Вы находитесь на странице: 1из 20


Using Server Models are Xseries 325, Xseries 3650 Xeon processor, Dell Power Edge 2850 (6 h/ds Raid 5),
1750 (3 h/ds Raid 1), 4600 and 6400 (Storage devices)
Server Remote Connectivity Tools: ILO(using for HP), I-DRAC(using for Dell)
ILO (Integrated Lights-Out): Integrated Lights-Out, or iLO, is an embedded server management
technology exclusive to Hewlett-Packard but similar in functionality to the Lights out management (LOM)
technology of other vendors. Current iLO 2 Version 1.81
iLO makes it possible to perform activities on an HP server from a remote location. The iLO card has a
separate network connection (& its own IP address) to which one can connect via HTTPS. Possible options are
 reset the server (in case the server doesn't respond anymore via the normal network card)
 power-up the server (possible to do this from a remote location, even if the server is shut down)
 take over the screen
 mount remote physical CD/DVD drive or image.
 access the server's IML (Integrated Management Log)
 remote console (in some cases, an 'Advanced license' maybe required for some of the utilities to
 can be manipulated remotely through xml-based Remote Insight Board Command Language
iLO is available in 2 forms, iLO Standard & iLO Advanced. iLO Standard provides basic system board
management functions, diagnostics & essential Lights-Out functionality as standard features on iLO supported
ProLiant servers. iLO Advanced provides remote administration functionality as a licensed option.
I-DRAC(Dell Remote Access Controller): In computing, the DRAC, an interface card from Dell Inc,
provides out-of-band management facilities. The controller has its own processor, memory, battery,
network connection, and access to the system bus. Key features include power management, virtual
media access and remote console capabilities, all available through a supported web browser. This gives
system administrators the ability to configure a machine as if they were sitting at the local console
Server Monitoring Tools: BMC PATROL, SITE SCOPE, OPEN VIEW(using for HP)
BMC PATROL: PATROL for Microsoft Windows Servers is a suite of many components that monitor various
aspects of a large-scale server infrastructure. The most active component is PATROL Agent, which does
the actual monitoring. It uses the many Knowledge Modules (KMs) that specify what to monitor and how
to interpret it. The function of these KM components is fairly self-explanatory, based on their names:
PATROL KM for Microsoft Windows Operating System, PATROL KM for Microsoft Windows Active Directory
PATROL KM for Microsoft Windows Domain Services, PATROL KM for Microsoft Cluster Server,
PATROL KM for Microsoft COM+, PATROL KM for Microsoft Message Queue, PATROL KM for Event Mgmt,
PATROL KM for Log Mgmt, PATROL KM for History Loader (loads PATROL data into a relational database)
HP SITE SCOPE: HP SiteScope is a monitoring tool focused on testing and tracking the response time and
availability of software applications. SiteScope tests a web page or a series of web pages using synthetic
monitoring. However it is not limited to web applications and can be used to monitor database servers
(Oracle Database, Microsoft SQL Server, etc), Unix servers, Microsoft Windows servers and many other
types of hardware and software. It can export the collected data in real time to LoadRunner or it can be
used in standalone mode. It collects CPU usage, memory availability, disk input/output and many other
statistics. SiteScope collects data from servers and application software using agentless data collection.
Using the data collected, SiteScope can send alerts and creates reports showing the results.
OPEN VIEW: For HP servers, this tool uses for monitoring and performance check.
Difference between windows 2000 and 2003 Server?
1. In Win 2000 server we can apply 620 group policies but in 2003 we can apply nearly 720 so Win2003
server is more secure than win 2000 server.
2. In 2003 server you can change the domain name at any time without rebuilding the domain, where as
in 2000 u have to rebuild the entire domain to change the domain name.
3. Win 2000 Supports IIS 5.0 and 2003 Supports IIS 6.0
4. Win 2000 doesn’t support Dot net whereas 2003 Supports Microsoft .NET 2.0
5. In 2000 we can create 1 million users and in 2003 we can create 1 billion users.
6. In 2003 we have concept of Volume shadow copy service which is used to create hard disk snap shot
which is used in Disaster recovery and 2000 doesn’t have this service.
7. Win 2000 supports IPV4 whereas 2003 supports IPV4 and IPV6.
8. In windows 2000 support maximum 10 users access shared folder at a time through network.
But in win2003 no limitation.
Difference between windows 2003 and 2008 server?
1) 2008 is combination of vista and windows 2003r2. New services are RODC (Read-only DC) & WDS
(windows deployment services) instead of RIS in 2003 server

10/7/2018 12:55:02 PM 1
2) In 2008 installation is 32 bit where as 2003 it is 16 as well as 32 bit, that’s why installation of 2008 is
faster. The main difference between 2003 and 2008 is Virtualization, management.
2008 has more inbuilt components and updated third party drivers Microsoft introduces new feature with
2k8 that is Hyper-V Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit
versions. More and more companies are seeing this as a way of reducing hardware costs by running
several 'virtual' servers on one physical machine. If you like this exciting technology, make sure that you
buy an edition of Windows Server 2008 that includes Hyper-V, then launch the Server Manger, add Roles.
3) In Windows Server 2008, Microsoft is introducing new features and technologies, some of which were
not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to reduce the power
consumption of server and client operating systems, minimize environmental byproducts, and increase
server efficiency. Microsoft Windows Server 2008 has been designed with energy efficiency in mind, to
provide customers with ready and convenient access to a number of new power-saving features. It
includes updated support for Advanced Configuration and Power Interface (ACPI) processor power
management (PPM) features, including support for processor performance states (P-states) and processor
idle sleep states on multiprocessor systems. These features simplify power management in Windows
Server 2008 (WS08) and can be managed easily across servers and clients using Group Policies.
4) 2003 supports IIS 6.0 and 2008 supports IIS 7.0
5) In 2003 there is no profile for firewall whereas in 2008 there are 3 profiles for firewall i.e. public,
domain and private.
6) In 2008 there is new thing enabled bit-locker and network access protection (NAP)
20 FTP, File Transfer Protocol, data 21 FTP, File Transfer Protocol, control
22 SSH 23 Telnet, Telecommunication Network
25 SMTP, Simple Mail Transfer Protocol 53 DNS, Domain Name System
67 DHCP, Dynamic Host Control Protocol 69 TFTP, Trivial File Transfer Protocol
80 HTTP, Hyper Text Transfer Protocol 88 Kerberos
443 HTTPS, Hyper Text Transfer Protocol Secure 110 POP, Post Office Protocol, version 3
119 NNTP, Network News Transfer Protocol 9100 Printer port
135 RPC, Remote Procedure Call 143 IMAP, Internet Message Access Protocol
161 SNMP, Simple Network Management Protocol 3268 Global Catalog
389 LDAP, Lightweight Directory Access Protocol 1352 Lotus Notes
3389 RDP, Remote Desktop Protocol ILO and Vmware ports may decide while setup
What does IntelliMirror do? It helps to reconcile desktop settings, applications, and stored files for
users, particularly those who move between workstations or those who must periodically work offline.
IMAP: The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a
remote web server from a local client. POP3 - from server to you, copying all mails to your local system
IMAP - from server to you but selective, only on one place. SMTP - from you to server, for sending mail.
How to configure FTP server? FTP, which is the protocol for exchanging files over the Internet. FTP is
an easy way to transfer files over the Internet
Install IIS from add remove programs.
Configure FTP server IP address in DNS for resolution.
Ensure the services .net, SMTP and www installed from add remove programs.
Start telephony service in services.
Create a shared folder, and assign permissions on it.
Create virtual folder in IIS (computer – manage – IIS – FTP).
Open port no. 20 and 21 from firewall and IIS.
Kerberos: Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos
V5 protocol verifies both the identity of the user and network services. This dual verification is known as
mutual authentication. It’s more secure & encrypted than NTLM (NT authentication). Port no. is 88
Tombstone lifetime attribute: The number of days before a deleted object is removed from the
directory services. This assists in removing objects from replicated servers and preventing restores from
reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC.
KCC (knowledge consistency checker) is used to generate replication topology for intersite replication
and for intrasite replication. With in site replication traffic is done via remote procedure a call over IP,
while between sites it is done through either RPC or SMTP. KCC is an Active Directory component that is
responsible for the generation of the replication topology between DCs
Per server and per seat licensing is managed from two different locations.

10/7/2018 12:55:02 PM 2
Per Server - Use the Licensing applet in the control panel to manage this licensing. Only a specific number
of users can connect to a specific server at one time.
Per Seat - Use "License Manager" in administrative tools to manage this licensing. A client access license
(CAL) is purchased for each computer allowing that client to attach to any number of servers. It includes
the following tabs: Purchase History, Product View, Client Per Seat, Server Browser
Microsoft allows only one conversion from per server licensing to per seat licensing. It cannot be converted
from per seat licensing to per server licensing
Performance Monitor:
Using Event Viewer (Application, Security and System Logs) and
Performance Logs and Alerts (Counter Logs, Trace Logs and Alerts)
Performance Counters:
1) Memory: Memory: Pages / sec, Memory: Page Faults / Sec, Page File: % Usage , Memory: Cache Bytes
2) Processor: Processor: % Processor Time, Processor Queue
3) Disk: Physical Disk: Disk Read Byte /sec, Physical Disk: Writes /sec
4) Network: Network Interface\ Bytes Total/sec, Network Interface\ Bytes Sent/sec, Network Interface\
Bytes Received/sec, Network Interface\ Current Bandwidth
System requirement of WS03 1) computer P3 1.33 mhz mini or P2III 300 mhz or larger recom. 2) RAM
128 MB mini or 256 MB recom. 3) H/D 2 GB mini or 4 GB recom.
For WS08 1) Processor 1.4 GHz(x64 processor), 2) 512 MB RAM, 8 GB (Foundation), 32 GB (Standard),
2TB (Enterprise, datacenter and itanium based servers) 3) Disk space 32 GB or greater, foundation 10GB
What are the hidden shares? Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Difference between Firewall and Proxy
1. Firewall works on the packet level. It can apply rules on packets (by checking the source/destination IP
address, source/destination port) to decide whether the packet will be forwarded or denied.
Proxy works on application protocol level. They don’t work on packet level so they can't forward packets.
2. The client stations have to be configured to use firewall as default gateway
Applications on the client PC have to be configured to use proxy server to access Internet servers.
3. Firewall: Services which use low-level TCP/IP protocols (ping, trace route) will work behind firewall (if
they are not disabled by firewall restrictions)
Proxy: Services which use low-level TCP/IP protocols (ping, trace route) will not work behind proxy.
4. A firewall is can either be software or hardware controlling inbound and outbound traffic on your
computer. A firewall basically prevents unauthorized access to and from your computer.
A proxy is just, 'acting on behalf of something or someone else. A proxy acts as a gateway & can
sometimes be used to circumvent the protection provided by a firewall or restriction on a network.
+ If you want to know which is AD or ADC, Check the FSMO roles.
+ For checking AD working or not, check replication is happening or not.
+ For Remote Desktop Problem, check RDP (port no. 3389) service working or not.
+ System Health Check up – All servers are up-to-date. Version wise, Application wise, Check Antivirus
Version and Definition, Ping reports, websites are working are not.
+ Process means all exe’s and com files running on system. Service means which are running in
background e.g. DNS, DHCP client, windows firewall service.
+ For NTBackup, check Removable Storage service, & Task Scheduler service. Check the backup log files.
+ Private IP- Internally used in company (means locally), Public IP- Provided by ISP e.g. www.ibm.com
+ Server UP steps – 1) check by ping 2) try to boot again 3) check hardware or software error 4) try last
known good configuration 5) lastly try Recovery Disaster Plan (means system state backup, use
configuration, software document.)
+ For AD replication troubleshooting use repadmin, replmon tools for checking replication topology, once it
is sure topology is correct then try force active directory replication.
+ DNS cache is cleared by command IPCONFIG /FLUSHDNS, DNS Lookup - NSLOOKUP
+ AD Database is ntds.dit (dit-directory information tree)
+ Physical Structure include DC’s and sites.
+ Site contains 2 objects – DC’s contained in the site & Site links configured to connect the site to other site.
+ AD works on LDAP(lightweight directory access protocol), ADSI(AD Service Interface), DNS, Kerberos V
and SNTP protocols.
+ A DC whose schema master role has been seized should never be brought back online.
+ Windows server 2003 editions are Standard Edition, Enterprise Edition, Datacenter Edition, Web Edition.
+ We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP
leases off of it. The server must be authorized first with the Active Directory.
+ Forward lookup is name-to-address, the reverse lookup is address-to-name.
+ Print permissions: Print, Manage Printers, Manage Documents, Read Permissions, Take Ownership.

10/7/2018 12:55:02 PM 3
+ Share permissions Read, Change, Full Control. (RCF) NTFS permissions Full Control, Modify, Read and
Execute, List Folder Contents, Read, Write. (FM RL RW)
+ Active Directory Requirement: NTFS Partition with sufficient space, Admin user id and password, Network
connection, Correct OS, Operational DNS server.
CPU Utilization Showing 100%
1) In Processes tab, you may notice multiple instances of the Wmiprvse.exe process. The number of multiple
instances of the Wmiprvse.exe process may be more than 100.
2) Microsoft KB and hotfix is available for 100% CPU usage on Svchost.exe process
3) The cause for this problem could be with the CPQFCAC.sys driver (Fibre Channel Array notification driver)
and its resolved by disabling the MSA1000 device in Device Manager (in the System Devices).
4) Right click on My computer --- properties --- Advanced tab, click Settings under Performance --- On the
Visual Effects tab --- clear the Fade or slide menus into view check box --- OK
5) Folder Options --- General tab --- click Use Windows classic folders --- OK
In the AD installation, there are 3 main folders
1) c:\windows\NTDS (for database folder),
2) c:\windows\NTDS (for log folder-keep this folder on other H/D, so AD will give better performance),
3) c:\windows\SYSVOL (SYSVOL folder stores the server’s copy of the domain’s public files. The contents
of the SYSVOL folder are replicated to all domain controllers in the domain. System should be formatted
by NTFS file system) SYSVOL folder contents Domain, Staging, Staging areas, Sysvol. NETLOGON &
SYSVOL shares are created automatically.
Active Directory is a network-based object store and service that locates and manages resources, and
makes these resources available to authorized users and groups. An underlying principle of the Active
Directory is that everything is considered an object—people, servers, workstations, printers, documents,
and devices. Each object has certain attributes and its own security access control list (ACL). AD stores
information about resources on the network and makes it easy for users to locate, manage and use their
AD includes 4 files NTDS.DIT, EDB.LOG, EDB.CHK, Res1.log and Res2.log
Active Directory Schema: Win 2000 and Win Server 2003 Active Directory uses a database set of rules
called "Schema". The Schema is defines as the formal definition of all object classes, and the attributes
that make up those object classes, that can be stored in the directory.
The classes and the attributes that they define are collectively referred to as the Active Directory Schema
—in database terms, a schema is the structure of the tables and fields and how they are related to one
another. You can think of the Active Directory Schema as a collection of data (object classes) that defines
how the real data of the directory (the attributes of an object) is organized and stored
Active Directory Partition:
Schema Partition: Only one schema partition exists per forest. The schema partition is stored on all
domain controllers in a forest. The schema partition contains definitions of all objects and attributes that
you can create in the directory, and the rules for creating and manipulating them. Schema information is
replicated to all domain controllers in the attribute definitions.
Configuration Partition: There is only one configuration partition per forest. Second on all DCs in a
forest, the configuration partition contains information about the forest-wide active directory structure
including what domains and sites exist, which domain controllers exist in each forest, and which services
are available. Configuration information is replicated to all domain controllers in a forest.
Domain Partition: Many domain partitions can exist per forest. Domain partitions are stored on each
domain controller in a given domain. A domain partition contains information about users, groups,
computers and organizational units. The domain partition is replicated to all domain controllers of that
domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset
of their attribute values.
Application Partition: Application partitions store information about application in AD. Each application
determines how it stores, categorizes, and uses application specific information. To prevent unnecessary
replication to specific application partitions, you can designate which DCs in a forest host specific application
partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such
as user accounts. In addition, the data in an application partition is not stored in the GC.
Integration of DNS and Active Directory: The integration of DNS and Active Directory is essential
because a client computer in a Windows 2000 network must be able to locate a domain controller so that
users can log on to a domain or use the services that Active Directory provides. Clients locate domain
controllers and services by using A resource records and SRV records. The A resource record contains the

