Sunday, March 30, 2008


Why do we need to know the DHCP lease Process? Because you are sitting in MCSE class, or you will try to go another job and someone in the interview, just like me will ask you the process. Perhaps you are doing troubleshooting why client is not getting IP address from DHCP server and you forgot to see the ports 67 and 68 was blocked. In any case knowing your stuff is going to make you smart and stronger. I recommend keep memorizing below simple process just in case if you ever been any of the situations I have speculated.

In TCP/IP little world a device cannot communicate to any other device unless it has an IP address. Now think about, XP client who has not have any IP address yet, able to locate the DHCP server and ask for an IP address. IN logic world you should say, hey wait a second how come client even can talk to DHCP server, client does not have any IP Address yet. ???????. If you wonder about the answer keep reading.

  • At the time of the lease request, the client doesn't know what its IP address is, nor does it know the IP address of the server. To work around this, below how client is able to talk to a DHCP server
  • Client uses as its address and assumes for the server's address.
  • DHCP discover message on UDP port 68 and destination port 67.
  • The discover message contains the hardware MAC address and NetBIOS name of the client.
  • Once the first discover message is sent, the client waits 1 second for an offer. If no DHCP server responds within that time, the client repeats its request four more times at 2-, 4-, 8-, and 16 second intervals, if the client still doesn't get a response, it will revert to Automatic Private IP Addressing (APIPA) and Continue to broadcast discover messages every 5 minutes until it gets an answer. With APIPA, (169.254.X.Y) The Windows client will automatically pick what it thinks is an unused address.

DHCP lease is 4 way Process as listed below.

  • DHCP – discovery (The discover message contains the hardware MAC address and NetBIOS name of the client.)
  • DHCP - Lease offer
  • DHCP - lease request
  • DHCP- Lease acknowledgment

To keep memorize the process use simple map below

  • DD ( DHCP Discovery)
  • LO (Lease Offer)
  • LR (Lease Request)
  • LA (Lease Acknowledgment)

If this is not helping. Keep memorize the first one (- :

Discovering DHCP

Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Monday, March 24, 2008

Subnetting Class C Network in a Nut Shell

Here is the exercise I have promised to my students. This is a fun part subletting and this question is very basic or I would say simple. The idea is to learn or understand the basic behind this question. Why do we need subletting seem to be a command question for many of my students, the answer is , would you b e more comfortable if you have to go to work and sit within the room with 50 people? Or would you prefer sitting in a office by yourself if you have to go to work every day. Obvious, answer will be, you want to sit by yourself in a dedicated office for many reasons. The reasons follow as

  1. Security ( you don't want others figured out what web sites you are browsing on the internet , and trying to blog about exchange 2007 or Active Directory, or participating forums, while you are on your company payroll (-J )
  2. Less or none destructions by others, since you don't see and won't hear from them, when you shut your office door. This will give you a speed and you will be able to answer a lot of question posted on
  3. Since you have dedicated office if at the end of the year, sends you a nice XMAS basket, less change a jealous colic would steal your beautiful XMAS basket. I mean you are easy to be located by others because your office has a number called (MAC address) on it.

Please answer the following questions

  1. What is the full subnet mask?
  2. How many Networks
  3. How many hosts in each network
  4. What is the IP Address of the each network?
  5. What is the Default gateway of each network?
  6. What is the Broadcast IP for each network?
  7. What is the Broadcast IP for each network?
  8. What is the IP address of PC2 and PC3?
  9. What is the Subnet mask for PC2 and PC3?
  10. What is the DGW IP for PC2 and PC3?
  11. What is the IP address of PC4 and PC5
  12. What is the Subnet mask for PC4 and PC5?
  13. What is the DGW IP for PC4 and PC5?

As you see from above examples there are many advantages subletting. Don't forget IP Address is 32 Bits Binary number. Subnet mask is 32 bits binary number as well. The primary function of IP address is to provide communication in TCP/IP world we live in. The primary function of SM (Subnet mask) is to divide 32 bit complicated binary number IP Address into two distinct parts,

  • Network
  • Host

If two hosts belong to same network they can talk happily each other without needing to go through a router. However if two hosts are in two different network they must go through a router in order to talk. At least this is the basic to understand the purpose of Subnetting

The IP address of is used for the default network.

What is an IP address?
IP address is a network layer protocol address for a host in a TCP/IP network. Or IP Address is 32 is 32 Bits binary number.

What are the components of an IP address?

An IP address consists of the following components:

  • Network ID
  • Host ID

For Instance, IP address \24 subnet mask would produce as following results

  • Network ID 10.10.10
  • Host ID 100

What is a network ID?

A network ID uniquely identifies a network. All the hosts in a single network will have the same network ID. For example, in the IP address, the network ID is 10.10.10 A router analyses only the network ID portion of an IP address for datagram forwarding.

What is a host ID?

A host ID uniquely identifies a host in a network. Two hosts in two different networks can have the same host ID.

Example, in the IP address host ID 100

What is a broadcast IP address?

The datagram with a broadcast IP address is received and processed by all the hosts in the local network. For example, the IP addresses,,, are broadcast IP addresses.

What are the different classes of IP addresses?

  • Class A
  • Class B
  • Class C
  • Class D
  • Class E

IP Address Class

Maximum number Networks

Max Num Hosts In each Network

Class A

126 (2^7 - 2)

16.777.214 (2^24 - 2)

Class B

16.384 (2^14)

65.534 (2^16 - 2)

Class C

20.971.52 (2^21)

254 (2^8 - 2)

Class D



Class E



What kind of networks use a Class A or Class B or Class C IP address typically?
Class A IP address is used for a network with large number of hosts. Class C IP address is used for a network with less number of hosts. Class B IP address is used for a network with medium number of hosts

What is the use of Class D IP addresses?
The Class D IP addresses are used for multicasting.

What is the use of Class E IP addresses?
The Class E IP addresses are reserved for experimental purpose

Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Friday, March 21, 2008

Best practices for installing domain controller and deciding the disk configurations

What are the best practices for installing domain controller and deciding the disk configurations? This is one of the most asked questions. I recently participated, deciding the base line recommendations for an enterprise network, and prepare some documentation. I am sharing my findings here with you, and hoping you can find some useful information for your environment out of this article.

Let's see what Microsoft is recommending for sizing disk for domain controllers,


Operations Performed

RAID System

Operating system files

Read and write operations


Active Directory log files

Mostly write operations


Active Directory database and SYSVOL shared folder

Mostly read operations

RAID 1 or RAID 0+1


  • If cost is a factor in planning for disk space, you can place the operating system and Active Directory database on one RAID array (such as RAID 0+1) and the Active Directory log files on another RAID array (such as RAID 1). However, it is recommended that you store the Active Directory database and the SYSVOL shared folder on the same drive.
  • To prevent single disk failures, many organizations use a redundant array of independent disks (RAID). For domain controllers that are accessed by fewer than 1,000 users, all four components generally can be located on a single RAID 1 array. For domain controllers that are accessed by more than 1,000 users, place the log files on one RAID array and keep the SYSVOL shared folder and the database together on a separate RAID array

Realistically this would be the best configuration. However many of the companies will consider budged and the most many administrators will get out from hardware configuration will be (4 Disks)







Disk Configuration



Win 03

Win 08

Read and write


2 DISK ( 36GIG SCSCI) 10.000 or 15.000 RPM


AD Logs

Mostly write


2 DISK ( 36GIG SCSCI) 10.000 or 15.000 RPM

Drive L (logs) 18 GIG

Drive D (Database .DIT and Sysvol)

.DIT database and SYSVOL

Mostly read

RAID 1 or RAID 0+1

If you have given one disk, I recommend at least, creating a partition and installing OS by itself and still separating .DIT and sysvol together and logs by itself to simulate the best practices. I hate to see .DIT database installed on C drive, this is just wrong for me by default , because I religiously believe, leave the OS by itself, by itself at least creating a partition ( if you have 1 DISK) or two (RAID 1), still make it look clean and organized, rather than having flat structure. Based on knowing OS generates Read and write operations on the I/O, and Logs as always write operations, and .DIT and sysvol will generate mostly read operations should make you to implement fastest write and read configurations with some hardware redundancy.

Opening a door for 64Bit architecture and taking advantage from fastest CPU, Motherboard and optimal memory will be the winning factor in my eyes. Of course after implementation the best configuration maintain and monitor AD heath is the secret to have healthy environment. I have been witnessing spending million $$$$$ for the infrastructure and not even thinking to bother to monitor the AD .DIT database is the most common mistake in large and medium businesses. I always been so sock and get used to see it within last 10 years. Pollution AD database and replication will eventually degrade the entire IT infrastructure and manager will always be looking for mistakes somewhere else rather than themselves.

