To set up an Additional Domain Controller, I will use the dcpromo.exe command. ADC
1. To use the command, click on Start
> Run > and then write dcpromo > Click OK
2. The system will start checking if Active Directory Domain Services ( AD DS) binaries are installed,
then will start installing them. The binaries could be installed if you had run the dcpromo
command previously and then canceled the operation after the binaries were installed.
3. The Active Directory Domain Services Installation Wizard will start, either enable the
checkbox beside Use Advanced mode installationand Click Next , or keep it unselected and
click on Next
The following table lists the additional wizard pages that appear for each deployment
configuration when you select the Use advanced mode installation check box.
Deployment configuration
New forest
Advanced mode installation wizard pages
Domain NetBIOS name
On the Choose a Deployment Configuration page, the
option to create a new domain tree appears only in advanced
mode installation.
New domain in an existing forest
Domain NetBIOS name
Source Domain Controller
Install from Media
Additional domain controller in an existing
Source Domain Controller
domain
Specify Password Replication Policy (for RODC
installation only)
Create an account for a read-only domain
Specify Password Replication Policy
controller (RODC) installation
Attach a server to an account for an
RODC installation
Install from Media
Source Domain Controller
4. The Operating System Compatibility page will be displayed, take a moment to read it and
click Next
5. On the Choose a Deployment Configuration page, click Existing forest, click Add a domain
controller to an existing domain, and then click Next.
6. On the Network Credentials page, type your domain name, my domain name is elmajdal.net (
was set in the previous article ) , so I will type elmajdal.net.
7. To set up an Additional Domain Controller, you will need an account that must be either a
member of the Enterprise Admins group or the Domain Admins group. We have two options:

My Current logged on credentials ( DomainName\Username or MachineName\Username)

Alternate credentials

If you have previously joined this server to the domain and you are currently logged in to it with
an Enterprise Admin/Domain Admin user, then you can use the first option (My current logged on
credentials) . As you can see this option is grayed here, and the reason for this is below it. It is
because I'm currently logged in with a local user, the machine is not a domain member. I'm left
out with the second option: Alternate credentials
8. To enter the Alternate credentials, click Set. In the Windows Security dialog box, enter the
user name and password for an account that must be either a member of the Enterprise Admins
group or the Domain Admins group > then click Next.
If you have entered a wrong username/password , you will receive the following error message
9. On the Select a Domain page, select the domain of the Additional Domain Controller, and then
click Next, as I already have only one domain, then it will be selected by default.
10. On the Select a Site page, either enable the checkbox beside Use the site that corresponds to
the IP address of this computer, this will install the domain controller in the site that
corresponds to its IP address, or select a site from the list and then click Next. If you only have
one domain controller and one site, then you will have the first option grayed and the site will be
selected by default as shown in the following image
11. On the Additional Domain Controller Options page, By default, the DNS Server and Global
Catalog checkboxes are selected. You can also select your additional domain controller to be a
Read-only Domain Controller (RODC) by selecting the checkbox beside it.
My primary domain controller is a DNS Server is well, and this can be verified by reading the
additional information written in the below image, that there is currently 1 DNS server that is
registered as an authoritative name server for this domain. I do want my Additional DC to be a
DNS server and a Global catalog, so I will keep the checkboxes selected. Click Next
12. If you select the option to install DNS server in the previous step, then you will receive a message
that indicates a DNS delegation for the DNS server could not be created and that you should
manually create a DNS delegation to the DNS server to ensure reliable name resolution. If you
are installing an additional domain controller in either the forest root domain (or a tree root
domain) , you do not need to create the DNS delegation. In this case, you can safely ignore the
message and click Yes.
13. In the Install from Media page ( will be displayed if you have selected Use advanced mode
installation on the Welcome page, if you didn't select it, then skip to step # 15), you can choose
to either replicate data over the network from an existing domain controller, or specify the location
of installation media to be used to create the domain controller and configure AD DS. I want to
replicate data over the network, so I will choose the first option > click Next
14. On the Source Domain Controller page of the Active Directory Domain Services Installation
Wizard, you can select which domain controller will be used as a source for data that must be
replicated during installation, or you can have the wizard select which domain controller will be
used as the source for this data. You have two options :

Let the wizard choose an appropriate domain controller

Use this specific domain controller
If you want to choose from the list, any domain controller can be the installation partner. However,
the following restrictions apply to the domain controllers that can be used as an installation
partner in other situations:
o
A read-only domain controller (RODC) can never be an installation partner.
o
If you are installing an RODC, only a writable domain controller that runs Windows
Server 2008 can be an installation partner.
o
If you are installing an additional domain controller for an existing domain, only a domain
controller for that domain can be an installation partner.
15. Now you will have to specify the location where the domain controller database,
log files and SYSVOL are stored on the server.
The database stores information about the users, computers and other objects
on the network. the log files record activities that are related to AD DS, such
information about an object being updated. SYSVOL stores Group Policy objects
and scripts. By default, SYSVOL is part of the operating system files in the
Windows directory
Either type or browse to the volume and folder where you want to store each, or
accept the defaults and click on Next
Note : Windows Server Backup backs up the directory service by volume. For backup and
recovery efficiency, store these files on separate volumes that do not contain applications or other
nondirectory files.
16. In the Directory Services Restore Mode Administrator Password (DSRM) page, write a
password and confirm it. This password is used when the domain controller is started
in Directory Services Restore Mode, which might be because Active Directory Domain Services
is not running, or for tasks that must be performed offline.
Make sure the password meet the password complexity requirements of the password policy, that
is a password that contains a combination of uppercase and lowercase letters, numbers, and
symbols. else you will receive the following message :
17. Summary page will be displayed showing you all the setting that you have set . It gives you the
option to export the setting you have setup into an answer file for use to automate subsequent AD
DS operations, if you wish to have such file, click on the Export settings button and save the file.
Then click Next to begin AD DS installation
18. Active Directory Domain Services installation will be completed, click Finish, then click
on Restart Now to restart your server for the changes to take effect.

