Our Vision

We believe in ourselves, we are professional and do what we say we will do.

Our Mission

We strive to add value to our customers to our company and to our profession.

Our Values

We work as a team to provide Quick response with Friendly and supportive team and low cost service to make our customers happy.

Our Values

We respect our customers and each other and conduct with fairness and integrity.

Our Values

We honor what we do, value friendship and family, celebrate success and have fun

Tuesday, January 30, 2018

Windows Server 2016 New features and Interview Questions

Windows Server 2016 includes a large collection of new features such as Containers, Nano Server, Shielded VM’s and many more. If you’re applying for a job that requires knowledge of Microsoft’s latest tech then I strongly recommend reading about Dockers and Containers, particularly if you're involved in deployments, development or DevOps. Nano Server is another addition to the trimmed down OS types, providing a minimal footprint with high resource capacity.

 Hyper-V on Windows Server 2016:

# Compatible with Connected Standby (new):When the Hyper-V role is installed on a computer that uses the Always On/Always Connected (AOAC) power model, the Connected Standby power state is now available.

# Discrete device assignment (new): This feature lets you give a virtual machine direct and exclusive access to some PCIe hardware devices. Using a device in this way bypasses the Hyper-V virtualization stack, which results in faster access.

 # Encryption support for the operating system disk in generation 1 virtual machines (new)
You can now protect the operating system disk using BitLocker drive encryption in generation 1 virtual machines. A new feature, key storage, creates a small, dedicated drive to store the system drive’s BitLocker key. This is done instead of using a virtual Trusted Platform Module (TPM), which is available only in generation 2 virtual machines. To decrypt the disk and start the virtual machine, the Hyper-V host must either be part of an authorized guarded fabric or have the private key from one of the virtual machine's guardians. Key storage requires a version 8 virtual machine.

#Host resource protection (new): This feature helps prevent a virtual machine from using more than its share of system resources by looking for excessive levels of activity. Use Windows PowerShell to turn it on or off. To turn it on, run this command:
Set-VMProcessor TestVM -EnableHostResourceProtection $true 

# You can now add or remove a network adapter while the virtual machine is running, without incurring downtime. This works for generation 2 virtual machines that run either Windows or Linux operating systems.


You can also adjust the amount of memory assigned to a virtual machine while it's running, even if you haven't enabled Dynamic Memory. This works for both generation 1 and generation 2 virtual machines, running Windows Server 2016 or Windows 10.


# Linux Secure Boot (new) Linux operating systems running on generation 2 virtual machines can now boot with the Secure Boot option enabled. Ubuntu 14.04 and later, SUSE Linux Enterprise Server 12 and later, Red Hat Enterprise Linux 7.0 and later, and CentOS 7.0 and later are enabled for Secure Boot on hosts that run Windows Server 2016

# More memory and processors for generation 2 virtual machines and Hyper-V hosts


# Nested virtualization (new) This feature lets you use a virtual machine as a Hyper-V host and create virtual machines within that virtualized host. This can be especially useful for development and test environments.

#Shared virtual hard disks (updated): You can now resize shared virtual hard disks (.vhdx files) used for guest clustering, without downtime. Shared virtual hard disks can be grown or shrunk while the virtual machine is online. Guest clusters can now also protect shared virtual hard disks by using Hyper-V Replica for disaster recovery.

#Shielded virtual machines (new):Shielded virtual machines use several features to make it harder for Hyper-V administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can't see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.



Windows Containers

Windows Containers allow many isolated applications to run on one computer system. They're fast to build and are highly scalable and portable. Two types of container runtime are available, each with a different degree of application isolation. Windows Server Containers use namespace and process isolation. Hyper-V Containers use a light-weight virtual machine for each container.
Key features include:
  • Support for web sites and applications using HTTPS
  • Nano server can host both Windows Server and Hyper-V Containers
  • Ability to manage data through container shared folders
  • Ability to restrict container resources

Nano Server

Windows Server 2016 offers a new installation option: Nano Server. Nano Server is a remotely administered server operating system optimized for private clouds and datacenters. It is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server. When it does restart, it restarts much faster. The Nano Server installation option is available for Standard and Datacenter editions of Windows Server 2016. 


