Zones and Records

Zones are an important concept in DNS. A zone is a container that represents a domain on DNS server. The zone contains the records to that domain. There are three types of zones primary, secondary and stub zones.

Every domain, immediately below a TLD, has a zone, such as blogspot.com, but sub-domains, such as scorpits.blogspot.com can be contained within the parent zone or in their own zones. A zone represents a domain in a DNS server, and it contains all of the records of the domain. Sometimes a zone will also contain sub-domains. All zones begin with a SOA record and contain NS records. Zones are typically contained in a zone file, a specially formatted text file that contains all of the records for the zone.

• A Primary zone is the master copy of the zone information; typically you'll only have one primary zone for a domain, but it is possible to have more than one in a multiple master configuration.
• A Secondary zone contains a copy of all of the records in the primary zone; secondary zones are used for redundancy, in case the DNS server containing the primary zone goes down. The secondary zone still contains a copy of the data and can be used for DNS resolution.
• Stub zones only contain name server records, and are used for delegation. When a DNS server is registered as the authoritative DNS server for a domain, stub zones are used to delegate that authority to other DNS servers. 

Those servers will then contain the primary and secondary zones for the domain. Only the primary zone can be edited; when primary zones are edited secondary zones are updated automatically through the zone transfer process, once their time to live expires. 
Zone transfers are used to copy the primary zone to any servers containing corresponding secondary zones. Incremental zone transfers are used where possible, primarily between Microsoft DNS servers. An incremental zone transfer only transfers the data that is changed, since the last zone transfer, so the process is faster and uses less bandwidth. When incremental transfers are not possible, or not supported, full zone transfers are done where the entire zone is transferred each time a change is made to the primary zone.

A sub-domain is set below parent domains; an example of a sub-domain is scorpits.blogspot.com, which resides below the parent domain blogspot.com. Sub-domains can be contained within the parent zone; they can also be contained in their own zone. In addition, through the use of stub zones, sub-domains can reside on other DNS servers. Stub zone indicates that the authority for the zone is delegated to another system.

FSMO Roles

FSMO Roles Explained:

   Within Active Directory not all Domain Controllers are equal some have certain roles assigned to them, these roles need to be performed by a single Domain Controller. These roles are called the FSMO roles (Flexible Single Master Operations). There are 5 roles 2 of which are forest wide and the other 3 are domain wide roles.

The 5 roles are as follows:

Schema master (forest wide):

   The Schema Master controls all updates to the Schema within the forest.

Domain Naming Master (forest wide):

   The Domain Naming Master role is responsible for the creation and deletion of domains in the forest.

PDC Emulator (domain wide):

   The PDC emulator role provides backwards compatability for Windows NT backup domain controllers (BDCs), the PDC emulator advertises itself as the primary domain controller for the domain. It also acts as the domain master browser and maintains the latest password for all users within the domain.

Infrastructure Master (domain wide):

   The Infrastructure Manager role is responsible for updating references from objects within its domain with objects in other domains.

RID Master (domain wide):

   The RID Master manages the Security Identifier (SID) for every object within the domain.

Identify FSMO Roles: You can easily identify the servers that hold the FSMO Roles using this free tool. Doverstones' "FSMO Roles" application is a Freeware. You can download it here: http://www.dovestones.com/downloads/FSMORoles.msi

More Info on FSMO Roles: http://techgurulive.com/2008/09/27/the-5-fsmo-server-roles-of-windows-domain-environment/

SCCM 2007 - Brief Overview

Configuration Manager 2007 allows you to perform tasks such as:

• Deploying operating systems
  
• Deploying software applications
  
• Deploying software updates
  
• Metering software usage
  
• Assessing variation from desired configurations
  
• Taking hardware and software inventory
  
• Remotely administering computers
  

Configuration Manager 2007 collects information in a Microsoft SQL Server database, allowing queries and reports to consolidate information throughout the organization. Configuration Manager 2007 can manage a wide range of Microsoft operating systems, including client platforms, server platforms, and mobile devices.