Open Active Directory Users & Computers, and then click on the Domain
Controllers Organizational Unit, and you will see your Additional Domain Controller along with
your Primary Domain Controller.
Summary
Additional domain controllers improve the performance of authentication requests and global catalog
server lookups. They also help Active Directory Domain Services (AD DS) overcome hardware, software,
or administrator errors. When you add a domain controller, information is replicated over the network.
Related Articles
HOW BLOCK WEP PAGE IN PC \ SYSTEM
PATH - OPEN ROOT DRIVE C:\WINDOWS\SYSTEM32\DRIVERS\ETC
OPEN HOST FILE R/C PROPERTIES CLICK ON SECURITY EDITE PERMISSON FULL CONTROL
OPEN HOST FILE IN NOTPADE -WRITE LAST LINE (127.0.0.1 WIP SITE NAME WITH WWW.COM
AND SAVE
Installing a New Child Domain by Using the Graphical User Interface (GUI)
17 out of 21 rated this helpful - Rate this topic
Updated: July 28, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
The Windows interface provides wizards that guide you through the process for installing Active Directory
Domain Services (AD DS).
Administrative credentials
To perform this procedure, you must be a member of the Enterprise Admins group in the forest.
To install a new child domain by using the Windows interface
1.
2.
3.
4.
Open Server Manager. Click Start, point to Administrative Tools, and then click Server
Manager.
In Roles Summary, click Add Roles.
If necessary, review the information on the Before You Begin page, and then click Next.
On the Select Server Roles page, click the Active Directory Domain Services check box, and
then click Next.
Note
On a server that runs Windows Server 2008 R2, you may have to click Add Required Features to install .NET Framework 3
5.
6.
7.
8.
If necessary, review the information on the Active Directory Domain Services page, and then
click Next.
On the Confirm Installation Selections page, click Install.
On the Installation Results page, click Close this wizard and launch the Active Directory
Domain Services Installation Wizard (dcpromo.exe).
On the Welcome to the Active Directory Domain Services Installation Wizard page,
click Next.
To get additional installation options, select the Use advanced mode installation check box.
9.
On the Operating System Compatibility page, review the warning about the default security
settings for Windows Server 2008 and Windows Server 2008 R2 domain controllers, and then
click Next.
10. On the Choose a Deployment Configuration page, click Existing forest and Create a new
domain in an existing forest, and then click Next.
11. On the Network Credentials page, type the name of any existing domain in the forest where you
plan to install a new domain. Under Specify the account credentials to use to perform the
installation, click My current logged on credentials or click Alternate credentials, and then
click Set. In the Windows Security dialog box, provide the user name and password for an
account that can install the new domain. To install a new domain, you must be a member of the
Enterprise Admins group. When you are finished providing credentials, click Next.
12. On the Name the New Domain page, type the fully qualified domain name (FQDN) of the parent
domain and the single-label name of the child domain, and then clickNext.
Although Dcpromo.exe in Windows Server 2008 and Windows Server 2003 allows you to create a
single-label DNS domain name, you should not use a single-label DNS name for a domain for
several reasons. In Windows Server 2008 R2, Dcpromo.exe does not allow you to create a singlelabel DNS name for a domain. For more information,
see http://go.microsoft.com/fwlink/?LinkId=92467.
13. If you selected Use advanced mode installation on the Welcome page, the Domain NetBIOS
Name page appears. On this page, type the NetBIOS name of the domain, if necessary, or accept
the default name, and then click Next.
14. On the Set Domain Functional Level page, select the domain functional level that
accommodates the domain controllers that you plan to install anywhere in the domain, and then
click Next.
15. On the Select a Site page, select a site from the list or select the option to install the domain
controller in the site that corresponds to its IP address, and then click Next.
16. On the Additional Domain Controller Options page, select any additional options for the
domain controller, and then click Next.
The DNS server option is selected by default so that your domain controller can function as a
DNS server. A DNS zone and a delegation for that zone will be created automatically for this
domain.
The Global catalog option is not selected by default. If you select this option, this domain
controller will also host the domain-wide operations master roles for the new domain, including
the infrastructure master role. Hosting the infrastructure mater role on a global catalog server in a
child domain can cause problems unless all the domain controllers in the domain are global
catalog servers.
If you do not have static IPv4 and IPv6 addresses assigned to your network adapters, a warning
message might appear advising you to set static addresses for both of these protocols before you
can continue. If you have assigned a static IPv4 address to your network adapter and your
organization does not use IPv6, you can ignore this message and click, Yes, the computer will
use a dynamically assigned IP address (not recommended).
Important
We recommend that you not disable the IPv6 protocol.
17. If you selected Use advanced mode installation on the Welcome page, the Source Domain
Controller page appears. Select Any writable domain controller or select This specific domain
controller to specify a domain controller from which to replicate the configuration and schema
directory partitions, and then click Next.
18. On the Location for Database, Log Files, and SYSVOL page, type or browse to the volume and
folder locations for the database file, the directory service log files, and the SYSVOL files, and then
click Next.
Windows Server Backup backs up the directory service by volume. For backup and recovery
efficiency, store these files on separate volumes that do not contain applications or other
nondirectory files.
19. On the Directory Services Restore Mode Administrator Password page, type and confirm the
restore mode password, and then click Next. This password must be used to start AD DS in
Directory Service Restore Mode (DSRM) for tasks that must be performed offline.
20. On the Summary page, review your selections. Click Back to change any selections, if necessary.
To save the installation settings that you selected to an answer file that you can use to automate
subsequent AD DS installations, click Export settings. Type the name for your answer file, and
then click Save.
When you are sure that your selections are accurate, click Next to install AD DS.
21. On the Completing the Active Directory Domain Services Installation Wizard page,
click Finish.
22. You can either select the Reboot on completion check box to have the server restart
automatically or you can restart the server to complete the AD DS installation when you are
prompted to do so.
===========================================================
Here is an overview of key commands and utilities you’ll use for managing
server core installations while logged on locally:
Control desk.cpl - View or set display settings.
Control intl.cpl - View or set regional and language options, including formats and the
keyboard layout.
Control sysdm.cpl - View or set system properties.
Control timedate.cpl - View or set the date, time, and time zone.
Cscript slmgr.vbs –ato - Activate the operating system.
DiskRaid.exe - Configure software RAID.
ipconfig /all - List information about the computer’s IP address configuration.
NetDom RenameComputer - Set the server’s name and domain membership.