Nano Server is ideal for a number of scenarios:
  • As a "compute" host for Hyper-V virtual machines, either in clusters or not
  • As a storage host for Scale-Out File Server.
  • As a DNS server
  • As a web server running Internet Information Services (IIS)
  • As a host for applications that are developed using cloud application patterns and run in a container or virtual machine guest operating system

    Security and Assurance

    Includes security solutions and features for the IT professional to deploy in your datacenter and cloud environment. For information about security in Windows Server 2016 generally, see Security and Assurance


    Just Enough Administration : Just Enough Administration in Windows Server 2016 is security technology that enables delegated administration for anything that can be managed with Windows PowerShell. Capabilities include support for running under a network identity, connecting over PowerShell Direct, securely copying files to or from JEA endpoints, and configuring the PowerShell console to launch in a JEA context by default. 
     
    Credential Guard: Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. 
     
    Remote Credential Guard: Credential Guard includes support for RDP sessions so that the user credentials remain on the client side and are not exposed on the server side. This also provides Single Sign On for Remote Desktop. 

    Device Guard (Code Integrity): Device Guard provides kernel mode code integrity (KMCI) and user mode code integrity (UMCI) by creating policies that specify what code can run on the server. 
     
    Windows Defender:  Windows Server Antimalware is installed and enabled by default in Windows Server 2016, but the user interface for Windows Server Antimalware is not installed. However, Windows Server Antimalware will update antimalware definitions and protect the computer without the user interface. If you need the user interface for Windows Server Antimalware, you can install it after the operating system installation by using the Add Roles and Features Wizard.

    Control Flow Guard: Control Flow Guard (CFG) is a platform security feature that was created to combat memory corruption vulnerabilities. 

There are a lot more features but the above are the main one which you may focus for now then build your kowledge on more features as you go.


Here are some question for knowledge test:

Dynamic memory is a great feature that allows you to manage the amount of memory that Hyper-V virtual machines consume. How would you identify the memory a virtual machine consumes when Dynamic Memory is not enabled?

 Answer:
View the amount of RAM listed under Static in the Memory page of the virtual machine

Comments:
When dynamic memory is not enabled, the virtual machine is given a static amount of RAM. This value is located under the Static section of the Memory page of the virtual machine settings.


Virtual Network Manager (available from the Hyper-V Manager snap-in) offers three types of virtual networks that you can use to define various networking topologies for virtual machines and the virtualization server.

Which type of virtual network is isolated from all external network traffic on the virtualization server, as well any network traffic between the management operating system and the external network.


Answer:Private virtual network

Comments:
Private virtual network is useful when you need to create an isolated networking environment, such as an isolated test domain. 


You are trying to create a Nano Server on a physical computer. You have copied the NanoServerImageGenerator folder from the ISO to create a VHD that will run Nano Server on a physical computer using the pre-installed device drivers.

When you try and run Import-Module .\NanoServerImageGenerator it doesn’t work. What did you forget to run?


Answer:
Set-ExecutionPolicy

Comments:
You might have to adjust the Windows PowerShell execution policy. Set-ExecutionPolicy RemoteSigned should work well.

Nano Server is distributed on the physical media, where you will find a NanoServer folder; this contains a .wim image and a subfolder called Packages. It is these package files that you use to add server roles and features to the VHD image, which you then boot to.

You want to create a VHD that will run Nano Server on a physical computer, using the pre-installed device drivers. You have copied the VHD to the physical computer and want to configure it to boot from this new VHD. What command should you use?


Answer:bcdboot

Comments:
The BCDboot tool is a command-line tool that enables you to manage system partition files. You can use it to set up Windows to boot to a virtual hard disk.

 You want to prevent a virtual machine from using more than its share of system resources by looking for excessive levels of activity. This will help prevent a virtual machine's excessive activity from degrading the performance of the host or other virtual machines.

Which PowerShell paramter should you use with Set-VMProcessor?


 Answer:
-EnableHostResourceProtection

Comments:
EnableHostResourceProtection specifies whether to enable host resource protection. When monitoring detects a virtual machine with excessive activity, the virtual machine is given fewer resources. This monitoring and enforcement is off by default.

