What Does a Sysadmin Do?

 Plan and manage the machine room environment design machine

room; specify cooling, cabling, power connections, and
environmental controls (fire alarm, security)
 Install and maintain operating system software, application
software, and patches.
 Determine hardware and software pre-requisites, which patches to
install, which services to provide, and which services to disable.
 Schedule downtime to perform upgrades/patches, and test devices
and schedule downtime to manage devices.
 Install and maintain user accounts; develop acceptable use policy
and login-name policy; determine password change policies;
install/configure/manage name services; and manage licenses.
 Determine disk quota, policy/manage disk space, and monitor log
files.
 Train users on software and security.
 Ensure that users have access to documentation.
 Help users and provide help-desk support and problem tracking
system to answer user questions.
 Configure network services:printing, file sharing, name service.
 determine file sharing needs and printing policies.
 manage security for shared resources.
 Install/maintain system devices, hardware/drivers; specify
supported devices; determine spares practices.
 Install/configure/manage web servers, configure web access agents
 Configure and maintain business applications web agents
 e-mail
 calendar software
 order/problem tracking software
 Install/configure/manage e-mail software mail transfer agents.
 mail readers.
 Configure and manage system security for business applications,
 read security mailing lists and CERT notifications,
 install/configure "firewall" software to limit intruder access,
 collect evidence in case of successful intrusion and clean up after
intrusion
 Configure and maintain connectivity between hosts monitor
connectivity
 troubleshoot connectivity problems
 investigate complaints of poor response
 Troubleshoot and repair system problems; and determine, locate,
and repair/replace problem components
 Document the system, and develop and maintain documentation on
local setup and local policies
 Configure and maintain system backups, determine backup strategy
and policies, and
 configure backup software
 perform backups
 monitor backup logs
 check backup integrity
 determine disaster survival plans
 perform restores
 Configure and manage company infrastructure.
 Manage user access and permissions to all systems and data.
 Perform daily security backups and restores.
 Manage all monitoring and alerting throughout company
applications and infrastructure.
 Problem solving and troubleshooting.
Operating System:
 Operating System is a fully integrated set of specialized programs that
handle all the operations of the computer.
 It controls and monitors the execution of all other programs that
reside in the computer, which also includes application programs and
other system software of the computer.
 Examples of Operating Systems are Windows, Linux, Mac OS, etc.
 While windows are the not
Linux is an open-source operating
the open-source operating
system.
system.
Linux is free of cost. While it is costly.
While its file name is case-
It’s file name case-sensitive.
insensitive.
While in this, micro kernel is
In linux, monolithic kernel is used.
used.
Linux is more efficient in While windows are less
comparison of windows. efficient.
While there is back slash is
There is forward slash is used for
used for Separating the
Separating the directories.
directories.
Linux provides more security than While it provides less
windows. security than linux.
While windows does not
Linux is widely used in hacking
provide much efficiency in
purpose-based systems.
hacking.
There are 4 types of user
There are 3 types of user account – account –
(1) Regular , (2) Root , (3) Service (1) Administrator , (2)
account Standard , (3) Child , (4)
Guest
Administrator user has all
Root user is the super user and has
administrative privileges of
all administrative privileges.
computers.
Linux file naming convention in case
In Windows, you cannot
sensitive. Thus, sample and SAMPLE
have 2 files with the same
are 2 different files in Linux/Unix
name in the same folder.
operating system.

 A command is an instruction given to our computer by us to do

whatever we want. In Mac OS, and Linux it is called terminal,
whereas, in windows it is called command prompt. Commands are
always case sensitive.
 Commands are executed by typing in at the command line followed
by pressing enter key.
 This command further passes to the shell which reads the command
and execute it. Shell is a method for the user to interact with the
system. Default shell in Linux is called bash (Borne-Again Shell).
Directory Description
Command
pwd The pwd command stands for (print working
directory). It displays the current working
location or directory of the user. It displays the
whole working path starting with /. It is a built-in
command.
ls The ls command is used to show the list of a
folder. It will list out all the files in the directed
folder.
cd The cd command stands for (change directory). It
is used to change to the directory you want to
work from the present directory.
mkdir With mkdir command you can create your own
directory.
rmdir The rmdir command is used to remove a
 directory from your system.

Third and very rare tool is to edit the local configuration files directly
using vi.
1. /etc/passwd
The local user database in Linux is /etc/passwd directory.
The root user is the superuser and have all the powers for creating a
user, deleting a user and can even login with the other user's account.
The root user always has userid 0.
Useradd : With useradd commands you can add a user.
useradd -m -d /home/<userName> -c "<userName>" <userName>
To delete a user account userdel command is used. Eg., userdel -
r <userName> ,userdel -r xyz
ifconfig Display and manipulate route and network interfaces.
ip It is a replacement of ifconfig command.
traceroute Network troubleshooting utility.
tracepath Similar to traceroute but doesn't require root privileges.
ping To check connectivity between two nodes.
netstat Display connection information.
ss It is a replacement of netstat.
dig Query DNS related information.
nslookup Find DNS related query.
route Shows and manipulate IP routing table.
host Performs DNS lookups.
arp View or add contents of the kernel's ARP table.
iwconfig Used to configure wireless network interface.
hostname To identify a network name.
curl or wget To download a file from internet.
mtr Combines ping and tracepath into a single command.
whois Will tell you about the website's whois.
ifplugstatus Tells whether a cable is plugged in or not.
 The identifier used in the IP layer of the TCP/IP protocol suite to
identify the connection of each device to the Internet is called the
Internet address or IP address. An IP address is a unique
number that identifies a device (like a computer or
smartphone) on a network. It's like a digital address that
allows data to be sent to and received from that device
on the internet.
 An IPv4 address is a 32-bit address that uniquely and universally
defines the connection of a host or a router to the Internet.
 The IP address is the address of the connection, not the host or the
router.
  IP stands for Internet Protocol and v4 stands for Version Four (IPv4).
IPv4 was the primary version brought into action for production
within the ARPANET (Advanced Research Projects Agency
Network)in 1983.
IP version four addresses are 32-bit integers which will be expressed
in decimal notation. Example- 192.0.2.126 could be an IPv4
address.
• Network part:
In an IP address, the network part, often referred to as the network
identifier, is the portion of the address that identifies the specific
network or subnet within a larger network. It is used to route data
to the correct destination network. The network part is typically the
leftmost portion of the IP address and is fixed for all devices within
the same network
• Host Part: The host part uniquely identifies the machine on your
network. The host part in an IP address is the portion that identifies
a specific device within a network. This part of the IPv4 address is
assigned to every host.
For each host on the network, the network part is the same,
however, the host half must vary.
• Subnet number: A subnet number, often referred to as a subnet ID
or subnet address, is a part of an IP address that specifies a specific
subnet within a larger network. It is derived from the network part
of the IP address by further dividing it to create smaller, more
manageable subnetworks or subnets.
 What is Subnetting?
Subnetting - process of segmenting a network into multiple smaller
network spaces called subnetworks or Subnets.
 If all network traffic was traveling across the system at the same
time using the same route, bottlenecks and congestion would occur
resulting in sluggish and inefficient backlogs
 What is Subnetting used for?
  Organizing a network in an efficient way is crucial for large firms and
those companies seeking to expand technologically. IP addresses
can be kept geographically localized meaning that a subnet can be
used for specific staffing structures to maintain efficiency and order.
 subnetting is a crucial networking technique that enhances IP
address management, network performance, security, and overall
network efficiency. It is widely used in both small and large-scale
networks to create well-organized and manageable network
infrastructures.
Reasons for Subnetting
 Large networks need to be segmented into smaller sub-networks,
creating smaller groups of devices.
 Control traffic by containing broadcast traffic within subnetwork
 Reduce overall network traffic and improve network performance
 Communication Between Subnets
 A router is necessary for devices on different networks and subnets to
communicate.
 Each router interface must have an IPv4 host address that belongs to
the network or subnet that the router interface is connected to.
 Devices on a network and subnet use the router interface attached to
their LAN as their default gateway.
Determining the Subnet Mask
Subnetting Based on Host Requirements
There are two considerations when planning subnets:
 Number of Subnets required
 Number of Host addresses required
 Formula to determine number of useable hosts Eg., 2^n-2
2^n (where n is the number the number of host bits remaining) is used to
