Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Archive for April, 2011

Folder Redirection

Posted by Awinish on April 14, 2011

I always wanted to include folder redirection materials on my blog especially for my reference & for others too. I have seen lot of questions related with folder redirection in various blogs/forum like what is the permission on redirected folder should be, is folder to be manually created or let folder redirection creates it automatically during first log on. Here i would say let the folder be created automatically. The other question is even administrator can’t access home folder created by folder redirection, the reason is its by design & an administrator has to be manually granted explicit rights.

Enabling the administrator to have access to redirected folders

Automatic creation of user folders for home, roaming profile and redirected folders.

NTFS permissions for Redirected Folders

Profile Version in XP & below is V1 where as profile Version for Vista & above is V2, so when you migrate the profile from XP to WIN7 a new profile is created even though profile still exists & other reason is windows XP & Win7 have different folder architecture for profiles like XP it stores the profile under document & settings where as in Vista & above its C:\users.

Managing Roaming User Data Deployment Guide

One of the article, i personally used in the past understanding & configuring folder redirection is below by Ace Fekay, the reason is its been well documented with the supporting links. Thanks to Ace for wonderful article.


Posted in Group Policy | Tagged: | 1 Comment »

Configuring DNS in child domain

Posted by Awinish on April 9, 2011

I have seen people through various forums/blogs getting confused : how to configure DNS server in child domain for Parent’s domain name resolutions?  The confusion is, should it point to itself for DNS server address or parent DNS server for name resolution of parent & child domain both? In order to make the life easier & remove the confusion, i thought of coming up with the article on my blog.

Firstly, understand that DNS is the backbone of AD & most of the issues we face in our environment is because of the improper configuration of DNS server.  In few posts, i saw people using Public IP as the DNS address or ISP’s DNS address directly configured into their servers/domain systems NIC for preferred DNS server address, which is absolutely wrong & the reason is, when DNS lookup is performed against the local resource records in the domain, first it queries local host file in your system located in inside “etc” folder, if it can’t locate anything configured there, it looks for preferred DNS server IP in NIC. If NIC’s preferred DNS address is configured with public IP or ISP’s IP, it will forward the query directly to that public IP for local domain name resolution & the query will be performed, before it is says request timed-out. The reason is that, your local domain & its records exists in your local DNS server. How a DNS server hosted outside your domain can even come to know existent of any such private domain without any record in its DNS server? From security perspective, its a big passage for attacker to penetrate your infrastructure & attack your network for access.

Public DNS server’s IP has to be configured into Forwarder Tab of your local DNS server. If you have multiple DNS server running in your domain, configure all of the local DNS server forwarder to have this Public DNS IP address, but make sure you obtain this public DNS server address from your ISP & you are not using anything like or, since these are not the authoritative DNS server for your domain through which query has to pass for name resolution. The query for external domain name resolution has to pass through your ISP’s DNS server. Using or any other public IP directly in your DC/servers as a preferred DNS or alternate DNS server is going to pose a security threat for the environment.

Question: How do I set up DNS for a child domain?

Answer: To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server.

Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for your environment.

Set the child domain controller to point to itself first. As soon as an additional domain controller is available, set the child domain controller to point to this domain controller in the child domain as its secondary.

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain

Note: Ignore the version of OS, its applicable for all the windows OS as concept for DNS has not been changed.


Posted in Directory Services, DNS/DHCP, Exchange | Tagged: , | 6 Comments »