Am I a GC?


Am I a GC ? or DC ?

The answer is fun to find out whether a Domain Controller is Global Catalog server which has several ways to find out

I. ADUC:

Open Active Directory Users and Computers –>Right click on Domain –> select Change Domain Controller

DSA-change DC dsa-change dc2

II. ADSIEdit Output:

There are three important attribute types which are important in AD

  • System Only
  • Constructed and
  • Backlinks

Constructed attributes are most important attributes in AD which provides advance interpretation of AD operations. One such attribute is msds-isgc, this attribute identifies the state of Global Catalog Server.

ISGC-ADSIedit

III. DSQuery

Global catalog status can be viewed using DSQuery tool as shown below

ISGC-DSQuery

IV NLTest:

Global Catalog status can be found using NLTest tool through Flags Status as shown below

ISGC-NLTest1

ISGC-NLTest2

V. LDP:

One other tool to view Global catalog status is by using LDP tool. Please note that Constructed Attribute cannot be viewed using standard LDP interface instead, a search should be made to view the status of a Global Catalog Server as shown below.

ldp -isgc

Other tools include PowerShell or DS API requires DN path to search for the value.

DNS Default Server : unknown


DNS Default Server: Unknown , this is the most common message Users see when they enter nslookup. This message means the DNS server which is configured on the client is not able to resolve itself / there is no pointer record configured for the DNS server.

DNS Server Unknown

To resolve the error, DNS administrator should ensure, there is an associated PTR record registered in the zone’s reverse lookup zone and test the nslookup command which should populate the DNS server name

Windows 7 / Windows 2008 R2 I/O Subsystem Logical View


Windows I/O subsystem manages and provides interface to hardware devices for several applications and for Operating System. The design goals of Windows I/O system is to provide device abstraction ( DMA/ hardware abstraction layer/ bus drivers) for hardware and software components

Below is the logical view Windows I/O manager functions.

Windows IO function Logical diagram

Security Token Service Integration using WS Protocols


Details:

There are three documents in this download associated with interoperability for the Works with Office 365 – Identity program. First is the paper that details the agreement for STSs to Interop with Azure Active Directory using the WS-Federation and WS-Trust protocols. The second is the paper which specifies the scenarios for STS testing that Microsoft use for qualification in the Works with Office 365 – Identity program. The third is the program guide for partners for the Works with Office 365 – Identity program. This enables use of a third party Identity Provider to be used for authentication by Office 365 and other Microsoft services that use Azure Active Directory.

Download Link:

http://www.microsoft.com/en-us/download/details.aspx?id=41185

Active Directory Partitions and Replicas In a Forest


Active Directory Partitions and replicas form firm foundation for Active Directory Replication. For any enterprise Active Directory infrastructure, there will be 10’s to 100’s of Domain Controllers spanned across different sites supporting multiple Active Directory Domains in a Forest.

Below table lists Active Directory Partitions and its roles.

 

Serial Number Active Directory Partition Forest Wide Domain Wide What does it store Replication
1 Configuration Partition Yes. only one Configuration partition per Forest Store information about Sites, services , extended permissions etc.. Replicate across all Domain controllers in the Forest
2 Schema Partition Yes. only one Schema partition per Forest Schema definitions, classes , attribute definitons of all AD Objects Replicate across all Domain controllers in the Forest
3 Domain Partition Yes. One Per Domain Stores user objects, Computer objects , Organizational Units, Groups etc.. Replicated only to Domain controllers within Domain
4 Domain Partition (Global Catalog) Yes. One Per Domain Stores partial set of attributes from different directory partitions ( domains) Replicated across all Domain controllers in the Forest
5 Application Partition Yes. Any number of Application Partitions Stores application specific data Replicated across specific Domain Controllers in the Forest

 

 
With the information above, we will do a little math on a conceptual Organization which is spread across different sites and having two Active Directory Domains in a AD Forest.

Solution Architecture Diagram 

 

 

AD Forest

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Active Directory Replica Chart

Domain AD Sites Domain Controller Configuration Partition Schema Partition Domain Partition A  Domain Partition B
Domain A Primary Site Global Catalog PS Full Replica Full Replica Full Replica Partial Replica
Domain A Primary Site Domain Controller 1 PS Full Replica Full Replica Full Replica
Domain A Primary Site Domain Controller 2 PS Full Replica Full Replica Full Replica
Domain A Branch Site 1 Global Catalog BS1 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain A Branch Site 2 Global Catalog BS2 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 2 Domain Controller BS2 Full Replica Full Replica Full Replica
             
Domain B Primary Site Global Catalog PS Full Replica Full Replica Partial Replica Full Replica
Domain B Primary Site Domain Controller PS Full Replica Full Replica Full Replica
Domain B Branch Site 1 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain B Branch Site 2 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 2 Domain Contorller BS1 Full Replica Full Replica Full Replica

 

 

 

 

 

Active Directory Directory System Agent


The directory system agent (DSA) is a collection of services and processes that run on each Windows 2000 Server and later domain controller and provides access to the data store. The data store is the physical store of directory data located on a hard disk. In Active Directory Domain Services, the DSA is part of the local system authority (LSA) subsystem. Clients access the directory using one of the following mechanisms supported by the DSA. This document provides details about Active Directory Directory System Agent implemenation and practical view of the component. DSA is the primary component for Active Directory LDAP operations and helps Administrators to understand the implementation aspects of the component.

 

Please follow the below link to download the document , hope it helps !

http://gallery.technet.microsoft.com/Active-Directory-Directory-cca49b03