Single-Master Operations

o   Monitoring Performance in Active Directory

o   Active Directory Backup and Restore

o   Active Directory Diagnostics, Troubleshooting, and Recovery

o   Active Directory on a Windows Server Network

o   Active Directory Application Mode

o   Structure and Storage Technologies

o   Domain Controller Roles

o   Replication Technologies

o   Search and Publication Technologies

o   Installation, Upgrade, and Migration Technologies

o   Introduction

o   Active Directory User and Computer Accounts

o   Active Directory Groups User Authentication

o   User Authorization

o   Summary

o   Appendix A: Built-in, Predefined, and Special Groups

o   Appendix B: User Rights

o   Understanding AD DS Design

o   Identifying Your AD DS Design and Deployment Requirements

o   Mapping Your Requirements to an AD DS Deployment Strategy

o   Designing the Logical Structure for Windows Server 2008 AD DS

o   Designing the Site Topology for Windows Server 2008 AD DS

o   Enabling Advanced Features for AD DS

o   Evaluating AD DS Deployment Strategy Examples

o   Appendix A: Reviewing Key AD DS Terms

o   Active Directory Logical Structure

o   Active Directory Data Storage

o   Name Resolution in Active Directory

o   Active Directory Schema

o   Service Publication in Active Directory

o   Active Directory Replication

o   Managing Flexible Single-Master Operations

o   Monitoring Performance in Active Directory

o   Active Directory Backup and Restore

o   Active Directory Diagnostics, Troubleshooting, and Recovery

o   What Are Domain and Forest Trusts?

o   How Domain and Forest Trusts Work

o   Domain and Forest Trust Tools and Settings

o   Security Considerations for Trusts

o   What Is the Global Catalog?

o   How the Global Catalog Works

o   Global Catalog Tools and Settings

o   What are Operations Masters?

o   How Operations Masters Work

o   Operations Masters Tools and Settings

o   What Is TCP/IP?

o   How TCP/IP Works

o   TCP/IP Tools and Settings

o   Planning Deployment of AD DS in the Perimeter Network

o   Designing RODCs in the Perimeter Network

o   Deploying RODCs in the Perimeter Network

o   Planning to Virtualize Domain Controllers

o   Deployment Considerations for Virtualized Domain Controllers

o   Operational Considerations for Virtualized Domain Controllers

o   Backup and Restore Considerations for Virtualized Domain Controllers

o   USN and USN Rollback

 

 

 

Hyper-V 2012 Resources

I have been researching Hyper-V 2012 quite a bit over the past couple of months. Here are some of the more useful links:

Intel vPro Technology Security

In every modern (recent) Intel processor, there is a remote access

Hardware Secrets posted:

Intel’s vPro technology provides IT managers with a collection of security and manageability features, including remote access to the PC independent of the state of the operating system or that of the computer’s power. The newest vPro processors include an identity protection technology with public key infrastructure (Intel IPT with PKI), which provides a new second layer of authentication embedded into the PC that allows websites and business networks to validate that a legitimate user is logging on from a trusted PC by using a private key stored in a PC’s firmware. In addition, the chipset has Intel’s Secure Key, a hardware-based random number generator that businesses can use to encrypt applications, OS Guard malware detection and prevention technology, and McAfee ePolicy Orchestrator (ePO) Deep Command, which is designed to allow remote patching.

Intel’s website provides more details.

KMS Part 2

This is an addendum post to the original KMS info post with a bunch of useful info I gathered recently.

Useful KMS and Windows activation commands:

Change Windows 2008 R2 license key type from Retail to KMS activated:
Slmgr /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y

Clear cached KMS host:
Slmgr.vbs /ckms

Disable KMS host caching:
Slmgr.vbs /ckhc

Flush local system DNS cache:
Slmgr.vbs /flushdns

Force immediate activation:
Slmgr.vbs /ato

Enable KMS Host caching:
Slmgr.vbs /skhc

Point activation to a specific KMS Server (disables KMS autodiscovery via DNS):
Slmgr.vbs /skms:SERVER

Display detailed license information (& KMS Host Info):
Slmgr.vbs /dlv

Get information about OS activation from KMS Server:
slmgr.vbs / dli

Configure a server to run KMS:

Install the KMS activation key by running the following:
slmgr.vbs /ipk <KMS Activation Key>

Run the following command to immediately activate:
slmgr.vbs /ato

Restart the Software Licensing Service (SPPSVC):
net stop sppsvc && net start sppsvc

http://technet.microsoft.com/en-us/library/ff793407.aspx

The Software Licensing Service (SPPSVC) handles registration of the DNS service (sRV) record which is created in the same DNS domain the KMS host is installed uder the _tcp subzone.

KMS will automatically handle activations for systems in the same DNS Domain.  In order to expand the scope to other domains, a registry hack is required.

Open Regedit and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
Create a new Multi-String key called DnsDomainPublishList

Edit the key and add each additional DNS domain suffic that KMS should publish to on a separate line.
Restart the Software Licensing Service (SPPSVC):
net stop sppsvc && net start sppsvc

If Dynamic DNS is not enabled for your AD domain, you will have to manually add the SRV record for KMS with ths following information:
Service: _VLMCS
Protocol: _TCP
Port Number: 1688
Host: <KMS-HOST-FQDN>

http://technet.microsoft.com/en-us/library/ff793405.aspx

Note: Only the first KMS Host can create an SRV record – subsequent KMS Hosts cannot change or update SRV records unless the default DNS permissions are modified.

Configuring KMS Clients:

Manually specify a KMS Host:
slmgr.vbs /skms <value>:<port>

NOTE: When you manually specify a KMS host, this disables automatic discovery of the KMS host.

Enable Auto-discovery:
slmgr.vbs /ckms

Change a client from retail to volume activation:
Slmgr.vbs /ipk <SetupKey>

Change a client registered with a MAK key to KMS:
slmgr.vbs /ipk <KmsSetupKey>

KMS Setup Keys:

Windows 7 Professional:  FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N:  MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise:  33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N:  YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E:  C29WB-22CC8-VJ326-GHFJW-H9DH4

Windows Server 2008 R2 HPC Edition:  FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter:  74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise:  489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems:  GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard:  YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R2:  6TPJF-RBVHG-WBW2R-86QPH-6RTM4

References: