Enterprize
One user, one password = global account
UGLY-R = User-Global-Local-yes-Resources
ARGP (Microsoft's version)
URA = universal resource access - ability to use resources anywhere on network
Problem of multiple accounts - Domain A/User 1 if not listed in Domain B/User 1, then can't use resources.
AUGUBOR - SPAops
Administrators, Users, Guests, Backup Operators, Replicators -
Service, Print, Account Operators
Account Operators - Users, Guests, Replicator, but not their own, Admin only
When user account created, it is automatically made a member of Global Group Domain Users.
Global groups have no built-in user rights.
Login Validation/Synch of PDC-BDC/Pass Thru authentication
Must be running Netlogon service
Trust is not done until both do their part
Each domain in the trust requires a unique SID
PDC must not have any sessions going between them.
Admin in Trusted acct must first add the trusting resource (Fill from bottom up)
Domains
Single/Single Master/Multiple Master/Complete Trust
Support up to 40,000 users, 40mb SAM
Domain controller should be 2.5 times bigger then SAM
1 user= 1k
1 computer=.512byte
Global Group=512byte + 12byte
Local Group=512byte + 36byte
Objects:
|
Users |
Computers |
Groups |
SAM |
|
|
1 wkstn/user |
2000 |
2000 |
30 |
3.12 |
|
2 wkstn/users |
5000 |
10000 |
100 |
10.4 |
|
2 users/wkstn |
10000 |
5000 |
150 |
13.1 |
|
1 wkstn/user |
25000 |
25000 |
200 |
38.3 |
|
1 wkstn/user |
40000 |
10 |
11 |
40 |
PDC support factors: Amount of disk space/memory/CPU usage
Minimum standards
SAM 10mb / 7,500 accounts / 486dx66 / 32mb ram
SAM 15mb / 10,000 accounts / Pentium or RISC / 48 mb
10-15-20-30 / 7500-1000-15000-20000 / 32-48-64-96
One BDC per 2000 accounts
Synch Process
Full synch occurs when new BDC is online - PDC keeps track
Max size for change log is 4mb default size is 64kb/2000 changes
Reg_Dword
Replicators "at" command / default 100
Network cards
8bit/400k transfer
16bit/800k
32bit/1.2m
Performance Monitor
CNTL+H for performance monitor
can't set two conditions on same alert
25 servers max to be concurrently monitored
Set baseline/establish database/characterization/expectations/future/longterm
Monitor RAID disks…diskperf -ye or remotely…disperf -y \\server1
Hard page faults when program is not found in its working set-memory bottleneck
Non-paged RAM must remain in memory and cannot be written to or retrieved
data that uses i/o or prevent multicpu's confilcts use nonpaged ram
available bytes only thing high
netbeui and nwlink have similar coutners
IIS cache range is 0-4GB - a value of 0 disables IIS and affects performance of it
Frame types - broadcast/multicast/directed
Capture = Start-F10/Stop-F11/Display-F12
Name Renewal/Registration = 110byes push/pull
compname00/03hex
user03
wkgp00
domain1B
Nodes
B-broadcast/M-mixed/P-peer/H-hybrid broad+peer
b-node wins=IC - 25 domain controllers
NDSI 3 drivers will work on NT4
RDISK /s update default.sam.security files, forces repair disk to update registry
rcmd.exe = remote command service administrator
Reg_Dword=32bit Reg_Word=16bit Q=8 T=1
Values
0=boot ntldr, 1=system kernel, 2=autoload, 3=loadondemand manual, 4=disable
Smss.exe loads and initalizes all drivers with startvalue of 2 in registry