Replication Traffic Migrating from Windows NT Versus Authentication Traffic

One of the most popular arguments in favor of domain controllers at each location is that of authentication traffic across the WAN. Most network administrators cringe at the thought of users authenticating across the WAN instead of locally. In reality, user authentication is only a few KB of data per authentication. Although domain controllers might not be local, login script locations can be. In large companies, domain controllers can spend a lot of bandwidth replicating changes to objects...

Using Terminal Services to Access the IAS Server

When using Terminal Services, data is not actually sent between client and server. Only the user interface of the server (for example, the IAS console image and the operating system desktop) is sent to the Terminal Services client. This is called Remote Desktop Connection in Windows XP. The client sends keyboard and mouse input, which is processed locally by the server that has Terminal Services installed. When Terminal Service users log on, they can view only their individual client sessions,...

Adding Security via Firewall Settings for ASP Terminal Servers

When using Terminal Servers in an ASP environment or sometimes even in a corporate environment you will want to provide some protection for the servers by placing them behind a firewall. By default RDP communicates over TCP port 3389. If for some reason you would like to change the default port this can be done by modifying the following Registry key Use Registry Editor at Your Own Risk If you use Registry Editor incorrectly, you could cause serious problems that might require you to reinstall...

The Registry Editor

In earlier versions of Windows, Registry editing was conducted through two different but similar tools Regedit.exe and Regedt32.exe. Each tool could do some of the tasks involved in making Registry configuration changes, but one could not be used to the exclusion of the other. With Windows XP and Windows Server 2003, Microsoft has consolidated the features of the two tools into a single Registry Editor that has the look and feel of the old Regedit.exe but includes the security and remote access...

Determining the Impact of Global Catalog Failure

When a user authenticates against an Active Directory domain controller, the domain controller must be able to contact a global catalog to determine if the user is a member of any universal groups. If a domain controller fails to contact a global catalog, the user's logon will fail. As such, if a domain controller is going to be placed in a remote site in order to ensure local access to local resources in an office where many users might not have locally caches credentials, it is important to...

Automatic Private IP Addressing APIPA

The Client Server service has been updated in Windows 2000 clients and later, enabling it to automatically assign itself an IP address if no server is available it does so through a process called Automatic Private IP Addressing (APIPA). APIPA clients automatically assign themselves an IP address in the 169.254.0.0 16 range in this situation, which allows them to have basic TCP IP connectivity in small networks. APIPA might be problematic in larger networks because it forces clients to assign...

DHCP Database Backup and Restore Automation

Dhcp Database Agent

The process of backing up all DHCP settings and restoring them onto the same (or a different) server has been streamlined in Windows Server 2003. No longer do you need to export Registry keys and manually move databases between servers to migrate DHCP because the Backup and Restore process can be accomplished directly from the MMC. The process for backing up and restoring a DHCP database is as follows Open the DHCP Manager by choosing Start, All Programs, Administrative Tools, DHCP. Right-click...

Using Microsoft Metadirectory Services Effectively

When Active Directory designs encompass multiple forests or when the design has to account for mergers and acquisitions, the Microsoft Metadirectory Services MMS tool can be invaluable in keeping directories in synch. MMS, now called Microsoft Identity Integration Server 2003 MIIS 2003 , enables you to integrate and manage identity information across multiple directories. These directories can be different systems or platforms. MIIS 2003 adds functionality to Active Directory by providing...