You want to capture the state, data, and hardware configuration of a running virtual machine. Which checkpoint can be very useful if you need to recreate a specific state or condition of a running virtual machine so that you can troubleshoot a problem?
Answer:
Standard

Comments:
Standard checkpoints capture the state, data, and hardware configuration of a running virtual machine and are intended for use in development and test scenarios.

 You have created a new data volume using the following docker command:

docker run -it -v c:\new-data-volume windowsservercore cmd

New data volumes are stored on the host under 'c:\ProgramData\Docker\volumes'. Where will this data volume be accessible in the running container?

Answer:
c:\new-data-volume 


Faysal Hasan - is a IT System Engineer has with a passion for security. He worked in information technology service delivery for more than 7 years. He received his Bachelor in IT from Southern Cross University, Australia and has earned numerous technical certifications throughout his career. He is currently working as the System Engineer in Enterprise Operations looking after technology infrastructure for Victoria Police.

Monday, January 29, 2018

DNS Interview Questions and Answers Windows Server

What is Domain Name System (DNS)?
Domain Name System is a service to resolve the Name to IP Address and IP Address to Name, DNS also used to locate servers, computers and services on your network and DNS is backbone of Active Directory that can be installed on windows server as a standalone or Domain Controller

What is Static and Dynamic DNS Record?
Manually created DNS entry called static record and the record created automatically by the system/DHCP itself called Dynamic DNS Record, static records are not easy to manage as the IP adress changes will not update automatically, we have to update manually

What is Dynamic DNS (DDNS)?
Dynamic DNS or DDNS is a method of updating a DNS record, DDNS is preferred most of the organization since it’s easy to maintain and you always get the latest updated IP address of the servers and computers

What are the record types in DNS?
DNS has many types of records, A record or host records are mostly known to everyone, will explain all the record types in DNS

A (Address) Maps a host name to an IP address, Compute1 pointing to 192.168.100.100, When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
CNAME (Canonical Name) Sets an alias for a host name. Record pointing to different record like www.support.windowstricks.in can have an alias as www.windowstricks.in, so both the records are pointing to same page

MX (Mail Exchange) Specifies a mail exchange server for the domain, used for mail delivery which allows mail to be delivered to the correct mail servers

NS (Name Server) Specifies a name server for the domain, which is authoritative servers for the respective DNS Zone and allows DNS lookups within all DNS zones

PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.
SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone)


What is Caching Only Server?
Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site.

What are a Forward and Reverse Lookup?
  • Forward Lookup: Searching for A record, all the name query is send to the DNS server against to IP address, it is generally said a forward lookup.
  • Reverse Lookup: Searching for PTR records whicho provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address

What is Primary DNS zone?
This is the read and writable copy of a zone file in the DNS namespace. This is primary source for information about the zone and it stores the master copy of zone data in a local file or in AD DS. Dy default the primary zone file is named as zone_name.dns in Windows\System32\DNS folder on the server
If its AD integrated zone then all the records are stored in Domain partition on the Domain Controllers

What id Secondary DNS zone?
This is the read only copy of a zone file in the DNS namespace. This is secondary source for information about the zone and it get the updated information from the master copy of primary zone. The network access must be available to connect with primary server. As secondary zone is merely a copy of a primary zone that is hosted on another server, and secondary zone cannot be stored in AD


What is stub DNS Zone?
A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone, stub zone also used like DNS Forwarding and its practically used to resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.

A stub zone contains:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone

What is Aging and Scavenging?
Aging and Scavenging is a DNS server service which supports a mechanism for performing clean-up and removal of stale resource records which can accumulate in zone data over time. It helps to maintain the dynamic DNS environment by regular deletion of stale resource records from the DNS database. Some problems associated with stale records are: unnecessary space utilization long zone transfers, wrong resolution of the client query due to stale data, and accumulation of stale records on the DNS server can degrade its performance. These stale records problems can be resolved by the aging and scavenging features. Before using aging and scavenging features of DNS some conditions needed are:
1) Aging and scavenging features must be enabled on the DNS server and on the zone. By default, they are not enabled.
2) Resource records must be added dynamically to the zone or manually modified to be used in operations of aging and scavenging.

