Question # 1
Explain Active Directory?
Answer:-
"Active Directory is the directory service used in Windows 2000 Server and is the foundation of Windows 2000 distributed networks."
The core of Active Directory is a combination of an LDAP server and MIT Kerberos 5 KDC running on a Windows 2000 server acting as a domain controller that work as a unit to provide authentication ("Who are you?") and authorization ("What are you allowed to do?") information within a group of interlinked systems.
Above and beyond that, the LDAP "face" of this structure behaves as an enterprise-wide distributed database that not only contains Windows-specific information but can be extended to incorporate user-defined data as well.
The AD is held together by DNS, which is used not only to locate specific machines within the AD but also to locate which functions of the AD are running on which domain controllers.


Question # 2
What is Forest?
Answer:-
The term "forest" is used to describe a collection of AD domains that share a single schema for the AD. All DC's in the forest share this schema and it is replicated in a hierarchical fashion among them.  The preferred model for Windows 2000 AD is to have an organization use a single forest that spans an entire enterprise.
While not an administrative block by themselves, forests are a major boundary in that only limited communication is available between forests. For example, it is difficult for a user in one forest to access a resource in another forest.
It is very difficult to integrate forests at this time because of potential problems reconciling schema differences between two forests.


Question # 3
What is Domains in Active Directory?
Answer:-
In Windows 2000, a domain defines both an administrative boundary and a security boundary for a collection of objects that are relevant to a specific group of users on a network. A domain is an administrative boundary because administrative privileges do not extend to other domains. It is a security boundary because each domain has a security policy that extends to all security accounts within the domain. Active Directory stores information about objects in one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A parent domain is the domain directly superior in the hierarchy to one or more subordinate, or child, domains. A child domain also can be the parent of one or more child domains, as shown below.


Question # 4
What is Organizational Units?
Answer:-
OU's have many of the attributes of an NT 4 domain. However, instead of requiring server resources to create and support, they are a logical construct within the Active Directory so an OU does not have to support and maintain a domain controller.
OU's are created by an administrator of an AD domain and can be freely named (and renamed). The OU can then be populated objects of many types including computers, groups, printers, users and other sub-OU's.
The real power of an OU is that once it is established, the administrator of its "parent" can delegate administrative authority -- in total or in part -- to any user or group that is in the AD.
When this happens, the designated user/group gains complete administrative authority over all objects in their OU and thus has all of the rights and abilities that a Windows NT domain administrator would have as well as some new ones such as the ability to further segment their OU into sub-OU's and delegate authority over those sub-elements as they see fit.


Question # 5
What is the Group Policy?
Answer:-


Group Policy is one of the most exciting -- and potentially complex -- mechanisms that the Active Directory enables. Group policy allows a bundle of system and  user settings (called a "Group Policy Object" or GPO) to be created by an administrator of a domain or OU and have it automatically pushed down to designated systems.
Group Policy can control everything from user interface settings such as screen background images to deep control settings in the client such as its TCP/IP configuration and authentication settings. There are currently over 500 controllable settings.  Microsoft has provided some templates as well to provide a starting  point for creating policy objects.
A significant advantage of group policy over the old NT-style policies is that the changes they make are reversed when the policy no longer applies to a system. In  NT 4, once a policy was applied to a system, removing that policy did not by itself roll back the settings that it imposed on the client. With Windows 2000, when a specified policy no longer applies to a system it will revert to its previous state without administrative interference.
Multiple policies from different sources can be applied to the same object. For example, a domain might have one or more domain-wide policies that apply to all systems in the domain. Below that, systems in an OU can also have policy objects applied to it, and the OU can even be further divided into sub-OU's with their own policies.
This can create a very complex web of settings so administrators must be very careful when creating these multiple layers of policy to make sure the end result -- which is the union of all of the applicable policies with the "closest" policy taking priority in most cases -- is correct for that system. In addition, because Group  policy is checked and applied during the system boot process for machine settings and again during logon for user settings, it is recommended that GPO's be applied to a computer from no more than five "layers" in the AD to keep reboot and/or login times from becoming unacceptably long.


Question # 6
What is Empty Root Domain?
Answer:-
The "empty root domain" is an AD design element that has become increasingly popular at organizations with decentralized IT authority such as universities.
The empty root domain acts as a placeholder for the root of Active Directory, and does not typically contain any users or resources that are not required to fulfill this roll [sic]. [...] Only those privileges that have tree or forest-wide scope are restricted to the empty root domain administrators. Departmental administrators can work independently of other departments.
This politically neutral root domain provides a central source of authority and policy enforcement, and provides a single schema and global catalog that allows users  to find resources anywhere in the university/district/state system. Individual IT departments retain a significant degree of independence and can control their own users and resources without having to worry that actions by administrators in other departments will disrupt their domain.


Question # 7
What is Mixed Mode?
Answer:-
Allows domain controllers running both Windows 2000 and earlier versions of Windows NT to co-exist in the domain. In mixed mode, the domain features from previous versions of Windows NT Server are still enabled, while some Windows 2000 features are disabled. Windows 2000 Server domains are installed in mixed mode by default. In mixed mode the domain may have Windows NT 4.0 backup domain controllers present. Nested groups are not supported in mixed mode.


Question # 8
What is Native Mode?
Answer:-
When all the domain controllers in a given domain are running Windows 2000 Server. This mode allows organizations to take advantage of new Active Directory features such as Universal groups, nested group membership, and inter-domain group membership.


Question # 9
What is LDAP?
Answer:-
LDAP is the directory service protocol that is used to query and update AD. LDAP naming paths are used to access AD objects and include the following:
•    Distinguished names
•    Relative Distinguished names


Question # 10
Minimum Requirement for Installing AD?
Answer:-
1.    Windows Server, Advanced Server, Datacenter Server
2.    Minimum Disk space of 200MB for AD and 50MB for log files
3.    NTFS partition
4.    TCP/IP Installed and Configured to use DNS
5.    Administrative privilege for creating a domain in existing network


Question # 11
How will you verify whether the AD installation is proper?
Answer:-
1.    Verify SRV Resource Records
After AD is installed, the DC will register SRV records in DNS when it restarts. We can


check this using DNS MMC or nslookup command. Using MMC
If the SRV records are registered, the following folders will be there in the domain folder in Forward Lookup Zone.
•    msdes
•    sites
•    tcp
•    adp
Using nslookup
>nslookup
>ls -t SRV Domain
If the SRV records are properly created, they will be listed.
2.    Verifying SYSVOL
If SYSVOL folder is not properly created data stores in SYSVOL such are scripts, GPO, etc will not be replicated between DCs.
First verify the following folder structure is created in SYSVOL Domain
Staging Staging areas Sysvol
Then verify necessary shares are created.
>net share
It should show two shares, NETLOGON and SYSVOL
3.    Verifying Database and Log files
Make sure that the following files are there at %systemroot%ntds Ntds.dit, Edb.*, Res*.log


Question # 12
Explain Active Directory schema?
Answer:-
The Active Directory schema is the set of definitions that defines the kinds of objects, and the types of information about those objects, that can be stored in Active Directory. The definitions are themselves stored as objects so that Active Directory can manage the schema objects with the same object management operations used for managing the rest of the objects in the directory.
There are two types of definitions in the schema: attributes and classes. Attributes and classes are also referred to as schema objects or metadata.
Attributes are defined separately from classes. Each attribute is defined only once and can be used in multiple classes. For example, the Description attribute is used in many classes, but is defined once in the schema, assuring consistency.


Question # 13
Can you explain LDAP?
Answer:-
The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying data using directory services running over TCP/IP


Question # 14
What is Domain Controller?
Answer:-
In an Active directory forest, the domain controller is a server that contains a writable copy of the Active Directory Database participates in Active directory replication and controls access to network resource.


Question # 15
Define Active Directory?
Answer:-
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.


Question # 16
Why we need Netlogon?
Answer:-
Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services, and the domain controller cannot register DNS records."


Question # 17


Define Kerberos?
Answer:-
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.


Question # 18
Explain What are the standard Port numbers?
Answer:-
SMTP - 25,
POP3 - 110,
IMAP4 - 143,
RPC - 135,
LDAP - 389,
SSL - 443,
HTTP - 80,
RDP - 3389,
DNS - 53,
DHCP - 67,68, FTP-21,
GC-3268,
Secure LDAP - 636, Kerberos - 88,
NNTP - 119,
TFTP - 69,
SNMP - 161.


Question # 19
What is DNS Scavenging?
Answer:-
Scavenging will help you clean up old unused records in DNS.


Question # 20
Explain Where is the AD database held? What other folders are related to AD?
Answer:-
%SystemRoot% tdsNTDS.DIT.
Edb*.log is the transaction log file. Each transaction file is 10 megabytes (MB). When Edb.log file is full, active directory renames it to Edbnnnnn.log, where nnnnn  is an increasing number starts from 1.
Edb.chk is a checkpoint file which is use by database engine to track the data which is not yet written to the active directory database file. The checkpoint file act as a pointer that maintains the status between memory and database file on disk. It indicates the starting point in the log file from which the information must be recovered if a failure occurs.
Res1.log and Res2.log: These are reserved transaction log files. The amount of disk space that is reserved on a drive or folder for this log is 20 MB. This reserved  disk space provides a sufficient space to shut down if all the other disk space is being used.


Question # 21
How to upgrade from Windows 2003 DC to Windows 2008 DC?
Answer:-
Windows 2003 must be running with SP2 Run adprep /forestprep
Run adprep /domainprep
Start the installation from Windows 2008 DVD Domain level must be in Native Mode
Installation must be started from windows 2003 OS


Question # 22
What is new in Windows Server 2008 Active Directory Domain Services?
Answer:-
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services


Question # 23
Explain What are RODCs? And what are the major benefits of using RODCs?
Answer:-
Read only Domain Controller, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.




Question # 24
Tell me What is the SYSVOL folder?
Answer:-
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers.  %systemroot%SYSVOL


Question # 25
Do you know How frequently is the group policy refreshed?
Answer:-
90 minutes give or take.


Question # 26
What is the number of permitted unsuccessful logons on Administrator account?
Answer:-
Unlimited. Remember, though, that it's the Administrator account, not any account that's part of the Administrators group.


Question # 27
What hidden shares exist on Windows Server 2003 installation?
Answer:-
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.


Question # 28
What is the List Folder Contents permission on the folder in NTFS?
Answer:-
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.


Question # 29
Where is GPT stored?
Answer:-
%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID


Question # 30
Explain GPT and GPC?
Answer:-
Group policy template and group policy container.


Question # 31
Tell me Where are group policies stored?
Answer:-
%SystemRoot%System32GroupPolicy


Question # 32
Explain What is the difference between local, global and universal groups?
Answer:-
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.


Question # 33
Define LSDOU?
Answer:-


It's group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units


Question # 34
Define REPADMIN?
Answer:-
is a command line tool used to monitor and troubleshoot replication on a computer running Windows.
•    Checks replication consistency between replication partners.
•    Monitors replication status.
•    Displays replication metadata.
•    Forces replication events.


Question # 35
What is NETDOM?
Answer:-
NETDOM is a command-line tool that allows management of Windows domains and trust relationships


Question # 36
What is ADSIEDIT?
Answer:-
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.


Question # 37
What is REPLMON?
Answer:-
Replmon is the first tool you should use when troubleshooting Active Directory replication issues


Question # 38
How to find FSMO roles?
Answer:-
Netdom  query  fsmo    OR    Replmon.exe


Question # 39
How to view all the GCs in the forest?
Answer:-
repadmin.exe /options * and use IS_GC for current domain options. nltest /dsgetdc:corp /GC


Question # 40
Explain Global Catalog?
Answer:-
A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest
Global group's membership is limited to accounts from the same domain. The membership is replicated in its own domain only. Universal group's memership is limited to accounts from the same forest.The membership is replicated across the forest


Question # 41
How to view replication properties for AD partitions and DCs?
Answer:-
Replmon


Question # 42
What is the the Directory Partitions?


Answer:-
Schema Partition:
Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. It contains definitions of all objects and attributes that can be created in the directory.
Configuration Partition:
There is only one configuration partition per forest. the configuration partition contains information about the forest-wide active directory structure. Domain Partition:
Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information  about users, groups, computers, and organizational units.
Application Partition:
It stores information about applications in Active Directory. It is replicated only to specific domain controllers.


Question # 43
How to Seize FSMO Roles?
Answer:-
ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo maintenance prompt - type seize rid master


Question # 44
How to transfer FSMO Roles?
Answer:-
ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo maintenance prompt - type trasfer rid master


Question # 45
What is a Flexible Single Master Operation?
Answer:-
It is a role that only one DC can (or should) hold at any given time within its boundary.
Schema Master - Use MMC "Active Directory Schema Snap-in". The schema master domain controller controls all updates and modifications to the schema. Once  the Schema update is complete, it is replicated from the schema master to all other DCs in the directory.
Domain Naming Master - Use "Active Directory Domains and Trusts". It controls the addition or removal of domains in the forest. Primary Domain Controller (PDC) Emulator - Use the "ADUC" . The PDC emulator is necessary to synchronize time in an enterprise.
Relative ID Master (RID Master) - Use "ADUC". All objects have a SID and a domain SID. The RID assigns relative IDs to each domain controller. Infrastructure Master - Use the "ADUC". Updates group membership information when users from other domains are moved or renamed.
The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold.


Question # 46
What is the ISTG - Intersite topology generator?
Answer:-
ISTG is responsible for creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. Intersite replication can utilize either RPC over IP or SMTP to convey replication data.
Bridgehead server - A domain controller that is used to send replication information to one or more other sites DHCP Superscope:
A rage of IP address that span several subnets. The DHCP server can assign these address to clients that are on several subnets. DHCP Scope:
A range of IP address that the DHCP server can assign to clients that are on one subnet A stub zone
It is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone consists of: SOA, NS, A Records


Question # 47
What is the KCC (Knowledge consistency checker)?
Answer:-
The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.


Question # 48
How you add a user in ad by commandline?
Answer:-
dsadd



Question # 49
How to do the work with human?
Answer:-
Its very easy please logon to lelopdf.com and see this answer


Question # 50
What is Lightweight Directory Access Protocol?
Answer:-
LDAP is the directory service protocol that is used to query and update AD. LDAP naming paths are used to access AD objects and include the following:
*    Distinguished names
*    Relative Distinguished names


Question # 51
What is the minimum requirement for installing AD?
Answer:-
*    Windows Server, Advanced Server, Data center Server
*    Minimum Disk space of 200 MB for AD and 50 MB for log files
*    NTFS partition
*    TCP/IP Installed and Configured to use DNS
*    Administrative privilege for creating a domain in existing network


Question # 52
How will you verify whether the AD installation is proper with SRV resource records?
Answer:-
Verify SRV Resource Records:
After AD is installed, the DC will register SRV records in DNS when it restarts. We can check this using DNS MMC or nslookup command.


Question # 53
How to Verifying SYSVOL?
Answer:-
If SYSVOL folder is not properly created data stores in SYSVOL such are scripts, GPO, etc will not be replicated between DCs. First verify the following folder structure is created in SYSVOL.
*    Domain
*    Staging
*    Staging areas
*    Sysvol
Then verify necessary shares are created.


Question # 54
How to verifying database and Log files?
Answer:-
Make sure that the following files are there at %systemroot%ntds Ntds.dit, Edb.*, Res*.log


Question # 55
What is NTDS.DIT?
Answer:-
This is the AD database and stores all AD objects. Default location is SystemRoot%ntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine which is based on the Jet database and can grow up to 16 TB.


Question # 56
What is NTDS.DIT schema table?
Answer:-
The types of objects that can be created in the Active Directory, relationships between them, and the attributes on each type of object. This table is fairly static and much smaller than the data table.



Question # 57
What is NTDS.DIT Link table?
Answer:-
Link Table contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member Of attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table.


Question # 58
What is NTDS.DIT Data table?
Answer:-
Data Table users, groups, application-specific data, and any other data stored in the Active Directory.


Question # 59
How many types of Active Directory data?
Answer:-
*    Active Directory has three types of data:
*    Schema information
*    Configuration information
*    Domain information


Question # 60
What is Domain information in Active Directory?
Answer:-
Object information for a domain. Replicates to all DCs within a domain. The object portion becomes part of GC. The attribute values only replicates within the domain.


Question # 61
Define Res1.log and Res2.log?
Answer:-
This is reserved transaction log files of 20 MB (10 MB each) which provides the transaction log files enough room to shutdown if the other spaces are being used.


Question # 62
What is ADS Database garbage collection process?
Answer:-
Garbage Collection is a process that is designed to free space within the Active Directory database. This process runs independently on every DC with a default lifetime interval of 12 hours.


Question # 63
List the main steps of Garbage collection process?
Answer:-
*    Removing "tombstones" from the database. Tombstones are remains of objects that have been previously deleted.
*    Deletion of any unnecessary log files.
*    The process launches a defragmentation thread to claim additional free space.


Question # 64
What is Online Defragmentation in Active Directory?
Answer:-
Online Defragmentation method that runs as part of the garbage collection process. The only advantage to this method is that the server does not need to be taken offline for it to run. However, this method does not shrink the Active Directory database file (Ntds.dit).


Question # 65
What is Schema information in Active Directory?
Answer:-
Definitional details about objects and attributes that one CAN store in the AD. Replicates to all DCs. Static in nature.



Question # 66
What is Schema Configuration in Active Directory?
Answer:-
Configuration data about forest and trees. Replicates to all DCs. Static as your forest is.


Question # 67
What is Offline Defragmentation in Active Directory?
Answer:-
Offline Defragmentation is done by taking the server offline and use Ntdsutil.exe to defragment the database. This approach requires that the ADS database be started in repair mode. The advantage to this method is that the database is resized, unused space is removed, and the size is reflected by the Ntds.dit file.


Question # 68
How to do Offline Defragmentation of Active Directory?
Answer:-
Active Directory routinely performs online database defragmentation, but this is limited to the disposal of tombstoned objects. The database file cannot be compacted while Active Directory is mounted.
To defrag ntds.dit offline:
*    Back up System State in the backup wizard.
*    Reboot and select Directory Services Restore Mode.
*    At the command prompt:
*    Ntdsutil
*    Files
*    Info
This will display current information about the path and size of the Active Directory database and its log files.
Compact to D:DbBackup
You must specify a directory path and if the path name has spaces, the command will not work unless you use quotation marks: Quit (till you reach the command prompt)
A new compacted database named Ntds.dit can be found in D:DbBackup.
Copy the new ntds.dit file over the old ntds.dit file. You have successfully compacted the Active Directory database.


Question # 69
Define EDB.LOG?
Answer:-
This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the increasing number starting from 1.


Question # 70
Define EDB.CHK?
Answer:-
This is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file,  in case of failure.


Question # 71
Define Domain Forests in Active Directory?
Answer:-
A forest consists of multiple domain trees. The domain trees in a forest do not form a contiguous namespace but share a common schema and GC. The forest root domain is the first domain created in the forest. The root domains of all domain trees in the forest establish transitive trust relationships with the forest root domain. This is necessary for the purposes of establishing trust across all the domain trees in the forest. All of the Windows 2000 domains in all of the domain trees in a forest share the following traits:
*    Transitive trust relationships between the domains
*    Transitive trust relationships between the domain trees
*    A common schema
*    Common configuration information
*    A common global catalog
Using both domain trees and forests provides you with the flexibility of both contiguous and non-contiguous naming conventions. This can be useful in, for example, companies with independent divisions that must each maintain their own DNS names.


Question # 72
Define domain Trees in Active Directory?
Answer:-
Tree is a hierarchical arrangement of W2K domains that share a contiguous name space. The first domain in a domain tree is called the root domain. Additional


domains in the same domain tree are child domains. A domain immediately above another domain in the same domain tree is referred to as the parent of the child domain.  The name of the chills domain is combined with its parent domain to form its DNS name. Every child domain has a two two-way, transitive trust  relationship with its parent domain Because these trust relationships are two-way and transitive, a Windows 2000 domain newly created in a domain tree or forest immediately has trust relationships established with every other Windows 2000 domain in the domain tree or forest.
These trust relationships allow a single logon process to authenticate a user on all domains in the domain tree or forest. This does not necessarily mean that the authenticated user has rights and permissions in all domains in the domain tree. Because a domain is a security boundary, rights and permissions must be assigned on a per-domain basis.


Question # 73
Define Active Directory Schema Attributes?
Answer:-
Attributes are defined separately from classes. Each attribute is defined only once and can be used in multiple classes. For example, the Description attribute is used  in many classes, but is defined once in the schema, assuring consistency.


Question # 74
Define Active Directory schema?
Answer:-
The Active Directory schema is the set of definitions that defines the kinds of objects, and the types of information about those objects, that can be stored in Active Directory. The definitions are themselves stored as objects so that Active Directory can manage the schema objects with the same object management operations used for managing the rest of the objects in the directory.
There are two types of definitions in the schema: attributes and classes. Attributes and classes are also referred to as schema objects or metadata.


Question # 75
Define Active Directory Sites?
Answer:-
Site consists of one or more IP subnets connected by a high speed link. Wide area networks should employ multiple sites for efficiently handling servicing requests and reducing replication traffic. Sites map the physical structure of your network whereas domains generally map the logical structure of your organization.
Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.


Question # 76
What are the advantages of Active Directory Sites?
Answer:-
Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.


Question # 77
Define Active Directory Classes?
Answer:-
Classes, also referred to as object classes; describe the possible directory objects that can be created. Each class is a collection of attributes. When you create an object, the attributes store the information that describes the object. The User class, for example, is composed of many attributes, including Network Address, Home Directory, and so on. Every object in Active Directory is an instance of an object class.


Question # 78
Define Service requests in Active Directory?
Answer:-
When a client requests a service from a domain controller, it directs the request to a domain controller in the same site. Selecting a domain controller that is well-connected to the client makes handling the request more efficient.


Question # 79
What is GC in Active Directory?
Answer:-
GC is created automatically on the first DC in the forest. It stores a full replica of all objects in the directory for its host domain and a partial replica of all objects of every other domain in the forest. The replica is partial because it stores only some attributes for each objects.

Prepare all nodes for Cluster Software Installation:

Change /etc/hosts file to contain name of all nodes or DNS should be able to provide service name if you are not using SCAN (For 11gR2 release only).

Configure SSH

On both server run /usr/bin/ssh-keygen -t rsa from oracle account.

When prompted press enter (for now.)

all key files are located in ~/.ssh directory

1. id_rsa - is private key do not distribute.

2. id_rsa.pub is public key. (Copy this content to another server in authorzed_keys file.)

Similarly generate dsa key also and place in all nodes authorized_keys file.

Once copy is complete verify ssh is working from both server using

From node1 run ssh node2 date

From node2 run ssh node1 date

Verify that ntp server is runnin. Also make sure that both machine shows same time using following command:

date ;ssh anothernodename date

both should print same time.

If not use ntpdate command (check linux link).

Use RAID Software to create proper 3 LUNs  (check linux link for more detail.)

Configure public and private networks using /usr/sbin/system-config-network for network adapters.

Verify those adapter are up and running using ifconfig command.

if particular adapter is not up then command ifup to restart those adapter and make sure it shows correct IP addresses and those IPs are pingable.

ifup eth1

For private networks try to use network adapter that uses Interconnect/RDMA technology.

Make sure that firewall is not filtering UDP packet on private network (Because Oracle is using UDP packet for private network.)

 verify that using /etc/rc.d/init.d/iptables status command.

The following command display current iptables settings.

/sbin/iptables -L

Make backup of iptable files before you make any changes.

p>To take backup use /etc/init.d/iptables save command

then copy /etc/sysconfig/iptables BACKUPFILENAME

If you have Oracle Enterprise Linux installed then you can use Oracle public yum server to update:

http://public-yum.oracle.com/

To configure you can goto /etc/yum.repos.d and try following command

wget http://public-yum.oracle.com/public-yum-el5.repo

public-yum-el5.repo, public-yum-el4.report or public-yum-ovm2.repo depending on your configuration and set enabled=1 accordingly.

Once updated correctly you can see list of packages by issuying

yum list

If vncserver is installed on server and would like to use it then you have to start vncserver if it is not running.

/usr/bin/vncserver

first time it will ask you for password.

To enable desktop on vnc server change file /root/.vnc/xstartup.

#Uncomment the following two lines for normal desktop :
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

To generate kickstart file you can always use kickstart program.

system-config-kickstart

To add/remote program on Linux with gui you can use pirut program.

pirut

You can copy all installation files on drive using following command.

mkdir /mnt/iso

mount -p loop disk1.iso /mnt/iso

copy all files to one location for example /root/binaries/linux/RPMS/

unmount /mnt/iso

Repeat above instruction for all CDs and copy it in same directory.

or use DVD drive to mount DVD media

cd /mnt

mkdir cdrom

mount /dev/cdrom /mnt/cdrom

Once files are copied you can change directory to repodata under RPMS and run following command (optional)

createrepo -g comps-rhel5-server-core.xml .

Edit yum config file from /etc/yum.repos.d and add [oel5] tag and its content in file.

[oel5]
name=Enterprise Linux 5
baseurl=file:///root/binary/linux/RPMS
enabled=1
gpgcheck=0
 

Then run yum clean all and run pirut that should give you original installation screen.

Verify partition using cat /proc/partition command.

For EMC Fibre Channel storage make sure that  EMC Navisphere agent is installed on each node. And on storage make sure that Navisphere software assign the correct storage group to each node. 

If you have SCSI storage then those devices display as sdb, sdc and so on. The LUNs on Fibre Channel storage or SCSI enclosure should also be seen as SCSI devices.

With one RAID container it should show as sda and if you have two Logical Disk Groups then those will be display as sdb and sdc. If you have Fibre Channel Controller that should show as sda and RAID group on on storage will show as emcpowera and emcpowerb as pseudo devices.

