1. What is the different between Workgroup and Domain? Domain Server has Centralized Control Where else Workgroup has no Centralized Control
Domain Network has higher level of
security when compared to Workgroup.
Domain Network Implementation and
Maintained cost is very less when compared to that of workgroup.
Time constrain is very less when
compared to that of a Workgroup.
Administrator has overall control on the
network where else workgroup has no control.
2. How will assign Local Administrator rights for
domain user?
Navigate to Local User and Groups add the domain users to administrators group in the local system.
3. How will you restrict user logon timing in domain?
Navigate to Active Directory Users and Computers, User Properties select logon times and restrict the user logon timing as needed.
4. What is the purpose of sysvol?
Navigate to Local User and Groups add the domain users to administrators group in the local system.
3. How will you restrict user logon timing in domain?
Navigate to Active Directory Users and Computers, User Properties select logon times and restrict the user logon timing as needed.
4. What is the purpose of sysvol?
The sysvol folder stores the server's copy of the domain's public files.
The contents such as group policy, users, and groups of the sysvol folder are
replicated to all domain controllers in the domain. The sysvol folder must be
located on an NTFS volume.
5. What is OU? Explain its Uses.
Organization Unit is set of active directory object within a domain. It is used to design an organization structure, Restrict user’s visibility and to delegate control.
5. What is OU? Explain its Uses.
Organization Unit is set of active directory object within a domain. It is used to design an organization structure, Restrict user’s visibility and to delegate control.
6. Explain different edition of windows 2003 Server?
Windows Server 2003, Standard Edition: - is aimed towards small to
medium sized businesses. Standard Edition supports file and printer sharing,
offers secure Internet connectivity, and allows centralized desktop application
deployment.
Windows Server 2003, Enterprise Edition: - is aimed towards medium to
large businesses. It is a full-function server operating system that supports
up to eight processors and provides enterprise-class features and support for
up to 32 GB of memory.
Windows Server 2003, Web Edition: - is mainly for building and hosting
Web applications, Web pages, and XML Web Services.
Windows Server 2003, Datacenter Edition: - is the flagship of the
Windows Server line and designed for immense infrastructures demanding high
security and reliability.
7. What is DNS Server?
Domain Name System is used to
resolve domain name to IP Address and also used to resolve IP Address to Domain
Name. It has two zones Forward and Reverse Lookup Zone. Forward Lookup Zone
resolve Domain name to IP address. Reverse Lookup Zone is used to resolve IP
address to Domain Name. Some records associate with DNS
A Record binds Name with IP Address
PTR Record binds IP Address to Name
8. Why DNS server is required for Active Directory?
The key reason for integrating DNS with AD is that client server
communication takes place with Domain Name. Network needs IP address to reach
the destination; In order to resolve Domain Name to IP Address we need DNS
Server. If DNS Server is not configured properly the network becomes slow.
9. What is the Purpose of A and PTR Record?
A Record OR Host Record is used to bind a Name with IP Address.
PTR Record is used to bind an IP Address with Name.
10. What is the purpose of DHCP Server?
DHCP Server is used to assign IP address automatically to all the
clients’ computers. It is useful in large enterprise network, where we may not
able track the IP address and also used to avoid IP conflict.
11. Explain about Scope in DHCP Server?
Scope is collective information of assigning IP address for clients. It contains information like IP Address Range, Exclusion Range, Lease Period, Reservation, Router IP Address, DNS Address, etc. Based on the scope configuration DHCP allocates IP address to its entire client.
11. Explain about Scope in DHCP Server?
Scope is collective information of assigning IP address for clients. It contains information like IP Address Range, Exclusion Range, Lease Period, Reservation, Router IP Address, DNS Address, etc. Based on the scope configuration DHCP allocates IP address to its entire client.
12. Explain about Group Scopes?
13. How will you backup DNS Server?
Backup the directory “%System Root%\System32\DNS”.
13. How will you backup DNS Server?
Backup the directory “%System Root%\System32\DNS”.
14. How will backup DHCP Server?
First Method: Backup the directory in the %System Root%\System32\DHCP
folder.
Alternate method: Open DHCP Console select server to backup and restore DHCP database.
15. Explain APIPA.
A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet Protocol (IP) address if a DHCP server is not available or does not exist. The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing (APIPA).