OCList.exe - List roles, role services, and features.
OCSetup.exe - Add or remove roles, role services, and features.
PNPUtil.exe - Install or update hardware device drivers.
Sc query type=driver - List installed device drivers.
Scregedit.wsf - Configure the operating system. Use the /cli parameter to list available
configuration areas.
ServerWerOptin.exe - Configure Windows Error Reporting.
SystemInfo - List the system configuration details.
WEVUtil.exe - View and search event logs.
Wmic datafile where name=“FullFilePath” get version - List a file’s version.
Wmic nicconfig index=9 call enabledhcp - Set the computer to use dynamic IP addressing
rather than static IP addressing.
Wmic nicconfig index=9 call enablestatic(“IPAddress”), (“SubnetMask”) - Set a
computer’s static IP address and network mask.
Wmic nicconfig index=9 call setgateways(“GatewayIPAddress”) - Set or change the
default gateway.
Wmic product get name /value “ - List installed MSI applications by name.
Wmic product where name=“Name” call uninstall - Uninstall an MSI application.
Wmic qfe list - List installed updates and hotfixes.
Wusa.exe PatchName.msu /quiet - Apply an update or hotfix to the operating system.
Dynamic Host Configuration Protocol (DHCP) is a core infrastructure service on any network that provides IP addressing
and DNS server information to PC clients and any other device. DHCP is used so that you do not have to statically assign IP
addresses to every device on your network and manage the issues that static IP addressing can create. More and more,
DHCP is being expanded to fit into new network services like the Windows Health Service and Network Access Protection
(NAP). However, before you can use it for more advanced services, you need to first install it and configure the basics. Let’s
learn how to do that.
Installing Windows Server 2008 DHCP Server
Installing Windows Server 2008 DCHP Server is easy. DHCP Server is now a “role” of Windows Server 2008 – not a
windows component as it was in the past.
To do this, you will need a Windows Server 2008 system already installed and configured with a static IP address. You will
need to know your network’s IP address range, the range of IP addresses you will want to hand out to your PC clients, your
DNS server IP addresses, and your default gateway. Additionally, you will want to have a plan for all subnets involved, what
scopes you will want to define, and what exclusions you will want to create.
To start the DHCP installation process, you can click Add Roles from the Initial Configuration Tasks window or
from Server Manager à Roles à Add Roles.
Figure 1: Adding a new Role in Windows Server 2008
When the Add Roles Wizard comes up, you can click Next on that screen.
Next, select that you want to add the DHCP Server Role, and click Next.
Figure 2: Selecting the DHCP Server Role
If you do not have a static IP address assigned on your server, you will get a warning that you should not install DHCP with
a dynamic IP address.
At this point, you will begin being prompted for IP network information, scope information, and DNS information. If you only
want to install DHCP server with no configured scopes or settings, you can just click Next through these questions and
proceed with the installation.
On the other hand, you can optionally configure your DHCP Server during this part of the installation.
In my case, I chose to take this opportunity to configure some basic IP settings and configure my first DHCP Scope.
I was shown my network connection binding and asked to verify it, like this:
Figure 3: Network connection binding
What the wizard is asking is, “what interface do you want to provide DHCP services on?” I took the default and clickedNext.
Next, I entered my Parent Domain, Primary DNS Server, and Alternate DNS Server (as you see below) and clicked Next.
Figure 4: Entering domain and DNS information
I opted NOT to use WINS on my network and I clicked Next.
Then, I was promoted to configure a DHCP scope for the new DHCP Server. I have opted to configure an IP address range
of 192.168.1.50-100 to cover the 25+ PC Clients on my local network. To do this, I clicked Add to add a new scope. As you
see below, I named the Scope WBC-Local, configured the starting and ending IP addresses of 192.168.1.50192.168.1.100, subnet mask of 255.255.255.0, default gateway of 192.168.1.1, type of subnet(wired), and activated the
scope.
Figure 5: Adding a new DHCP Scope
Back in the Add Scope screen, I clicked Next to add the new scope (once the DHCP Server is installed).
I chose to Disable DHCPv6 stateless mode for this server and clicked Next.
Then, I confirmed my DHCP Installation Selections (on the screen below) and clicked Install.
Figure 6: Confirm Installation Selections
After only a few seconds, the DHCP Server was installed and I saw the window, below:
Figure 7: Windows Server 2008 DHCP Server Installation succeeded
I clicked Close to close the installer window, then moved on to how to manage my new DHCP Server.
How to Manage your new Windows Server 2008 DHCP Server
Like the installation, managing Windows Server 2008 DHCP Server is also easy. Back in my Windows Server 2008Server
Manager, under Roles, I clicked on the new DHCP Server entry.
Figure 8: DHCP Server management in Server Manager
While I cannot manage the DHCP Server scopes and clients from here, what I can do is to manage what events, services,
and resources are related to the DHCP Server installation. Thus, this is a good place to go to check the status of the DHCP
Server and what events have happened around it.
However, to really configure the DHCP Server and see what clients have obtained IP addresses, I need to go to the DHCP
Server MMC. To do this, I went to Start à Administrative Tools à DHCP Server, like this:
Figure 9: Starting the DHCP Server MMC
When expanded out, the MMC offers a lot of features. Here is what it looks like:
Figure 10: The Windows Server 2008 DHCP Server MMC
The DHCP Server MMC offers IPv4 & IPv6 DHCP Server info including all scopes, pools, leases, reservations, scope
options, and server options.
If I go into the address pool and the scope options, I can see that the configuration we made when we installed the DHCP
Server did, indeed, work. The scope IP address range is there, and so are the DNS Server & default gateway.
Figure 11: DHCP Server Address Pool
Figure 12: DHCP Server Scope Options
So how do we know that this really works if we do not test it? The answer is that we do not. Now, let’s test to make sure it
works.
How do we test our Windows Server 2008 DHCP Server?
To test this, I have a Windows Vista PC Client on the same network segment as the Windows Server 2008 DHCP server. To
be safe, I have no other devices on this network segment.
I did an IPCONFIG /RELEASE then an IPCONFIG /RENEW and verified that I received an IP address from the new DHCP
server, as you can see below:
Figure 13: Vista client received IP address from new DHCP Server
Also, I went to my Windows 2008 Server and verified that the new Vista client was listed as a client on the DHCP server.
This did indeed check out, as you can see below:
Figure 14: Win 2008 DHCP Server has the Vista client listed under Address Leases
With that, I knew that I had a working configuration and we are done!
The DNS client received a "Name not found" error message.
Cause: The Domain Name System (DNS) client computer does not have a valid IP configuration for the
network.
Solution: Verify that the TCP/IP configuration settings for the client computer are correct, particularly
those settings that are used for DNS name resolution.
To verify a client IP configuration, use the ipconfig command. In the command output, verify that the
client has a valid IP address, subnet mask, and default gateway for the network where it is attached and
being used.
If the client does not have a valid TCP/IP configuration, you can either:

