Enterprize

One user, one password = global account

UGLY-R = User-Global-Local-yes-Resources

ARGP (Microsoft's version)

URA = universal resource access - ability to use resources anywhere on network

Problem of multiple accounts - Domain A/User 1 if not listed in Domain B/User 1, then can't use resources.

AUGUBOR - SPAops

Administrators, Users, Guests, Backup Operators, Replicators -

Service, Print, Account Operators

Account Operators - Users, Guests, Replicator, but not their own, Admin only

When user account created, it is automatically made a member of Global Group Domain Users.

Global groups have no built-in user rights.

Login Validation/Synch of PDC-BDC/Pass Thru authentication

Must be running Netlogon service

Trust is not done until both do their part

Each domain in the trust requires a unique SID

PDC must not have any sessions going between them.

Admin in Trusted acct must first add the trusting resource (Fill from bottom up)

Domains

Single/Single Master/Multiple Master/Complete Trust

Support up to 40,000 users, 40mb SAM

Domain controller should be 2.5 times bigger then SAM

1 user= 1k

1 computer=.512byte

Global Group=512byte + 12byte

Local Group=512byte + 36byte

Objects:

 

Users

Computers

Groups

SAM

1 wkstn/user

2000

2000

30

3.12

2 wkstn/users

5000

10000

100

10.4

2 users/wkstn

10000

5000

150

13.1

1 wkstn/user

25000

25000

200

38.3

1 wkstn/user

40000

10

11

40

 

PDC support factors: Amount of disk space/memory/CPU usage

Minimum standards

SAM 10mb / 7,500 accounts / 486dx66 / 32mb ram

SAM 15mb / 10,000 accounts / Pentium or RISC / 48 mb

10-15-20-30 / 7500-1000-15000-20000 / 32-48-64-96

One BDC per 2000 accounts

Synch Process

Full synch occurs when new BDC is online - PDC keeps track

Max size for change log is 4mb default size is 64kb/2000 changes

Reg_Dword

Replicators "at" command / default 100

Network cards

8bit/400k transfer

16bit/800k

32bit/1.2m

Performance Monitor

CNTL+H for performance monitor

can't set two conditions on same alert

25 servers max to be concurrently monitored

Set baseline/establish database/characterization/expectations/future/longterm

Monitor RAID disks…diskperf -ye or remotely…disperf -y \\server1

Hard page faults when program is not found in its working set-memory bottleneck

Non-paged RAM must remain in memory and cannot be written to or retrieved

data that uses i/o or prevent multicpu's confilcts use nonpaged ram

available bytes only thing high

netbeui and nwlink have similar coutners

IIS cache range is 0-4GB - a value of 0 disables IIS and affects performance of it

Frame types - broadcast/multicast/directed

Capture = Start-F10/Stop-F11/Display-F12

Name Renewal/Registration = 110byes push/pull

compname00/03hex

user03

wkgp00

domain1B

Nodes

B-broadcast/M-mixed/P-peer/H-hybrid broad+peer

b-node wins=IC - 25 domain controllers

NDSI 3 drivers will work on NT4

RDISK /s update default.sam.security files, forces repair disk to update registry

rcmd.exe = remote command service administrator

Reg_Dword=32bit Reg_Word=16bit Q=8 T=1

Values

0=boot ntldr, 1=system kernel, 2=autoload, 3=loadondemand manual, 4=disable

Smss.exe loads and initalizes all drivers with startvalue of 2 in registry