DHCP Back up and Restore

DHCP servers store DHCP lease and reservation information in database files. By default, these files are stored in the %SystemRoot%\System32\DHCP directory. The key files in this directory are used as follows:

• Dhcp.mdb The primary database file for the DHCP server
• J50.log A transaction log file used to recover incomplete transactions in case of a server malfunction
• J50.chk A checkpoint file used in truncating the transaction log for the DHCP server
• Res1.log A reserved log file for the DHCP server
• Res2.log A reserved log file for the DHCP server
• Tmp.edb A temporary working file for the DHCP server

Backing Up the DHCP Database
The Backup directory in the %SystemRoot%\System32\DHCP folder contains backup information for the DHCP configuration and the DHCP database. By default, the DHCP database is backed up every 60 minutes automatically. To manually back up the DHCP database at any time, follow these steps:
1. In the DHCP console, right-click the server you want to back up, and then click Backup.
2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.

Registry keys that control the location and timing of DHCP backups, as well as other DHCP settings, are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters.

The following keys control the DHCP database and backup configuration:

• BackupDatabasePath Sets the location of the DHCP database. You should set this option through the DHCP Properties dialog box. Click the Advanced tab, and then set the Database Path field as appropriate.
• DatabaseName Sets the name of the primary DHCP database file. The default value is DHCP.mdb.
• BackupInterval Determines how often the DHCP client information database is backed up. The default is 60 minutes.
• DatabaseCleanupInterval Determines how often the DHCP service deletes expired records from the DHCP client information database. The default is four hours.

Restoring the DHCP Database from Backup
In the case of a server crash and recovery, you might need to restore and then reconcile the DHCP database. To force DHCP to restore the database from backup, follow these steps:
1. If necessary, restore a good copy of the %SystemRoot%\System32\DHCP\Backup directory from the archive. Afterward, start the DHCP console, right-click the server you want to restore, and then click Restore.
2. In the Browse For Folder dialog box, select the folder that contains the backup you want to restore, and then click OK.
3. During restoration of the database, the DHCP Server service is stopped. As a result, DHCP clients are temporarily unable to contact the DHCP server to obtain IP addresses.

DNC BACK UP

http://mcpmag.com/articles/2005/07/05/dns-backups-without-the-baggage.aspx

With DNS, backing up primary and secondary zones independent of the system state is a pretty simple process. You can use the xcopy command to back up all zone text files on a DNS server. This command would back up the contents of the default DNS folder to the "D:\backups\dns" folder:
xcopy %systemroot%\system32\dns d:\backups\dns /y
Unfortunately, the process isn’t as simple for Active Directory-integrated DNS zones. For these zones, the support tool dnscmd.exe can get the job done. To back up any DNS zone with dnscmd.exe, you just need to use the /zoneexport switch with the command. To back up the MCPmag.com zone locally on a DNS server, you'd run:
dnscmd /zoneexport mcpmag.com backup\mcpmag.com.dns.bak
This command writes a copy of the mcpmag.com zone to the %systemroot%\system32\dns\backup\mcpmag.com.dns.bak file. Note that the command doesn't overwrite existing files, so if you’re including it with a backup script, be sure to move the file to an alternate location after the export completes, or to rename or delete the current backup file before you run a new dnscmd /zoneexport job.
If you need to re-create a new zone from the export file, you’ll find that you can do this by using dnscmd.exe with the /zoneadd switch. The only catch with this approach is that if you’re looking to recover an AD-integrated zone, you need to add the zone as a primary first and then convert it to AD-integrated. For example, to recover my mcpmag.com zone, I'd run:
dnscmd /zoneadd mcpmag.com /primary /file mcpmag.com.dns.bak /load
Here, note that the backup file needs to reside in the %systemroot%\system32\dns folder for it to be properly discovered. Use the /load switch to tell the command to load the configuration from the existing file. Without it, the command will create a new zone data file that will overwrite the contents of the backup file.
After adding the zone to the DNS server, you can convert it to an AD-integrated zone by running:
dnscmd /zoneresettype mcpmag.com /dsprimary
At this point, you can then enable secure dynamic updates for the zone by running:
dnscmd /config mcpmag.com /allowupdate 2
This command configures the zone to accept only secure dynamic updates, as specified by the allowupdate value of 2 (use 0 to specify No dynamic updates, 1 for nonsecure and secure dynamic updates).
As an alternative, you may want to take a look at the DNS Dump script written by Microsoft MVP and technical trainer Dean Wells. You can download this script at http://www.reskit.net/DNS/dnsdump.cm_. Note that you will need to rename the downloaded file to dnsdump.cmd for it to execute properly. For help on using the tool, after you've downloaded and renamed the file, from the command shell navigate to the directly when the dnsdump.cmd file exists and run dnsdump /?. Not only will this tool back up a DNS zone, but it will also back up the complete configuration of a DNS server (yes, Registry values too!), as well as all primary, secondary, and AD integrated zones in one operation. This is accomplished by running dnsdump with the "export" option.
While the System State backup is always an option for DNS and should still be performed at regular intervals, dnscmd.exe or dnsdump.cmd should provide the DNS backup flexibility you’re looking for.

Some useful DNS Questions

Q1. What is DNS?
Domain Name System is a service that can be installed on any windows server operating system to resolve the Name to IPAddress and vice-versa. TCP/IP networks, such as the Internet, use DNS to locate computers and services through user-friendly names
Q2. What is DDNS?
Dynamic DNS or DDNS is a method of updating, in real time, a Domain Name System to point to a changing IP address on the Internet. This is used to provide a persistent domain name for a resource that may change location on the network.
Q3. What are the resource records in DNS?
A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
CNAME (Canonical Name) Sets an alias for a host name. For example, using this record, zeta.tvpress.com can have an alias as www.tvpress.com.
MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.
NS (Name Server) Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record.
PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.
SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone).
Q4. What are a Forward and Reverse Lookup?
Forward Lookup: When a name query is send to the DNS server against to IP address, it is generally said a forward lookup.
Reverse Lookup: DNS also provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address.
Q5. What is Primary zone?
This is the read and writable copy of a zone file in the DNS namespace. This is primary source for information about the zone and it stores the master copy of zone data in a local file or in AD DS. Dy default the primary zone file is named as zone_name.dns in %windir%\System32\DNS folder on the server.
Q6. What id Secondary zone?
This is the read only copy of a zone file in the DNS namespace. This is secondary source for information about the zone and it get the updated information from the master copy of primary zone. The network access must be available to connect with primary server. As secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.
Q7. What is stub Zone?
A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone. A stub zone is practically used to resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone contains:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone.
Q8. What is Caching Only Server?
Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site.
Q9. What is Aging and Scavenging?
DNS servers running Windows Server support aging and scavenging features. These features are provided as a mechanism to perform cleanup and removal of stale resource records from the server and zone. This feature removes the dynamically created records when they are stamped as stale.
By default, the aging and scavenging mechanism for the DNS Server service is disabled.
Scavenging and aging must be enabled both at the DNS server and on the zone
Q10. What is SRV record in DNS?
The SRV record is a resource record in DNS that is used to identify or point to a computer that host specific services i.e Active directory.
Q11. What is Forwarding in DNS?
A forwarder is a feature in DNS server that is used to forward DNS queries for external DNS names to DNS servers outside of that network. We ca configure a DNS server as a forwarder to forward the name query to other DNS servers in the network when they cannot resolve locally to that DNS server.
Q12. What is Conditional Forwarding in DNS?
We can configure the DNS server to forward queries according to specific domain names using conditional forwarders. In this case query is forward to an IP address against a DNS domain name.
Q13. What are Queries types in DNS?
Recursive Query: This name queries are generally made by a DNS client to a DNS server or by a DNS server that is configured to pass unresolved name queries to another DNS server, in the case of a DNS server configured to use a forwarder.
Iterative Query: An iterative name query is one in which a DNS client allows the DNS server to return the best answer it can give based on its cache or zone data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return is a referral. The DNS client can then query the DNS server for which it obtained a referral. It continues this process until it locates a DNS server that is authoritative for the queried name, or until an error or time-out condition is met.
Q14. What are Tools for troubleshooting of DNS?
DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, DNS Logs.
Q15. How to check DNS health?
Using the DCdiag.
i.e. (dcdiag /test:dns /v /e) **************************************************

Windows DNS Server Interview Questions

What is the main purpose of a DNS server?DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa.

What is the port no of dns ?
53.

What is a Forward Lookup?
Resolving Host Names to IP Addresses

What is Reverse Lookup?
Resolving IP Addresses to Host Names

What is a Resource Record?
It is a record provides the information about the resources available in the N/W infrastructure.

What are the diff. DNS Roles?
Standard Primary, Standard Secondary, & AD Integrated.

What is a Zone?
Zone is a sub tree of DNS database.

Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. Which record types do you need to create?
PTR Records

SOA records must be included in every zone. What are they used for?SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.

By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address?
Performs a recursive search through the primary DNS server based on the network interface configuration

What is primary, Secondary, stub & AD Integrated Zone?
Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a read, write copy of zone database.

Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.

Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing.

How do you manually create SRV records in DNS?
This is on windows server go to run ---dnsmgmt.msc rightclick on the zone you want to add srv record to and choose "other new record" and choose service location(srv).

What is the main purpose of SRV records ?
SRV records are used in locating hosts that provide certain network services.

Before installing your first domain controller in the network, you installed a DNS server and created a zone, naming it as you would name your AD domain. However, after the installation of the domain controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most likely cause of this failure ?
The zone you created was not configured to allow dynamic updates. The local interface on the DNS server was not configured to allow dynamic updates.

Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients ?
The zone to be used for dynamic updates must be configured to allow dynamic updates. The DHCP server must support, and be configured to allow, dynamic updates for legacy clients.

At some point during the name resolution process, the requesting party received authoritative reply. Which further actions are likely to be taken after this reply ?
After receiving the authoritative reply, the resolution process is effectively over.

Name 3 benefits of using AD-integrated zones.
Active Directory integrated DNS enables Active Directory storage and replication of DNS zone databases. Windows 2000 DNS server, the DNS server that is included with Windows 2000 Server, accommodates storing zone data in Active Directory.

When you configure a computer as a DNS server, zones are usually stored as text files on name servers that is, all of the zones required by DNS are stored in a text file on the server computer.

These text files must be synchronized among DNS name servers by using a system that requires a separate replication topology and schedule called a zone transfer However, if you use Active Directory integrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an Active Directory object and is replicated as part of domain replication.

What are the benefits of using Windows 2003 DNS when using AD-integrated zones?

If your DNS topology includes Active Directory, use Active Directory integrated zones. Active Directory integrated zones enable you to store zone data in the Active Directory database.Zone information about any primary DNS server within an Active Directory integrated zone is always replicated.

Because DNS replication is single-master, a primary DNS server in a standard primary DNS zone can be a single point of failure. In an Active Directory integrated zone, a primary DNS server cannot be a single point of failure because Active Directory uses multimaster replication.

Updates that are made to any domain controller are replicated to all domain controllers and the zone information about any primary DNS server within an Active Directory integrated zone is always replicated.
Active Directory integrated zones: Enable you to secure zones by using secure dynamic update.

Provide increased fault tolerance. Every Active Directory integrated zone can be replicated to all domain controllers within the Active Directory domain or forest. All DNS servers running on these domain controllers can act as primary servers for the zone and accept dynamic updates.

Enable replication that propagates changed data only, compresses replicated data, and reduces network traffic. If you have an Active Directory infrastructure, you can only use Active Directory integrated zones on Active Directory domain controllers. If you are using Active Directory integrated zones, you must decide whether or not to store Active Directory integrated zones in the application directory partition.

You can combine Active Directory integrated zones and file-based zones in the same design. For example, if the DNS server that is authoritative for the private root zone is running on an operating system other than Windows Server 2003 or Windows 2000, it cannot act as an Active Directory domain controller. Therefore, you must use file-based zones on that server. However, you can delegate this zone to any domain controller running either Windows Server 2003 or Windows 2000.

You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS. Name a few possible causes.

The machine cannot be configured with DNS client her own .
The DNS service cannot be run.

What are the benefits and scenarios of using Stub zones?

Understanding stub zones
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone.
A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.

A stub zone consists of:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.

Use stub zones to:

·         Keep delegated zone information current.
By updating a stub zone for one of its child zones regularly, the DNS server hosting both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.

·         Improve name resolution.
Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers without needing to query the Internet or internal root server for the DNS namespace.