Aging
Aging is the process of identifying stale DNS records. It uses two intervals:
1) Non-Refresh interval
2) Refresh interval

Non-Refresh interval
This is the time period in which the resource records cannot be refreshed. It can be used to reduce the replication traffic in this time period to avoid the replication of the same information again.

Refresh interval
This is the time period in which the resource records can be refreshed.
Resource record refresh: This is a DNS dynamic update without changing the hostname and IP address.
If the non-refresh interval and refresh interval are 7 days, then the resource records can be considered as stale if not refreshed after 14 days. If the non-refresh interval and refresh interval are elapsed, then the resource records can be refreshed as long as they are not removed from the DNS zone. Aging uses a resource record time-stamp to identify if the record is stale or not.
Resource records having timestamp zero: These records are static records that are not stale records.
Resource records having timestamp not equal to zero: These records are dynamic records which represent the hour of the last refresh date.

Scavenging
Scavenging is the process of removal and clean-up of stale resource records from the DNS zone. The stale resource records will be removed only if the scavenging is enabled on the resource record,  where the resource record exists and at least one DNS hosting where the primary copy of the resource records exists.
Scavenging can be set in three places:
1) Individual record
2) Zone
3) Server
If scavenging is set on zone it will work only for dynamic records. It will work for manual entries only if it’s enabled for the zone. Once scavenging is set on zone this will enable it on DNS servers. The DNS server where the scavenging option enabled is responsible to scavenge the record. The server will log a DNS event 2501 to indicate the number of scavenging record and it will log a DNS event 2502 if no record where scavenged.

Scavenging formula:
Record timestamp+no refresh interval for zone+refresh interval for zone
If the sum of these values are greater the server time (current date and time on the DNS server) no action is taken and records are not deleted from the zone. If the sum is less than server time the records are deleted.

Aging and scavenging process for a sample record
Consider a DNS host “host-a.example.microsoft.com” register its host resource record on the DNS server where aging and scavenging are enabled. The DNS server set a time stamp for this record based on the current server time at the time of registration. The DNS server does not refresh the resource record for the duration of non-refresh interval. It can refresh the record before non-refresh interval if any update, such as the IP address of the host changes and it resets the time stamp accordingly. The DNS server refreshes the record after the non-refresh interval expires. During and after the refresh interval if any update comes it accepts and refresh the record. The server examines the subsequent scavenging and each record is compared to server time to determine whether the record should be removed and this is done by using scavenging formula.

Group Policy Interview Questions and Answers for Windows Administrator

What are group policies?
Group policies specify how programs, network resources, and the operating system work for users and computers in an organization. They are collections of user and computer configuration settings that are applied on the users and computers (not on groups). For better administration of group policies in the Windows environment, the group policy objects (GPOs) are used.

What is GPO?
Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and organizational units (OUs). The Windows 2000/2003 operating systems support two types of GPOs, local and non-local (Active Directory-based) GPOs.

What is Local GPOs/policy?
Local GPOs are used to control policies on a local server running Windows 2000/2003 Server. On each Windows  server, a local GPO is stored. The local GPO affects only the computer on which it is stored. By default, only Security Settings nodes are configured. The rest of the settings are either disabled or not enabled. The local GPO is stored in the %systemroot%SYSTEM32GROUPPOLICY folder.

What is Non-local Policy?
Non-local GPOs are used to control policies on an Active Directory-based network. A Windows  server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or computer objects. The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, where is the GPO’s globally unique identifier. Two non-local GPOs are created by default when the Active Directory is installed:
1. Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.
2. Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain controllers placed in this OU.
Multiple GPOs

GPO Apply order
When multiple group policy objects are assigned, the group policies are applied in the following order:
• The local group policy object is applied first
• Then, the group policy objects linked to sites are applied
If multiple GPOs exist for a site, they are applied in the order specified by an administrator
• GPOs linked to the domains are applied in the specified order
• Finally, GPOs linked to OUs are applied
The OU group policy objects are set from the largest to the smallest organizational unit, i.e., first the parent OU and then the child OU.
By default, a policy applied later overwrites a policy that was applied earlier. Hence, the settings in a child OU can override the settings in the parent OU
Group policy settings are cumulative if they are compatible with each other. In case they conflict with each other, the GPO processed later takes precedence.

