Windows 7 / Windows 2008 R2 I/O Subsystem Logical View


Windows I/O subsystem manages and provides interface to hardware devices for several applications and for Operating System. The design goals of Windows I/O system is to provide device abstraction ( DMA/ hardware abstraction layer/ bus drivers) for hardware and software components

Below is the logical view Windows I/O manager functions.

Windows IO function Logical diagram

Security Token Service Integration using WS Protocols


Details:

There are three documents in this download associated with interoperability for the Works with Office 365 – Identity program. First is the paper that details the agreement for STSs to Interop with Azure Active Directory using the WS-Federation and WS-Trust protocols. The second is the paper which specifies the scenarios for STS testing that Microsoft use for qualification in the Works with Office 365 – Identity program. The third is the program guide for partners for the Works with Office 365 – Identity program. This enables use of a third party Identity Provider to be used for authentication by Office 365 and other Microsoft services that use Azure Active Directory.

Download Link:

http://www.microsoft.com/en-us/download/details.aspx?id=41185

Active Directory Partitions and Replicas In a Forest


Active Directory Partitions and replicas form firm foundation for Active Directory Replication. For any enterprise Active Directory infrastructure, there will be 10’s to 100’s of Domain Controllers spanned across different sites supporting multiple Active Directory Domains in a Forest.

Below table lists Active Directory Partitions and its roles.

 

Serial Number Active Directory Partition Forest Wide Domain Wide What does it store Replication
1 Configuration Partition Yes. only one Configuration partition per Forest Store information about Sites, services , extended permissions etc.. Replicate across all Domain controllers in the Forest
2 Schema Partition Yes. only one Schema partition per Forest Schema definitions, classes , attribute definitons of all AD Objects Replicate across all Domain controllers in the Forest
3 Domain Partition Yes. One Per Domain Stores user objects, Computer objects , Organizational Units, Groups etc.. Replicated only to Domain controllers within Domain
4 Domain Partition (Global Catalog) Yes. One Per Domain Stores partial set of attributes from different directory partitions ( domains) Replicated across all Domain controllers in the Forest
5 Application Partition Yes. Any number of Application Partitions Stores application specific data Replicated across specific Domain Controllers in the Forest

 

 
With the information above, we will do a little math on a conceptual Organization which is spread across different sites and having two Active Directory Domains in a AD Forest.

Solution Architecture Diagram 

 

 

AD Forest

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Active Directory Replica Chart

Domain AD Sites Domain Controller Configuration Partition Schema Partition Domain Partition A  Domain Partition B
Domain A Primary Site Global Catalog PS Full Replica Full Replica Full Replica Partial Replica
Domain A Primary Site Domain Controller 1 PS Full Replica Full Replica Full Replica
Domain A Primary Site Domain Controller 2 PS Full Replica Full Replica Full Replica
Domain A Branch Site 1 Global Catalog BS1 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain A Branch Site 2 Global Catalog BS2 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 2 Domain Controller BS2 Full Replica Full Replica Full Replica
             
Domain B Primary Site Global Catalog PS Full Replica Full Replica Partial Replica Full Replica
Domain B Primary Site Domain Controller PS Full Replica Full Replica Full Replica
Domain B Branch Site 1 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain B Branch Site 2 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 2 Domain Contorller BS1 Full Replica Full Replica Full Replica

 

 

 

 

 

Active Directory Directory System Agent


The directory system agent (DSA) is a collection of services and processes that run on each Windows 2000 Server and later domain controller and provides access to the data store. The data store is the physical store of directory data located on a hard disk. In Active Directory Domain Services, the DSA is part of the local system authority (LSA) subsystem. Clients access the directory using one of the following mechanisms supported by the DSA. This document provides details about Active Directory Directory System Agent implemenation and practical view of the component. DSA is the primary component for Active Directory LDAP operations and helps Administrators to understand the implementation aspects of the component.

 

Please follow the below link to download the document , hope it helps !

http://gallery.technet.microsoft.com/Active-Directory-Directory-cca49b03

Windows Security Support Provider Architecture


The SSPI in Windows provides a mechanism that carries authentication tokens over the existing communication channel between the client computer and server. When two computers or devices need to be authenticated so that they can communicate securely, the requests for authentication are routed to the SSPI, which completes the authentication process, regardless of the network protocol currently in use.

 

Windows Security Support Provider Architecture

Windows Security

Running Wireshark on Windows 8.1 Enterprise


You might get excited to run the greatest Network Sniffer utility on Windows 8.1 before you hit a show stopper. The show stopper is huge and possible bug or un support feature in Windows 8.1 of not being able to hook to Network Interface.

 

The installation of Wireshark goes smooth on Windows 8.1 , when you try to associate Network Adapter , you will be presented with the error message

There are no interfaces on which a capture can be done” and you might try the well known troubleshooting article http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

but you soon realize , you have executed the executable under Administrator privileges , but still  you are unable to associate Network Adapter.

 

Issue: The issue lies with Winpcap.exe component which is currently unsupported on Windows 8.1

File Version: Wireshark 1.12.0 and WinPcap 4.1.3

Resolution: Assuming the fact that, Administrator has already installed Wireshark, follow the below steps

 

Step1: Uninstall Winpcap.exe from C:\Program Files (x86)\Winpcap\uninstall.exe

Step2: Navigate to C:\Program Files\Wireshark\winpcap.exe and set the Compatibility level to run under Windows 7 as shown below

Winpcap

Step3: Run the WinPcap executable. Upon successful installation, restart Wireshark and Administrator will be able to bind the Network adapter successfully.

 

If its a new installation on Windows 8.1, Administrator can set the compatibility level for WinPcap and run the file during installation.