Alternate method: Open DHCP Console select server to backup and restore DHCP database.
15. Explain APIPA.
A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet Protocol (IP) address if a DHCP server is not available or does not exist. The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing (APIPA).
16. Explain about AD Database.
Windows 2003 Active Directory data store, the actual database file, is
%System Root%\NTDS\NTDS.DIT. AD Database all information such as User Accounts,
Groups, Computer Information, Domain Controller information, Group Policy,
Organization Unit,etc.
17. Explain about Group Policy.
Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs) .There is a maximum of 1000 applicable group policies.
Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs) .There is a maximum of 1000 applicable group policies.
18. What is the default time for group policy refresh
interval time?
The default refresh interval for policies is 90 minutes. The default
refresh interval for domain controllers is 5 minutes. Group policy object's
group policy refresh intervals may be changed in the group policy object.
19. Explain Hidden Share.
Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browse list.
19. Explain Hidden Share.
Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browse list.
20. What ports are used by DHCP and the DHCP clients?
Requests are on UDP port 68, Server replies on UDP 67.
21. How do I configure a client machine to use a specific IP Address?
By reserving an IP Address using client machine MAC or Physical address.
21. How do I configure a client machine to use a specific IP Address?
By reserving an IP Address using client machine MAC or Physical address.
22. Name 3 benefits of using AD-integrated zones.
AD Integrated Zones allow Secure Dynamic Updates. I.e. there will not be
any duplicate or unwanted records. Since all the information are validated in
active directory.
By creating AD- integrated zone you can also trace hacker and spammer by
creating reverse zone.
AD integrated zones are stored as part of the active directory and
support domain-wide or forest-wide replication through application partitions
in AD.
23. How do you backup & Restore AD?
Using Windows NTBackup Utility. In Backup select systemstate will
include active directory backup. Restore the Same using NTBackup Utility.
24. How do you change the DS Restore admin password?
Using NTDSUTIL tool.
25. How can you forcibly remove AD from a server?
Using the command dcpromo /forceremoval
24. How do you change the DS Restore admin password?
Using NTDSUTIL tool.
25. How can you forcibly remove AD from a server?
Using the command dcpromo /forceremoval
26. What will be the problem if DNS Server fails?
If your DNS server fails, No Client will able to reach the Domain
Controller, which will create authentication and Control Issues.
27. How can you restrict running certain applications on a machine?
The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies.
28. What can you do to promote a server to DC?
Using the command dcpromo
29. How will map a folder through AD?
Specify the network share path (UNC) in the active directory users home directory.
30. Explain Quotas.
Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis.By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.
27. How can you restrict running certain applications on a machine?
The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies.
28. What can you do to promote a server to DC?
Using the command dcpromo
29. How will map a folder through AD?
Specify the network share path (UNC) in the active directory users home directory.
30. Explain Quotas.
Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis.By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.
31. Explain Backup Methodology.
The different types of backup
methodologies are:
Normal Backup:-This is default backup in
which all files are backed up even if it was backed up before.
Incremental Backup:-In this type of
backup only the files that haven’t been backed up are taken care of or backed
up.
Differential Backup:-This backup is
similar to incremental backup because it does not take backup of those files
backed up by normal backup but different from incremental because it will take
backup of differentially backed up files at next time of differential backup.
System Backup:-This type of backup takes
backup of files namely, Boot file, COM+Class Registry, Registry. But in server
it takes backup of ADS.
ASR Backup:-This type of backup takes
backup of entire boot partition including OS and user data. This should be the
last troubleshooting method to recover an os from disaster.
32. Explain how to publish printer through AD.
Navigate to Active Directory Users and Computers, Create new printer and
add the printer i.e. the printer share name (UNC) Path. Automatically the
printer will be published in Active Directory.
33. Explain the functionality of FTP Server?
File Transfer Protocol is used transfer large volume of files and huge number of files simultaneous between different geographic locations.
33. Explain the functionality of FTP Server?
File Transfer Protocol is used transfer large volume of files and huge number of files simultaneous between different geographic locations.
34. Specify the Port Number for AD, DNS, DHCP, HTTP,
HTTPS, SMTP, POP3 & FTP
AD - 389
DNS - 53
DHCP - 67,68
HTTP - 80
HTTPS - 443
SMTP - 25
POP3 - 110
FTP - 21,22
35. Explain Virtual Directory in IIS?
A virtual server can have one home directory and any number of other
publishing directories. These other publishing directories are referred to as
virtual directories.