What is No Override? Block Policy Inheritance?
The following are the exceptions with regard to the above-mentioned settings:
 No Override:
Any GPO can be set to No Override. If the No Override configuration is set to a GPO, no policy configured in the GPO can be overridden. If more than one GPO has been set to No Override, then the one that is the highest in the Active Directory hierarchy takes precedence
Block Policy Inheritance:
The Block Policy Inheritance option can be applied to the site, domain, or OU. It deflects all group policy settings that reach the site, domain, or OU from the object higher in the hierarchy. However, the GPOs configured with the No Override option are always applied
What is Loopback policy?

Is group policy from Parent Domain cab be inherited to child Domain?
Group Policy Inheritance
The group policies are inherited from parent to child within a domain. They are not inherited from parent domain to child domain

Following are the rules regarding group policy inheritance:
A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is not configured for its child OUs. The child OUs inherit the parent’s policy
A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is configured for its child OUs. The child OUs settings override the settings inherited from the parent’s OU
If any policy is not configured, no inheritance takes place
Compatible policy settings configured at the parent and child OUs are accumulated
Incompatible policy settings from the parent OU are not inherited
What is security filtering? Filtering Scope of GPOs
Although GPOs are linked to the site, domain, or OUs, and they cannot be linked to the security groups directly, applying permissions to the GPO can filter its scope. The policies in a non-local GPO apply only to users who have the Read and Apply Group Policy permissions set to Allow
By specifying appropriate permissions to the security groups, the administrators can filter a GPO’s scope for the computers and users

What Tools used to edit the Group policy?
GPMC and GPedit
How to check applied policy details from Client or server?
RSOP.msc (only works windows 2003 and above)
GPRESULT /v
What is .adm file?
Administrative Template are  required because Microsoft did not include all Registry settings in the default Group Policy, if you want to add more customized setting to existing policy then .ADM file can be created and imported to get the necessary setting

AD Active Directory Interview Questions and Answers

What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft and used to store objects like User, Computer, printer, Network information, It facilitate to manage your network effectively with multiple Domain Controllers in different location with AD database, able to manage/change AD from any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with multiple geographical location and authenticates users and computers in a Windows domain

What is LDAP and how the LDAP been used on Active Directory(AD)?

What is Tree?
Tree is a hierarchical arrangement of windows Domain that share a contiguous name space

What is Domain?
Active Directory Domain Services is Microsoft’s Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed

What is Active Directory Domain Controller (DC)?
Domain Controller is the server which holds the AD database, All AD changes get replicated to other DC and vise vase

What is Forest?
Forest consists of multiple Domains trees. The Domain trees in a forest do not form a contiguous name space however share a common schema and global catalog (GC)

What is Schema?
Active directory schema is the set of definitions that define the kinds of object and the type of information about those objects that can be stored in Active Directory
Active directory schema is Collection of object class and there attributes
Object Class = User
Attributes = first name, last name, email, and others

Can we restore a schema partition?


Tel me about the FSMO roles?
Schema Master
Domain Naming Master
Infrastructure Master
RID Master
PDC
Schema Master and Domain Naming Master are forest wide role and only available one on each Forest, Other roles are Domain wide and one for each Domain
AD replication is multi master replication and change can be done in any Domain Controller and will get replicated to others Domain Controllers, except above file roles, this will be flexible single master operations (FSMO), these changes only be done on dedicated Domain Controller so it’s single master replication

How to check which server holds which role?
Netdom query FSMO

Which FSMO role is the most important? And why?
Interesting question which role is most important out of 5 FSMO roles or if one role fails that will impact the end-user immediately
Most armature administrators pick the Schema master role, not sure why maybe they though Schema is very critical to run the Active Directory
Correct answer is PDC, now the next question why? Will explain role by role what happens when a FSMO role holder fails to find the answer

Schema Master – Schema Master needed to update the Schema, we don’t update the schema daily right, when will update the Schema? While the time of operating system migration, installing new Exchange version and any other application which requires extending the schema
So if are Schema Master Server is not available, we can’t able to update the schema and no way this will going to affect the Active Directory operation and the end-user
Schema Master needs to be online and ready to make a schema change, we can plan and have more time to bring back the Schema Master Server

