Archive for the ‘MCSA to MCSE-2003’ category

Site and Replication

October 31st, 2009

What is a Site?

A site is a collection of one or more well-connected (usually a local area network) TCP/IP subnets. The network between the subnets must be highly reliable and fast (512 Kbps and higher). Although the sites are generally defined on the basis of location, they can be spanned over more than one location. A site structure corresponds to the physical environment, whereas a domain is the logical environment of the network. A site can contain single or multiple domains, and a domain can contain single or multiple sites.

The sites are created to physically group the computers and resources to optimize network traffic. Administrators can configure Active Directory access and replication technology to take advantage of the physical network by configuring sites. When a user logs on to the network, the authentication request searches for the domain controllers in the same site as the user. A site prevents the network traffic from traveling on slow wide area network (WAN) links.

What are Directory Tree, Directory Partition, and Replica?

Directory tree is a hierarchy of objects and containers of Active Directory, which represents all the objects in the forest. Each domain controller stores a copy of a specific part of the directory tree, called a directory partition (sometimes called naming context). The copy of the directory partition is called a replica. A replica contains all attributes for each directory partition object. Each domain controller in the forest stores a replica.

What is replication?

Replication is a process through which the changes made to a replica on one domain controller are synchronized to replicas on all the other domain controllers in the network. Each domain controller stores three types of replicas:

Schema partition: This partition stores definitions and attributes of objects that can be created in the forest. The changes made in this partition are replicated to all the domain controllers in all the domains in the forest.

Configuration partition: This partition stores the logical structure of the forest deployment. It includes the domain structure and the replication topology. The changes made in this partition are replicated to all the domain controllers in all the domains in the forest.

Domain partition: This partition stores all the objects in a domain. Changes made in this partition are replicated to all the domain controllers within the domain.

Note: Windows Server 2003 supports a new type of directory partition named Application directory partition. This partition is available only to Windows 2003 domain controllers. The applications and services use this partition to store application-specific data.

Creating, modifying, moving, and deleting an object trigger a replication between domain controllers. Replications are of two types:

Intrasite: An intrasite (within a site) replication mostly uses LAN connections. As intrasite replication does not compress data, it saves a computer’s CPU time. In an intrasite replication, the replication partners poll each other periodically and notify each other when changes need to be replicated, and then pull the information for processing. Active Directory uses a remote procedure call (RPC) transport protocol for intrasite replication.

Intersite: As an intersite (between sites) replication uses WAN connections, a large amount of data is compressed to save WAN bandwidth. For the same reason, the replication partners do not notify each other when changes need to be replicated. Instead, administrators configure the replication schedule to update the information. Active Directory uses an IP or SMTP protocol for intersite replication.

For intrasite replication to take place, connection objects are required. The Active Directory automatically creates and deletes connection objects as and when required. Connection objects can be created manually to force replication.

What are Site Links?

Site links are logical, transitive connections between two or more sites. For intersite replication to take place, site links are required to be configured. Once a site link has been configured, the knowledge consistency checker (KCC) then automatically generates the replication topology by creating the appropriate connection objects. Site links are used to determine the paths between two sites. They must be created manually.

Site links are transitive in nature. For example, if Site 1 is linked with Site 2 and Site 2 is linked with Site 3, then Site 1 and Site 3 are linked transitively. The administrators can control transitivity of the site link. By default, transitivity is enabled. Site link transitivity can be enabled or disabled through a bridge.

What is Site Link Bridge?

A site link bridge is created to build a transitive and logical link between two sites that do not have an explicit site link. The site link bridge is created only when the transitivity of the site link is disabled.

What is Site Link Cost?

Site link cost is an attribute of a site link. Each site link has been assigned a default cost of 100. The knowledge consistency checker (KCC) uses the site link cost to determine which site links should be preferred for replication. It should be remembered that the lower the site link cost, the more preferred is the link.

For example, an administrator has to configure the site link cost of links between Site 1 and Site 2. There are two site links available as shown in the image below:

S1S2 is a T1 site link that uses T1 lines for replication, whereas S1S2DU uses a dial-up connection for replication. If the administrator requires that the KCC should prefer the S1S2 site link to the S1S2DU site link for replication, he will have to configure the SIS2 link with a lower cost than that of the S1S2DU link. Any site link configured with the site link cost of one (1) will always get preference over the other site links with a higher cost.