·         Simplify DNS administration.
By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones and are not an alternative when considering redundancy and load sharing.

There are two lists of DNS servers involved in the loading and maintenance of a stub zone:

·         The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone.

·         The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. When a DNS server loads a stub zone, such as widgets.example.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.example.com. The list of master servers may contain a single server or multiple servers and can be changed anytime.

What is the "in-addr.arpa" zone used for?
In a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process. The following is quoted from RFC 1035: "The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet.

"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure. "Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero).

"Host addresses are represented by domain names that have all four labels specified." Reverse Lookup files use the structure specified in RFC 1035.

For example, if you have a network which is 150.10.0.0, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 150.10.0.0 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain entries for hosts in many domains. Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents: Exp : 1.20 IN PTR WS1.ACME.COM.

What does a zone consist of & why do we require a zone?
Zone consists of resource records and we require zone for representing sites.

What is Caching Only Server?
When we install 2000 & 2003 server it is configured as caching only server where it maintains the frequently accessed sites information and again when we access the same site for next time it is obtain from cached information instead of going to the actual site.

What is forwarder?
When one DNS server can?t receive the query it can be forwarded to another DNS once configured as forwarder.

What is secondary DNS Server?
It is backup for primary DNS where it maintains a read only copy of DNS database.

How to enable Dynamic updates in DNS?
StartProgramAdmin toolsDNS Zone properties.

What are the properties of DNS server?
INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG LOGGING.

Properties of a Zone?
General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.

What is scavenging?
Finding and deleting unwanted records.

What are SRV records?
SRV are the service records, there are 6 service records. They are useful for locating the services.

What are the types of SRV records?
MSDCS:Contains DCs information.
TCP:Contains Global Catalog, Kerberos & LDAP information.
UDP:Contains Sites information.
Sites:Contains Sites information.
Domain DNS Zone:Conations domain?s DNS specific information.
Forest DNS zone:Contains Forest?s Specific Information.

Where does a Host File Reside?
c:\windows\system32\drivers\etc.

What is SOA?
Start of Authority: useful when a zone starts. Provides the zone startup information.

What is a query?
A request made by the DNS client to provide the name server information.

What are the diff. types of Queries?
Recursion, iteration.

Tools for troubleshooting DNS?
DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs.

What is WINS server? where we use WINS server? difference between DNS and WINS?
WINS is windows internet name service used to resolve the NetBIOS(computer name)name to IP address.This is proprietary for Windows.You can use in LAN.DNS is a Domain Naming System, which resolves Host names to IP addresses. It uses fully qualified domain names. DNS is an Internet standard used to resolve host names.

What is new in Windows Server 2003 regarding the DNS management?
When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory.

If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

SOA records must be included in every zone. What are they used for?
SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.

By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address? Performs a recursive search through the primary DNS server based on the network interface configuration.

How do I clear the DNS cache on the DNS server?
Go to cmd prompt and type ipconfig /flushdns .

What is the main purpose of SRV records?
SRV records are used in locating hosts that provide certain network services.

What is the "." zone in my forward lookup zone?
This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Do I need to configure forwarders in DNS?
No. By default, Windows 2000 DNS uses the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. Most of the time, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems.

The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection. Windows Server 2003 DNS will query root hints servers if it cannot query the forwarders.

Should I point the other Windows 2000-based and Windows Server 2003-based computers on my LAN to my ISP's DNS servers?
No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 domain controller running DNS.

If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.

Do I need to point computers that are running Windows NT 4.0 or Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows 98 Second Edition to the Windows 2000 or Windows Server 2003 DNS server?
Legacy operating systems continue to use NetBIOS for name resolution to find a domain controller; however it is recommended that you point all computers to the Windows 2000 or Windows Server 2003 DNS server for name resolution.

What if my Windows 2000 or Windows Server 2003 DNS server is behind a proxy server or firewall?
If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

What should I do if the domain controller points to itself for DNS, but the SRV records still do not appear in the zone?
Check for a disjointed namespace, and then run Netdiag.exe /fix.
You must install Support Tools from the Windows 2000 Server or Windows Server 2003 CD-ROM to run Netdiag.exe.

How do I set up DNS for a child domain?
To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server.

Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for your environment. Set the child domain controller to point to itself first. As soon as an additional domain controller is available, set the child domain controller to point to this domain controller in the child domain as its secondary.

Good link to learn English .. You can even listen to the conversations..

http://www.eslgold.com/speaking/phrases.html

VMWARE esx online training--

http://www.vmsources.com/vmware-training/vmware-classes/vmware-vsphere-hypervisor-free-online-course

SAN and NAS difference..

http://nas-san.com/differ.html 

Good one - OSI Layer

http://www.thecertificationhub.com/networkplus/the_osi_ref_model.htm

SCSI - Usefull comments. Please follow the link

http://computer.howstuffworks.com/scsi1.htm

Start up process -From Wiki

Start up process another clear explanation..

http://en.wikipedia.org/wiki/Windows_NT_startup_process

Startup process

NTLDR (abbreviation of NT loader) is the boot loader for all releases of Microsoft's Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.
NTLDR requires, at the minimum, the following two files to be on the system volume:

• NTLDR, which contains the main boot loader itself
• boot.ini, which contains configuration options for a boot menu

To load an NT-based OS, ntdetect.com must also be present. (Strictly speaking, only NTLDR is actually required. If boot.ini is missing, NTLDR will default to \Windows on the first partition of the first hard drive. Many desktops in the home are in this configuration and a missing boot.ini file will simply generate an error stating it is missing, then boot into Windows successfully.)
The Volume Boot Record written to disk by the Windows NT format command for Windows platforms using NTLDR attempts to load and to run the NTLDR program.

Startup process

For more details on this topic, see Windows NT startup process.

When a PC is powered on its BIOS follows the configured boot order to find a bootable device. This can be a harddisk, floppy, CD/DVD, network connection, USB-device, etc. depending on the BIOS. In the case of a floppy the BIOS interprets its boot sector (first sector) as code, for NTLDR this could be a NTLDR boot sector looking for the ntldr file on the floppy. For a harddisk the code in the Master Boot Record (first sector) determines the active partition. The code in the boot sector of the active partition could then be again a NTLDR boot sector looking for ntldr in the root directory of this active partition. In a more convoluted scenario the active partition can contain a Vista boot sector for the newer Vista boot manager with an {ntldr} entry pointing to another partition with a NTLDR boot sector.^[2]

When booting, the loader portion of NTLDR does the following in order:

1. Accesses the file system on the boot drive (either FAT or New Technology File System, NTFS).
2. If Windows was put in the hibernation state, the contents of hiberfil.sys are loaded into memory and the system resumes where it left off.
3. Otherwise, reads boot.ini and prompts the user with the boot menu accordingly.
4. If a non NT-based OS is selected, NTLDR loads the associated file listed in boot.ini (bootsect.dos if no file is specified or if the user is booting into a DOS based OS) and gives it control.
5. If an NT-based OS is selected, NTLDR runs ntdetect.com, which gathers information about the computer's hardware. (If ntdetect.com hangs during hardware detection, there is a debug version called ntdetect.chk that can be found on Microsoft support.^[3])
6. Starts Ntoskrnl.exe, passing to it the information returned by ntdetect.com.^[4]

boot.ini

NTLDR allows the user to choose which operating system to boot from at the menu. For NT and NT-based operating systems, it also allows the user to pass preconfigured options to the kernel. The menu options are stored in boot.ini, which itself is located in the root of the same disk as NTLDR. Though NTLDR can boot DOS and non-NT versions of Windows, boot.ini cannot configure their boot options.
For NT-based OSs, the location of the operating system is written as an Advanced RISC Computing (ARC) path.
boot.ini is protected from user configuration by having the following file attributes: system, hidden, read-only. To manually edit it, one would first have to remove these attributes. A more secure fashion to edit the file is to use the bootcfg command from a console. bootcfg will also relock the file (setting the file back to system, hidden, and read-only). Additionally, the file can be edited within Windows using a text editor if the folder view option "Show hidden files and folders" is selected, the folder view option "Hide protected operating system files" is unchecked, and the "Read-only" option is unchecked under file properties.
bootsect.dos is the boot sector loaded by NTLDR to load DOS, or if there is no file specified when loading a non NT-based OS.

Example

An example of a boot.ini file:

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect