Friday, August 31, 2007

FSMO Roles

Hi friends

In active directory , FSMO roles plays a pivotal part. The analogy behind this concept is very interesting and also gives you the whole picture of whats happens when new object is created and how it is replicated to all parts.

In windows NT, we have the concept of single master operation.PDC(primary domain controller) will have the write copy of the SAM(Security accounts database manager) database and other DC(called BDC-Backup Domain Controllers) will have the read copy alone. Active Directory overcomes this by allowing the write copy for all domain controllers in windows 2000/2003 server environment. Any change in one DC is automatically replicated to all DCs, referred as multi-master replication. Why we need FSMO roles? , the answer is what happen when we make same changes in different DC at the same time, will result in conflicting data in the AD database. To avoid this conflict, they derived out concept called Flexible Single Master Operation roles, shortly called as FSMO roles. There are five distinct roles available each have its own functions. They call first two roles as forest level roles and the other three roles as the domain level roles.

Schema Master :

1.Controls all updates and modifications to the AD schema.
2.Schema update completed, schema master replicate all data to other DCs.
3. There can be only one schema master in the whole forest.

Domian Naming Master :
1.Controls the addition or removal of domains in the forest.
2.add or remove domain can be possible only by domain naming master.
3.There can be only one domain naming master in the whole forest.

Infrastructure Master :
1.Responsible for updating an object's security identifier and distinguished name in a cross domain object references.
2.At any one time, there can be only one infrastructure master in each domain.
3.DC with infrastructure master should not be a global catalog server. This is because GC holds a partial replica of every object in the forest and updating the object in the cross domain object reference in that domain will not be updated and threw error in the event log.This is not the case when all DCs in the domain are global catalog.

RID Master :
1.Responsible for processing RID(Relative Identifier) pool requests from all DCs in a particular domain.
2.unique RID = RID pool range + SID(security identifier)
where
RID pool range = allocated number range for all DC in the domain
SID = unique identifier each and every object created in any DC within a particular domain.
3.There can be only one RID master for that particular domain.

PDC Emulator :
1.Responsible for synchronizing time with in an enterprise.
2.PDC(Primary Domain Controller) emulator of a domain is authoritative for that domain and the forest root domain becomes authoritative for the enterprise.
3.Password changes in any DCs are replicated to PDC emulator.
4.Authentication failure and account lockout are all processed by PDC emulator.
5.Support the Windows NT 4.0 based PDC environment and earlier clients also.
6.There can be only one PDC emulator for that particular domain.

Commands for checking the FSMO roles :

The following are the commands through which you will be able to get the information of the different roles and their respective domain controllers.

1. dumpfsmos {servername}

2. dsquery server –hasfsmo {schema|rid|pdc|infrastructure}

3. dcdiag /test:knowsofroleholders /v

4. netdom query fsmo

To find the global catalog servers in your domain

dsquery server –isgc

dsquery server -domain damacholding.home –isgc

repadmin.exe /options * and use IS_GC for current domain options.

nltest /dsgetdc:corp /GC

Finally the functions of this roles been illustrated. Transferring and seizing of roles is the next step for the readers.

Please do post me if you have any questions.

Thanks
Logu
logu_microsoft@hotmail.com | 91-98414-99143

MySQL - Basic administration cmds

Hi friends
This articles provide you the basic administrative commands for MySQL. I have given the syntax for basic commands like installing,backup and restore, repairing and some others targeting the basic administrative purpose. Please refer the Mysql home site for full database commands.Lets go

MySQL installation:

Check MySQL existence
#rpm –qa | grep mysql

Installing MySQL:
#rpm –ivh mysql*
#yum install mysql

Connecting to the MySQL shell:
#mysql
#mysql –u root –p
#mysql –u root –p dbname
Will end up with prompt as “mysql>” is called mysql shell

Adding Database:
mysql>create database dbname; or
#mysqladmin create dbname –u root –p
#mysqladmin reload –u root -p

Dropping Database:
mysql>drop database dbname; or
#mysqladmin drop dbname –u root -p
#mysqladmin reload –u root –p

Creating MySQL User:
mysql>Grant all on dbname.* to dbusername@localhost identified by ‘enterpassword’;
Or
mysql>Grant select,insert,update,delete,create,drop,alter on dbname.* to dbusername@localhost identified by ‘enterpassword’;
Or
mysql>Insert into user (Host,User,Password)
values('localhost','dbuser',' enterpassword ');

flush privileges;

Dropping MySQL User
mysql>drop user 'username'@'location'

Resetting Root MySQL password:
#/etc/rc.d/init.d/mysqld stop
#/usr/bin/mysqld_safe --skip-grant-tables &
#killall mysqld
#/usr/bin/mysqld_safe --skip-grant-tables &
#mysqladmin -u root flush-privileges password "enterpassword"
#/etc/rc.d/init.d/mysqld restart

Changing MySQL User Password:
# set password for username@localhost = PASSWORD('enterpassword');

Backing up a MySQL Database:
#mysqldump databasename > /some/valid/directory/backup-file.sql
#mysqlhotcopy databasename /path/to/some/dir

Restoring a MySQL Database:
# mysql databasename < style="font-weight: bold;">Repairing a MySQL Database:
Database and tables can be corrupted because of the following reasons like killing mysqld in the middle of write, power failure, disk failure, Mysql program bug and MyISAM code bug.
Error syntax for corrupted Database is “Incorrect key file for table: '...'. Try to repair it”

# myisamchk -r -q tablename [continue the below if this doesn’t work]
Backup the database
# myisamchk -r tablename
# myisamchk --safe-recover tablename [use only the precedence cmd fails]

Hope this give you the basic admin commands.

Please do post/comment if you have any questions.

Thanks
Logu
logu_microsoft@hotmail.com | 91-98414-99143

Thursday, August 30, 2007

Rsync for synchronizing directories b/w remote machines

Hi friends
Since having a file stores for accessing the files is common in organization. Obviously ftp, samba or some shared repository plays the role of above one. Nowadays company are multi-branched and also located at different geographical location. My case is to have a common filestore that should be accessed by both instance say Los angels lan and Dubai lan and this store is purely for internal access alone. The simple and effective answer for the above case is to have two servers in respective location and to enable synchronization b/w shares. Synchronization can be one way and can be used to pull or push. But we can configure this at both end and first time sync alone takes much time and successive sync is just updates and more over like incremental stuff.

Lets us consider
Los angels server IP - 200.200.200.201 (Command prompt S1#)
Share location say /home/commonfiles
Dubai server IP - 200.200.200.202 (Command prompt S2#)
Share location say /home/commonfiles

Password-less SSH authentication:
why suddenly to authentication? The answer is we need to provide the password for synchronizing data from one server to other remote server over ssh and also i need to schedule this synchronization for regular intervals.Henceforth i need to suppress this password prompting and at the same time to have secure way to use ssh. Lets do this with rsa generated public/private key option.

S1#ssh-keygen -t dsa [allow default]

S1#scp /root/.ssh/id_rsa.pub root@200.200.200.202:/root/.ssh/authorized_keys [or]
S1#scp /root/.ssh/id_rsa.pub root@200.200.200.202:/tmp
S2#cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys

S1#ssh root@200.200.200.202 [result automatically logs in without asking for password]

Shell script for rsync command execution:

S1#vi /root/script.sh [with the content below]
#!/bin/sh
rsync -e ssh -avuzp /home/commonfiles root@200.200.200.202:/home/commonfiles > /var/log/crontab.log

S1#chmod ugo+x /root/script.sh [to make executable]

Scheduling using crontab

S1#crontab -e [create as per your need]
* 0,5,10,15,20 * * * root /root/script.sh [daily midnight,5 am,10 am, 3 pm, 8 pm]

finally we have done... boom.... its sync the folders from Los angels to Dubai.If you need to update the entries added in the Dubai server to Los angels do the same as in the opposite server and schedule for alternate timing and make sure that the interval time is enough.

Please do post if you have any queries.