10/7/2018 12:55:02 PM 4
FQDN and IP address for the domain controller. The SRV record contains the FQDN of the domain controller
and the name of the service that the domain controller provides.
LDAP (Light-Weight Directory Access Protocol): Is the directory service protocol determines how an
object in an AD should be named. LDAP naming paths are used to access AD objects and include the following
Distinguished names e.g. CN=user, OU=India, DC=Microsoft, DC=com
Relative Distinguished names e.g. CN=user OR OU=India
The Global Catalog server authenticates network user logons and fields inquiries about objects across a
forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000,
there was typically one GC on every site in order to prevent user logon failures across the network.
A global catalog server stores a full copy of all objects in the directory for its host domain and a partial
copy of all objects for all other domains in the forest. The first domain controller in a forest automatically
becomes the global catalog server.
If there is only one DC in the domain, the DC and the GC are the same server. If there are multiple DC’s in
the network, the GC is hosted on the DC configured as such. If a GC is not available when a user initiates
a network logon process, the user is only able to log on to the local computer only.
Bridgehead Server is a server that participates in the intersite replication of active directory
AD sites & services – sites – OU – servers – DC – NTDS setting – right click properties – tick mark GC
Active Directory Site: A site is a grouping of one or more TCP/IP subnets that defines the physical structure
of a network. A geographical location (branch) of a company is practically considered a site. All devices in a
site are well connected by means of a high speed network link (10 mbps or greater). Since all devices in a
physical LAN are connected usually by Ethernet cable -10/100 mbps – a LAN is considered a site.
Active Directory Tools
Replmon.exe: Replmon is used to view the status of AD replication, force synchronization between DCs,
monitor replications and view the network topology in a graphical format. Also used into See when a
replication partner fails, View the history of successful and failed replication, force replication. Monitor
replication status of DCs from multiple forests.
Repadmin.exe: Repadmin is a command-line tool used to view the replication topology from each DC’s
perspective. You can also use repadmin to force replication and find out how up-to-date each DC is.
Dsastat.exe: Dsastat can be used to compare two directory trees across replicas within the same domain
or, in the case of a global catalog, across different domains. The tool retrieves capacity statistics such as
mbs per server, objects per server, and mb per object class, & performs comparisons of attributes of
replicated objects.
Dcdiag.exe: This command-line tool analyzes the state of DCs in a forest or enterprise and reports any
problems to assist in troubleshooting.
AD sizer: AD sizer is a capacity planning tool to help an organization size for their AD deployment. The AD
sizer estimates the hardware required for deploying AD in your organization depending on your
organization’s usage profile.
csvde –f adinfo.csv
csvde –f adinfo.csv –l “DN,objectclass,objectCategory,cn” for exporting users.
csvde –i adinfo.csv for importing users.
dsadd user “CN=Kelly,OU=Sales,OU=CA,DC=ibm,DC=com” –upn kelly@ibm.com –fn Kelly –ln Hughes –
pwd password1 –disabled no create user
dsadd group “CN=consultants,OU=Marketing,OU=CA,DC=ibm.DC=com” –secgrp yes –scope g create
Active Directory Authoritative Restore: When a change made to AD is causing problems or when an
object is modified or deleted & needs to be recovered to the entire enterprise, an AD authoritative restore
is necessary.
Restart the DC in Directory services restore mode, login using Administrator & restore mode password
specified when the server was promoted to DC. Using NTbackup.exe, restore the database. It will ask for
restart. But before restart go to cmd.exe  type ntdsutil.exe  type authoritative restore  type restore
database and press enter. (For restoring OU type restore object distinguish name of object) After
successful restore restart DC in normal mode. After restarting in normal mode verify whether the restore
was successful. Also check on other DCs to ensure that restore is being replicated properly.
Active Directory NonAuthoritative Restore: Any data that is being restored, including active directory
objects, will have its original update sequence number. Active directory replication uses this number to
detect and propagate active directory changes among the servers in the domain. Because of this, any data
that is restored non-authoritatively will appear to the active directory replication system as being old,
which means that data will never get replicated to other servers. Instead, active directory replication will
actually update the restored data with newer data from other servers.

10/7/2018 12:55:02 PM 5
1) E:\ntdsutil>ntdsutil (Security Account Maintenace)
ntdsutil: security account management
Security Account Maintenance: connect to server BigServer
Security Account Maintenance: check duplicate sid ...
Duplicate SID check completed successfully. Check dupsid.log for any duplicates
Security Account Maintenance:
2) E:\ntdsutil>ntdsutil (Reset AD Restore password)
ntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server BigServer
Please type password for DS Restore Mode Administrator Account: ********
Please confirm new password: ********
Password has been set successfully.
Reset DSRM Administrator Password: quit
ntdsutil: quit
3) C:\>ntdsutil (FSMO Role Transfer)
ntdsutil: roles
fsmo maintenance: help
? - Show this help information
Connections - Connect to a specific domain controller
Help - Show this help information
Quit - Return to the prior menu
Seize domain naming master - Overwrite domain role on connected server
Seize infrastructure master - Overwrite infrastructure role on connected server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server
Select operation target - Select sites, servers, domains, roles and
naming contexts
Transfer domain naming master - Make connected server the domain naming master
Transfer infrastructure master - Make connected server the infrastructure master
Transfer PDC - Make connected server the PDC
Transfer RID master - Make connected server the RID master
Transfer schema master - Make connected server the schema master
fsmo maintenance: connections
server connections: help
? - Show this help information
Clear creds - Clear prior connection credentials
Connect to domain %s - Connect to DNS domain name
Connect to server %s - Connect to server, DNS name or IP address
Help - Show this help information
Info - Show connection information
Quit - Return to the prior menu
Set creds %s %s %s - Set connection creds as domain, user, pwd.
Use "NULL" for null password,
* to enter password from the console.
4) 1.Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is
located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller
that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to
transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain
where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3. Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
4. Type connections, and then press ENTER.
5. Type connect to server servername, and then press ENTER, where servername is the name of the domain
controller you want to assign the FSMO role to.
6. At the server connections prompt, type q, and then press ENTER.
7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at
the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to
transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is
transfer pdc, not transfer pdc emulator.
8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and
then press ENTER to quit the ntdsutil utility. (FSMO Role Transfer)
5) Type ntdsutil <enter> (Recover deleted object from AD)
Type authoritative restore <enter>
Type restore subtree part_to_restore <enter>
Where: part_to_restore is the Distinguished Name of the AD object that needs to be restored. For example, if the
"Accounts" OU in the mydom.com domain is to be restored, the command is:
restore subtree "OU=Accounts,DC=MyDom,DC=com" Exit ntdsutil by typing quit <enter> twice.
Note: It is also possible to restore single objects by using the restore object command in the same manner. Furthermore,
the entire AD database can be restored authoritatively by using the restore database command, but this is not
recommended and should only be used as a last resort. Acknowledge the authoritative restore to increase the version
numbers of the respective objects and their attributes.
How to Configure an Audit Policy Setting for a Domain Controller

10/7/2018 12:55:02 PM 6
Auditing is turned off by default. To audit all DCs, Enable auditing on Domain Controllers OU
To configure an audit policy setting for a domain controller, follow these steps:
1. Start Directory Users and Computers.
2. Click Advanced Features on the View menu.
3. Right-click Domain Controllers, and then click Properties.
4. Click the Group Policy tab, click Default Domain Controller Policy, and then click Edit.
5. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, and
double- click Local Policies, and then double-click Audit Policy.
6. In the right pane, right-click Audit Directory Services Access, and then click Security.
7. Click Define These Policy Settings, and then click to select one or both of the following check boxes:
Success : Click to select this check box to audit successful attempts for the event category.
Failure : Click to select this check box to audit failed attempts for the event category.
8. Right-click any other event category that you want to audit, and then click Security. Click OK
Group Policy Object: Group Policy is a feature of Active directory that enables you to manage user and
computer configuration from a single, central point of administration. GPO is a active directory object that
contains one or more policies for a user or a computer. GPOs are linked to sites, domains or OUs. Two
defaults GPOs: Default Domain Policy and Default Domain Controllers policy.
gpmc.msc download from Microsoft site, it is not by default installed.
Publish method – applications will install from add remove programs manually.
Assign method – applications shows in all programs, after opening it will automatically install after opening.
Administrator tools --- Group policy management tool --- Group Policy Management --- Forest --- Domains
--- ibm.com --- Group Policy Object --- right click new GPO --- give name --- ok --- select newly created
GPO --- right click and edit --- then go to Computer configuration or User configuration (Software setting,
Windows setting, Administrative template)
Group Types
Security Group: Security groups allow you to manage user and computer access to shared resources.
You can also control who receives group policy settings. This simplifies administration by allowing you to
set permissions once on multiple computers, then to change the membership of the group as your needs
change. The change in group membership automatically takes effect everywhere. You can also use these
groups as email distribution lists.
Distribution Group: Distribution groups are intended to be used solely as email distribution lists. These
lists are for use with email applications such as Microsoft Exchange or Outlook. You can add & remove
contacts from the list so that they will or will not receive email sent to the distribution group. You can't use
distribution groups to assign permissions on any objects, and you can't use them to filter group policy
Different types of Group Scopes
Global Group: Global groups are used to gather users that have similar permissions requirements. Global
groups have the following characteristics:
1. Global groups can contain user & computer a/c only from the domain in which the global group is
2. When the domain functional level is set to Windows 2000 native or Windows Server 2003 (i.e., the
domain contains only Windows 2000 or 2003 servers), global groups can also contain other global
groups from the local domain.
Domain Local Groups: Domain local groups share the following characteristics:
1. Domain local groups can contain users and global groups from any domain in a forest no matter what
functional level is enabled.
2. When the domain functional level is set to Windows 2000 native or Windows Server 2003, domain
local groups can also contain other domain local groups and universal groups.
Universal Groups: Universal groups are normally used to assign permissions to related resources in
multiple domains. Universal groups share the following characteristics:
1. Universal groups are available only when the forest functional level is set to Windows 2000 native or
Windows Server 2003.
2. Universal groups can contain users, global groups, & other universal groups from any domain in a
What is the order in which GPOs are applied? Group Policy settings are processed in the following order:
1) Local Group Policy object-each computer has exactly one Group Policy object that is stored locally. This
processes for both computer and user Group Policy processing.
2) Site-Any GPOs that have been linked to the site that the computer belongs to are processed next.
Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for