calculate the number of hosts
-2 Subnetwork ID and broadcast address cannot be used on each subnet
Benefits of Variable Length Subnet Masking
Traditional Subnetting Wastes Addresses
  Traditional subnetting - same number of addresses is allocated for
each subnet.
 Subnets that require fewer addresses have unused (wasted)
addresses. For example, WAN links only need 2 addresses.
 Variable Length Subnet Mask (VLSM) or subnetting a subnet provides
more efficient use of addresses.
 VLSM allows a network space to be divided in unequal parts.
 Subnet mask will vary depending on how many bits have been
borrowed for a particular subnet.
 Network is first subnetted, and then the subnets are subnetted again.
 VLSM gives network administrators the ability to create subnets of
different sizes within a network. This flexibility in subnet size allows
for more efficient use of IP addresses and better matches the
network's specific requirements. It is especially valuable in scenarios
where you want to avoid wasting IP addresses or when subnets have
varying numbers of devices.
Process repeated as necessary to create subnets of various sizes
 Using VLSM subnets, the LAN and WAN segments in example below
can be addressed with minimum waste.
 Each LANs will be assigned a subnet with /27 mask.
 Each WAN link will be assigned a subnet with /30 mask.
What is Supernetting?
 Supernetting is the opposite of Subnetting.
 In subnetting, a single big network is divided into multiple smaller
subnetworks. In Supernetting, multiple networks are combined into a
bigger network termed as a Supernetwork or Supernet.
 Supernetting is mainly used in Route Summarization, where routes to
multiple networks with similar network prefixes are combined into a
single routing entry, with the routing entry pointing to a Super
network, encompassing all the networks.
 This in turn significantly reduces the size of routing tables and also
the size of routing updates exchanged by routing protocols.
CIDR(Classless Inter-Domain Routing)
  It is an IP address assigning method that improves the efficiency of
address distribution.
 It is also known as supernetting that replaces the older system based
on classes A, B, and C networks.
 By using a single CIDR IP address many unique IP addresses can be
designated.
 CIDR IP address is the same as the normal IP address except that it
ends with a slash followed by a number.
172.200.0.0/16 It is called IP network prefix.
 Goals: Restructure IP address assignments to increase efficiency
 Hierarchical routing aggregation to minimize route table entries
 CIDR (Classless Interdomain routing) abandons the notion of classes:
Key Concept: The length of the network id (prefix) in the IP addresses
is kept arbitrary
Consequence: Routers advertise the IP address and the length of the
prefix
EXAMPLE OF CIDR:
 CIDR notation of a network address: 192.0.2.0/18
"18" says that the first 18 bits are the network part of the address (and 14
bits are available for specific host addresses)
 The network part is called the prefix
Assume that a site requires a network address with 1000 addresses
With CIDR, the network is assigned a continuous block of 1024 addresses
with a 22-bit long prefix
Backbone ISPs obtain large block of IP addresses space and then reallocate
portions of their address blocks to their customers.
Example:
 Assume that an ISP owns the address block 206.0.64.0/18, which
represents 16,384 (214HOST) IP addresses
 Suppose a client requires 800 host addresses (210HOST=1024 HOST)
 With classful addresses: need to assign a class B/16 address (8.8.6net
bits+2host bits .8host bit) 26net *22+8=10host =64net*1024-2 =65408-800required = 64608waste
 ip,s
) or four individual Class Cs (and introducing 4 new routes into the
global Internet routing tables)
With CIDR: Assign a /22 block, e.g., 206.0.68.0/22, and allocated a block of
1,024 (210) IP addresses
• Protocol Version 6 is a network layer protocol that allows
communication to take place over the network. IPv6 was designed
by Internet Engineering Task Force (IETF) in December 1998 with the
purpose of superseding the IPv4 due to the global exponentially
growing internet users.
• Types of IPv6 Address
• Unicast addresses It identifies a unique node on a network and
usually refers to a single sender or a single receiver.
• Multicast addresses It represents a group of IP devices and can only
be used as the destination of a datagram.
• Anycast addresses It is assigned to a set of interfaces that typically
belong to different nodes.
• Advantages: Reliability, Faster Speed, Stronger Security, Routing
efficiency, Final solution for growing nodes in Global-network.
DHCP SERVER
• DHCP (Dynamic Host Configuration Protocol) Server is a network
service that automatically assigns IP addresses and other network
configuration parameters to devices on a network.
• DHCP servers maintain information on TCP/IP configuration and
provide configuration of address to DHCP-enabled clients in the form
of a lease offer.
• DHCP is based on a client-server model and based on discovery, offer,
request, and ACK.