Logu
logu_microsoft@hotmail.com

Sunday, August 26, 2007

SEO BASICS

Hi friends
This article gives you a quick start about what is SEO and its importance in the modern internet era. I got this information from one of my best friend named Yuvaraj, doing as SEO Analyst.

SEO is the process in which your Website undergoes redevelopment to properly and best communicate your keywords to search engines. In order for your Website to rank highly among major search engines, you must understand how they become ranked.

Search engines rank Websites based on two major factors:
Unique content with pertinent keywords in the body, and link popularity - the number of quality incoming links your Website has. Other important algorithms that determine your ranking with search engines are the architecture of the site, visibility of your content, underlying code and how natural your site appears to the engines.

SEO Facts:
1. More than 8 out of 10 Internet users use search engines to find info and the products or services they want to buy.
2. Up to 85% of searchers ignore paid listings.
3. 63% of the top natural listings get clĂ­ck through.
4. Natural (organic) search results convert 30% higher than PPC.

What is PageRank?
PageRank is a numeric value that represents how important a page is on the web. Google figures that when one page links to another page, it is effectively casting a vote for the other page. The more votes that are cast for a page, the more important the page must be. Also, the importance of the page that is casting the vote determines how important the vote itself is. Google calculates a page's importance from the votes cast for it. How important each vote is is taken into account when a page's PageRank is calculated. PageRank is Google's way of deciding a page's importance. It matters because it is one of the factors that determines a page's ranking in the search results. It isn't the only factor that Google uses to rank pages, but it is an important one.

Regarding alt text optimization:
Use a descriptive and keyword rich file name
+ Use seven to eight keywords in your title and alt text
+ Place a short one line description of the image directly below the image
+ Wrap the content around the image
+ Try to put the image closer to the top of the page
+ Use a descriptive image filename - If your webpage has pictures of Bill Gates house - use filenames like bill-gates-house-party.jpg instead of the default camera file name like IMG_401.jpg

Any queries welcome!

Thanks
Logu | Yuvaraj
logu_microsoft@hotmail.com | yuvaraj_bsc@yahoo.co.in

SQUID PROXY - Configuration

Hi
If someone asks me for putting up a proxy server for small network/office to control their internet usage, i will opt for implementing the squid proxy as my first choice.Squid server actually lots of options like content control, speed, cache option and so on. Squid can be implemented and managed with ease. So this article gonna give you the quick start for installing and configuring squid proxy server.
Installing squid
Check for existence
#rpm -qa | grep squid
Installing the package
#rpm -ivh squid* or #yum install squid
Starting service and runlevel service status
#/etc/init.d/squid restart or #service squid restart
#chkconfig --levels 345 squid on

Configuring squid.conf
Source file path
#/etc/squid/squid.conf

Please add the following lines appropriately

Under access control section
acl SSL_ports port 443 563
acl safeports port 80
acl safeports port 21
acl safeports port 443 563
acl safeports port 70
acl safeports port 210
acl safeports port 280
acl safeports port 488 591 777
acl safeports port 5269 5222 5223
acl CONNECT method CONNECT
acl blacklist dstdomain .youtube.com .fmradio.com playstation.com
acl noexe url_regex -i exe$
acl nodown url_regex -i \.rar$ \.zip$ \.mp3$ \.wmv$
acl noporn url_regex -i sex dating porn
acl internal src 192.168.2.0/26

Calling constructed acl - Under Http access section
http_access deny !safeports
http_access deny Connect !SSL_ports
http_access deny blacklist
http_access deny noexe
http_access deny nodown
http_access deny noporn
http_access deny !internal
http_access allow all

and then save the file and restart the service. Here we go , open your browser set the internet connection setting to correct proxy server address and port number. try out the different combination to check whether applied set of acl works.

This article will just give you the basic stuff, apart from the above configuration lots are there to be considered.

Please do post / comment if you any queastions.

Thanks
Logu
logu_microsoft@hotmail.com

Sunday, August 19, 2007

Using Telnet to simulate server communication

Hello

The best place to run Telnet is on the server which sends out your SMTP traffic. This will show you the same information that your SMTP engine receives when communicating with an outside system. Telnet allows you to specify the port through which to communicate. SMTP is defined as TCP port 25.


