#### Active Directory #### Active Directory ports: TCP and UDP 88 - User and Computer Authentication, Forest Level Trusts TCP and UDP 389 - Directory, Replication, User and Computer Authentication, Group Policy, Trusts TCP 3268/3269 - Directory, Replication, User and Computer Authentication, Group Policy, Trusts TCP 135 - Replication TCP and UDP 464 - Password Change SysVOL is a folder that stores domain's public files that are needed for logon - Stores netlogon (scripts), Group policies TO recover a deleted Sysvol a non-authoritative restore is needed - Blurflags registry - D4 the good state sysvol and D2 on all other DCs (FRS replication). Global Catalog Maintains the information of all objects whitin a Forest, so that searches are faster because there's no need to refer other domain controller to search an object. It also caches universal groups so the other domain controller needs to be contacted only once. FSMO Roles Roles that have particular functions inside de domain and forest, there are 2 forest wide and other 3 that are domain wide. -- Forest Wide: Schema Master Holds the Schema of the forest attributes of users and objects, Attributes can be added to schema but not removed. Domain Naming Master Used when Adding or Removing Domains Ensures that no two domains in the forest will have the same name. Needed to Add or remove domains. Microsoft recommends that this role and the Schema master role reside on the same DC. -- Domain Wide: Rid Master Allocates Rid (Relative Identifier) pools, RIDs are the last octet in a SID. DCs request RID block from the RID master whenever it runs out. PDC Emulator Emulates de PDC (Primary Domain Controller - NT/2K era), also maintains time synchronization between DCs and Workstations, Password changes also works here. Infrastructure Master Handles cross domain object reference. For example, if a user from one domain is added to a security group from a different domain, the Infrastructure Master makes sure this is done properly. #### Injecting drivers into Windows #### It's possible to inject drivers to an offline image of Windows using DISM. Use> Dism /Mount-Image /ImageFile:C:\test\images\install.wim /MountDir:C:\test\offline Single driver: Dism /Image:C:\test\offline /Add-Driver /Driver:C:\drivers\mydriver.inf Multiple drivers: Dism /Image:C:\test\offline /Add-Driver /Driver:c:\drivers /Recurse List Drivers: Dism /Image:C:\test\offline /Get-Drivers Commit Changes: Dism /Unmount-Image /MountDir:C:\test\offline /Commit #### Sysprep #### Usually used to clone a server or creation of a golden image. The option generalize is used to reset the SID, event logs and activation. OOBE is used to reset windows into Welcome mode. Audit mode is used for to check the image, drivers and applications can be added in this mode. #### GPO Exclusion #### On the GPO, go to delegation, add the group or user and select the option DENY - Apply GPO Or use security filtering and add the group that needs the GPO #### BSOD Analysis #### Using the WinDBG tool and the crash dump (Memory.dmp) from the server/workstation. Load symbols run !analyze -v It will show many information including the process that may have caused the crash. #### Last Known Good Configuration #### The last known good configuration is an option enabled when the system crashes and you need to boot it to a working state in order to repair it. The system automatically backups the registry hive (Current Control Set) that has all the drivers configurations. This backed up hive is used when the system no longer works as expected. To access it, boot using F8 and them choose Last Known Good Configuraton.