What is Bridgehead Server?

A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.

What is Preferred Bridgehead Server?

A preferred bridgehead server is a domain controller in a site, specified by an administrator, to act as a bridgehead server. Administrators can specify more than one preferred bridgehead server, but only one server is active at a time in a site. A preferred bridgehead server is designated to take advantage of a certain domain controller having the appropriate bandwidth to transmit and receive information.

Note: If only one preferred bridgehead server is configured in a site, and it fails, then no replication will take place for that site.

Like this post? Share it with others
If you like this article, please leave a comment or subscribe this blog via RSS or via e-mail, Bookmark and share through your network. Click the AddThis button below. Thanks.

No comments »

Posted in MCP, MCSA 2000 to 2003, MCSA to MCSE-2003, MCSE, MCSE 2000, MCSE 2000 Security, MCSE 2003 Messaging, MCSE 2003 Security, MCSE-NT to 2003

Tags: 70-218 70-294 70-296 70-297

Things to practice for Microsoft test 70-316.

October 31st, 2009

The 70-316 test measures an individual’s ability to develop and implement Windows-based applications using Microsoft Visual C# .NET and Microsoft Visual Studio .NET. Before taking the 70-316 test, you should practice the following:

Create forms and set control properties using the Windows Forms Designer.
Connect to a database using intrinsic DataGrid control. Perform sorting and filtering on the data.
Step through different sections of code using Visual Studio .NET debugger.
Use ADO.NET objects.
Use an ActiveX control and set its properties.
Use an existing COM component in a Visual Studio .NET project.
Create a .NET component and install it in the global assembly cache.
Create deployment projects in Visual Studio .NET.
Write an application that uses Windows authentication.
Use a Web service in a Windows-based application.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003

Tags: 70-316

What are application roles?

October 29th, 2009

Application roles restrict users to access data through a specific application only. Database permissions can be gained only by using specific applications and a user cannot logon directly to a database.

Application security and Application roles contain no members. Users, Microsoft Windows NT groups, and roles cannot be added to application roles. The permissions of application roles can be achieved when the application role is activated for the user’s connection through a specific application. A user’s association with an application role is due to the capability of running an application that activates the role, instead of being a member of the role. It is necessary for a connection to lose default permissions applied through the login/user account or database roles for the duration of the connection, and gain the permissions associated with the application role, so that all functions of the application can be performed without any permission conflict. For example, if a user is denied access to a table the application must access, the denied access should be revoked for the user to successfully use the application. Application roles overcome any conflicts with user’s default permissions by temporarily suspending the user’s default permissions and assigning them only the permissions of the application role.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA, MCSA 2000, MCSA 2000 to 2003, MCSA to MCSE-2003, MCSE, MCSE 2000

Tags: 70-228 70-229

Secure Internetwork Communication By Using Packet Filtering

October 29th, 2009

The Windows Server 2003 operating system is designed to work on a network. It receives traffic from other computers over the network. Based on the request made, it takes a decision to route packets to use its services, and processes the request sent by the client. Any computer, when accessible for communication, is also a security risk, if it is accessible from the Internet too. A server accessible from the Internet is open to all clients that can connect to it. An unauthorized user can attempt to access the system for many destructive purposes. The most common of them are listed below:

Accessing confidential data.

Implementing software of its own.

Preventing others from using the server.

The most used technique to prevent such intrusions is to use packet filtering.

Packet Filtering

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security. It analyzes the incoming and outgoing packets and lets them pass or stops them based on the IP addresses of the source and destination. Packet filtering provides a way to define precisely which type of IP traffic is allowed to cross the firewall of an intranet. IP packet filtering is important when users from private intranets connect to public networks, such as the Internet.

A server implementing the filter examines each packet as it arrives and determines whether it meets the criteria for fulfilling its request. Packets that do not meet the criteria are discarded. For example, if an administrator is configuring a server that will be used as an e-mail server, he should create a filter to allow packets that are addressed to port number 25 and port number 110. This is because e-mail servers use the Simple Mail Transfer Protocol (SMTP) and the Post Office Protocol 3 (POP3). The SMTP and POP3 protocols use ports 25 and 110 respectively for communication. If a suspected intruder tries to attack the server, the server will examine the packets sent by him and discard the packets that are not addressed to use ports 25 and 110.

