New Windows 2003 Active Directory Features

Posted on July 1, 2010 by Murugan B Iyyappan
1. Modify common attributes of multiple user objects at one time.
2. Drag-and-drop one or more objects to a desired location in the domain hierarchy to move Active Directory objects from container to container.
3. Search functionality is object-oriented and provides an efficient browse-less search that minimizes network traffic associated with browsing objects.
4. Save commonly used search parameters for reuse in Active Directory Users and Computers.
5. Active Directory command-line tools.
6. Create instances of several common classes, including country or region, person, organizationalPerson, groupOfNames, device, and certificationAuthority in the base schema of a Windows Server 2003 forest.
7. By Application directory partitions we can configure the replication scope for application-specific data among domain controllers
8. Add additional domain controllers to existing domains using backup media.
9. Universal group membership caching method prevent the need to locate a global catalog across a wide area network (WAN) during logons by storing user universal group memberships on an authenticating domain controller.
10. Rename domain controllers
11. Rename any domain running Windows Server 2003 DCs. we can change NetBIOS name or DNS name of any child, parent, tree or forest-root domain.
12. Create a forest trust to extend two-way transitivity beyond the scope of a single forest to a second forest.
13. Move existing domains to other locations in the domain hierarchy.
14. Defunct schema objects. Deactivate unnecessary classes or attributes from the schema.
Posted in Citrix XenApp | Tagged , , | Leave a comment

Tombstone in Active Directory

Posted on July 1, 2010 by Murugan B Iyyappan
Active Directory is a hierarchical database that holds information about the network’s resources such as computers, servers, users, groups and more. The main purpose of Active Directory is to provide central authentication and authorization services
 
The Active Directory database is stored on Domain Controllers in a file called NTDS.DIT in SYSVOL folder.
 
When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion. The marker used to designate that an AD object scheduled to be destroyed is called "tombstone". A tombstone is an object whose IsDeleted property has be set to True, and it indicates that the object has been deleted but not removed from the directory.
 
The directory service moves tombstoned objects to the Deleted Objects container, where they remain until the garbage collection process removes the objects. The garbage collection process by default runs every 12 hours on a DC. In default the length of time tombstoned objects remain in the directory service before being deleted is either 60 days for Windows 2000/2003 Active Directory, or 180 days for Windows Server 2003 SP1 Active Directory.
 
Restoring tombstoned objects from the Active Directory database is often known as "reanimation". There are many tools for reanimation such as LDP.EXE, ADRestore.net and Quest software.
 
The restored object has the same primary SID as it had before the deletion, but the object must be added again to the same security groups to have the same level of access to resources. The RTM release of Windows Server 2003 does not preserve the sIDHistory attribute on reanimated user accounts, computer accounts, and security groups, however, Windows Server 2003 with SP1 does preserve the sIDHistory attribute on deleted objects. We need reset the reanimated user account’s password ans also need to remove Microsoft Exchange attributes and reconnect the user to the Exchange mailbox.
 
 
 
Posted in Citrix XenApp | Tagged , | Leave a comment

How to Configure the Citrix Program Neighborhood Agent

Posted on June 17, 2010 by Murugan B Iyyappan

Citrix Program Neighborhood Agent is the client tool for LAN Connected infrastructure, as it provides the most features and centralized management.

Citrix Program Neighborhood Agent (PNA) consists of a server and client component. It is integrated in the Citrix Web Interface setup. The PNA Client is a part of the Citrix Presentation Server Client Packager. The PNA client provides centralized management of the client settings via the Access Management Console and Published Application settings.  PNA also offers pass-through authentication, automatic desktop and start menu integration, as well as client to server content redirection.

Citrix Program Neighborhood Agent will not be configured in the Citrix Server by default. We need to configure to get the config.xml file installed and copied to IIS.

After installing Web Interface, launch the Access Management Console (AMC). The Configure and run discovery invoke at the first time to identify the components.

Select the option, “Contact the following servers running the configuration service” and add the server running Web Interface.

After the discovery process completes, right click on the Web Interface node on the left pane of the AMC -> Select “Create Site”.

Select “Program Neighborhood Agent Services site”.

Select the default options for the remaining process of the Create Site Wizard.

Right click on the site and select “Manage server farms”.

On this screen, the default farm will be displayed. Enter at least one of the Citrix servers from the Citrix Farm with which the Program Neighborhood Agent Services site will communicate. The site communicates with the XML Service on the configured Citrix Server via the Farm XML Port (80 is the default). Refer to the Citrix Server Farm Properties in the Presentation Server Console if unsure what port number to enter. Best practice would be to enter at least two XML Servers for redundancy in case of failure

In the AM Console, right click config.xml, select “Configure authentication methods”.

Deselect “Prompt” and select “Pass-through. That means the credentials used on the local system will be used to logon to the Citrix Farm.

In the Change Session Options screen, one may customize the Client Session Sizes, Client Resources (color depth, Windows Keyboard Settings and Audio Settings), and Workspace Control Options.

In the Manage Server Settings screen, we can configure the automatic refresh frequency, Backup URLs, and Site Redirection, where an administrator can redirect users to an alternate site.

For a centrally managed installation, on the Start Menu Shortcuts, and Desktop Shortcuts screens, select “Use Server Farm Settings (defined in published application)”. This means that the location of the application shortcuts will be determined by Citrix Published Application, not by settings in the PNA Services Site.