Components of DHCP
• DHCP Server: DHCP Server is basically a server that holds IP
Addresses and other information related to configuration.
• DHCP Client: It is basically a device that receives configuration
information from the server. It can be a mobile, laptop, computer, or
any other electronic device that requires a connection.
• DHCP Relay: DHCP relays basically work as a communication channel
between DHCP Client and Server.
• IP Address Pool: It is the pool or container of IP Addresses possessed
by the DHCP Server. It has a range of addresses that can be allocated
to devices.
• Subnets: Subnets are smaller portions of the IP network partitioned
to keep networks under control.
• Lease: It is simply the time that how long the information received
from the server is valid, in case of expiration of the lease, the tenant
must have to re-assign the lease.
• DNS Servers: DHCP servers can also provide DNS (Domain Name
System) server information to DHCP clients, allowing them to resolve
domain names to IP addresses.
• Default Gateway: DHCP servers can also provide information about
the default gateway, which is the device that packets are sent to
when the destination is outside the local network.
• Options: DHCP servers can provide additional configuration options
to clients, such as the subnet mask, domain name, and time server
information.
• Renewal: DHCP clients can request to renew their lease before it
expires to ensure that they continue to have a valid IP address and
configuration information.
• Failover: DHCP servers can be configured for failover, where two
servers work together to provide redundancy and ensure that clients
can always obtain an IP address and configuration information, even
if one server goes down.
 • Dynamic Updates: DHCP servers can also be configured to
dynamically update DNS records with the IP address of DHCP clients,
allowing for easier management of network resources.
• Audit Logging: DHCP servers can keep audit logs of all DHCP
transactions, providing administrators with visibility into which
devices are using which IP addresses and when leases are being
assigned or renewed.
1.Hardware length: This is an 8-bit field defining the length of the
physical address in bytes. e.g for Ethernet the value is 6.
2.Hop count: This is an 8-bit field defining the maximum number of
hops the packet can travel.
3.Transaction ID: This is a 4-byte field carrying an integer. The
transaction identification is set by the client and is used to match a
reply with the request. The server returns the same value in its reply.
4.Number of seconds: This is a 16-bit field that indicates the number
of seconds elapsed since the time the client started to boot.
5.Flag: This is a 16-bit field in which only the leftmost bit is used and
the rest of the bit should be set to os.
6.Client IP address: This is a 4-byte field that contains the client IP
address . If the client does not have this information this field has a
value of 0.
7.Your IP address: This is a 4-byte field that contains the client IP
address. It is filled by the server at the request of the client.
8.Server IP address: This is a 4-byte field containing the server IP
address. It is filled by the server in a reply message.
9.Gateway IP address: This is a 4-byte field containing the IP address
of a routers. IT is filled by the server in a reply message.
10.Client hardware address: This is the physical address of the
client .Although the server can retrieve this address from the frame
sent by the client it is more efficient.
1. DHCP Discover Message: When a device (the client) connects to a network, it sends a
DHCP Discover message to discover if there are any DHCP servers available on the
network. This message is broadcasted to all devices on the network.
2. DHCP Offer Message: DHCP servers on the network respond to the DHCP Discover
message with DHCP Offer messages. These messages contain lease information, including
 an available IP address and other configuration details. If there are multiple DHCP servers,
the client typically accepts the first offer it receives.
3. DHCP Request Message: The client broadcasts a DHCP Request message to formally
request the IP address offered by one of the DHCP servers. It may also perform a
gratuitous ARP (Address Resolution Protocol) to check if another device is using the
offered IP address. If no conflict is detected, the client accepts the IP address and includes
a Client ID in the request.
4. DHCP Acknowledgment Message: The DHCP server that initially offered the IP address
responds with a DHCP Acknowledgment message. This message confirms the assignment
of the IP address to the client and includes lease duration information. The client now has
a valid IP address.
5. DHCP Negative Acknowledgment Message (Nak): If the DHCP server determines that the
requested IP address is invalid or unavailable (e.g., the address is already in use), it sends
a DHCP Nak message to reject the request.
6. DHCP Decline: The DHCP client may send a DHCP Decline message to the server if it
detects that the offered configuration parameters are different or invalid. This can happen
if another device replies to the gratuitous ARP, indicating the IP address is in use.
7. DHCP Release: A DHCP client can send a DHCP Release message to the server to
voluntarily release the assigned IP address and cancel any remaining lease time. This is
typically done when the client disconnects from the network.
8. DHCP Inform: If a client has manually configured its IP address and wants to obtain other
local configuration parameters (e.g., domain name) from a DHCP server, it sends a DHCP
Inform message. The DHCP server responds with a DHCP Acknowledgment message,
providing the requested configuration without allocating a new IP address.