Make sure that all nodes on cluster is able to see same number of LUNs. (Duplicate mount of same lun is also not allowed so if you use multiple device path to access same storage Oracle will error out.)

If you dont see any external storage devices for a Fibre Channel system thenstop services by following commands:

service naviagent stop
service PowerPath stop

Then sync HBA driver by reloading it using

rmmod qla2300
modprobe qla2300

Above example is for QLogic HBAs

For Emulex HBA

rmmod lpfcdd
modprobe lpfcdd

Then restart services using

service PowerPath start
service naviagent start

For SCSI enclosure reboot all nodes.

For iSCSI storage use following command to stop start services

service iscsi stop
service iscsi start

Before start installation set host equivalence for oracle user from all nodes otherwise it will give an error PRVF-4007. 

exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add

Create directory strcture for OFA on both nodes.

mkdir -p /u01/app/oracle
chown -R oracle:oinstall /u01/app/oracle
chmod -R 775 /u01/app/oracle

To install Oracle ASM libraries for Linux, make sure that you are using version that match with your kernel, use uname -r command to find your kernel information. Install the following three packages using root user on all nodes.

rpm -ivh oracleasm-support-2.1.3-1.el5.i386.rpm

rpm -ivh oracleasm-2.6.18-194.el5-2.0.5-1.el5.i686.rpm

rpm -ivh oracleasmlib-2.0.4-1.el5.i386.rpm

Display configure oracle asm using

/usr/sbin/oracleasm configure

Configure oracle asm using oracleasm -i parameter

/usr/sbin/oracleasm configure -i

default user : oracle

default group : oinstall

Start Oracle ASM library driver on boot (y/n) [n]: y

Scan for Oracle ASM disks on boot (y/n) [y] : y

This load oracle ASMLib driver filesystem, creates /etc/sysconfig/oracleasm file and creates /dev/oracleasm mount point.

If there is any problem loading module then check /var/log/oracleasm log file to find out more to resolve issue.

/usr/sbin/oracleasm init to load driver.

You should see message Mounting ASMLib driver filesystem: /dev/oracleasm

In case if it fails then it will log messages like Unable to load modules "oracleasm" then run up2date -i oracleasm-`uname -r`

To add package using rpm use

rpm -ivh packagename.rpm

and to remove package use

rpm -e packagename.rpm

In case if you want to find out which packages are loaded use rpm -qa |grep -in 'oracle'

Prepare ASM volumes

Use fdisk /dev/sde to partition the volume.

create new partition using n command when ask for partittion type select primary.

select first partition by selecting 1 and then create from 1st Cylinder by typing First Cylinder value : 1

Last Cylinder or +size or +sizeM or +sizeK (xxx) :512

similarly create another partition of same size but partition number 2. (from 512 to 1024)

Once all partition created run

partprobe 

By using partprobe command if you are using SCSI LUN then ownership will change for kernel 2.6 and above

Then assign those partition to raw device using raw command

raw /dev/raw/raw1 /dev/sdc1

raw /dev/raw/raw2 /dev/sdd2

Perform similar action on other nodes based on their mount point(sometime it may be different because their number of disk may be different.) so finally map it on /dev/raw/rawN correctly so from all node it can access.

Also add entry in /etc/sysconfig/rawdevices

/dev/raw/raw1 /dev/sdc1

/dev/raw/raw2 /dev/sdd2

So next time it boot it will autogenerate those devices.

If you have kernel 2.6 then create file /etc/udev/rules.d/99-raw.rules (for Oracle RHE5, OEL5, and SLES9)

http://www.oracle.com/technology/products/database/asm/pdf/device-mapper-udev-crs-asm%20rh4.pdf

For example:

KERNEL=="raw[1-2]*", OWNER="oracle",GROUP="oinstall", MODE="640"

First line will take raw1 and raw2 and change ownership to oracle:oinstall and set mode to 640.

now add those disk in asm by giving the following command (You may do this for 11gR2 because OCR and Voting Disk can be placed on ASM).

/usr/sbin/oracleasm createdisk DG_CRS1 /dev/raw/raw1

To display list use

/usr/sbin/oracleasm listdisks

/usr/sbin/oracleasm configure/init/exit/scandisk/status/listdisks/querydisk/createdisk/deletedisk/renamedisk/update-driver are options

In case if you have already existing asm disk then (in case of backup restored) use /usr/sbin/oracleasm scandisk (usually from other nodes.)