36. What is Exclusion Range in DHCP Server?
Exclusion Range is used to hold a range IP addresses. Those IP Address can be used or may not be used in the network, but DHCP server does not assign those IP to its client.
37. Explain SOA Record.
Start Of Authority (SOA) Records indicate that Name Server is authoritative server for the domain.
36. What is Exclusion Range in DHCP Server?
Exclusion Range is used to hold a range IP addresses. Those IP Address can be used or may not be used in the network, but DHCP server does not assign those IP to its client.
37. Explain SOA Record.
Start Of Authority (SOA) Records indicate that Name Server is authoritative server for the domain.
38. What command is used to clear DNS cache in client
PC?
Ipconfig /flushdns
39. Explain Secure Dynamic Updates in DNS Server.
Only when installing active directory and DNS in the same server (AD Integrated Zones) we can select Secure Dynamic Updates. Then all the records will automatically be updated in DNS. Since all the information is validated in active directory there will not be any duplicate or unwanted records.
40. Explain FRS in detail.
File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft’s active directory service.
39. Explain Secure Dynamic Updates in DNS Server.
Only when installing active directory and DNS in the same server (AD Integrated Zones) we can select Secure Dynamic Updates. Then all the records will automatically be updated in DNS. Since all the information is validated in active directory there will not be any duplicate or unwanted records.
40. Explain FRS in detail.
File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft’s active directory service.
41. Explain the protocol involved in ADC replication.
Remote Procedure Call (RPC) is the protocol used in ADC replication.
42. Explain the difference between Patches and Service pack.
Patches are fixes, updates or enhancements for a particular program whereas service packs include a collection of
43. What is WSUS?
WSUS is Windows Software Update Services. It is server provided by Microsoft free of cost to manage patches for windows environment centralized.
42. Explain the difference between Patches and Service pack.
Patches are fixes, updates or enhancements for a particular program whereas service packs include a collection of
43. What is WSUS?
WSUS is Windows Software Update Services. It is server provided by Microsoft free of cost to manage patches for windows environment centralized.
44. How client server communication takes place in
WSUS server?
Using Web Server or Web Services
45. What is the difference between Dynamic Disk and Basic Disk?
Basic Disk: Basic Disk uses a partition table to manage all partitions on the disk, and it is supported by DOS and all Windows versions. A disk with installed OS would be default initialized to a basic one. A basic disk contains basic volumes, such as primary partitions, extended partition, and all logical partitions are contained in extended partition.
45. What is the difference between Dynamic Disk and Basic Disk?
Basic Disk: Basic Disk uses a partition table to manage all partitions on the disk, and it is supported by DOS and all Windows versions. A disk with installed OS would be default initialized to a basic one. A basic disk contains basic volumes, such as primary partitions, extended partition, and all logical partitions are contained in extended partition.
Dynamic Disk: Dynamic Disk is supported in Windows 2000 and later operating system. Dynamic disks do not use a partition table to track all partitions, but use a hidden database (LDM) to track information about dynamic volumes or dynamic partitions on the disk. With dynamic disks you can create volumes that span multiple disks such as spanned and striped volumes, and can also create fault-tolerant volumes such as mirrored volumes and RAID 5 volumes. Compared to a Basic Disk, Dynamic Disk offers greater flexibility.
46. What is maximum Size of file system NTFS and FAT32?
NTFS - 16TB
FAT32 - 4GB
47. What is “hosts” files?
The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is traditionally named hosts.
48. What is “lmhosts” files?
The lmhosts files are a computer file used in an operating system to map NetBIOS name. It is equivalent that of WINS.
FAT32 - 4GB
47. What is “hosts” files?
The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is traditionally named hosts.
48. What is “lmhosts” files?
The lmhosts files are a computer file used in an operating system to map NetBIOS name. It is equivalent that of WINS.
49. Explain About Global Catalog.
global catalog contains a complete replica of all objects in Active
Directory for its Host domain, and contains a partial replica of all objects in
Active Directory for every other domain in the forest.
50. Name some OU design considerations.
It is used to design an organization structure, Restrict user’s visibility and to delegate control.
50. Name some OU design considerations.
It is used to design an organization structure, Restrict user’s visibility and to delegate control.
51. Name a few benefits of using GPMC.
GPMC is used to customize group policy.
It is easy to maintain different OU
policy effectively.
Provide option to take backup and restore group policy.52. You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?
Configure Group Policy based on OU.
53. By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address?
Create a record in DNS Server
54. You are administering a network connected to the Internet. Your users complain that everything is slow. Preliminary research of the problem indicates that it takes a considerable amount of time to resolve names of resources on the Internet. What is the most likely reason for this?
DNS Issues
53. By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address?
Create a record in DNS Server
54. You are administering a network connected to the Internet. Your users complain that everything is slow. Preliminary research of the problem indicates that it takes a considerable amount of time to resolve names of resources on the Internet. What is the most likely reason for this?
DNS Issues
55. Describe how the DHCP lease is obtained.
It’s a four-step process consisting of (a) IP request, (b) IP offer, (c)
IP selection and (d) acknowledgement.
56. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened?
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
56. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened?
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
57. We’ve installed a new Windows-based DHCP server,
however, the users do not seem to be getting DHCP leases off of it.
The server must be authorized first with the Active Directory.
58. How do you configure mandatory profiles?
Rename ntuser.dat to ntuser.man
59. What is Page File and Virtual Memory?
Page File Is Storage Space For The Virtual Memory, Page File Uses Hard Disk Space As a Memory To Provide Memory Allocation...
58. How do you configure mandatory profiles?
Rename ntuser.dat to ntuser.man
59. What is Page File and Virtual Memory?
Page File Is Storage Space For The Virtual Memory, Page File Uses Hard Disk Space As a Memory To Provide Memory Allocation...
60. What is the difference between DNS in Windows 2000
& Windows 2003 Server?
We can rename or moved the domain
name without rebuilding in windows 2003 server, but in windows 2000 server, we
can't do that.
61. Where are group policies stored?
%SystemRoot%System32\Group Policy
62. What are GPT and GPC?
Group policy template and group policy container.
63. Where is GPT stored?
%System Root%\SYSVOL\sysvol\domain name\Policies\GUID
64. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
The computer settings take priority.
65. What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
61. Where are group policies stored?
%SystemRoot%System32\Group Policy
62. What are GPT and GPC?
Group policy template and group policy container.
63. Where is GPT stored?
%System Root%\SYSVOL\sysvol\domain name\Policies\GUID
64. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
The computer settings take priority.
65. What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Windows Administrator Interview
Question - PART 2
1. What is the purpose of having AD?
2. Explain about sysvol folder?
The sysvol folder stores the server's copy of the domain's public files. The
contents such as group policy, users, and groups of the sysvol folder are
replicated to all domain controllers in the domain. The sysvol folder must be
located on an NTFS volume.
3.Explain Functions of Active Directory?
AD enables centralization in a domain environment. The Main purpose of AD is to
control and authenticate network resources.
5. Explain briefly about AD Partition?
The Active Directory database is logically separated into directory partitions:
Schema Partition: Only one schema partition exists per
forest. The schema partition is stored on all domain controllers in a forest.
The schema partition contains definitions of all objects and attributes that
you can create in the directory, and the rules for creating and manipulating
them. Schema information is replicated to all domain controllers in the
attribute definitions.
Primary zone: It contains the read and writable copy of
the DNS Database.
Secondary Zone: It acts as a backup for the primary zone
and contains the read only copy of the DNS database.
Stub zone: It is also read-only like a secondary zone;
stub zone contains only SOA, copies of NS and A records for all name servers
authoritative for the zone.
8. Explain File Replication Service (FRS).
9. What is authoritative and non-authoritative restore?
Nonauthoritative restore: When a nonauthoritative
restore is performed, Active Directory is restored from backup media on the
domain controller. This information is then updated during replication from the
other domain controllers. The nonauthoritative restore method is the default
method to restore system state data to a domain controller.
Authoritative restore: In an authoritative restore,
Active Directory is installed to the point of the last backup job. This method
is typically used to recover Active Directory objects that were deleted in
error. An authoritative restore is performed by first performing a
nonauthoritative restore, and then running the Ntdsutil utility prior to
restarting the server. You use the Ntdsutil utility to indicate those items
that are authoritative. Items that are marked as authoritative are not updated
when the other domain controllers replicate to the particular domain
controller.