10/7/2018 12:55:02 PM 7
the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed
last, and therefore has the highest precedence.
3) Domain-processing of multiple domain-linked GPOs is in the order specified by the administrator, on the
Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed
last, and therefore has the highest precedence.
4) Organizational units-GPOs that are linked to the organizational unit that is highest in the AD hierarchy
are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs
that are linked to the organizational unit that contains the user or computer are processed.
What are the GPC and the GPT? Where can I find them?
GPOs store group policy settings in two locations:
The GPC is an Active Directory object that stores version information, status information, and other policy
information (for example, application objects).
The GPT is used for file-based data and stores software policy, script, and deployment information.
Loopback Policy: In the Group Policy Microsoft Management Console (MMC), click Computer Configuration
Locate Administrative Templates, click System, click Group Policy, then enable the Loopback Policy option.
Loopback policies can be applied to Win 2000 and above. The Loopback policy can be applied in 2 modes:
Merge Mode: Here, 1st the GPO for users is applied. Then the GPO for the com is then added to the end of
the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs.
Replace Mode: In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the
computer object is used.
DNS scavenging is the process whereby resource records are automatically removed if they are not updated
after a period of time. Typically, this applies to only resource records that were added via DDNS, but you can
also scavenge manually added, also referred to as static, records. DNS scavenging is a recommended practice
so that your DNS zones are automatically kept clean of stale resource records. The default interval when DNS
server will kick off the scavenging process is 168 hrs, which is equivalent to 7 days.
How DNS really works?
DNS uses a client/server model in which the DNS server maintains a static database of domain names
mapped to IP addresses. The DNS client, known as the resolver, performs queries against the DNS
servers. The bottom line DNS resolves domain names to IP address using these steps
Step1. A client (or “resolver”) passes its request to its local name server. For example, the URL term
www.idgbooks.com typed into Internet Explorer is passed to the DNS server identified in the client TCP/IP
configuration. This DNS server is known as the local name server.
Step2. If, as often happens, the local name server is unable to resolve the request, other name servers
are queried so that the resolver may be satisfied.
Step3. If all else fails, the request is passed to more & more, higher-level name servers until the query
resolution process starts with far-right term (for instance, .com) or at the top of the DNS tree with root
name servers.
Forward Lookup - You know the hostname, DNS tells you the IP address. Forward Lookup zones supply
the main DNS mechanism for finding Hosts (A), Name Servers (NS) or Service (_gc).
Reverse Lookup - You know the IP, DNS gives you the hostname. In truth, Reverse Lookup is required by
NSLookup, DNSLint and other utilities.
There are two types of zones, forward lookup and reverse lookup. Forward lookup zones contain information
needed to resolve names within the DNS domain. They must include SOA and NS records and can include any
type of resource record except the PTR resource record. Reverse lookup zones contain information needed to
perform reverse lookups. They usually include SOA, NS, PTR, and CNAME records.
With most queries, the client supplies a name and requests the IP address that corresponds to that name.
This type of query is typically described as a forward lookup. Active Directory requires forward lookup zones.
However, what if a client already has a computer's IP address and wants to determine the DNS name for the
computer? This is important for programs that implement security based on the connecting FQDN, and is
used for TCP/IP network troubleshooting. The DNS standard provides for this possibility through reverse
Primary DNS Server: A Primary DNS Server is one that is the primary authority for the zone database
records for a particular zone. There can be only one Standard Primary DNS Server for a particular zone. Any
other standard DNS Servers in a particular zone must be Secondary DNS Servers.
It's the only one that contains a writeable copy of the zone database file, all changes to the zone must be
made on the Standard Primary DNS Server.
A Standard Primary DNS Server contains a Start of Authority record, which contains valuable information
regarding how a zone should be transferred and aged.
Secondary DNS Server: A Secondary DNS Server is a DNS Server that contains a copy of a zone database

10/7/2018 12:55:02 PM 8
file. The Secondary DNS Server obtains this copy from a Primary DNS Server. The process of copying the
zone database file from the Primary to the Secondary DNS Server is known as a zone transfer. Zone
Transfer takes place according to a schedule defined in the SOA record on the Primary DNS Server.
Stub Zone is a copy of a zone that contains only those resource records necessary to identify the
authoritative Domain Name System (DNS) servers for that zone. The difference is that Stub Zones have only
3 records, SOA, NS & A, whereas 2ndary zones have a full set of A records. A tiny zone with just pointers to
another domain.
DNS Records
Host (A): For mapping a DNS domain name to an IP address used by a computer.
Alias (CNAME): For mapping an alias DNS domain name to another primary or canonical name.
Mail Exchanger (MX): For mapping a DNS domain name to the name of a computer that exchanges or
forwards mail.
Pointer (PTR): For mapping a reverse DNS domain name based on the IP address of a computer that
points to the forward DNS domain name of that computer.
Service location (SRV): For mapping a DNS domain name to a specified list of DNS host computers that
offer a specific type of service, such as Active Directory domain controllers.
Name server records (NS): Identifies DNS name servers. Important for forwarders. They are very
simple; they merely state the authoritative name servers for the given domain. There must be at least two
NS records in every DNS entry.
Start of Authority Records (SOA): This record is called the start of authority because it denotes the
DNS entry as the official source of information for its domain. The SOA record in a DNS database indicates
which server is authoritative for that particular zone. An SOA record is automatically created when DNS is
installed for AD in win2k3 and is populated with the default TTL.
Conditional Forwarding in DNS is a new feature of DNS in Windows Server 2003 that can be used to
speed up name resolution in certain scenarios. They can also be used to help companies resolve each
other's namespace in a situation where companies collaborate a merger is underway.
A conditional forwarder is one that handles name resolution only for a specific domain. For example, you
could configure your name server to forward any requests for hosts in the domain google.com directly to a
specific name server that is authoritative for the google.com domain. What this does is speed up the name
resolution process by eliminating the need to go up to root to find this authoritative server. In this case
our previous example would now look like this:
1. DESK231 sends a recursive query to SRV220 asking to resolve www.google.com into its associated IP
2. SRV220 looks in its DNS database and finds zone information only for the test2003.local domain,
realizes www.google.com is not part of that domain, decides it has no way of knowing how to resolve
www.google.com into an IP address, and checks its list of forwarders to see if any forwarders have been
configured for it.
3. On the forwarders list it finds a conditional forwarder configured, which specifies the IP address of an
authoritative name server for the google.com domain, so it forwards the query to this name server to
handle it.
4. The google.com name server immediately resolves www.google.com into its IP address without the
need of going up to root and returns this address to SRV220.
5. SRV220 returns the address to Bob and Google quickly shows up in his browser
What does a DC register in DNS?
The Netlogon service registers all the SRV records for that DC. These records are displayed as the _msdcs,
_sites, _tcp, and _udp folders in the forward lookup zone that matches your domain name. Other
computers look for these records to find Active Directory-related information
How do I set up DNS for a child domain?
To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS
server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent
DNS server. Set the child DNS server to point to itself only.
SRV Records Missing After Implementing Active Directory and Domain Name System
This behavior occurs when the following conditions exist:
• The DNS server is configured as a Dynamic Host Configuration Protocol (DHCP) client.
• The DNS zone has a name other than your Active Directory domain name.
• The zone is not enabled to allow dynamic updates.
To resolve this issue, verify that all of the following conditions exist:
• Configure your DNS server to use a static Internet Protocol (IP) address.
• Create a forward lookup zone named after your Active Directory.
• Enable your domain zone to allow dynamic updates.

10/7/2018 12:55:02 PM 9
If all of these conditions exist and you still do not see your SRV records, stop and start the Netlogon
service. This action forces the DC to re-register the appropriate SRV records.
Using the netdiag /fix command on the DC will verify that all SRV records that are in the Netlogon.dns file
are registered on the primary DNS server
DHCP Relay Agent is the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP
server on a remote subnet, or which is not located on the local subnet. If you have no configured DHCP
Relay Agent, your clients would only be able to obtain IP addresses from the DHCP server which is on the
same subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have
to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it can relay
DHCP broadcast messages to your DHCP server.
Integration of DNS with DHCP: Windows Server 2003 DNS supports DHCP by means of the dynamic
update of DNS zones. By integrating DHCP and DNS in a DNS deployment, you can provide your network
resources with dynamic addressing information stored in DNS. To enable this integration, you can use the
Windows Server 2003 DHCP service.
FSMO There are just five operations where the usual multiple master model breaks down, and the Active
Directory task must only be carried out on one Domain Controller.
Schema Master - It maintains structure of the Active Directory in a forest. The schema master FSMO role
holder is the Domain Controller responsible for performing updates to the active directory schema.
Domain Naming Master - Adding/Changing/Deleting any Domain in a forest it takes care. It can also
add or remove cross references to domains in external directories. Maintains list of domains within the
PDC Emulator - It works as Time Server (to maintain same time in your network) It works to change the
passwords, account lockout, Group Policy changes etc.
Relative ID Master - The RID master allocates pool of relative IDs to each DC in its domain. Whenever a
DC creates a user, group, or computer object, it assigns a unique security ID to that object. The security
ID consists of a domain security ID (that is the same for all security IDs created in the domain), and a
relative ID that is unique for each security ID created in the domain.
Infrastructure Master - The infrastructure master is responsible for updating the group-to-user
references whenever the members of groups are renamed or changed The DC that holds the Infrastructure
Master FSMO role is responsible for cross domain updates and lookups.
If the infrastructure master and global catalog are on the same domain controller, the infrastructure
master will not function. The infrastructure master will never find data that is out of date, so will never
replicate any changes to the other domain controllers in the domain.
The infrastructure master is responsible for updating references from objects in its domain to objects in
other domains. The infrastructure master compares its data with that of a GC.
On DC there are minimum 2-3 roles. And on ADC 2-3 roles are there. Suppose DC is down then first seize
the roles and then transfer the roles on ADC.
Suppose in AD and ADC, user getting slow connectivity to server then transfer PDC emulator role to ADC.
How will you place the FSMO roles?
• Place the RID & PDC emulator roles on the same DC. Good communication from the PDC to the RID
master is desirable as down-level clients & applications target the PDC, making it a large consumer of
• As a general rule, the infrastructure master should be located on a non-global catalog server that has a
direct connection object to some global catalog in the forest, preferably in the same Active Directory site.
• At the forest level, the schema master & domain naming master roles should be placed on the same DC
as they are rarely used & should be tightly controlled. Additionally, the Domain Naming master FSMO
should also be a GC server.
Transferring operation master role: To transfer an operation master role is to move it with the
cooperation of its current owner. You transfer an operation master role when you want to move a role
from one server to anther.
Seizing operation master role: To seize an operation master role is to move it without the cooperation
of its current owner. You seize an operation master role assignment when a server that is holding a role
fails and you do not intend to restore it.
Describe the lease process of the DHCP server: A DHCP lease is amount of time that the DHCP server
grants to the DHCP client permission to use a particular IP address. A typical server allows its administrator
to set the lease time. Default Lease period is 8 days.
DHCP Server leases the IP addresses to the clients as follows: DORA

10/7/2018 12:55:02 PM 10
D (Discover): DHCP Client sends broadcast packets to identify the DHCP server; this packet will contain
the source MAC.
O (Offer): Once the packet is received by the DHCP server, the server will send the packet containing
Source IP and Source MAC.
R (Request): Client will now contact the DHCP server directly and request for the IP address.
A (Acknowledge): DHCP server will send an ack packet which contains the IP address.
Scope in DHCP, where you can specify a range of IP Address which will be leased to the DHCP clients.
Superscope is the combination of multiple scopes.
DHCP will provide IP address, Subnet Mask, Default gateway address, Domain Name Server (DNS)
address, NetBIOS Name Server address
Types of backup: The Backup utility supports 5 methods of backing up data on your computer or network.
Copy backup : A copy backup copies all the files you select, but does not mark each file as having been
backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up
files between normal & incremental backups because copying does not affect these other backup operations.
Daily backup: A daily backup copies all the files that you select that have been modified on the day the
daily backup is performed. The backed-up files are not marked as having been backed up (in other words,
the archive attribute is not cleared).
Differential backup: A differential backup copies files that have been created or changed since the last
normal or incremental backup. It does not mark files as having been backed up (in other words, the
archive attribute is not cleared). If you are performing a combination of normal and differential backups,
restoring files and folders requires that you have the last normal as well as the last differential backup.
Incremental backup: An incremental backup backs up only those files that have been created or
changed since the last normal or incremental backup. It marks files as having been backed up (in other
words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you
will need to have the last normal backup set as well as all incremental backup sets to restore your data.
Normal backup: A normal backup copies all the files you select and marks each file as having been
backed up (in other words, the archive attribute is cleared). With normal backups, you only need the most
recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the
first time you create a backup set.
Backing up your data using a combination of normal backups and incremental backups requires the least
amount of storage space and is the quickest backup method. However, recovering files can be time-
consuming and difficult because the backup set might be stored on several disks or tapes.
Backing up your data using a combination of normal backups and differential backups is more time-
consuming, especially if your data changes frequently, but it is easier to restore the data because the
backup set is usually stored on only a few disks or tapes.
For NTBackup, check Removable Storage service, and Task Scheduler service. Check the backup log files.
System State backup contents are
Boot files, system files, Active directory (if it’s done on DC), SYSVOL folder (if it done on DC), DHCP server
Certificate service (on a CA server), Cluster database (on a cluster server), registry, Performance counter
configuration information, Component services class registration database
What are the Types of RAID (Redundant Arrays of Inexpensive Disks)?

1) RAID 0: Striped set without parity. A RAID 0 splits data across two or more disks with no parity
information for redundancy. RAID 0 is normally used to increase performance. It can be used as a way to
create a small number of large virtual disks out of a large number of small physical ones. (mini. 2 disks).
Provides improved performance and additional storage but no fault tolerance.
2) RAID 1: Mirrored set without parity. It is mirroring process. A RAID 1 creates an exact copy (or
mirror) of a set of data on two or more disks. This is useful when performance read or reliability is more
important than data storage. If one of them gets failed another will take charge (minimum 2 disks).
Provides fault tolerance from disk errors and single disk failure. Increased read performance occurs when
using a multi-threaded operating system that supports split seeks, very small performance reduction when
writing. Array continues to operate so long as at least one drive is functioning.
3) RAID 3: Striped set with dedicated parity. This mechanism provides an improved performance and
fault tolerance similar to RAID 5, but with a dedicated parity disk rather than rotated parity stripes. The
single disk is a bottle-neck for writing since every write requires updating the parity data. One minor

10/7/2018 12:55:02 PM 11
benefit is the dedicated parity disk allows the parity drive to fail & operation will continue without parity or
performance penalty. (minimum 3 disks)
4) RAID 5: Striped set with distributed parity. It uses block-level striping with parity data distributed
across all member disks. It has achieved popularity due to its low cost of redundancy. Generally Mini. 3
disks is generally required for a complete RAID 5 configuration. In case of 3 disk set, 2 will be online.
RAID 0+1 configuration where multiple disks are striped together into sets & then 2 or more
sets are mirrored together.
RAID 1+0 configuration where 2 or more drives are mirrored together & then the mirrors (as
many as are needed to result in the desired amount of space) are striped together.
In either case (0+1 or 1+0), the loss of a single drive does not result in failure of the RAID
system. Mathematically, the difference is that the chance of system failure with two drive
failures in a RAID 0+1 system with two sets of drives is (n/2)/(n - 1) where n is the total number of drives
in the system. The chance of system failure in a RAID 1+0 system with two drives per mirror is 1/(n - 1).
So, using the 8 drive systems shown in the diagrams, the chance that losing a second drive would bring
down the RAID system is 4/7 with a In a RAID 0+1 configuration, the loss of any drive in a set causes the
failure of that entire set and the set is removed from the RAID system. Generally (in the two set case) this
means you are left with a RAID 0 system made up of the remaining set of disks. This probably slightly
improves write performance and slightly degrades read performance. In a RAID 1+0 system, you would
see the same effect on each mirror that loses a drive, but not the whole system. In other words, a RAID
1+0 configuration will tend to show similar, but less dramatic, changes in performance when in a degraded
mode than RAID 0+1. However, the changes will likely be slight in any case. Let’s follow this up with an
example: Suppose that we have 20 disks to form the RAID 1+0 or RAID 0+1 array of 20 disks.
a) If we chose to do RAID 1+0 (RAID 1 first and then RAID 0), then we would divide those 20 disks into
10 sets of 2. Then we would turn each set into a RAID 1 array & then stripe it across the 10 mirrored sets.
b) If on the other hand, we choose to do RAID 0+1 (i.e. RAID 0 first and then RAID 1), we would divide
the 20 disks into 2 sets of 10 each. Then, we would turn each set into a RAID 0 array containing 10 disks
each and then we would mirror those two arrays.
RAID level pros and cons

RAID Characteristics Mini. no. of Advantages Disadvantages

level physical drives

0 Uses striping but not 2 Provides the best No fault tolerance;

redundancy of data; often performance because no failure of one drive will
not considered “true” RAID parity calculation overhead result in all data in an
is involved; relatively array being lost
simple and easy to

1 Duplicates but does not 2 Faster read performance, Inefficient high disk
stripe data; also known as since both disks can be overhead compared to
disk mirroring read at the same time; other levels of RAID
provides the best fault
tolerance, because data is
100 percent redundant

3 Striping with one drive to 3 High data transfer rates; Complex controller
store drive parity disk failure has a design best
information; embedded error negligible impact on implemented as
checking (ECC) is used to throughput hardware RAID instead
detect errors of software RAID

5 Stores parity information 3 Better read performance Most complex controller

across all disks in the array; than mirrored volumes; design; more difficult
requires at least three and read and write operations to rebuild in case of
usually five disks for the can be overlapped; low disk failure; best for
array ratio of parity disks to data systems in which
disks performance is not

10/7/2018 12:55:02 PM 12
critical or that do few
write operations

0+1 A mirrored array of RAID 0 4 Multiple stripe segments A single drive failure
arrays; provides the fault enable high information- will cause the whole
tolerance of RAID 5 and the transfer rates array to revert to a
overhead for fault tolerance RAID 0 array; is also
of RAID 1 (mirroring) expensive to
implement and imposes
a high overhead on the
Input and output of incident management – cause is input and resolution is output

What is service and process in ITIL?

Service: Providing value to customer in the form of support.
Process: Is the structure of activities, policies and standard guidelines.

what is the relationship between IM(incident mgmt), PM(problem mgmt) and CM(change mgmt)?
If any problem coming again and again, what will you take action?
Access (Service Operation) The Process responsible for allowing Users to make use of IT Services,
Management data, or other Assets. Access Management helps to protect the Confidentiality, Integrity and
Availability of Assets by ensuring that only authorized Users are able to access or modify
the Assets. Access Management is sometimes referred to as Rights Mgmt or Identity Mgmt.
Application (Service Design) (Service Operation) The Function responsible for managing Applications
Management throughout their Lifecycle.
Asset (Service Transition) Asset Management is the Process responsible for tracking and reporting
Management the value and ownership of financial Assets throughout their Lifecycle. Asset Management is
part of an overall Service Asset and Configuration Management Process.
Availability (Service Design) Ability of a Configuration Item or IT Service to perform its agreed Function
when required. Availability is determined by Reliability, Maintainability, Serviceability,
Performance, and Security. Availability is usually calculated as a percentage. This
calculation is often based on Agreed Service Time and Downtime. It is Best Practice to
calculate Availability using measurements of the Business output of the IT Service.
Capacity (Service Design) The Process responsible for ensuring that the Capacity of IT Services and
Management the IT Infrastructure is able to deliver agreed Service Level Targets in a Cost Effective and
timely manner. Capacity Management considers all Resources required to deliver the IT
Service, and plans for short, medium and long term Business Requirements.
Change (Service Transition) The Process responsible for controlling the Lifecycle of all Changes. The
Mgmt primary objective of Change Management is to enable beneficial Changes to be made, with
minimum disruption to IT Services.
Configuration (Service Transition) The Process responsible for maintaining information about
Management Configuration Items required to deliver an IT Service, including their Relationships. This
information is managed throughout the Lifecycle of the CI. Configuration Management is
part of an overall Service Asset and Configuration Management Process.
Escalation (Service Operation) An Activity that obtains additional Resources when these are needed to
meet Service Level Targets or Customer expectations. Escalation may be needed within any
IT Service Management Process, but is most commonly associated with Incident
Management, Problem Management and the management of Customer complaints. There
are two types of Escalation, Functional Escalation and Hierarchic Escalation.
Functional (Service Operation) Transferring an Incident, Problem or Change to a technical team with a
Escalation higher level of expertise to assist in an Escalation.
Hierarchic (Service Operation) Informing or involving more senior levels of management to assist in an
Escalation Escalation.
Incident (Service Operation) The Process responsible for managing the Lifecycle of all Incidents. The
Mgmt primary Objective of Incident Management is to return the IT Service to Users as quickly as
Information (Service Design) The Process that ensures the Confidentiality, Integrity and Availability of
Security an Organisation's Assets, information, data and IT Services. Information Security
Management Management usually forms part of an Organisational approach to Security Management
10/7/2018 12:55:02 PM 13
(ISM) which has a wider scope than the IT Service Provider, and includes handling of paper,
building access, phone calls etc., for the entire Organisation.

Information A set of Best Practice guidance for IT Service Management. ITIL is owned by the OGC and
Technology consists of a series of publications giving guidance on the provision of Quality IT Services,
Infrastructure and on the Processes and facilities needed to support them. See http://www.itil.co.uk/ for
Library (ITIL) more information.
Problem (Service Operation) The Process responsible for managing the Lifecycle of all Problems. The
Mgmt primary Objectives of Problem Management are to prevent Incidents from happening, and
to minimise the Impact of Incidents that cannot be prevented.
Release (Service Transition) The Process responsible for Planning, scheduling and controlling the
Management movement of Releases to Test and Live Environments. The primary Objective of Release
Management is to ensure that the integrity of the Live Environment is protected and that
the correct Components are released. Release Management is part of the Release and
Deployment Management Process.
The minimum software requirement for exchange2k3 server is:
1 dot.net framework 1.1 and 2.0
2 asp.net
3 smtp (simple mail transfer protocol)
4 nntp (network news transfer protocol)
5 wwwp (world wide web publication)
6 iis 6.0(internet information services)

Distribution List: Distribution list is a term sometimes used for a function of email clients where lists of
email addresses are used to email everyone on the list at once. This can be referred to as an electronic mail
shot. It differs from a mailing list, electronic mailing list or the email option found in an Internet forum as it is
usually for one way traffic and not for coordinating a discussion. In effect, only members of a distribution list
can send mails to the list.
Exchange 2003 Forestprep: Exchange 2003 Forestprep extends the AD schema to include Exchange
specific information.
Exchange 2003 Domainprep: Exchange 2003 Domainprep creates the groups and permissions necessary
for Exchange servers to read and modify user attributes.

Dynamic DNS: Dynamic DNS allows servers to dynamically update and create records in DNS. Dynamic DNS
is used by the Exchange server to create server records and other entries used by the Exchange Servers for
things like message routing.
VLAN (Virtual LAN), a network of computers that behave as if they are connected to the same wire even
though they may actually be physically located on different segments of a LAN. VLANs are configured
through software rather than hardware, which makes them extremely flexible. One of the biggest
advantages of VLANs is that when a computer is physically moved to another location, it can stay on the
same VLAN without any hardware reconfiguration.
Benefits of VLAN:1)Provides n/w security, 2)Provides Broadcast control, 3)Efficient usage of bandwidth,
4)Physically you can move the host to any location, it will remain in same VLAN.
VPN (Virtual Private Network): A VPN is a network technology that creates a secure network connection over a public
network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions,
and government agencies use VPN technology to enable remote users to securely connect to a private network.
A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend
intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect
campuses that can be distributed across the country or around the world.
Layer Name Protocols Devices Function
7 Application SMB, NCP, FTP, TFTP, Gateways Program-to-program communication.
6 Presentation NCP, Telnet, FTP, TFTP, Gateways Manages data presentation conversions. e.g., the
NFS, SNMP, SMTP Presentation Layer would be responsible for
converting from EBCDIC to ASCII.
5 Session Telnet, FTP, TFTP, NFS, Gateways Responsible for establishing & maintaining
SNMP, SMTP communications channels. In practice, this layer is
often combined with the Transport Layer.
4 Transport SPX, TCP, UDP, NetBEUI Gateways Responsible for end-to-end integrity of data
10/7/2018 12:55:02 PM 14
3 Network IPX, IP, ICMP, RIP, OSPF, Routers & Routes data from one node to another.
EGP, IGMP, NetBEUI, DLC, Brouters
2 Data Link HDLC, ARP, RARP,NDIS, Switches, Responsible for physically passing data from one
ODI, LLC, SAP Brouters & node to another.
1 Physical CSMA/CD & Token Repeaters Manages putting data onto the network media and
Passing taking the data off.
Repeater Physical A network device used to regenerate or replicate a signal. Repeaters are used in
transmission systems to regenerate analog or digital signals distorted by transmission loss. Analog repeaters
frequently can only amplify the signal while digital repeaters can reconstruct a signal to near its original
quality. In a data network, a repeater can relay messages between sub-networks that use different protocols
or cable types. Hubs can operate as repeaters by relaying messages to all connected computers. A repeater
cannot do the intelligent routing performed by bridges and routers.
Bridge Data Link A device that connects two local-area networks (LANs), or two segments of the same LAN.
The two LANs being connected can be alike or dissimilar. For example, a bridge can connect an Ethernet with
a Token-Ring network. Unlike routers, bridges are protocol independent. They simply forward packets without
analyzing and re-routing messages. Consequently, they're faster than routers, but also less versatile.
Router Network A device that connects two LANs. Routers are similar to bridges, but provide additional
functionality, such as the ability to filter messages and forward them to different places based on various
criteria. The Internet uses routers extensively to forward packets from one host to another.
Brouter Data Link/Network Short for bridge router, a device that functions as both a router and a bridge. A
brouter understands how to route specific types of packets, such as TCP/IP packets. Any other packets it
receives are simply forwarded to other network(s) connected to the device (this is the bridge function).
SNMP(Simple Network Management Protocol): SNMP is a management tool used to monitor and control
remote network devices. It can be used to poll specific information from the agent. An SNMP community is a
functional group of SNMP agents and managers. Agents receive requests and report information to the SNMP
managers for the communities the agents belongs to. An SNMP trap is an alert, that under predefined
conditions or thresholds, the SNMP agent sends to the SNMP manager.
Server Clusters: A cluster consists of two or more computers working together to provide a higher level of
availability, reliability, and scalability than can be obtained by using a single computer. Microsoft cluster
technologies guard against three specific types of failure:
* Application and service failures, which affect application software and essential services.
* System & hardware failures, which affect hardware components such as CPUs, drives, memory, network
adapters, & power supplies.
* Site failures in multisite organizations, which can be caused by natural disasters, power outages, or
connectivity outages.

Types of Server Clusters:

1. Single quorum device cluster, also called a standard quorum cluster: In this type of cluster there are
multiple nodes with one or more cluster disk arrays, also called the cluster storage, and a connection device,
that is, a bus. Each disk in the array is owned and managed by only one server at a time. The disk array also
contains the quorum resource.
2. Majority node set cluster: In a majority node set cluster, each node maintains its own copy of the cluster
configuration data. The quorum resource keeps configuration data consistent across the nodes. For this
reason, majority node set clusters can be used for geographically dispersed clusters. Another advantage of
majority node set clusters is that a quorum disk can be taken offline for maintenance and the cluster as a
whole will continue to operate.
3. Local quorum cluster, also called a single node cluster: Has a single node and is often used for testing.