Ports and Protocols

Some of the important applications and the port numbers they use are summarized in the table below:

Application	Protocol	Port Number
File Transfer Protocol (Control)	TCP	21
Telnet	TCP	23
Simple Mail Transfer Protocol	TCP	25
Domain Name Service	TCP/UDP	53
Dynamic Host Configuration Protocol (Server)	UDP	67
Dynamic Host Configuration Protocol (Client)	UDP	68
World Wide Web HTTP	TCP	80
Post Office Protocol 3	TCP	110
Simple Network Management Protocol	UDP	161

Note: The listed port numbers in the above table are also called well-known ports. The complete and updated list of well-known port numbers is available at http://www.iana.org/assignments/port-numbers.

Packet filtering is mostly configured on routers or firewalls that connect a private network to the public network such as the Internet. However, it can be configured inside the network to protect a server with confidential information from being accessed by other users on the network.

Packet Filtering Criteria

Administrators can configure packet filtering inclusively or exclusively:

Start with a network connection that is completely blocked and use filters to specify that the traffic can pass through.

Start with a completely open connection and specify the types of traffic to be blocked.

The criteria used for packet filtering are as follows:

Port Numbers: This is the most common type of packet filtering criteria. Port numbers can be used to block or allow packets using certain ports.

Protocol Identifiers: Protocol identifiers can be used to filter packets based on an entire protocol. Administrators can use this filter to block packets that are intended to use certain protocols. For example, an administrator can block all UDP and ICMP traffic. This prevents attackers from using applications that are based on these protocols.

IP Address: IP address filtering is used by administrators to limit network access to specific computers. IP address filtering is useful for protecting a part of a private network from users on another part of the network. It should be noted that IP address filtering is not considered to be a very secure method for securing a network. Intruders can get into the network using a technique called spoofing.

Hardware addresses: Filtering can be done through hardware addresses. Each network interface adapter at the factory is coded with the media access control (MAC) address known as hardware address. It works in the same way as IP address filtering. However, it is more difficult to spoof a hardware address than an IP address.

Packet Filtering in Windows Server 2003

Windows Server 2003 uses two packet filtering options:

TCP/IP Packet Filtering: In Windows Server 2003, take the following steps to implement TCP/IP filtering:
1. Run Network Connections from Start Menu > Settings > Network Connections.
2. In the Network Connections folder, right-click the Local Area Connection icon, and click Properties.
3. In the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and click the Properties button.
4. In the Internet Protocol (TCP/IP) Properties dialog box, click the Advanced button.
5. In the Advanced TCP/IP Settings dialog box, click the Options tab. On the Options tab page, select TCP/IP filtering, and click the Properties button.
6. In the TCP/IP Filtering dialog box, click the Enable TCP/IP Filtering (All adapters) check box. Click the appropriate Permit Only radio button to specify the port, and click the Add button.
7. In the Add Filter dialog box, specify the port number in the TCP Port section, and click the OK button.
8. In the TCP/IP Filtering dialog box, click the OK button.

Routing and Remote Access Service Packet Filtering: This option is more capable than TCP/IP packet filtering. However, administrators can use this type of filtering only when a server running Windows Server 2003 is configured as a router. By using this filter, you can use many criteria that TCP/IP filtering does not have. Some of the important capabilities of this type of filtering are as follows:
- It can create filters based on the IP addresses, protocols, and port numbers of a packet’s source or destination.
- It can create inclusive or exclusive filters.
- It can create filters for ICMP messages, specified by the message type and code values.
- It can create multiple filters of the same type.

Although packet filters can prevent a network from unauthorized intrusion, this technique cannot be used for safe and secure communications.

No comments »

Posted in CIW Certified Security Analyst, CIW Professional, MCDBA, MCP, MCSA, MCSA 2000, MCSA 2000 Security, MCSA 2000 to 2003, MCSA 2003 Security, MCSA to MCSE-2003, MCSE, MCSE 2000, MCSE 2000 Security, MCSE 2003 Messaging, MCSE 2003 Security, MCSE-NT to 2003, Master CIW Administrator

Tags: 1D0-470 70-293 70-298 70-299

What is Trace.axd?