Note that DHCP messages can also be unicast when a DHCP relay agent is involved,
especially if the DHCP server is in a different network. The relay agent forwards the
client's DHCP messages to the server, and the server responds accordingly.
Advantages of DHCP
• Centralized management of IP addresses.
• Centralized and automated TCP/IP configuration.
• Ease of adding new clients to a network.
• When devices move or change, DHCP can automatically update their
IP addresses, reducing the need for manual adjustments.
• Reuse of IP addresses reduces the total number of IP addresses that
are required.
• The efficient handling of IP address changes for clients that must be
updated frequently, such as those for portable devices that move to
different locations on a wireless network.
• Simple reconfiguration of the IP address space on the DHCP server
without needing to reconfigure each client.
• The DHCP protocol gives the network administrator a method to
configure the network from a centralized area.
• With the help of DHCP, e asy handling of new users and the reuse of
IP addresses can be achieved.
The disadvantage of using DHCP is:
• IP conflict can occur.
• The problem with DHCP is that clients accept any server. Accordingly,
when another server is in the vicinity, the client may connect with this
server, and this server may possibly send invalid data to the client.
• The client is not able to access the network in absence of a DHCP
Server.
• The name of the machine will not be changed in a case when a new IP
Address is assigned.

DNS SERVER
 DNS: DNS is used to convert the domain name of the websites to their
numerical IP address.
Types of Domain: There are various kinds of domain:
1. Generic
domains: .com(commercial), .edu(educational), .mil(military), .or
g(nonprofit organization),
2. Country domain: .in (India) .us .uk
3. Inverse domain: if we want to know what is the domain name of
the website. Ip to domain name mapping.
Top Level Domains (TLD) : The Top-Level Domains are at the highest
level in DNS structure of the Internet. It is sometimes also referred to
as an extension It is further categorized into- country code TLDs and
generic TLDs which Country is described.
Second Level : It is just below the TLD in the DNS hierarchy. It is also
named as the label. Example: in .co.in, .co is the second-level domain
under the .in in ccTLD.
Third Level : It is directly below the second level. Example: in
yahoo.co.in, .yahoo is the third level domain under the second level
domain .co which is under the .in ccTLD.
 Sub-domain : It is the part of a higher domain name in DNS
hierarchy. Example: yahoo.com comprises a subdomain of the .com
domain, and login.yahoo.com comprises a subdomain of the
domain .yahoo.com.