Domain Naming Master – Domain Naming Master required to creating a new Domain and creating an application partition, Like Schema Master we don’t cerate Domain and application partition frequently
So if are Domain Naming Master Server is not available, we can’t able to create a new Domain and application partition, it may not affect the user, user event didn’t aware Domain Naming Master Server is down

Infrastructure Master – Infrastructure Master updates the cross domain updates, what really updates between Domains? Whenever user login to Domain the TGT has been created with the list of access user got through group membership (user group membership details) it also contain the user membership details from trusted domain, Infrastructure Master keep this information up-to-date, it update reference information every 2 days by comparing its data with the Global Catalog (that’s why we don’t keep Infrastructure Master and GC in same server)
In a single Domain and single Forest environment there is no impact if the Infrastructure Master server is down
In a Multi Domain and Forest environment, there will be impact and we have enough time to fix the issue before it affect the end-user

RID Master –Every DC is initially issued 500 RID’s from RID Master Server.  RID’s are used to create a new object on Active Directory, all new objects are created with Security ID (SID) and RID is the last part of a SID. The RID uniquely identifies a security principal relative to the local or domain security authority that issued the SID
When it gets down to 250 (50%) it requests a second pool of RID’s from the RID master.  If RID 

Master Server is not available the RID pools unable to be issued to DC’s and DC’s are only able to create a new object depends on the available RID’s, every DC has anywhere between 250 and 750 RIDs available, so no immediate impact

PDC – PDC required for Time sync, user login, password changes and Trust, now you know why the PDC is important FSMO role holder to get back online, PDC role will impact the end-user immediately and we need to recover ASAP
The PDC emulator Primary Domain Controller for backwards compatibility and it’s responsible for time synchronizing within a domain, also the password master. Any password change is replicated to the PDC emulator ASAP. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the password before rejecting the login request.

Tel me about Active Directory Database and list the Active Directory Database files?
NTDS.DIT
EDB.Log
EDB.Che
Res1.log and Res2.log
All AD changes didn’t write directly to NTDS.DIT database file, first write to EDB.Log and from log file to database, EDB.Che used to track the database update from log file, to know what changes are copied to database file.
NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the %system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine which us based on the Jet database
EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure
Res1.log and Res2.log:  Res is reserved transaction log file which provide the transaction log file enough time to shutdown if the disk didn’t have enough space

Active Directory restores types?
Authoritative restore
Non-authoritative restore

Non-authoritative restore of Active Directory
Non-authoritative restore is restore the domain controller to its state at the time of backup, and allows normal replication to overwrite restored domain controller with any changes that have occurred after the backup. After system state restore, domain controller queries its replication partners and get the changes after backup date, to ensure that the domain controller has an accurate and updated copy of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, just a restore of system state is non-authoritative restore and mostly we use this for Active Directory data loss or corruption.

How perform a non-authoritative restore?
Just start the domain controller in Directory Services Restore Mode and perform system state restore from backup

Authoritative restore of Active Directory
An authoritative restore is next step of the non-authoritative restore process. We have do non-authoritative restore before you can perform an authoritative restore. The main difference is that an authoritative restore has the ability to increment the version number of the attributes of all objects or an individual object in an entire directory, this will make it authoritative restore an object in the directory. This can be used to restore a single deleted user/group and event an entire OU.
In a non-authoritative restore, after a domain controller is back online, it will contact its replication partners to determine any changes since the time of the last backup. However the version number of the object attributes that you want to be authoritative will be higher than the existing version numbers of the attribute, the object on the restored domain controller will appear to be more recent and therefore, restored object will be replicated to other domain controllers in the Domain

How perform a authoritative restore?
Unlike a non-authoritative restore, an authoritative restores need to Ntdsutil.exe to increment the version number of the object attributes

What are Active Directory Partitions can be restored?
You can authoritatively restore only objects from configuration and domain partition. Authoritative restores of schema-naming contexts are not supported.

How many domain controllers need to back up? Or which domain controllers to back up?
Minimum requirement is to back up two domain controllers in each domain, one should be an operations master role holder DC, no need to backup RID Master (relative ID) because RID master should not be restored

Twitter Facebook Favorites More