10/7/2018 12:55:02 PM 15
Available features in Windows Server 2003 clusters
1) Configuration and administration
 You can have 8-node clusters in Windows Server 2003, Enterprise Edition and Windows Server 2003,
Datacenter Edition.
 There is 64-bit support (IA-64) for Windows Clustering available in Windows Advanced Server and
Windows Datacenter Server.
 Windows Clustering is installed by default; you only need to configure a cluster by starting Cluster
Administrator or by scripting the configuration with Cluster.exe
 Analysis of the nodes configuration occurs prior to the installation process so that problems are easily
identified. The Analysis phase warns you if either File Server for Macintosh or Network Load Balancing is
installed. If the node is configured to use DHCP for any of the network interfaces or the system has any
Dynamic Disk, the Analysis phase will issue a warning because these do not work properly on a server
 Terminal Server can be installed in Application mode with Windows Clustering configured.
 The ability to change the cluster role, priority, and network name has been removed from the Cluster
Configuration Wizard.
 The default size of the "Reset quorum log at" parameter has been increased to 4096 Kilobytes (KB).
 You no longer need to restart the computer after you install or uninstall the Windows Clustering.
Windows Clustering and associated drivers can be started and stopped dynamically.
 If a node is not attached to a shared network directory, it automatically configures a Local Quorum
resource. With this, you can test applications on a cluster without necessarily having the Cluster service
 The process of uninstalling Windows Clustering is more efficient; you only need to evict the node
through Cluster Administrator or Cluster.exe so that the node is no longer configured for Windows
Clustering support. There is also a new switch for Cluster.exe that forces the uninstall if there is difficulty
accessing Cluster Administrator: cluster node nodename /force
 Rolling upgrades are supported from Windows 2000 to Windows Server 2003 products.
 You can now configure a server cluster in the Configure Your Server Wizard, which starts during the
first logon procedure, thereby simplifying configuration.
 You no longer need to select which disk is going to be used as the Quorum Resource; it is
automatically configured on the smallest disk that is larger then 50 megabytes (MB) and that is formatted
with the NTFS File System. The option to move the Quorum Resource to another disk is available during
Setup or after the cluster has been configured.
 You can remotely install and configure a cluster with Cluster Administrator or Cluster.exe. Refer to the
Help and Support Center under "Server Clusters" for more details.
2) Support and troubleshooting
 A new Windows Clustering recovery tool decreases the time it takes to do a disk replacement and
restore registry check point files in Windows Server 2003.
 New configuration process with increased analysis displayed on the screen and to the following log file:
 When disk corruption is suspected, the Cluster service reports the results of the CHKDSK command-
line utility in several places. Results are logged in the Application log and the Cluster.log file. In addition,
the Cluster.log file references a log file in which detailed CHKDSK output is recorded.
 The Cluster service adjust more efficiently to shared disk changes in regards to size changes and drive
letter assignments. The Cluster service works directly with Volume Mount Manager and no longer directly
uses the DISKINFO or DISK keys. These keys are maintained for compatibility with earlier versions of
Windows Clustering. If you increase the size of a shared disk, Windows Clustering can now dynamically
adjust to it, which resolves several issues with regards to bringing modified disks online.
 Windows Server 2003 Clustering introduces Software Tracing that will produce more information to
assist in troubleshooting Windows Clustering issues.
 The Cluster log readability is improved by adding error levels (similar to Event logs) that can help
identify problem areas: Info = Informational Entries, Warn = Warning Entries, Err = Error Entries
 Cluster logs now display the server's local time in a log entry when Windows Clustering starts. This
feature assists you when you are comparing Event log entries to Cluster logs.
 A Windows Clustering Object file (Windows_folder\Cluster\cluster.oml) is automatically created and
maintained that contains a mapping of globally unique identifiers (GUIDs) to resource name mappings.
3) Resources
 Creating a print server on a cluster is easier with Windows Server 2003 clusters. Printer drivers are
now copied over to all nodes when you install a printer on the virtual server.
 Windows Server 2003 clusters can use 32-bit cluster resources, which makes the migration of Windows
2000 clusters to 64-bit clusters more cost effective by allowing the use 32-bit applications in the cluster.
 In Windows Server 2003, there is a new quorum-capable resource name "Majority Node Set" (MNS).
With MNS, you can configure a multi-node cluster without using a common shared disk.

10/7/2018 12:55:02 PM 16
 You now have the ability to create a Generic Script resource in addition to Generic Applications and
Services. With new Message Queuing triggers resource, you can have multiple Message Queuing resources
on a cluster, which allows Active/Active configurations.
 Distributed Transaction Coordinator (DTC) installation is simplified; just create the resource and it will
run the installation and configure DTC for you on all nodes.
 Volume mount points are now supported on the shared disk and can work properly during a failover.
 Windows Clustering has been optimized for Storage Area Networks (SAN). The Windows Clustering
device driver has been modified to do targeted device resets when arbitrating for a disk versus an entire
system bus reset.
 Client Side Caching (CSC) is now supported for clustered File Share resources.
 With a Windows Server 2003 cluster, you can create multiple stand-alone DFS roots. The following
capabilities and features also exist:
A cluster can export multiple namespaces
Finer granularity of failover (faster failover time)
Each root can failover independently
Roots can be in different virtual servers
Active/Active configurations are supported
4) Network enhancements
 Windows Server 2003 is now Active Directory-aware. With Windows Server 2003:
You can publish a Network Name as a computer object in Active Directory.
Kerberos authentication for virtual servers is provided and a default location for services (such as
Message Queuing) to publish service control points.
You can run Active Directory-aware applications as a clustered application.
 Windows Server 2003 clusters offer enhanced cluster network integration with configuration. If
network connectivity is lost, the TCP/IP stack is not unloaded, which occurred in Windows 2000 by default.
With Windows Server 2003, you no longer have to set the DisableDHCPMediaSense registry key.
 The internal communications (Heartbeat) in the Windows Server 2003 cluster is now on Multicast to
reduce network traffic, which enhances support for server clusters with more than two nodes. If multicast
communication fails for any reason, the internal communications revert to unicast. All internal
communications are signed and secure.
 Windows Server 2003 provides enhanced logic for failover when there has been a complete loss of
internal communication; the network state for public communication of all nodes is now taken into
4) Operations
 The extension of a partition into free space for the shared disk is more streamlined with the included
Diskpart utility.
 When you use the move group command on a cluster with more than two nodes, you can choose the
Best Possible option. There is also enhanced logic for dealing with failures of nodes or resources as to
which node it should fail resources over to.
 You do not have to take the cluster nodes offline to change the password for the Cluster service
 You can delete resources in Cluster Administrator or with Cluster.exe without first taking them offline.
The Cluster service takes them offline automatically and then deletes them.
 Windows Management Instrumentation (WMI) scripting support is now provided. WMI, with regards to
clustering, can:
Script ability for management operations.
Obtain access to status information for the monitoring of clusters.
 Newly increased Backup and Restore functionality exists. You can actively restore the cluster
configuration of the local cluster nodes, or you can restore the cluster information to all nodes in the
cluster. A node restoration is also built into Automatic System Recovery (ASR). ASR restores the disk
signatures for all disks (including shared), rebuilds the nodes operating system, and restores the local
cluster registry.
 Drive letter changes and Physical Disk resource failover is updated to the terminal server client's
 Cluster service queues up changes that need to be completed if a node is offline. e.g. if a node is
offline & is evicted from the cluster by a remaining node, the cluster service is uninstalled the next time
the evicted node attempts to join the cluster. This also holds true for applications as well. DTC
automatically configures the DTC resource on an offline or newly added node to a cluster when it joins the
Virtualization: Allows to create multiple virtual machines on a single physical server. Allows to run multiple
operating System environment in a single Physical server. Better utilization of Hardware resources - CPU,
Memory, Reduces the need for huge number of Physical servers.

10/7/2018 12:55:02 PM 17
VMware ESX Server 3 is Server Virtualization product. Operating system built using linux kernel. Allows you
to create & run multiple virtual Machines all at the same time. Allows you to create multiple virtual networks.
Supports multi-processors, massive amounts of RAM, SAN , ISCSI Storage. Runs directly on hardware, Offers
a remote GUI or web console
Multiprocessing, SAN/iSCSI Support, Boot from SAN, Virtual Networking
Memory Sharing, 64 GB RAM for each Virtual Machine, 4 Virtual processor per Virtual Machine
32 CPU’s & 256 GB RAM & 128 Virtual Machines per server, Allows to Clone virtual machines
Deploy VM from templates, Standardize deployment of O/S, Applications
Move VM from one ESX Server to another ESX Server in running state
Move VM Files from one ESX Server storage to another ESX Server in running state
Deploy MSCS across VM.