Open a command prompt window. Determine the FQDN or the IP address. If you need to determine this information, you can use NSLookup if you know the SMTP domain name you are attempting to connect to. For more information about this, read this article.

At the prompt, type telnet fqdn 25

If the receiving server is accepting SMTP communications, it will respond with an acknowledgment message indicating it is ready to receive your transmission. The acknowledgment should also indicate if it understands SMTP or ESMTP.

Type ehlo testdomain.com

There are two established protocols, SMTP and ESMTP (Enhanced SMTP). If the receiving system only understands SMTP, you must begin with helo. If the receiving system understands ESMTP, you may begin with either helo or ehlo.

If you receive an OK message from the receiving mail system, proceed. If not, double check the protocol named in the response to the telnet command.

Type
mail from:exchange.admin@testdomain.com

This indicates the reply address. Some receiving systems will compare the parameter from the ehlo command, and the domain listed in the address on the mail from: command to the domain name returned when performing a reverse DNS (RDNS) lookup on the IP address from which the message is coming. It is a method to combat address spoofing and more reliably identify undesirable senders.

If you are testing communications to an outside messaging system, you may need to use your actual domain name to be allowed to continue.

Type
rcpt to:valid.user@receivingdomain.com

This indicates the recipient address. If receivingdomain.com is not a domain being fielded by the receiving system, and the system does not allow relaying to receivingdomain.com, an error code will be returned.

Type data

This begins the actual message. Optionally, From:, To:, and BCC: can be entered at this time (to be covered in a future article).

Type subject: Test message via Telnet

Type a blank line - this denotes the end of the subject and the beginning of the message body.

Type This is a test
Type Please reply if received
Type a blank line
Type a period (".") and press Enter - this marks the end of the message body. The receiving system will understand and return a prompt.
Type quit

This ends the Telnet session and you will be returned to the OS prompt.

If everything has gone well, the message will be on its way to the recipient address. Give it a minute and check. You now know how to manually create and send an SMTP message! This can be a great troubleshooting tool, as you will receive responses and acknowledgments from the receiving system that can aid in diagnosing a communication problem.

Thanks
Logu
logu_microsoft@hotmail.com

Thursday, August 16, 2007

Exchange server Tools:

Hi friends
This articles explains the importance of add-on components and useful tools for exchange server 2003.To facilitate the functioning of exchange server 2003,there are some additional components available which makes the exchange administrator's life easy.

Exmerge tool:
Exmerge tool is the tool available for brick level backup strategy.Since the users mailbox are stored in the mailbox stores.So both backup and restore can be operated in the mailbox store level only,we cannot back up/restore an individual mailbox from the exchange server. In case of recovering particular user mailbox, exmerge play an important role in such case. It's a tool through which we able to import and export single or multiple users mailbox from different stores. Download exmerge.exe from http://www.microsoft.com/downloads/.

ExBPA tool:
ExBPA(Exmerge Best Practices Analyzer) is a Microsoft built tool used for analyzing the exchange server in terms of checking the AD and metadata status and which in turn helps in better uptime and performance. It is a kind of program which gets the details from the server and then the 'best practice' rules are applied to the server topology.It is similar to the MBSA (Microsoft Baseline Security Analyzer) tool.It can also be downloaded from the above url.

Exchange Server MSSearch administration tool:
The Exchange Server MSSearch Administration tool can be used to determine which Exchange Stores in the domain have Full-Text Indexes, provide status on indexes, and provide administration tasks all via the command line.Its just an additional information console with exchange system manager works with Indexes the most.It can also be downloaded from the same Microsoft download site.