Try following command to start Oracle Universal Installer.

xhost +

./runInstaller &

On Welcom click next

Specify Inventory directory and credentials

Enter Full path of the inventory directory : /u01/app/oraInventory

Specify Operating System group name :  oinstall

Click next

You will see Specify Home Details

Destination

Name: OraCrs11g_Home

Path : /u01/crs

Click next

Product-specific Prerequisite Checks will verify all setup. if anything failed then correct that and come back on this screen.

Click next

Specify Cluster Configuration

Cluster Name : clustername_cluster

Cluster Nodes : node01.domain.com

Private Nodes : node01-priv.domain.com

Virtual Host Name : node01-vip.domain.com

Click on Add to add more nodes . for example this is two cluster nodes then

Cluster Nodes : node02.domain.com

Private Nodes : node02-priv.domain.com

Virtual Host Name : node02-vip.domain.com

Then click OK

Click Next.

Specify Network Interface Usage

Make sure that at least one adapter is public and another adapter is set to private.

If you have network adapter that are not in use or belongs to another purpose then select do not use by clicking on edit.

If Interface_type is wrong for given adapter then change it by clicking on Edit and select from Interface Type ( Public / Private / Do Not Use).

Then click Next

OCR Config : /dev/raw/raw1

Voting Disk Location : External Redundancy : /dev/raw/raw2 (Usually these should be on different set of disks)

Next

Make sure that both nodes under Remote Nodes are checked before resuming further.

Next.

Provide OCR and CRS drive path /dev/raw/raw1 and /dev/raw/raw2 and click Next.

After installation it will ask you to run script file /u01/app/crs/root.sh

Oracle recommend that you install OCR, OCR Mirror and Voting Disks on separate set of disks. It will impact your performance if these devices are slow.

In case if you get Shared Librarires /u01/app/crs/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied 

Failed to upgrade Oracle Clusterware Registry configuration 

error then run the following command (Usually CentOS):

getenforce

This will print as Enforcing.

After this set to permission

setenforce 0

Run getenforce and it should display Permissive and /etc/sysconfig/selinux and change SELINUX=disabled or permissive.

If vip or any node address is set wrong then you can correct it.

Make sure everything shutdown except crs stack

srvctl stop database -d dbname

srvctl stop nodeapps -n node1

srvctl stop nodeapps -n node2

To display command run as oracle user :

oifcfg getif

oifcfg delif -global eth0

oifcfg setif -global eth0/10.0.0.1:public

To modify VIP address run as root

/u01/app/crs/bin/srvctl modify nodeapp -n node1 -A 10.0.0.101/255.255.255.0/eth0

Then shutdown crs using crsctl stop crs command and restart all nodes.

Create data disk if you have not create earlier (The following example create DATA1DG1 disk group on Coraid storage).

/etc/init.d/oracleasm createdisk DATA1DG1 /dev/etherd/e0.2p3

Change directory to oracle binaries directory cd binaries/database

./runInstaller &

Welcome screen click Next

Select Custom click Next

Select Oracle Base /u01/app/asm

Name OraDb11g_home1

Path /u01/app/asm/product/11gr1

Click next

Specify Hardware Cluster Installation Mode

click all nodes then next

 On product-specifc Perequisite Checks click Next if pass.

On Available product Components screen please select the components you have license for then click Next.

Select Privileged Operating System Groups

Select database administrator (OSDBA) Group : dba

Select Databae Operator (OSOPER) Group : dba

Select ASM administrator (OSASM) Group : dba

Click Next

On Create Database screen select Configure Automatic Storage Management (ASM) then click Next.

On summary page make sure that all Remote Nodes are checked then click Install

When binaries are installed on Configuraton Assistant page You will configure Listener using Oracle Net Configuration Assistant

Type LISTENER name as LISTENER clic Next

On next screen select No, I do not want to configure additional naming methods.

Database Configuration Assistant, Step 1 of 3 type SYS password and Create server parameter file (SPFILE) then clic Next

ASM Creation - It will create ASM Instance.

Run /u01/app/asm/product/11gr1/root.sh on both nodes

Click Exit on End of Installation.

ORACLE PRVF-5436 : The NTP daemon running on one or more nodes lacks he slewing option "-x"

To resolve this editing /etc/sysconfig/ntpd to

OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"

NTPDATE_OPTIONS=""

add

OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -x"