An Inside Active Directory Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Suppose that an unusual situation occurs in which you were required to manually configure NetBIOS name resolution using a LMHOSTS file only. Assume this is the only way you could implement NetBIOS name resolution. Describe the steps that you would go to in order to: create the file, modify the file to include the name resolution information and store the file on the machine. What steps would be necessary to ensure that each computer communicates with each other effectively using NetBIOS? What are some problems that may arise? 

Answer: Firstly, with the use of LMHOSTS file, the problems that occur are breakdown to locate a remote computer can occur as one or other following errors are there in LMHOSTS file:

This files don't contain a access for remote server

All LMHOSTS names are mechanically changed to uppercase, the NETBIOS name in LMHOSTS file is wrong spelled.

IP address for NETBIOS name is not valid in LMHOSTS file.

All the time LMHOSTS file is missing when required carriage return at end.

The necessary steps to ensure that each computer communicates with each other effectively using NetBIOS are, there are many ways one of them is shown below

Start Device Manager.

Click View, and then click Show hidden devices.

In the right pane of Device Manager, click Non-Plug and Play Drivers.

Double-click AFD Networking Support Environment.

Under Device usage, select the Use this device to enable check box, and then click OK.

Other way is an application that uses the NetBIOS interface API for network communication can be run on some protocol stack that supports a NetBIOS interface. NETBIOS is protocol which provides functions at session and transport such as reliable connection-oriented session data transfer, network name registration and verification and unreliable connectionless datagram data transfer. NetBIOS over TCP/IP transfer the NetBIOS protocol over the TCP or UDP.

Creating the LMHOSTS File: by configuring a system to use LMHOSTS file. We must make primary LMHOST file on each system, name file LMHOSTS and save in %systemroot%\System32\Drivers\Etc directory. We can create a file even by text editor.

2. Suppose your network utilises a WINS server. Also, assume you are the network administrator and were called in to troubleshoot a problem in which the WINS server itself could not be accessed using NetBIOS name resolution. Assume all other machines are working and communicating properly with the WINS server in order to resolve NetBIOS names. Describe what you view to be the most likely cause of this network's problem. 

Answer: The most likely problem reasons are

they cannot locate the cause of duplicate name error messages: For this make sure the WINS database for the name. If we find a static record, remove from the database of the main WINS server for client where the copy name was noticed. can't place the reason for Network path not found error messages on a WINS client: for this make sure the WINS database for the name. If the name is not there in the database, check whether the system uses B-node name resolution. If yes, add a static mapping for it in the WINS database, WINS backup failing regularly: For this ensure that the route for the WINS backup directory is on a local disk on the WINS server. WINS can't support its database files to a remote drive. The WINS server cant pull or push the replications to another WINS server: make sure every server is correctly configured to pull or push, if server are placed across the routers, verify that problem is not loss of network connectivity or the path failure on middle link.

3. There are 13 root servers that control the overall DNS lookup process for the entire Internet. If these 13 servers were to become unavailable, much of the Internet would be inaccessible. Resources would have to be accessed via IP address, not by host name. However, hackers once managed to attack 11 of the 13 root servers, resulting in degraded performance. Surprisingly, Internet users did not notice any difference. Can you explain in details why? 

Answer: the reason why the internet user cannot notice any difference because whatever they perform they do behind the system that is they hide and perform the activities where the normal user cannot know what is happening at the back. What they do is they change their IP address every time and they perform their act. These tricks are not big thing.

 A trick to causes an allowed user to do an action that disobeys system security or else that presents away information to an intruder. There are many ways to be secure on the Internet though. There are many ways to hide your IP address for any website. If we know a few about the Internet we can use this really website that "Spoofs" a different IP address therefore hiding your genuine one. Frequently a hacker changes their IP address several times an hour just to make sure any trace they might leave behind is as hard as possible to track.

4. Discuss in details how would you manually force Windows XP clients to update their Dynamic DNS information? 

Answer: A DNS client computer running Windows XP uses the subsequent procedures to perform a DNS dynamic update:

a).The client queries its configured DNS server to find the Start of Authority (SOA) resource file for the DNS zone of the DNS name that is being updated.

b).The DNS client's configured DNS server performs the standard name resolution process and sends the SOA file, which have the IP address of the primary name server for the queried DNS zone.

c).The client sends a dynamic update request to the primary name server for the zone of the DNS name that is being updated.

This request includes a list of requisites that should be fulfilled before the update can be completed. Resource record set exists, name is not in use, name is in use and recourse record set does not exist are the types of requisites

The main name server decides whether the requisites have been satisfied. If it is fulfilled the main DNS server does the request update or else it fails.

Or else, the main DNS server responds to the client, indicating the update done. if the DNS dynamic update is not done, the DNS client saves the event in the system event log. (we)

5. If you were managing the network for a large organisation, would the DNS information be in one physical location or many? Explain in details your decision. 

Answer: if I am managing a network for the large organisation, I will choose to locate in many physical locations because firstly it will useful for backup and easy to divide the information into separate parts. So it will be useful when we search we can find easily. The main reason is in DNS record each file holds different information about the service, IP address, domain and host name.Different queries request information contained in specific DNS record types So it will be easy to to find out when required for a particular service. It also helpful for DNS records are created on a DNS server to resolve quires if it is on different locations.

In recursive lookup a DNS query i.e. determined during other DNS server waiting requested information is located. Storing information in Active Directory presents the automatic backup of zone information; enhance security and multi master replication.

6. You attempted to optimise security settings for DNS and forgot to document the original settings, thereby rendering your server inoperable. How would you fix this problem? 

Answer: Method 1: Search for Word backup files: To find the backup copy of the file, follow these steps:

Locate the folder in which you last saved the missing file.

Search for files with the .wbk file name extension.

If you locate any files that have the name "Backup of" followed by the name of the missing file, follow these steps, the steps are different for different MS word. The below one is for MS 2002 or 2003

Start Word.

On File menu, click Open.

Point to the arrow in the Files of type box, click All Files *.*, select the file, and then click Open.

If there is no .wbk file in the original folder, search the computer for any .wbk files. To do this, follow these steps, there are different steps for different Windows

For Windows XP

Click Start, point to Search, and then click For Files or Folders.

In the Search for files or folders named box, type *.WBK.

In the Look in box, point to the arrow, then click My Computer.

Click Search.

Method 2: search for Auto Recover files:

Step 1: use task manager

a). Press alt control delete and select task manager

b). On process tab select the winword.exe then click end process. Repeat this and clear all winword.exe

c). Now close task manager and start word.

Now if the document finds Auto Recover file, on left side of monitor missing document is listed. If this happen selects the document and click saves as on file menu. Now save it as .doc

Step 2: search manually, for this there is different steps for different version of word.

For word 2010: click on recent on file menu now click Recover Unsaved Documents.

Step 3: search for .asd files, search these files with the help of search options on start memu. Once we find the .asd document.

Open word 2010. Click on file menu, then open

In the type of files click All Files

Click on .asd file and then open.

After that save the document.

7. Suppose you are the administrator of a slow wide area network. As your network is very slow, it is absolutely essential that WAN traffic be reduced to the minimum amount necessary. Because of this, you have already decided not to store Active Directory-integrated zones and secondary zones. You need some kind of local DNS but you also need reduced network traffic. What is probably your best remaining option? Describe this option and how it is set up on the network. 


Since intranet browsing can create most of network traffic, some measure to optimize this traffic is beneficial.

Use small web site pages: As a common regulation, a HTML design restrictions page scrolling.

Restrict the volume of graphics. Just use the general graphics during the intranet.

Level of security required with our site. This security requires extra verification allowing unknown links stops the authentication traffic from happening on network.

Educate clients to enhance the client's local cache. in the past downloaded files don't have to be downloaded yet again.

Instruct traffic related with the verification of trusted relation by adding the suitable users to a global group or to a local group or local resource.

And also reduce DNS recursive traffic by

Not configuring recursion. It restricts the few amounts of ask for names DNS can supply, but it need all host names be included to every DNS server, it is administrative load.

Designating DNS server. Make sure that DNS server resolve the names for particular client is selected DNS server. It decreases recursive lookup and its related traffic.

Growing the TTL of cached entries via DNS Manager. It give details how to arrange for all records in a zone, for an entity file, or for WINS file.

8. A fellow network administrator wants you to implement "poor man's load balancing" for her web server. Briefly describe what is a "poor man's load balancing" and how can this be done? 

Answer: It is all about the task of receiving incoming requests to be a load balance. It is very easy way to make sure that incoming requests are sent to the best host processing. Through it is not the well-designed approach, however its almost certainly the fewest lines of code. That is the reason it is called as "poor man's load balancer". In other words, we run daemon that collects the load standards for the exchangeable machines in the clusters. The daemon writes down small list visible to a CGI script to take an incoming URL also forwards the invoker to same URL on the least-loaded machine, indiscriminately redirecting the request in proportion to the current load average. Thus, from the welcome page of the application, all the leaving links are sent throughout this redirect script and bang.

There are few places where we need to balancing they are at:

IP level: we can do BGP tricks which involve in saying the server IPs to many locations, using load balancing hardware. But this is not possible because it requires lots of money and infra structure and own IP allocations.

DNS servers: Some DNS servers are reliable for reply request from users when attempt to bond our systems. These servers have access to name server IP that user is using.

IRC server level: These servers see the real IP of the user, so some way they connect user to better servers. Unluckily here is no hold up within the IRC client protocol for doing this. The numeric is used to tell to other server, however it involves in detachment from the IRC and reconnects to other server.

The DNS is the best for load balancing.

9. What are the common mistakes that are made when administrators set up DNS on network that contains a single Windows Server 2003 domain controller? Please expand on your

Answer: The general mistakes made when administrators set up the DNS network that contains a single Windows server 2003 domain controller are

"." zone exists under forward lookup zones: This setting assigned Windows Server 2003 DNS server to be a root server which is usually deleted. If we don't delete this setting, we can't complete external name resolution to the root servers on the Internet.

Further systems on the local area network don't point to Windows Server 2003 DNS server for DNS.

The domain controller is not point to itself for DNS resolution on all network interfaces.


10. Your administrative user account is a member of the Enterprise Admins and Schema Admins groups in your company's Active Directory forest. The forest consists of a single domain named that is running in Windows 2000 native mode. Your company recently acquired a new subsidiary. To support this subsidiary, you plan to create a new domain tree in the forest that will contain a tree root domain named and a child domain named 

The Domain Name System (DNS) server service is installed on two of the domain controllers for The DNS zone for is configured as an Active Directory-integrated zone. You create a new zone named on one of these DNS servers, and you accept the default settings for the zone. 

The domain controllers for the new domains will be computers that are running Windows Server 2003. You run the Adprep utility with the forestprep option from the Windows Server 2003 installation CD-ROM to update the forest's schema to support the new domains. 

What additional step must you perform to ensure that you can create the child domain in the new domain tree?

Answer: To create child domain in the new domain tree these are the following steps:

Open the Active Directory Installation Wizard.

On Domain Controller Type, connect Domain controller for a new domain, after that click Next.

On Create New Domain webpage, click Child domain in an existing new domain tree, then click Next.

On Network Credentials page, login user name, password, and user domain of the client account for this operation, and then click Next. 

On Child Domain Installation page, confirm the parent domain and enter new child domain name, then click Next.

On NetBIOS Domain Name page, confirm the NetBIOS name, then click Next.

On the Database and Log files page, select browse for the location where to install the database and log files, then click Next.

On Shared System Volume page, select browse for the location where to install the Sysvol file, then click Next.

On DNS Registration Diagnostics page, confirm the DNS configuration settings are correct, then click Next.

On Permissions page, select anyone of them : 

Permissions compatible only with Windows Server 2003 operating systems

On Directory Services Restore Mode Administrator Password page, confirm the password which we want to give to this server's Administrator account that is used when the computer is started in Directory Services Restore Mode, then click Next.

Evaluate Summary page, then click Next to start the installation.

Restart the computer.