ESX File structure :

/etc/vmware/ - Configuration files & Application
/sbin - ESX Commands
/var/log - Log files
/vmfs - Storage devices
/proc - Physical devices

VMWare Tools: VMware Tools is a suite of utilities that can be installed on VMs & contains drivers &
applications that help optimize the guest operating system to run on a VMware host. VMware Tools is bundled
with all ESX/ESXi hosts, & there are different versions of it that are specific to different operating system
types. VMware Tools is not required for a VM to run, but it is highly recommended that you install it for the
added functionality (e.g. time synchronization) & the benefits that it provides. VMware Tools contains the
following components:
Enhanced and optimized device drivers, including video, network, SCSI, memory, mouse, and a sync driver
designed to work with Consolidated Backup
A Control Panel inside the guest os that enables you to change certain settings & connect/disconnect virtual
drives. A memory balloon driver that inflates and deflates to optimize the memory management of the host
server. Installs into guest OS like an application, Device drivers Manual connection and disconnection of few
devices during powered on. Improved Mouse, Memory Management. Time synchronization, Ability to
gracefully shutdown virtual Machine.

Datastores: Datastores are special logical containers, analogous to file systems, that hide specifics of each
storage device and provide a uniform model for storing virtual machine files. Datastores can be also used for
storing ISO images, virtual machine templates, and floppy images. Storage space is presented to your ESX
Server as a LUN.
A LUN is a logical volume that represents storage space on a single physical disk or on a number of disks
aggregated in a disk array. A single LUN can be created from the entire space on the storage disk or array, or
from a part of the space, called partition.

VMFS (Virtual Machine File System): VMFS is VMware's unique clustering file system which allows for
multiple hosts to read and write from the same storage location concurrently. It has adaptive block sizing
and uses both large block sizes favored by virtual disk I/O and sub-block allocation for small files and
directories. Uses on-disk disk file locking to ensure that the same virtual machine is not powered on by
multiple servers at the same time.

VCenter Server
Allows to manage multiple ESX Servers, Allows to centralize Administration of ESX Servers,
Allows to organize ESX Servers on hierarchical way,
Allows delegation of administration on ESX Servers, Virtual machines based on hierarchy,
Allows to Clone to Virtual machines across ESX Servers,
Allows to migrate virtual machines from one ESX Server to another ESX Server,
Allows to schedule tasks, Allows to configure alarms for notification,
Vmware HA, Vmware DRS, Allows to integrate the other applications,
VCB, Enterprise converter, Update manager, Capacity Planner, VC Architecture

Software construct, provides network connectivity for an ESX Server, VM , IP Storage
Default 56 ports will be associated for a New switch
Maximum of 1016 ports per Vswitch, Maximum of 4064 ports per ESX Server
Maximum 127 Vswitches can be created on a Single host
Maximum of 512 port groups on a single host
Maximum of 16 service console ports in ESX Server 3.
Each VM will have its own MAC Address
10/7/2018 12:55:02 PM 18
Physical adaptors are identified as Vmnic#
Physical adaptors are mapped to Virtual switches
Vswitch are identified by Vswtich#
Vswitch can be mapped to multiple Physical adaptors.

Vmotion: VMware VMotion enables the live migration of running virtual machines from one physical server to
another with zero downtime, continuous service availability, and complete transaction integrity. VMotion
allows IT organizations to
� Continuously and automatically allocate virtual machines within resource pools.
� Improve availability by conducting maintenance without disrupting business operations

How Vmotion works?

1. The migration request is made to move the VM from ESX1 to ESX2.
2. vCenter Server verifies that the VM is in a stable state on ESX1.
3. vCenter Server checks the compatibility of ESX2 (CPU, networking, & so on) to ensure that it matches that
of ESX1.
4. The VM is registered on ESX2.
5. The VM state information (including memory, registers, and network connections) is copied to ESX2.
Additional changes are copied to a memory bitmap on ESX1.
6. The VM is quiesced on ESX1, and the memory bitmap is copied to ESX2.
7. The VM is started on ESX2, and all requests for the VM are now directed to ESX2.
8. A final copy of the VM’s memory is done from ESX1 to ESX2.
9. The VM is unregistered from ESX1.
10. The VM resumes operation on ESX2.

Storage VMotion: Storage VMotion is a new feature introduced in ESX 3.5, it allows you to migrate a running
virtual machine and its disk files from one datastore to another on the same ESX host.
The difference between VMotion and Storage VMotion is that VMotion simply moves a virtual machine from
one ESX host to another but keeps the storage location of the VM the same, Storage VMotion on the other
hand changes the storage location of the virtual machine while it is running and moves it to another datastore
on the same ESX host. The virtual machine can be moved to any datastore on the ESX host which includes
local and shared storage.

Storage VMotion - How It Works

1. New virtual machine directory is created on the target datastore, virtual machine configuration files
and all non-virtual disk files are copied to the target directory.
2. ESX host does a “self” VMotion to the target directory.
3. A snapshot (without memory) is taken of the virtual machines disks in the source directory.
4. Virtual machine disk files are copied to the target directory.
5. Snapshot that is located in the source directory is consolidated into the virtual machine disk files
located in the target directory.
6. Source disk files and directory are deleted.

Vmware High Availability (HA): Automatic restart of VM on the other ESX server in case of Physical server
failures. Provides HA for VM’s. Continuously monitors all hosts in a cluster and restarts VMs affected by a host
failure on other hosts. Can also monitor guest OS for a failure via heartbeat & restart them on the same host
in case of a failure. Continuously monitors and chooses the optimal physical servers within a resource pool on
which to restart virtual machines (if used in conjunction with DRS)

Vmware Consolidate Backup (VCB): Virtual machine contents the virtual machine data you back up can
include virtual disks or Raw Device Mappings (RDMs), Configuration files, and so on. VCB is a Windows based
application that provides a centralized backup facility to backup virtual machines through a proxy server
without affecting the virtual machine itself. VCB is an alternative to traditional agent based backup methods
and is an enablement technology; it cannot backup virtual machines by itself but instead works with 3rd party
backup products to help offload backup overhead from virtual machines and host servers.

VMware Consolidated Backup (VCB) Advantages

VMware Consolidated Backup addresses most of the problems you encounter when performing traditional
backups. Consolidated Backup helps you to:
􀂄 Reduce the load on your ESX Server systems by moving the backup tasks to one or more dedicated backup
􀂄 Avoid congesting and overloading the data center network infrastructure by enabling LAN free backup.
􀂄 Eliminate the need for a backup window by moving to a snapshot based backup approach.
􀂄 Simplify backup administration by making optional the deployment of backup agents in each virtual
machine you back up.

10/7/2018 12:55:02 PM 19
􀂄 Back up virtual machines that are powered off.

Consolidated Backup offers the following features:

􀂄 Offloads backup processes to a dedicated physical host (VCB proxy).
􀂄 Eliminates the need for a backup window by using VMware virtual machine snapshot technology.
􀂄 Doesn’t require backup agents in virtual machines.
􀂄 Works with industry leading backup applications allowing you to take advantage of their advanced
scheduling and backup management features.
􀂄 Doesn’t restrict the use of Fibre Channel tapes.
􀂄 Supports file-level backups for virtual machines running Microsoft Windows guest operating system.
􀂄 Supports image-level backups for virtual machines running any guest operating system.

Distributed Resource Scheduler (DRS): DRS enables your virtual environment to automatically balance
itself across your host servers in an effort to eliminate resource contention. It utilizes the VMotion feature to
provide automated resource optimization & automatic migration of virtual machines across hosts in a cluster.
Distributed Power Management (DPM) (experimental) can consolidate workloads & power off hosts during
periods of low activity. When activity increases DPM brings hosts back online so service levels can be met.

vSMP: The virtual SMP (vSMP) feature allows you to assign more than one virtual CPU to a virtual machine.
Up to 4 virtual CPUs can be assigned to any virtual machines.
Just because you can assign a virtual machine more than one vCPU doesn’t mean you always should. The
reason for this is the hypervisor’s CPU scheduler must find simultaneous cores available equal to the number
assigned to the VM.

VMware Update Manager: Update Manager is a new feature introduced in ESX 3.5 that provides automated
patching of ESX & ESXi hosts and select Microsoft Windows and Linux virtual machine operating systems and
applications. Update Manager can scan hosts and certain guest operating systems and compare them to a
baseline and then apply updates and patches to them.
Update Manager is integrated with DRS so hosts can be patched without effecting virtual machines (as
long as the virtual machines are on shared storage)
1. How do check the status of VERITAS Cluster Server aka VCS? hastatus –sum
2. Which is the main config file for VCS and where it is located?
Ans: main.cf is the main configuration file for VCS and it is located in /etc/VRTSvcs/conf/config.
3. Which command you will use to check the syntax of the main.cf ?
Ans: hacf -verify /etc/VRTSvcs/conf/config
4. How will you check the status of individual resources of VCS cluster? hares –state
5. What is the service group in VCS ?
Ans: Service group is made up of resources & their links which you normally requires to maintain the HA of
6. What is the use of halink command ? halink is used to link the dependencies of the resources
7. What is the difference between switchover and failover ?
Ans: Switchover is an manual task where as failover is automatic. You can switchover service group from
online cluster node to offline cluster node in case of power outage, hardware failure, schedule shutdown and
reboot. But the failover will failover the service group to the other node when VCS heartbeat link down,
damaged, broken because of some disaster or system hung.
8. What is the use of hagrp command ?
Ans: hagrp is used for doing administrative actions on service groups like online, offline, switch etc.
9. How to switchover the service group in VCS ? hagrp –switch -to
10. How to online the service groups in VCS ? hagrp –online –sys

10/7/2018 12:55:02 PM 20