For dynamically configured clients, use the ipconfig /renew command to manually force the client
to renew its IP address configuration with the Dynamic Host Configuration Protocol (DHCP) server.

For statically configured clients, modify the client TCP/IP properties to use valid configuration
settings or complete its DNS configuration for the network. Do not configure clients to use both
AD DS-integrated DNS servers and Internet Service Provider (ISP) DNS servers. Instead, configure
clients only to use AD DS-integrated DNS servers and configure your AD DS-integrated DNS
servers to forward queries to your ISP DNS servers.
For more information, see Managing Clients.
Cause: The client was not able to contact a DNS server because of a network-related or hardware-related
failure.
Solution: Verify that the client computer has a valid and functioning network connection. First, check that
related client hardware (cables and network adapters) are working properly at the client by using basic
network and hardware troubleshooting steps.
If the client hardware appears to be prepared and functioning properly, verify that it can contact other
computers on the same network by using the ping command.
Cause: The DNS client cannot contact its configured DNS servers.
Solution: If the DNS client has basic connectivity to the network, verify that it can contact a preferred (or
alternate) DNS server.
To verify whether a client has basic TCP/IP access to the DNS server, first try contacting the preferred DNS
server by its IP address by using the ping command.
For example, if the client uses a preferred DNS server of 10.0.0.1, type ping 10.0.0.1 at the command
prompt on the client computer. If you are not sure what the IP address is for the preferred DNS server,
you can view it by using the ipconfig command. For example, at the client computer, type ipconfig
/all|more if necessary to pause the display so that you can read and note any IP addresses that are listed
in DNS servers for the command output.
If no configured DNS servers respond to a direct pinging of their IP address, it indicates that the source of
the problem is more likely a network connectivity problem between the client and the DNS servers. If that
is the case, follow basic TCP/IP network troubleshooting steps to fix the problem.
Cause: The DNS server is not running or responding to queries.
Solution: If the DNS client can ping the DNS server computer, verify that the DNS server is started and
able to listen for and respond to client requests. Try using the nslookupcommand to test whether the
server can respond to DNS clients.
For more information, see Start or Stop a DNS Server.
Cause: The DNS server that the client is using does not have authority for the failed name and cannot
locate the authoritative server for this name.
Solution: Confirm whether the DNS domain name that the client is trying to resolve is the DNS domain
name for which its configured DNS servers are authoritative.
For example, if the client is attempting to resolve the name host.widgets.tailspintoys.com, verify that the
preferred DNS server (or an alternate, if one is being used) that is queried by the client loads the
authoritative zone where a host (A) resource record for the failed name should exist.
If the preferred server is authoritative for the failed name and it loads the applicable zone, determine
whether the zone is missing the appropriate resource records. If necessary, add the resource records to
the zone.
If the preferred server is not authoritative for the failed name, it indicates that configuration errors at the
DNS server are the likely cause. As necessary, troubleshoot the problem further at the DNS server.
For more information, see Managing Resource Records and Troubleshooting DNS Servers.
The DNS client appears to have received a response with stale or
incorrect information in it.
Cause: The DNS server that the client is using does not have authority for the failed name, and it is using
stale information from its local DNS database.
Solution: Determine whether the DNS server is authoritative for the name, and proceed accordingly.
For example, if the client is attempting to resolve the name host.widgets.tailspintoys.com, verify that the
preferred DNS server (or an alternate, if one is being used) that is queried by the client loads the
authoritative zone where a host (A) resource record for the failed name
should exist.
If the preferred server is authoritative for the name and it answered using incorrect data, it indicates that
the applicable zone might have outdated or stale information in the applicable resource record data. If
that is the case, you can add and remove the appropriate resource record in the zone.
Another option, when dynamic updates are enabled, is to force registration and update at the computer
that is targeted by the query. You can force it to update the registration of its resource records by typing
the ipconfig /registerdns command at a command prompt.
If the preferred server is not a direct authority for the queried name, it likely answered the query based on
information that it obtained and cached during an earlier recursive lookup. In this case, you might
consider clearing the server names cache. This compels the server to use new recursive queries for this
resource record data and to rebuild its cache contents based on current information.
For more information, see Managing Resource Records and Troubleshooting DNS Servers.
Cause: The preferred DNS server is a secondary server for the zone that contains the targeted name, and
it has outdated information.
Solution: If the server that answered the client is a secondary server for the zone, the version of the zone
in use at that server might be stale and it may need to be updated more often.
As an immediate solution, you can initiate a zone transfer at the secondary server to its master server to
update the zone. You might also consider using any of the following options to improve the freshness of
secondary zone data in the future:

Specify additional master servers for the secondary server to use when refreshing the zone.

Adjust the refresh interval on the zone slightly to decrease the length of time that all authoritative
servers for the zone can use the zone before they are required to refresh it.

Configure a notify list at a master server that acts as the zone source for the secondary server and
enable it to notify this server when the zone changes.
Cause: The name that was queried was specified in error, either through user input or in a stored client
configuration.
Solution: Verify that the name was correctly specified in the application where the name query
originated.
In most cases, incorrect data in a positive query response indicates one of three possibilities:

An incorrect DNS name was entered at the client by a user.

A short, unqualified name was used at the client and completed by the local resolver using an
unintended DNS suffix.

Resource records that are specified in the query were not updated correctly at the DNS server.
Confirm that the name was not entered in error by the user. Verify the exact set of characters that was
entered by the user when the original DNS query was made, or check application settings, such as settings
for any Internet mail or Web browser configurations that may have been made.
If the name that was used in the initial query was unqualified, and not the fully qualified domain name
(FQDN), try using the FQDN instead in the client application and repeating the query. If you do, be sure to
include the trailing dot (.) at the end of the name to indicate that the name entered is an exact FQDN.
If the FQDN query succeeds and returns correct data in the response, the most likely cause of the problem
is a misconfigured DNS domain suffix search list in the client resolver settings.
If you are using DNS in an environment that does not support dynamic updates or you generally
administer zone data manually, you might also want to verify that the resource records involved in
answering the query were not entered incorrectly. View them to ensure that the record data that is stored
in the zone is correct, or modify it accordingly.
Cause: The primary zone might have missing or errored data
Solution: Verify that the primary server for the zone has complete and accurate data.
The most likely cause for a primary DNS server for a zone to have missing or incomplete data is a failed
update request. It is possible that support for dynamic update has not been fully implemented or
configured. To resolve the problem, review the DNS dynamic update protocol (Request for Comments
(RFC) 2136) and any requirements that it has for DNS servers and clients that use it.
For directory-integrated zones, it is also possible that the affected records for the failed query have been
updated in Active Directory Domain Services (AD DS) but not replicated to all DNS servers that are
loading the zone. By default, all DNS servers that load zones from AD DS poll it at a set interval (typically
every 15 minutes), and they update the zone for any incremental changes to it. In most cases, a DNS
update takes no more than 20 minutes to replicate to all DNS servers in an Active Directory domain
environment using default replication settings and reliable high-speed links.
If you have specifically configured your zones to disable dynamic update, keep in mind that you must
manually add and update most types of resource records that are used in a zone. If this is the case, use
DNS Manager to view and update the affected records.
Another possible source for the incorrect data is Windows Internet Name Service (WINS). Determine
whether WINS lookup integration is enabled and used with the zone. If you are using WINS lookup with
your zones, verify that WINS is not the source of the incorrect data.
For more information, see Troubleshooting Dynamic Updates and Managing Resource Records.
The DNS client appears to be affected by another problem not described
here.
Cause: My problem is not described here.
Solution: Search Microsoft TechNet (http://go.microsoft.com/fwlink/?LinkId=170) for the latest technical
information that may relate to the problem. If necessary, you can obtain information and instructions that
pertain to your problem or issue.
If you are connected to the Internet, the latest operating system updates are available at Microsoft
Update (http://go.microsoft.com/fwlink/?LinkId=284).
Did you find this helpful?
Yes
No
Certain domain and enterprise-wide operations that are not good for multi-master updates are
performed by a single domain controller in an Active Directory domain or forest. The domain
controllers that are assigned to perform these unique operations are called operations masters or
FSMO role holders.
The following list describes the 5 unique FSMO roles in an Active Directory forest and the dependent
operations that they perform:
 Schema master - The Schema master role is forest-wide and there is one for each forest. This
role is required to extend the schema of an Active Directory forest or to run the adprep
/domainprep command.
 Domain naming master - The Domain naming master role is forest-wide and there is one for
each forest. This role is required to add or remove domains or application partitions to or
from a forest.
 RID master - The RID master role is domain-wide and there is one for each domain. This role
is required to allocate the RID pool so that new or existing domain controllers can create
user accounts, computer accounts or security groups.
 PDC emulator - The PDC emulator role is domain-wide and there is one for each domain.
This role is required for the domain controller that sends database updates to Windows NT
backup domain controllers. The domain controller that owns this role is also targeted by
certain administration tools and updates to user account and computer account passwords.
 Infrastructure master - The Infrastructure master role is domain-wide and there is one for
each domain. This role is required for domain controllers to run the adprep
/forestprep command successfully and to update SID attributes and distinguished name
attributes for objects that are referenced across domains.
The Active Directory Installation Wizard (Dcpromo.exe) assigns all 5 FSMO roles to the first domain
controller in the forest root domain. The first domain controller in each new child or tree domain is
assigned the three domain-wide roles. Domain controllers continue to own FSMO roles until they are
reassigned by using one of the following methods:
 An administrator reassigns the role by using a GUI administrative tool.
 An administrator reassigns the role by using the ntdsutil /roles command.
 An administrator gracefully demotes a role-holding domain controller by using the Active
Directory Installation Wizard. This wizard reassigns any locally-held roles to an existing
domain controller in the forest. Demotions that are performed by using the dcpromo
/forceremoval command leave FSMO roles in an invalid state until they are reassigned by
an administrator.
We recommend that you transfer FSMO roles in the following scenarios:
 The current role holder is operational and can be accessed on the network by the new FSMO
owner.
 You are gracefully demoting a domain controller that currently owns FSMO roles that you
want to assign to a specific domain controller in your Active Directory forest.
The domain controller that currently owns FSMO roles is being taken offline for scheduled
maintenance and you need specific FSMO roles to be assigned to a “live” domain controller.
This may be required to perform operations that connect to the FSMO owner. This would be
especially true for the PDC Emulator role but less true for the RID master role, the Domain
naming master role and the Schema master roles.
We recommend that you seize FSMO roles in the following scenarios:
 The current role holder is experiencing an operational error that prevents an FSMOdependent operation from completing successfully and that role cannot be transferred.
 A domain controller that owns an FSMO role is force-demoted by using the dcpromo
/forceremoval command.
 The operating system on the computer that originally owned a specific role no longer exists
or has been reinstalled.
As replication occurs, non-FSMO domain controllers in the domain or forest gain full knowledge of
changes that are made by FSMO-holding domain controllers. If you must transfer a role, the best
candidate domain controller is one that is in the appropriate domain that last inbound-replicated, or
recently inbound-replicated a writable copy of the “FSMO partition” from the existing role holder. For
example, the Schema master role-holder has a distinguished name path of
CN=schema,CN=configuration,dc=<forest root domain>, and this mean that roles reside in and are
replicated as part of the CN=schema partition. If the domain controller that holds the Schema master role
experiences a hardware or software failure, a good candidate role-holder would be a domain controller in
the root domain and in the same Active Directory site as the current owner. Domain controllers in the
same Active Directory site perform inbound replication every 5 minutes or 15 seconds.

The partition for each FSMO role is in the following list:
FSMO role
Partition
Schema
CN=Schema,CN=configuration,DC=<forest root domain>
Domain Naming Master CN=configuration,DC=<forest root domain>
PDC
DC=<domain>
RID
DC=<domain>
Infrastructure
DC=<domain>
A domain controller whose FSMO roles have been seized should not be permitted to communicate with
existing domain controllers in the forest. In this scenario, you should either format the hard disk and
reinstall the operating system on such domain controllers or forcibly demote such domain controllers on
a private network and then remove their metadata on a surviving domain controller in the forest by using
the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role
has been seized into the forest is that the original role holder may continue to operate as before until it
inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the
same FSMO roles include creating security principals that have overlapping RID pools, and other
problems.
Transfer FSMO roles
To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer
or domain controller that is located in the forest where FSMO roles are being transferred.
We recommend that you log on to the domain controller that you are assigning FSMO roles
to. The logged-on user should be a member of the Enterprise Administrators group to
transfer Schema master or Domain naming master roles, or a member of the Domain
Administrators group of the domain where the PDC emulator, RID master and the
Infrastructure master roles are being transferred.
2.
3.
4.
5.
6.
7.
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil utility,
type ?, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name
of the domain controller you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type transfer role, where role is the role that you want to transfer. For a list of roles that you
can transfer, type ? at thefsmo maintenance prompt, and then press ENTER, or see the
list of roles at the start of this article. For example, to transfer the RID master role,
type transfer rid master. The one exception is for the PDC emulator role, whose syntax
istransfer pdc, not transfer pdc emulator.
8.
At the fsmo
maintenance prompt, type q, and then press ENTER to gain access to
the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Seize FSMO roles
To seize the FSMO roles by using the Ntdsutil utility, follow these steps:
1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer
or domain controller that is located in the forest where FSMO roles are being seized. We
recommend that you log on to the domain controller that you are assigning FSMO roles to.
The logged-on user should be a member of the Enterprise Administrators group to transfer
schema or domain naming master roles, or a member of the Domain Administrators group
of the domain where the PDC emulator, RID master and the Infrastructure master roles are
being transferred.
2.
3.
4.
5.
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name
of the domain controller that you want to assign the FSMO role to.
6.
7.
At the server connections prompt, type q, and then press ENTER.
Type seize role, where role is the role that you want to seize. For a list of roles that you can
seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of
roles at the start of this article. For example, to seize the RID master role, type seize rid
master. The one exception is for the PDC emulator role, whose syntax is seize pdc, notseize
pdc emulator.
8.
At the fsmo
maintenance prompt, type q, and then press ENTER to gain access to
the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Notes
o Under typical conditions, all five roles must be assigned to “live” domain controllers in
the forest. If a domain controller that owns a FSMO role is taken out of service before
its roles are transferred, you must seize all roles to an appropriate and healthy
domain controller. We recommend that you only seize all roles when the other
domain controller is not returning to the domain. If it is possible, fix the broken
domain controller that is assigned the FSMO roles. You should determine which roles
are to be on which remaining domain controllers so that all five roles are assigned to
a single domain controller. For more information about FSMO role placement, click
the following article number to view the article in the Microsoft Knowledge Base:
223346 FSMO placement and optimization on Windows 2000 domain controllers
o If the domain controller that formerly held any FSMO role is not present in the
domain and if it has had its roles seized by using the steps in this article, remove it
from the Active Directory by following the procedure that is outlined in the following
Microsoft Knowledge Base article:
216498 How to remove data in active directory after an unsuccessful domain
controller demotion
o Removing domain controller metadata with the Windows 2000 version or the
Windows Server 2003 build 3790 version of the ntdsutil /metadata
cleanup command does not relocate FSMO roles that are assigned to live domain
controllers. The Windows Server 2003 Service Pack 1 (SP1) version of the Ntdsutil
utility automates this task and removes additional elements of domain controller
metadata.
o Some customers prefer not to restore system state backups of FSMO role-holders in
case the role has been reassigned since the backup was made.
o Do not put the Infrastructure master role on the same domain controller as the global
catalog server. If the Infrastructure master runs on a global catalog server it stops
updating object information because it does not contain any references to objects
that it does not hold. This is because a global catalog server holds a partial replica of
every object in the forest.
To test whether a domain controller is also a global catalog server:
1.
Click Start, point to Programs, point to Administrative
Tools, and then
click Active
Directory Sites and Services.
2. Double-click Sites in the left pane, and then locate the appropriate site or click Defaultfirst-site-name if no other sites are available.
3.
Open the Servers folder, and then click the domain controller.
4.
In the domain controller's folder, double-click NTDS
5.
On the Action menu, click Properties.
Settings.
6. On the General tab, view the Global Catalog check box to see if it is selected.
For more information about FSMO roles, click the following article numbers to view the articles in the
Microsoft Knowledge Base:
197132 Windows 2000 Active Directory FSMO roles
223787 Flexible Single Master Operation transfer and seizure process
Back to the top | Give Feedback
Steps to reproduce the problem
Run DCPROMO on a Windows Server 2008 computer to join a domain where the RID master is offline.
You will receive a warning that you must have an active RID master. Then, you will see a reference to KB
article 255504.
Back to the top | Give Feedback
Properties
Article ID: 255504 - Last Review: September 11, 2011 - Revision: 10.0
APPLIES TO








Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Protocols

Using Port Numbers and



Visual Studio 6.0
46 out of 60 rated this helpful - Rate this topic
Simply knowing how to send a message to a computer is not sufficient. Most computers need to access
various services across the Internet, and some computers provide those services. There needs to be a way to
separate the incoming traffic and direct the information to the appropriate program. This is done through
the use of ports.


A port is simply another address that is local to the computer. Various functions access various ports. For
instance, a web server will listen on port 80 for requests and will respond with the requested information. An
FTP server listens on port 21. Port numbers can range from 0 to 65,535 (or 216 –1).
Over the years, Internet users have agreed on a list of well-known port addresses. These addresses reflect the
port numbers that people should try to use when they want to access a particular type of server. Some wellknown port numbers for some of the most common Internet services are listed in Table 11.1.


NOTE: Many port numbers are well known: A lot of port numbers belong on this list (for instance, Doom
uses port 666 for multi-user game play). I omitted some numbers from the table because they aren’t very
common. For a more complete list, look at the file C:\Windows\Services.
Table 11.1: Some Well-Known Port Numbers
Name
Port Number
Description
Daytime
13
Daytime protocol—returns date and time information
ftp-data
20
FTP (File Transfer Protocol), default data port—transfers files between systems
ftp
21
FTP, control port
Telnet
23
Telnet—provides terminal access to a remote computer
Smtp
25
SMTP (Simple Mail Transport Protocol)—transfers mail between systems
Time
37
Time protocol—returns date and time information
Domain
53
DNS (Domain Name Server)—converts a domain name into an IP address
Finger
79
Finger protocol—returns information about a remote computer or user
www-http
80
WWW (World Wide Web), HTTP (HyperText Transport Protocol)—retrieves HTML-fo
Pop3
110
POP3 (Post Office Protocol) version 3 protocol—retrieves e-mail messages
nntp
119
NNTP (Network News Transport Protocol)—retrieves news articles


When looking at Table 11.1, you may notice that many of the port numbers are also associated with a
protocol. Protocols are a way for one computer to request information from another and understand its
response. For the most part, protocols are well-documented command strings and ranges of valid responses.
The Internet Transfer control supports two protocols: the File Transfer Protocol and the HyperText Transfer
Protocol, which I’ll cover soon. But first I want to finish up here with one last item you need for Internet



applications: a Universal Resource Locator.
© 1998 SYBEX Inc. All rights reserved.
Did you find this helpful?
---:FOR YAHOO:--In coming :--plus.pop.mail.yahoo.com
Out going :--plus.smtp.mall.yahoo.com
--:FOR REDIFFMAI:-In coming :--pop.rediffmai.com
Out going :--smtp.rediffmail.com
--:FOR GMAIL:-In coming:--pop.gmail.com
Out going:--smtp.gmail.com
--:FOR HOTMAIL:-In coming:--pop3live.com
Out going:--smtp.live.com/587
-----: Client application for mail server :-----

1. Out look express
2. Ms out look
3. Windows mail /windows live mail
Out look express:-it is home edition of Microsoft by
default in built in os lik 98,xp.2000,2003. It is use to send
recive and compose mail on client computer extension of
mail file in out look express in dbx. outlook does not
support hntp protocol.

Ms out look:-it is corporate edition of Microsoft comes
with ms office application package .use to send receive
and compose mail on client computer extension of mail
file in ms out out look is
.PST:-- personal storage table.
.OST:-- off line storage table.
Ms out look:--support hntp protocol.

Windows mail:- available in server 2003 .we can find it
from start menu after installing destop experience option
from server manager feature option work same as out
look express.

Windows live mail:-we can download this application
from www.microsoft .com website .it can be use vista
,win7 etc.
DBS:-date base exchang.