Understanding SCCM Sites

Understanding Configuration Manager Sites

     A Microsoft System Center Configuration Manager 2007 site defines the scope of administrative control. A site consists of a site server, site system roles, clients, and resources. A site always requires access to a Microsoft SQL Server database. There are several types of Configuration Manager 2007 sites. A Configuration Manager 2007 site uses boundaries to determine the clients belonging to the site. Multiple sites can be configured into site hierarchies and connected in such a way that you can manage bandwidth utilization between sites. A Configuration Manager 2007 site is identified by the three-character code and the friendly site name configured during Setup.

Types of Sites

     When you install a site, you decide whether it will be a primary site or a secondary site. Then, as you install additional sites, you have the option to arrange them in hierarchical relationships so that there are parent sites that manage child sites, and a central site to collect all the site information for centralized management. Or, if you prefer, you can leave the sites without any connections and manage them separately, according to your business and administrative needs. For example, if your organization consists of independent business units, each unit might resist having centralized management.

Primary Sites

     The first Configuration Manager 2007 site you install must be a primary site. A primary site stores Configuration Manager 2007 data for itself and all the sites beneath it in a SQL Server database. This is called the Configuration Manager 2007 site database. Primary sites have an administrative tool called the Configuration Manager 2007 console that enables the Configuration Manager 2007 administrator to directly manage the site.

Secondary Sites

     A secondary site has no Configuration Manager 2007 site database. It is attached to and reports to a primary site. The secondary site is managed by a Configuration Manager 2007 administrator running a Configuration Manager 2007 console that is connected to the primary site.

     The secondary site forwards the information it gathers from Configuration Manager 2007 clients, such as computer inventory data and Configuration Manager 2007 system status information, to its parent site. The primary site then stores the data of both the primary and secondary sites in the Configuration Manager 2007 site database.

     The advantages of using secondary sites are that they do not require any additional Configuration Manager 2007 server license and do not incur the overhead of maintaining an additional database. Secondary sites are managed from the primary site they are connected to, so they are frequently used in sites with no local administrator present. The disadvantage of secondary sites is that they must be attached to a primary site and cannot be moved to a different primary site without deleting and re-creating the site. Also, secondary sites cannot have sites beneath them in the hierarchy.

Parent Sites

     A parent site is a primary site that has one or more sites attached to it in the hierarchy. Only a primary site can have child sites. A secondary site is always a child site. A parent site contains pertinent information about its lower level sites, such as computer inventory data and Configuration Manager 2007 system status information, and it can control many operations at the child sites.

Child Sites

     A child site is a site that is attached to a site above it in the hierarchy. The site it reports to is its parent site. A child site can have only one parent site. Configuration Manager 2007 copies all the data that is collected at a child site to its parent site. A child site is either a primary site or a secondary site.

Central Site

     A central site has no parent site. Typically, a central site has child and grandchild sites and aggregates all of their client information to provide centralized management and reporting. A site with no parent and no child site is still called a central site although it is also referred to as a stand-alone site.

Site Systems

     Each site contains one site server and one or more site systems. The site server is the computer on which you install Configuration Manager 2007, and it hosts services required for Configuration Manager 2007. A site system is any computer running a supported version of Microsoft Windows or a shared folder that hosts one or more site system roles. A site system role is a function required to be able to use Configuration Manager 2007 or to use a feature of Configuration Manager 2007. Multiple site roles can be combined on a single site system, including running all site roles on the site server, but this is usually appropriate only for very small and simple environments.