What can we do, life isn't just perfect. I will continue to write some more about best practices soon


Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Thursday, March 20, 2008


We are familiar with diagnostic login in exchange. What happens if we need same type of capability for Active Directory? As you may know there is no place in the event log where diagnostic login can be turned on for AD related troubleshooting scenarios, such as troubleshooting KCC issues. The KCC (Knowledge consistency Checker) is a Microsoft Windows 2000 and Microsoft Windows Server 2003 component that automatically generates and maintains the intra-site and inter-site replication topology.

The KCC runs at regular intervals to adjust the replication topology for changes that occur in Active Directory, such as adding new domain controllers and new sites that are created. At the same time, the KCC reviews the replication status of existing connections to determine if any connections are not working. If a connection is not working, after a threshold is reached, KCC automatically builds temporary connections to other replication partners (if available) to insure that replication is not blocked.

On each domain controller, the KCC creates replication routes by creating one-way inbound connection objects that define connections from other domain controllers. For domain controllers in the same site, the KCC creates connection objects automatically without administrative intervention. When you have more than one site, you configure site links between sites and a single KCC in each site automatically creates connections between sites as well.if we want to make sure the KCC is completing successfully this would be one of the ways of doing it

Dcdiag /v /test: kccevent /s: nhqdtcdc4

(note: Nhqdtcdc4 is the name of my domain controller)

Testing server: JPK\NHQDTCDC4

Starting test: Connectivity

* Active Directory LDAP Services Check

* Active Directory RPC Services Check

......................... NHQDTCDC4 passed test Connectivity

oing primary tests

Testing server: JPK\NHQDTCDC4

Test omitted by user request: Replications

Test omitted by user request: Topology

Test omitted by user request: CutoffServers

Test omitted by user request: NCSecDesc

Test omitted by user request: NetLogons

Test omitted by user request: Advertising

Test omitted by user request: KnowsOfRoleHolders

Test omitted by user request: RidManager

Test omitted by user request: MachineAccount

Test omitted by user request: Services

Test omitted by user request: OutboundSecureChannels

Test omitted by user request: ObjectsReplicated

Test omitted by user request: frssysvol

Test omitted by user request: frsevent

Starting test: kccevent

* The KCC Event log test

Found no KCC errors in Directory Service Event log in the last 15 minutes.

......................... NHQDTCDC4 passed test kccevent

Test omitted by user request: systemlog

Test omitted by user request: VerifyReplicas

Test omitted by user request: VerifyReferences

Test omitted by user request: VerifyEnterpriseReferences

Test omitted by user request: CheckSecurityError

Running partition tests on : DomainDnsZones

If you are still having trouble with KCC what to do next? The next step is going to be turn on the diagnostic login for KCC. If you are thinking you have never seen this in event log, yes you are right, it would be nice if Microsoft included this into even log MMC, but we are not there yet (-:

Open regedit

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\ Diagnostics

  • double-click on the diagnostics logging entry
  • enter a number (05) based on how much you want logged

KKC should run every 15 minutes by default. The numbers are from 1 to 5 , 1 being minimum 3 being medium and 5 being maximum diagnostic login.

Here are the diagnostic logging settings for windows 2003

  • Knowledge Consistency Checker
  • Security Events
  • ExDS Interface Events
  • MAPI Interface Events
  • Garbage Collection
  • Internal Configuration
  • Directory Access
  • Internal Processing
  • Performance Counters
  • Initialization/Termination
  • Service Control
  • Name Resolution
  • Backup
  • Field Engineering
  • LDAP Interface Events
  • Setup
  • Global Catalog
  • Inter-site Messaging
  • Group Caching
  • Linked-Value Replication
  • DS RPC Client
  • DS RPC Server
  • DS Schema
  • Replication Events

Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Friday, March 14, 2008

Recommendations for FSMO Role Placement

I have recently posted some guidelines showing the best placement for distributing FSMO roles. Below article is straight taken from TechNet and it has great information. I am posting it as it is here in my blog..Although you can assign the operations master roles to any domain controller, follow these guidelines to minimize administrative overhead and ensure the performance of Active Directory. If a domain controller that is hosting operations master roles fails, following these guidelines also simplifies the recovery process. Guidelines for role placement include:

  • Leave the two forest-level roles on a domain controller in the forest root domain.
  • Place the three domain-level roles on the same domain controller.
  • Do not place the domain-level roles on a global catalog server.
  • Place the domain-level roles on a higher performance domain controller.
  • Adjust the workload of the operations master role holder, if necessary.

Choose an additional domain controller as the standby operations master for the forest-level roles and choose an additional domain controller as the standby for the domain-level roles.

Requirements for Infrastructure Master Placement

  • Do not place the infrastructure master on a domain controller that is also a global catalog server.

The infrastructure master updates the names of security principals for any domain-named linked attributes. For example, if a user from one domain is a member of a group in a second domain and the users name is changed in the first domain, then the second domain is not notified that the users name must be updated in the groups membership list. Because domain controllers in one domain do not replicate security principals to domain controllers in another domain, the second domain never becomes aware of the change. The infrastructure master constantly monitors group memberships, looking for security principals from other domains. If it finds one, it checks with the security principals domain to verify that the information is updated. If the information is out of date, the infrastructure master performs the update and then replicates the change to the other domain controllers in its domain.

Two exceptions apply to this rule.

First, if all the domain controllers are global catalog servers, the domain controller that hosts the infrastructure master role is insignificant because global catalogs do replicate the updated information regardless of the domain to which they belong. Second, if the forest has only one domain, the domain controller that hosts the infrastructure master role is not needed because security principals from other domains do not exist.

Guidelines for Role Placement

By improperly placing operations master role holders, you might prevent clients from changing their passwords or being able to add domains and new objects, such as Users and Groups. You might also be unable to make changes to the schema. In addition, name changes might not properly appear within group memberships that are displayed in the user interface.

As your environment changes, you must avoid the problems associated with improperly placed operations master role holders. Eventually, you might need to reassign the roles to other domain controllers.

Although you can assign the forest-level and domain-level operations master roles to any domain controller in the forest and domain respectively, improperly placing the infrastructure master role can cause it to function improperly. Other improper configurations can increase administrative overhead.

Forest-level Role placement in the Forest Root Domain

  • The first domain controller created in the forest is assigned the schema master and domain naming master roles. To ease administration and backup and restore procedures, leave these roles on the original forest root domain controller. Moving the roles to other domain controllers does not improve performance. Separating the roles creates additional administrative overhead when you must identify the standby operations masters and when you implement a backup and restore policy.
  • Unlike the PDC emulator role, forest-level roles rarely place a significant burden on the domain controller. Keep these roles together to provide easy, predictable management.

Domain-level Role Placement on the Same Domain Controller

  • The three domain-level roles are assigned to the first domain controller created in a new domain. Except for the forest root domain, leave the roles at that location. Keep the roles together unless the workload on your operations master justifies the additional management burden of separating the roles.
  • Because all clients prior to Active Directory submit updates to the PDC emulator, the domain controller holding that role uses a higher number of RIDs. Place the PDC emulator and RID master roles on the same domain controller so that these two roles interact more efficiently.
  • If you must separate the roles, you can still use a single standby operations master for all three roles. However, you must ensure that the standby is a replication partner of all three of the role holders.
  • Backup and restore procedures also become more complex if you separate the roles. Special care must be taken to restore a domain controller that hosted an operations master role. By hosting the roles on a single computer, you minimize the steps that are required to restore a role holder.

Domain-level Role Placement on a Higher Performance Domain Controller

Host the PDC emulator role on a powerful and reliable domain controller to ensure that it is available and capable of handling the workload. Of all the operations master roles, the PDC emulator creates the most overhead on the server that is hosting the role. It has the most intensive daily interaction with other systems on the network. The PDC emulator has the greatest potential to affect daily operations of the


Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Active Directory for daily operations

Below are some useful Shortcut keys for managing Active Directory for daily operations. I use most of these tools to perform administrator daily task. Knowing these shortcuts for sure is a good thing. Also Check the link on the bottom "Active Directory Product Operations Guide" I found the link incredibly useful.

  • dnsmgmt.msc (DNS Manager)
  • domain.msc (Active Directory domains and trusts)
  • schmmgmt.msc (Active Directory Schema snap-in)
  • dssit.msc (Active Directory Sites and Services)
  • dsa.msc (Active Directory Users and Computers)
  • DCPromo (Active Directory Installation Wizard)

    Dcdiag.exe (This command line tool analyzes the state of domain controllers in the forest or enterprise and reports any problems to assist in troubleshooting.
    adsiedit.msc (Used for editing Active Directory to add, delete, or move objects within the directory.)

  • Netdiag.exe
    (Helps isolate networking and connectivity problems by performing a series of tests to determine the state of the network client.)
  • Netdom.exe
  • Ntdsutil.exe (Used to perform database maintenance of Active Directory, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.)
  • Repadmin.exe (diagnose replication problems between domain controllers.)

Active Directory Product Operations Guide

Oz ozugurlu,
Systems Engineer
Security Project+ Server+

Tuesday, March 11, 2008


DNSCMD is powerful command line utility to manage the DNS in windows environment. Okay I need to say thanks to Paul Yu (Microsoft Consulting Services,Public Sector/Federal Practice) for giving me the directions with DNSCMD. After he listen to my complains about the DNS MMC, he said why arent you using DNSCMD, and this is how I start using it.One of the key points with windows is the GUI that everyone loves. The GUI may become insufficient in a large environment such where I am at, to manage the DNS. (Over 20.000 DNS records). Those of you use and know UNIX will smile and understand the power of simple management of UNIX command line. The windows DNS MMC may become insufficient and frustrating in some scenarios, therefore it is good to have more powerful command line utility to manage the large DNS databases. So here it is DNSCMD comes into a rescue for such scenarios.


  • displays and changes the properties of DNS servers zones, and resource records
  • manually modifies these properties, creates and deletes zones and resource records
  • Forces replication events between DNS server physical memory DNS databases and data files.

So open up CMD window and practice below commands. (PS: My domain name is, so whenever you see, replace it with your own DNS name space name. Also bear in mind my IP address range for my domain is 10.10.10.X so you will have to replace this with your own as well.)

Clearcache (DNS)

  • C:\>dnscmd /clearcache
  • completed successfully.
  • Command completed successfully.

Recorddelete (PTR)

  • C:\>dnscmd /recorddelete 123 PTR
  • Are you sure you want to delete record? (y/n)y
  • Deleted PTR record(s) at
  • Command completed successfully.


  • Dnscmd /RecordAdd will not generally perform a replace.
  • D:\>dnscmd /RecordAdd MytestPC A
  • Add A Record for
  • Command completed successfully.


  • D:\>dnscmd /RecordAdd test A
  • Add A Record for test.SMTP25.orgat
  • Command completed successfully.


  • PS C:\Users\Administrator> dnscmd /enumrecords test
  • Returned records:
  • @ 3600 CNAME
  • Command completed successfully.


  • D:\>dnscmd /RecordDelete test A
  • Are you sure you want to delete record? (y/n) y
  • Deleted A record(s) at
  • Command completed successfully.

Recordadd (A record)

  • D:\>dnscmd /RecordAdd SMTP25.orgtest A
  • Add A Record for test.SMTP25.orgat
  • Command completed successfully.


Oz ozugurlu,

Systems Engineer



Security Project+ Server+ (Blog)

Monday, March 10, 2008


I am reading TechNet notes, "active Directory and DNS" one of the very first things strike my eyes the statement says "Active Directory and DNS go hand in hand. DNS is required to configure Active Directory. Are you required to use Microsoft's DNS server to support Active Directory? The answer is no." Technically and reality sometimes slaps me the most. Over years I have been teaching MCSE classes and each class we teach, how important DNS is and now, we find out Microsoft DNS is not required, to support active directory. We still want Religiously Microsoft active directory DNS anyway. Because number of reasons.

Another reality statement as follows," Any DNS server supporting SRV records (RFC 2782) and dynamic DNS updates (RFC 2136) can be used to support Active Directory."

  • We get higher level of security and fault tolerance
  • AD integrated zone
  • Secure updates
  • Dynamic updates
  • Windows 2000 computers can dynamically register and update records with a DNS server that supports dynamic DNS update protocol

Please Take your time and try to find the answers for following question regarding to DNS

  1. What Is DNS
  2. What does Active directory integrated DNS mean
  3. What is a Zone?
  4. What port DNS operates on?
  5. What is A record
  6. What is Host record
  7. What is Glue Record
  8. What is PTR Record
  9. What is Forward lookup zone
  10. How many Forward lookup zones, we get after DCPromo? (Assuming we install DNS as well)
  11. What is Reverse lookup zone
  12. How many Reverse lookup zones, we get after DCPromo? (Assuming we install DNS as well)
  13. What is Alias record
  14. What is Cname record
  15. What is MX Record
  16. What is default priority for MX record ( you have to know this religiously (-J
  17. What is SRV record
  18. What tool can be used for DNS troubleshooting
  19. What is DCDiag.exe
  20. What is Repmon.exe
  21. What is FRSDiag.exe
  22. What is Netlogon service, what does it do?
  23. How does windows 2003 server is able to connect to the internet, right after installation
  24. What is root hint servers
  25. How many root hint servers available by default or after installation windows 2003 server
  26. Where do I locate root hint servers in DNS
  27. What happened when Cache.dns file is missing or corrupted

Please do some research, we will go over each question in the next class. Passing score is 700 each question is worth for 40 points, anyone gets below 500 is going to buy lunch this Saturday

(I am just kidding)

Oz ozugurlu,

Systems Engineer



Security Project+ Server+ (Blog)

One or more users currently use a mailbox store on this server

Are you trying to uninstall exchange and yet to be successful, because exchange seems not to be happy and not willingly uninstall from the server? If your answer is yes, keep reading. The key thing to understand is, being able to see how exchange (Application) interacts with .DIT database (Active directory). So if the database tells exchange, "here are the mail enabled object that's mail box is on this server" you won't be able to un-install exchange, until you manually clean the .DIT database.

One or more users currently use a mailbox store on this server. This user must be moved to mailbox store on a different Server or be mail disabled before uninstalling this server There is a user somewhere within AD, and your Exchange is reading that information from your Active directory, NTDS.DIT database. Now we need to find out which object is still has a partial information pointing to this exchange server we wish to remove from out Mail organization

First way

  • Open ADUC.MSC
  • Click search on the drop down menu
  • Select, exchange recipients, and make sure the first box is checked only (Users with exchange mailbox)
  • Click storage, enable mail boxes on this server, select your server from menu,
  • Click find now
  • When you identify the mailboxes, either move it somewhere else or delete them

Second Way

(Looking for mail enabled object with the attribute called, Exchange Home Server)

Lets fire up, ADUC

  • Start run
  • Dsa.msc
  • Right-click the domain container, and then click Find ( or click on the find icon on top left)
  • Select the Advanced tab
  • Select User from the Field button
  • From the list of attributes displayed, choose Exchange Home Server
  • Set the Condition field to Ends With
  • Enter the Exchange server name into the Value field ( server you are trying to get rid of)
  • Click Add
  • Click the Find
  • Make a right Click and Delete all those found in the search
  • Go back and kick of uninstall process one more time

Oz ozugurlu,

Systems Engineer
Security Project+ Server+ (Blog)

Designating a Routing Group Master

We are on the way decommissioning our BH servers, I ran into issues, and had to move the master role to another server. Doing it is as easy as making a right click and selecting a new server in ESM under routing groups. I am posting TechNet article explaining the routing group master in exchange.

When you create a routing group, the first server in that routing group is assigned the role of routing group master. The routing group master maintains current link state information for its routing group and propagates it to the other servers within the routing group. The routing group master monitors the routing configuration that is written in Active Directory for its routing group only. Member servers can communicate any connector state or server availability information to the routing group master. For example, if a member server tries to contact another server in a different routing group over a connector, and this link is unavailable, the member server immediately notifies the routing group master. Likewise, when a non-master server receives new link state information, it immediately transfers the connector state information to the routing group master, so that other servers can receive the information about the routing change.

  • When you designate a routing group master, ensure that the server you choose has good access to a domain controller because this is where it reads the configuration information that is stored in Active Directory. Additionally, when a change occurs in the configuration of its routing group, Exchange System Manager writes this information directly to Active Directory and then the domain controller notifies the routing group master of this change. The routing group master then propagates this information to all the member servers.
  • Within a routing group, the routing group master and the other Exchange servers communicate link state information over TCP/IP port 691. However, communication of link state information between routing groups is different. If the routing group master is not a bridgehead server for the routing group, the routing group master sends the link state information to the group's bridgehead server over TCP/IP port 691. The bridgehead server then forwards this information (over TCP/IP port 25 using SMTP and the X-LINK2STATE verb) to the bridgehead servers of other routing groups.


Oz ozugurlu

Systems Engineer
Security Project+ Server+ (Blog)

Tuesday, March 4, 2008


FSMO roles always been one of the hottest subject in pretty much in any interview and the functionality is curtail for any network administrator to understand. Before we even mentioned about FSMO roles, let's ask these questions and try to understand the concept and see the need for FSMO roles (Operation Masters)Single master replication model, compare to multi master replication model. In single master replication model the active directory .DIT databases is read and write for the PDC (Primary domain Controller). The BDC (Backup domain controller) has only read copy of .DIT database (Active directory data base)

Now MultiMate replication model is, all domain controllers have read and write copy of the .DIT database. Client can register its own records to any available DC/GC in multi-master replication model. So obviously there is redundancy available to the clients. If you remember the concept of DNS and its integration with AD (Active directory).Multi master replication model is good. However some certain task still needed to be handled by specific DC's, therefore the Operations Masters (FSMO) was born.

First DC called sometimes root DC will inherit all FSMO roles.

Forest Wide

  • DNS (Domain naming master)
  • Schema Master

Domain Wide

  • PDC Emulator
  • RID master
  • Infrastructure master

Now, if we have 12 domains how many FSMO roles we have (Consider one forest). The answers is going to be 38FSMO roles, 36 (each domain) + two of the forest wide roles.

Now we have following DC's and we will distribute the FSMO roles.


FQDN Server



Schema Master


Keep Schema master and Domain naming master on the same DC (easy administration). We could keep them separate as well; I don't see a reason doing it. We will make sure the DC has both roles is a Global catalog server as well.

DNS Master




offload the


PDC Emulator and RID Master are being kept on the same domain controller. We need to offload the GC role from this domain controller, (GC are being used heavily)


offload the


Inf Master


Infrastructure Master Role can be held by a domain controller hosting the Global Catalog in two circumstances: when there is only one domain in your forest or when every single domain controller in your forest also hosts the Global Catalog.


Oz ozugurlu

Systems Engineer
Security Project+ Server+ (Blog)

Monday, March 3, 2008


Here is homework part one for my ongoing Saturday MCSE 2003 Class. I need you guys to post the answers from your own knowledge, don't forget is you spend 5 minutes to explain what an IP address is, I am going to give you minus 20 (-:. In real life people who will interview you would love to hear defined answer. I have been interviewing people since several years. I am amazed to see people rating themselves in AD, DNS 9 out of 10, and these people are yet to be answer 25% percent of the questions below. Anyway the goal here is to shake all my students a little bit and all other visitor and share the knowledge here on my blog. feel free to ask if you have any questions. Thanks to all my students and friend who will answer below questions


  1. What is an IP ADDRESS?
  2. What is an Subnet Mask
  3. What is difference between Hub and Switch
  4. Ports and their functions
  • 80
  • 443
  • 389
  • 639
  • 3268
  • 3269
  • 53
  • 25
  • 110
  • 21
  • 20

  1. If you have to set a network with 10PC would you use switch or Hub, why?

Active directory

  1. What is active directory?
  2. What is Domain
  3. What is domain controller?
  4. What is a standalone server
  5. What I s a member server
  6. What is Object
  7. What is attribute
  8. How do you make a server domain controller
  9. What is the name of Active directory Database
  10. What are the partitions in AD 200 Database
  11. What are the partitions on AD 2003 Database
  12. What tool you can use to modify the Ad database
  13. What is DRO and what objects are in this partition
  14. Why is a difference AD 2000 and 2003 Database structure
  15. What is Schema
  16. How many FSMO roles available
  17. Name Operations Masters
  18. Which FSMO role is the most important
  19. Which FSMO role is the less important
  20. If you have 12 domain consider one forest how many FSMO roles exist.
  21. What is OU
  22. What are 3 primary functions of OU
  23. What is a Site
  24. What is KCC
  25. What is LSASS.EXE
  26. What is SYSVOL
  27. What is Journal Wrap and how to troubleshoot journal wrap issues?


Oz ozugurlu

Systems Engineer
Security Project+ Server+ (Blog)