October 27th, 2009

Trace.axd is an Http Handler that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003

Tags: 70-305 70-310 70-315 70-320 70-528-CSHARP 70-528-VB 70-529-CSHARP 70-529-VB 70-551-CSHARP 70-551-VB 70-553-CSHARP 70-553-VB 70-554-CSHARP 70-554-VB 70-562-CSHARP 70-562-VB 70-564-CSHARP 70-564-VB

What is the SystemProcessor Queue Length counter?

September 30th, 2009

The SystemProcessor Queue Length counter displays the number of threads ready in the processor queue but not currently able to use the processor. The Processor: %Processor Time counter should be measured with a counter. If its value is two, it indicates a CPU bottleneck. This results in slow performance of the server. To eliminate the performance problem, several steps can be used such as reducing the number of processors, using = multiple processors, updating the processors, or installing new and updated CPUs.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA, MCSA 2000, MCSA 2000 to 2003, MCSA to MCSE-2003, MCSE, MCSE 2000

Tags: 70-228 70-229 70-441 70-443 70-444 70-447 70-548-CSHARP 70-548-VB 70-552-CSHARP 70-554-VB

What is the function of the FROM clause?

September 24th, 2009

The FROM clause of the SQL SELECT statement is used to specify the table names that will be joined together to extract the data values. For example:

SELECT <attributes>
FROM <tables>
WHERE <condition>

No comments »

Posted in CIW Professional, MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003, Master CIW Enterprise Developer

Tags: 1D0-441 70-305 70-315

What is the ExecuteNonQuery method?

September 21st, 2009

The ExecuteNonQuery method of the SqlCommand class is used to execute commands that change a database. These commands include the Transact-SQL INSERT, UPDATE, DELETE, and SET statements. The method acts directly on a database connection and does not require a data set. It returns an integer that indicates the number of rows affected by the execution of a command. This method can also be used to perform catalog operations, such as querying the structure of a database or creating database objects.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003

Tags: 70-305 70-306 70-310 70-315 70-316 70-320 70-526-CSHARP 70-526-VB 70-528-CSHARP 70-528-VB 70-551-CSHARP 70-551-VB 70-552-CSHARP 70-552-VB 70-553-CSHARP 70-553-VB 70-561-CSHARP 70-561-VB

What is the GetChildRows method?

September 21st, 2009

The GetChildRows method of the DataRow class is used to get the child rows of a DataRow object. The DataRow class defines four overloaded versions of the method. Their signatures are as follows:

Signature	Description
Overloads Public Function GetChildRows(DataRelation)	It is used to get the child rows of a DataRow by using the specified DataRelation, which is passed as a parameter to the method.
Overloads Public Function GetChildRows(String)	It is used to get the child rows of a DataRow by using the specified RelationName of a DataRelation.
Overloads Public Function GetChildRows(DataRelation, DataRowVersion)	It is used to get the child rows of a DataRow by using the specified DataRelation and DataRowVersion.
Overloads Public Function GetChildRows(String, DataRowVersion)	It is used to get the child rows of a DataRow by using the specified RelationName of a DataRelation and DataRowVersion.

All the versions of the method return an array of DataRow objects.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003

Tags: 70-305 70-306 70-310 70-315

What is the WriteXml(string, XmlWriteMode) method?

September 21st, 2009

Following is the syntax for the WriteXml(string, XmlWriteMode) method of the DataSet class:

datasetobjectname.WriteXml(filename, mode);

where, datasetobjectname specifies the name of the DataSet object, filename specifies the name of the file, including the path, to which to write data, and mode specifies an XmlWriteMode value. Following are the values that can be used for XmlWriteMode:

XmlWriteMode value	Description
DiffGram	It specifies that a DataSet has to be written as a DiffGram containing current and original values.
WriteSchema	It specifies that only the current values of a DataSet have to be written as XML data with the relational structure as inline XSD schema. It is the default XmlWriteMode.
IgnoreSchema	It specifies that only the current values of a DataSet have to be written as XML data without an XSD schema.

No comments »

Posted in MCAD, MCDBA, MCP, MCSA 2000 to 2003, MCSA to MCSE-2003

Tags: 70-315 70-316 70-320 70-526-CSHARP 70-536-CSHARP 70-552-CSHARP 70-561-CSHARP

« Older Entries