<<<YET TO COMPLETE, Sorry for that>>>

Thanks
Logu
logu_microsoft@hotmail.com

Sunday, August 12, 2007

Managing Firefox with Active directory GPO

Hi Friends,
This article explains the implementation of group policy object for Firefox browser in active directory environment. By default,active directory GPO don't have any support for controlling the browser's setting other than internet explorer.Comparison between the IE and Firefox browser is prevalent in the IT.Since most of the users prefers to have Firefox as their browser rather than IE because of the developer friendly Webdev feature.Hence the effective usage, managing and controlling the Firefox attributes from the server is important.This article helps you to deploy and control the Firefox behavior from the active directory server group policy.
The Firefox is an open source browser package from the Unix/Linux environment and but comes as an executable exe package for the windows. Let me first explain what is AD and GPO.Active directory is just like database with all details about the domain, will have complete records of resources(all objects and their attributes) in the domain environment.GPO (Group Policy Object) is set of policies that can be applied for users and computers in the domain.Please refer Microsoft site for complete description of AD and GPO.
step1:
Download the Firefox msi package and store it in a shared location.
step2:
Using GPO - software deployment just assign /publish the Firefox msi package.
step3:
Download FirefoxADM - is a freeware contains .adm file and logon scripts.
step4:
Using GPO - Logon script , add the downloaded logon script.
step5:
Open GPO and right click the administrative template in user/computer setting and add the downloaded administrative template file i.e .adm file.
step6:
After adding,find the new "Mozilla Firefox default settings" and it will comprises the settings for Firefox.
Step7:
Configure the settings as per need.

Finally, implementation of Firefox administrative templates into the active directory GPO is done.Likewise we can add any available third party application(hopefully both .msi and .adm) into the server side GPO.

Please do post if you have any questions.

Thanks,
Logu
logu_microsoft@hotmail.com

Sunday, August 5, 2007

Exchange server 2003 - Quick Installation

Hi
Few finds difficult to install exchange server 2003,for those i promise it is a simple task.This article gives you the best and short steps for the installation of exchange server 2003 with ease.

Basic Requirements:
Normal desktop PC with decent memory
Server OS (preferably /w SP and patches)
Exchange server software.

Steps:

1.Windows Server OS with recent available Service packs(standard/enterprise edition) and also necessary patches.
2.Assign the static IP address for the server machine and the DNS server (prob the same as that of the machine,its always better to have DNS in the first domain in your forest and also to be configured while making the domain controller itself)
3.Create the real server i.e Domain controller with DCPROMO command and while installing don't skip the DNS installation.
4.Reboot the machine
5.Needs to install the following from the Windows add/remove component wizard from the control panel.(it requires the I386 source while installing)
IIS 6.0
ASP(Active server pages)
ASP.NET
NNTP
SMTP
WWW
POP3(don't install the email service - pop3 because exchange package come along with the improved pop3 service and also to avoid the conflict)

6.Forest preparation (is used to update the active directory schema in the forest level to deploy the exchange server)
X:\exchange\setup\i386\setup.exe /forestprep
where X-Cd drive path/path for the exchange server 2003 source

7.Domain preparation (is used to update the active directory schema in the domain level to deploy the exchange server)
X:\exchange\setup\i386\setup.exe /forestprep

8.Installing the Core exchange package.
Normal installation
X:\exchange\setup\i386\setup.exe
(Microsoft exchange messaging and collaboration service and Microsoft exchange system management tools are mandatory and others are optional)
Unattend installation
creation of unattend file
X:\exchange\setup\i386\setup.exe /createunattend c:\answerfile.ini
Executing the unattend file
X:\exchange\setup\i386\setup.exe /unattendfile c:\answerfile.ini

After this, it takes some time to finish the installation and it restarts automatically.Once after restarting,the exchange server is ready for the mail flow.

Please do post if you have any queries.

Thanks
Logu

Saturday, August 4, 2007

Fedora - YUM

Hi
Open source is known for its excellency in the field of operating systems.We have different flavors of open source available in the market.This articles explains the importance and usage of yum.Yum is a tool for automating package maintenance for a network or workstations running any operating system that use the Red Hat Package Management (RPM) system for distributing packaged tools and applications. Yum is derived from yup, an automated package updater originally developed for Yellowdog Linux, hence its name Yum is "Yellowdog Updater, Modified".Yum works from a constellation of repositories around the world to provide you the latest versions of packages. It installs, updates, and removes packages based on what is installed on your system and what is available in the repository.Yum is the successor of rpm command,it overcomes the burden of usage of rpm command options like -ivh,dependency,force and more.Yum makes the installation,updates,removal,etc far easier than rpm command environment.
Yum is a free tool available for download at http://rpmfind.net/linux/RPM/index.html

Features of Yum:

1.Simple interface
2.Simple configuration
3.Fast operation
4.Dependency calculation
5.Multiple repositories
6.Graphical interfaces(pirut)

Useful syntax:

To install package
yum install package1 [package2..]
To update package
yum updatepackage1 [package2..]
To uninstall package
yum remove | erase package1 [package2..]
To list the package
yum list options (options= all | available | updates | installed | extras | recent | etc)
To clean the packages completely
yum clean options (options= packages | headers| metadata | dbcache | all)
To install yum GUI
yum install yumex
yum install kyum

Please comment your valid suggestions

Thanks
Logu

Friday, August 3, 2007

Feature comparison - Exch2000 vs Exch2003

Hi
This article explain the comparison of features b/w exchange server 2000 and 2003.The difference between the 2000 and 2003 are much lesser when compare with the prior exchange 5.5.The functional environment of exchange 2000 and 2003 are same,but the exchange 5.5 works only in the NT platform,not dependent on active directory,depends on SAM Database.
Anti-Spam IMF Features:
First IMF(Intelligent Message Filter) is the new antispam infrastructure feature added with the exchange server 2003.Exchange server 2000 does not have any antispam solution as an add on.
This enables us to have control of Spam mails by setting the SCL(Spam Confidence Level).
Active directory Schema changes:
Class and attributes are collectively called as Schema.Since active directory is closely integrated with the exchange server 2000 and 2003,there are some updates/modification in schema values.In exchange 2003,there are some new addition of some class like OMA(Outlook Mobile Access),Smtp-connector-turf list(IP block),etc and also some attributes in encryption of anonymous user,address list OU attribute,etc. obviously apart from the above changes,a lots of modification/extension in schema classes and attributes in exchange 2003.
WMI Changes:
WMI(Windows management instrumentation) class for exchange server 2003 has many new updates /changes when compared with the exchange 2000.WMI class facilitates in managing exchange queues,mailbox,public folder and so on. For example the folder-tree structure in the exchange with the respective properties is one of the new WMI class in exchange 2003.
CDOEXM Changes:
Collaboration Data Objects for Exchange management is the component through which we will be able to access the exchange server.CDOEXM comes with same name for both exchange server 2000 and 2003,but CDOEXM of exchange 2000 cannot be used to access the exchange 2003.
Feature dropped in exchange 20003:
Although we have some new addition and changes, Microsoft do have dropped some features from the exchange 2000 for enriching the product.Features like drive M mapping,Frontpage server extension,exchange IM services,savesentitems field and versioning schema property has been removed.

Please do add your valid comments.

Thanks
Logu

Wednesday, August 1, 2007

Usefulness of Forums

Hi friends,
Forums plays an important role in our internet era.Forums are sometimes called as newsgroup or conference.Everyone knows what is forum and its usage.we have large number of forums and of different categories.But still some people find difficult or unaware of the benefits provided by the forums.First of all, any paid substance like e books,softwares and even support for some problem can be answered by just surfing the forum message.There was typical example for the success of the forums.Growth of the open source in the recent decades has been predominant,a report says that forum plays an important role in the success rate for open sources.forum makes open answer for Support, development, flaws, cost, interest, marketing, suggestions, etc.Its been legal to share any data between your e friend.Since most of the peer to peer concepts are started from the analogy of forums.
Irrespective/respective of your profession,you will find some valueble resource through the forums.An people can download their entertainment stuff like music,videos,etc without paying.Students can download their subject books,case studies,articles or even some useful suggestion from different countries. So the list of forum categories goes on.Almost the idea behind this article is to make use of some good forums.

Thanks
Logu