Brief description of each Site System Role

Site System Role	Description	Required?
Site server	The role assigned to the server on which Configuration Manager 2007 Setup has been run successfully.	Yes. Every site must have exactly one site server role.
Site database server	The role assigned to the computer running a supported version of Microsoft SQL Server and hosting the Configuration Manager 2007 site database. You can use only Microsoft SQL Server, Standard or Enterprise Edition, to host the site database. SQL Server Express editions are not supported for hosting the site database.	Every primary site requires a site database server role, but secondary sites do not require them.
Configuration Manager console	Any computer running the Configuration Manager console.	No. The Configuration Manager console is automatically installed by default on primary site servers during Setup. You can install additional Configuration Manager consoles on remote computers—for example, the workstation of the Configuration Manager administrator. However, some organizations write their own user interface using the Configuration Manager software developer kit (SDK) and never use the Configuration Manager console.
SMS Provider computer	The Configuration Manager console does not access the database directly, but instead uses Windows Management Instrumentation (WMI) as an intermediary layer. The SMS Provider is the WMI Provider for Configuration Manager.	Yes, for primary sites. When you install a primary site, you select which computer will host the SMS Provider—usually, it's the site server or the site database server.
Component server	Any computer hosting a Configuration Manager 2007 site role that requires installing special Configuration Manager 2007 services.	The only site system role that does not require the installation of a special Configuration Manager 2007 service is the distribution point.
Distribution point	A site system role that stores packages for clients to install.	Required for the following features: software distribution, software updates, and advertised task sequences used in operating system deployment.
Fallback status point	A site system role that gathers state messages from clients that cannot install properly, cannot assign to a Configuration Manager 2007 site, or cannot communicate securely with their assigned management point.	Not required, but very helpful to troubleshoot issues with clients.
Management point	The site system role that serves as the primary point of contact between Configuration Manager 2007 clients and the Configuration Manager 2007 site server.	Every site with intranet clients must have one default management point, though the default management point might be a cluster of several site systems configured as management points.
PXE service point	A site system role that has been configured to respond to and initiate operating system deployments from computers whose network interface card is configured to allow PXE boot requests.	Required only for operating system deployment using PXE boot requests.
Reporting point	A site system role hosts the Report Viewer component for Web-based reporting functionality.	Required only to use the reporting feature. Reports are often helpful when diagnosing client issues.
Server locator point	A site system role that locates management points for Configuration Manager 2007 clients.	Required for some client deployment scenarios.
Software update point	A site system role assigned to a computer running Microsoft Windows Server Update Services (WSUS).	Required only for the software update feature.
State migration point	A site system role that stores user state data while a computer is being migrated to a new operating system.	Required for operating system deployment when migrating user state.
System Health Validator point	The site system role assigned to a computer running Network Policy Service.	Required only for the Configuration Manager 2007 Network Access Protection feature.

Hardware Inventory and Software Inventory

     When working with SMS inventory features, remember the distinctions between hardware inventory and software inventory. The primary distinction between the two inventory mechanisms is how they work.

     Software inventory works by scanning the disks on each computer to find files and gather information about files. You can also configure software inventory to collect specific files when it finds them.

     Hardware inventory works by querying Windows Management Instrumentation (WMI) for all data from certain WMI classes. WMI includes classes for operating system configuration and entities (such as user accounts), installed software, software configuration, and other objects (such as for the logged on user). These classes are supplements to hardware classes. Hardware inventory collects information about many things besides hardware. For example, it can inventory software by collecting details about programs listed in Add or Remove Programs in Control Panel or programs that have been installed using Windows Installer.

     Because hardware inventory collects a wide variety of data, you might determine that most of your inventory needs can be served by hardware inventory collection alone. Also, with hardware inventory, you can customize inventory to collect more data or different data. Software inventory is useful when you require information about the files on the disks, not necessarily about the software that has been installed. In that sense, software inventory could be called "file inventory."

http://technet.microsoft.com/en-us/library/cc180952.aspx

PXE Advertisement Types

Mandatory advertisement:
     Computers that receive a mandatory advertisement that is enabled for PXE will boot using PXE without any user intervention. The user will not be given an option to bypass the PXE boot. 

Note: If a user cancels the PXE boot process before the PXE service point responds, the computer will not receive the advertisement.

Optional advertisement:
     For computers that receive an optional advertisement that is enabled for PXE, a user must be present at the computer to press F12 to continue the PXE boot process or the computer will boot into the current operating system or using the next available boot device.

Clear Last PXE Advertisement:
     If for any reason you want to re-advertise a mandatory advertisement enabled for a PXE device or assigned to a collection you can select this option by right clicking an existing Configuration Manager 2007 collection or a device with an existing PXE advertisement and selecting ‘Clear Last PXE Advertisement’.

Important: Selecting this option will reset the status for the last mandatory PXE advertisements for the collection or device. The most recent mandatory advertisements will be rerun on any computers or devices the advertisement has been assigned to.

http://technet.microsoft.com/en-us/library/bb680753.aspx