On the Notification Area screen, the administrator can configure display of applications as a menu in the Citrix Program Neighborhood Connection Center and can control user enabling or disabling the Applications Menu display in the Citrix Program Neighborhood Connection Center.

On the Shortcut Removal Screen, the administrator can configure when a user’s Citrix Published Application Shortcuts are removed from the desktop and start menu.

Right click on the config.xml go to All Tasks, Manage Application Refresh. We can control more over when and how often a user’s application set is refreshed.

In a domain the PNA Client automatically passes-through the local credentials, so users can access Citrix Published Applications as if they were installed locally.

Published Application Configuration

Published applications have the following settings related to the Program Neighborhood Client.

Shortcut Presentation -> Application Shortcut Placement:

             Add to the Client’s Start Menu.

             Place under the Program Folder.

             Start Menu Folder

             Add shortcut to the client’s desktop.

 

Content Redirection allows a local client files to launch Citrix Published Applications installed in the Citrix server.

Posted in Citrix XenApp | Tagged , , | Leave a comment

Differences between VMware ESX Server and ESXi Server?

Posted on June 16, 2010 by Murugan B Iyyappan

VMware is a free standalone ESXi hypervisor to help companies of all sizes. ESXi is the most innovative architecture, simple setup, and high performance hypervisor.VMware ESXi has support and enables everyone to gain access to VMware’s datacenter technology

1.       VMware ESXi Server has no service console. The service console can able to access to the VMware-proprietary, VMFS file system. As VMware ESXi Server has no service console, there is no SSH access to the server and there are no 3rd party applications that can be installed on the server.

2.       VMware ESXi Server uses Remote Command Line Iinterface instead of service console utilities. ESXi don’t have Command Line Interface with VMware-related or Linux utilities.

3.       VMware ESXi Server is extremely thin and so fast installation and faster boot and we able to run virtual machines on the server, with just 32MB of RAM overhead. But ESX Server need about 2GB RAM.

4.       VMware ESXi Server can be purchased as an embedded hypervisor on hardware. We can buy a Dell server with ESXi built-in inside the server on a flash chip, on the motherboard (embedded). There is no need of installation on disk.

5.       VMware ESXi Server has a Direct Console User Interface (DCUI), instead of the full ESX Server “service console” boot. In this ESXi console, we can configure the root user password, network settings, and a other basic configurations.

6.       VMware ESXi Server has built in server health monitoring features. We can install hardware monitoring software in the service console.

7.      Some of the networking features like Cisco Discovery Protocol (CDP), VMware High Availability (VMHA) are configured through the service console are not available or are experimental.

8.       VMware ESXi Server requires fewer patches and less rebooting. ESXi has no service console and it is considered more secure and more reliable. Security, Reliability, and Maintainability, are all major factor when considering a hypervisor.

Most of all VMware recommends using VMware vSphere Client to manage VMware ESXi. You may also query the VMware ESXi host with the vSphere Command-Line Interface 4.0 (vCLI). Note that the free version of VMware ESXi does not allow any configuration changes for the VMware ESXi host through the vCLI. Further, managing a VMware ESXi host with VMware vCenter Server requires a VMware vCenter Server Agent license for each host, which is included in all editions of VMware vSphere.

Posted in Citrix XenApp | Tagged , , , | Leave a comment

System Center Data Protection Manager 2010

Posted on May 26, 2010 by Murugan B Iyyappan

SCDPM 2010 provides unified and vital data protection for Windows servers and clients in the form of backup and recovery. DPM 2010 provides strong protection and supportable restore scenarios from disk, tape and cloud in a scalable, reliable, manageable and cost-effective way.

The traditional backup medium is tape, but backing up to tape is very expensive. Backing up to disk is ultimately much cheaper than tape, and that’s what DPM provides, although DPM can also help archive rarely updated data to tape for record retention purposes. The newer backup method has distinct advantages cost-wise over how things have been done in the past.

DPM can back up and restore data via the agent from Exchange, SQL, SharePoint, Dynamics, Virtual Server, Hyper-V, File shares, The Active Directory system state and Windows OS clients

The backups can be configured to occur every 15 minutes, with data being transmitted via the agent directly to the DPM server machine. From there, the DPM server can archive up to 512 disk-based snapshots for fast recovery from problems, and also manage record retention on tape-based media through customizable policies.

 The latest DPM has the ability to replicate to other DPM servers for fault tolerance, and the availability of an online cloud backup service from Iron Mountain that can be closely integrated with DPM 2010.

 Microsoft has included a way for SQL Server administrators to retrieve previous versions of any SQL database and restore it to either the original SQL Server machine or an alternate without involving the DPM administrator.

DPM 2010 introduces protection for what it calls "roaming laptops," those machines that often go for days, weeks or even months without connecting to the corporate network. DPM 2010 allows these machines to be backed up at a very granular level, since the administrator — and, in some cases, the user — can define which parts of those machines should be backed up, eliminating the need to constantly back up the entire system, because it can be so easily restored.

In addition, the DPM agent integrates with the local shadow copies feature in Windows Vista and Windows 7. This allows the user to perform a restore himself from local copies if the machine is offline, or from DPM-based copies if the machine happens to be connected to the network. These policies can be centrally managed from the DPM 2010 administrative console.

In DPM 2010, Microsoft has a simple mechanism to configure fail-over and fail-back among DPM server machines, including supporting a DPM server off-site for improved fault tolerance.

Posted in Citrix XenApp | Tagged , , , | Leave a comment