Working of DNS
1-when you type google.com on your web browser DNS server will search
through its cache to find a matching IP address for that domain name, and
it will resolve that domain name to IP address of Google web site .
2- When Operating system cannot find IP address in its own cache
memory, it will send a query to next level to what is called resolver
server(ISP). it will check its own cache memory to find an IP address if it
cannot find it will send query to next level which is root server.
3-The root servers are the topmost server in the DNS hierarchy.
There are 13 sets of these root servers from a.root-servers.net to m.root-
servers.net and they are strategically placed around world, and they are
operated by 12 different organizations and each set of these root servers
has their own unique IP address.
Root server will direct resolver to TLD or top-level domain server
for .com, .net , .org, and so on.
TLD server is not going to know what IP addresses for google.com.
So, the TLD will direct resolver to next and final level, which are
authoritative name servers.
4- when the authoritative name server receives query from resolver,
name server will respond with IP address for google.com. And finally,
resolver will tell your computer IP address for google.com and then your
computer can now retrieve google web page.
5-It is important to note that once resolver receives IP address, it will
store it in its cache memory in case it receives another query for
google.com. So, it does not have to go through all those steps again.
A DNS zone is an administrative space that allows for more granular
control of DNS components, such as authoritative nameservers.
Types of DNS zones
The DNS zones can be classified into the following types:
• Primary Zone
• Active Directory Integrated Zone
• Secondary Zone
• Stub Zone
• Forward Lookup Zone
• Reverse Lookup Zone
• Primary Zone:
All domain names must have at least one primary zone. This is the read-
write copy of the zone data. Zone updates are made to this zone and then
replicated to the secondary zones.
• Active Directory Integrated Zone:
• Active Directory Integrated Zone is nothing but a Primary Zone with
its zone file stored in an Active Directory database rather than a
computer. Multi-master replication is employed in Active Directory
Integrated Zones, this allows any domain controller running DNS
server service to write updates in it's authoritative zones.
• Secondary Zone:
The Secondary Zone is a read-only copy of the Primary Zone. The
Secondary Zones are used to reduce the workload on the Primary Zone
and to prevent a single point of failure.
• All Stub Zone:
Stub Zones are essentially Secondary Zones which store only partial zone
data. The Stub Zones contain only Start of Authority (SOA), nameserver
(NS) and A records.
• Forward Lookup Zone:
• This zone contains mapping from hostname to IP address.
 • Reverse Lookup Zone:
• Reverse Lookup Zones provide IP address to hostname resolution.
DNS Records
DNS servers has different types of records to manage resolution
efficiently and provide important information about a domain.
• It's like an expiration time for DNS records. It determines how long
DNS servers should remember information before checking for
updates. TTL values can range from a minute to a day.
• MX – points to email servers
• CNAME – It's like giving a nickname to a web address. For example, it
can make "www.example.com" point to "example.com."
• ANAME – Similar to CNAME, but it can point a hostname to the IP
address of another hostname.
• NS – nameservers for subdomains
• PTR – IP address to hostname
• SOA – containing administrative information about the DNS zone
• SRV – service record for other services
• TXT – Text records mostly used for verification.
• CAA – certificate authority record for SSL/TLS certificate

Active Directory Domain Services

Directory:

 Think of it like a digital filing cabinet where information about network objects (like
computers, users, and devices) is stored in an organized way.

Active Directory (AD):

 It's a Microsoft technology used to manage and organize everything on a network, like
computers and users.
 It's a crucial part of Windows Server, which powers both local and internet servers.

Domain Controller:

 Imagine it as the security guard of the network.

 It's the server in charge of handling security requests and keeping everything organized. It
verifies who's allowed in and manages user and device information.
Components of an AD Infrastructure:
  Activity Directory data store
 Domain controller
 Domain
 Forest
 Tree
 Functional level
 Organizational unit (OU)
 Sites
What does a domain controller do?
Their main job is to make sure that only the right people and devices can
access a network.
They check user names, passwords, and computer names to see if they're
allowed in.
They also apply and validate rules for users and groups, like what they're
allowed to do on the network.
In simple terms, domain controllers are like security guards for a network,
making sure only authorized users and devices get access.

Active Directory role isn't bound to a single DC, it's referred to as an FSMO
role. Currently in Windows there are five FSMO roles:

• Schema master
• Domain naming master
• RID master
• PDC emulator
• Infrastructure master
Schema master FSMO role
• The schema master FSMO role holder is the DC responsible for
performing updates to the directory schema, that is, the schema
naming context or
LDAP://cn=schema,cn=configuration,dc=<domain>. This DC is the
only one that can process updates to the directory schema. Once the
 Schema update is complete, it's replicated from the schema master to
all other DCs in the directory. There's only one schema master per
forest.
• Domain naming master FSMO role
• The domain naming master FSMO role holder is the DC responsible
for making changes to the forest-wide domain name space of the
directory, that is, the Partitions\Configuration naming context or
LDAP://CN=Partitions, CN=Configuration, DC=<domain>. This DC is
the only one that can add or remove a domain from the directory. It
can also add or remove cross references to domains in external
directories.
• RID master FSMO role
• The RID master FSMO role holder is the single DC responsible for
processing RID Pool requests from all DCs within a given domain. It's
also responsible for removing an object from its domain and putting it
in another domain during an object move.
PDC emulator FSMO role
• The PDC emulator is necessary to synchronize time in an enterprise.
Windows includes the W32Time (Windows Time) time service that is
required by the Kerberos authentication protocol. All Windows-based
computers within an enterprise use a common time. The purpose of
the time service is to ensure that the Windows Time service uses a
hierarchical relationship that controls authority. It doesn't permit
loops to ensure appropriate common time usage.
Infrastructure master FSMO role
When an object in one domain is referenced by another object in another
domain, it represents the reference by:
• The GUID
• The SID (for references to security principals)
• The DN of the object being referenced
FSMO Roles in Active Directory:

1. Schema Master: It decides how things are organized in Active Directory.

2. Domain Naming Master: Manages the names of all the domains in the
network.
3. RID Master: Handles the job of giving unique IDs to every person and thing in
the network.
4. PDC Emulator: Makes sure all the computers in the network have the same
time so they can work together.
5. Infrastructure Master: Keeps track of where things are in the network.

Differences between a Domain Controller and Active Directory:

 A Domain Controller is like a security guard who checks who's allowed in and
keeps an eye on things.
 Active Directory is like the big book that has information about everyone and
everything in the whole organization. It's what the security guard uses to do
their job. The roles (FSMO roles) are specific tasks that some security guards
(Domain Controllers) do to keep things running smoothly.

Active Directory provides several different services:

1. Domain Services: This manages communication and stores data for users and domains, including
login authentication and search functions.
2. Certificate Services: It handles certificates for secure internet communication.
3. Lightweight Directory Services: Supports applications using the LDAP protocol.
4. Directory Federation Services: Offers single-sign-on for multiple web applications.
5. Rights Management: Controls information access and encrypts content.
6. Schema: Think of it as the rulebook that defines what objects and attributes can be in the directory.
7. Global Catalog: A directory with information about everything in the network, making it easy to find
data from any domain.
8. Forest Root Domain: The first domain installed in an Active Directory forest.
9. Sites: These represent the physical structure of your network for efficient data replication.
10. Lightweight Directory Access Protocol (LDAP): It's the language used by clients and servers in
Active Directory to talk to each other.
11. Domain Controller: A server that holds a copy of the Active Directory and is in charge of user
authentication and security.
12. Organizational Unit (OU): A container for organizing objects like users, groups, and computers within
a domain.
13. Group Policy: Allows administrators to enforce rules on sets of computers or users.
14. Trust Relationship: An agreement between two domains that lets users in one domain access
resources in the other.
15. Replication: The process of keeping all domain controllers in sync, ensuring consistent data.
16. Kerberos: A secure authentication protocol used in Active Directory for user and computer
authentication.
17. Group: A collection of users or computers used to assign permissions and policies more efficiently. It
simplifies administration and improves security.

Group Policy Management Console (GPMC)

 Group Policy Management Console (GPMC) is a Microsoft
Management Console snap-in that provides a graphical user interface
 that enables Active Directory (AD) administrators to manage Group
Policy Objects (GPOs) from one console.
 The main purpose is to make sure a network is secure and organized.
 It helps network administrators apply important security rules and settings
consistently across the network.
 In simple terms, it's like having a single control panel to keep the network safe and
well-organized.
How does a GPO work?
Each GPO has two parts:
• The Computer node contains policy settings that are applied only to
computers, no matter who is logged on at a given moment. Examples
include startup scripts, shutdown scripts, and settings that control
how the local firewall should be configured.
• The User node contains policy settings that are applied only for users;
they follow the user to every machine they use. Examples include
logon scripts, logoff scripts and availability of Control Panel options.
Group Policy Management Console (GPMC)
Creating a Group Policy object For a GPO to take effect, you need to link it
to one or more containers, such as the following:
• Site — If a GPO is linked at the site level, its settings affect all user
accounts and computer accounts in that site, no matter which domain
or OU they are in.
• Domain — If a GPO is linked at the domain level, it affects all users
and computers in the domain, across all OUs beneath it.
• Organizational unit — If a GPO is linked at the OU level, it affects all
users or computers in that OU and all OUs beneath it (which are
called child OUs or sub-OUs).
A given Group Policy object can be linked to multiple containers, even at
different levels. And a given container can have more than one GPO linked
to it; in that case, you can specify the order in which GPOs are applied.
Group Policy is applied in the following order: Local, site, domain, OU.