Normally Remote Procedure Call (RPC)is used to replicate data and is always
used for intrasite replication since it is required to support the FRS. RPC
depends on IP (internet protocol) for transport.
Simple Mail Transfer Protocol (SMTP)may be used for replication between sites.
PTR Record: Binds an IP Address with an Host Name
NS Record: Is name of an DNS Server
MX Record: Responsible for Mail receiving mail from different MTA
Schema table
the types of objects that can be created in the Active Directory, relationships
between them, and the optional and mandatory attributes on each type of object.
This table is fairly static and much smaller than the data table.
Link table
contains linked attributes, which contain values referring to other objects in
the Active Directory. Take the Member Of attribute on a user object. That
attribute contains values that reference groups to which the user belongs. This
is also far smaller than the data table.
Data table
users, groups, application-specific data, and any other data stored in the
Active Directory. The data table can be thought of as having rows where each
row represents an instance of an object such as a user, and columns where each
column represents an attribute in the schema such as Given Name.
15. What is REPADMIN?
This command-line tool assists administrators in diagnosing replication
problems between Windows domain controllers. Administrators can use Repadmin to
view the replication topology (sometimes referred to as RepsFrom and RepsTo) as
seen from the perspective of each domain controller.
16. What is the purpose of the command repmon?
Replmon displays information about Active Directory Replication.
17. How will take backup of registry using NTBACKUP?
Using System State.
18. Explain briefly about Super Scope.
Using a super scope, you can group multiple scopes as a single administrative
entity. With this feature, a DHCP server can: Support DHCP clients on a single
physical network segment (such as a single Ethernet LAN segment) where multiple
logical IP networks are used. When more than one logical IP network is used on
each physical subnet or network, such configurations are often called
multinets.
20. Explain about SRV Record.
For mapping a DNS domain name to a specified list of DNS host computers that
offer a specific type of service, such as Active Directory domain controllers.
21. What are the advantages of having RAID 5?
Strip set with Distributed Parity. Fault Torrance. 100% Data guarantee.
22. How client are get authenticated with Active Directory Server?
Using PDC Emulator roles involved in FSMO.
If you create same user name or Computer name, AD through an error that the
object already exists, Can you explain how AD identifies the existing object?
Using RID Master roles involved in FSMO.
23. How will verify Active Directory successful installation?
Check DNS services and errors, check for domain name resolution, check for RPC,
NTFRS, DNS and replication related errors
24. Group Policy file extension in Windows 2003 Server
*.adm files
25. What is Global Catalog?
Global Catalog is a server which maintains the information about multiple
domains with trust relationship agreement. The global catalog is a distributed
data repository that contains a searchable, partial representation of every
object in every domain in a multidomain Active Directory forest.
26. What is Active Directory schema?
The Active Directory schema contains formal definitions of every object class
that can be created in an Active Directory forest it also contains formal
definitions of every attribute that can exist in an Active Directory object.
27. What is a site?
one or more well-connected highly reliable and fast TCP/IP subnets. A site
allows administrator to configure active directory access and replication
topology to take advantage of the physical network.
28. What is the file that’s responsible for keep all Active Directory
database?
Schema master.
29. What is the ntds.dit file default size?
40Mb
30. What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local
domain resources. Global groups provide access to resources in other trusted
domains. Universal groups grant access to resources in all trusted domains.
31. I am trying to create a new universal user group. Why can’t I?
Universal groups are allowed only in native-mode Windows Server 2003
environments. Native mode requires that all domain controllers be promoted to
Windows Server 2003 Active Directory.
32. What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local
machines, Sites, Domains and Organizational Units.
33. What is the command used to change computer name, Make Client Member
of Domain?
Using the command netdom
34. Difference between SID and GUID?
A security identifier (SID) is a unique value of variable length that is used
to identify a security principal or security group in Windows operating
systems. Well-known SIDs are a group of SIDs that identify generic users or
generic groups. Their values remain constant across all operating systems.
35. Explain FSMO in Details.
In a forest, there are at least five FSMO roles that are assigned to one or
more domain controllers. The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and
modifications to the schema. To update the schema of a forest, you must have
access to the schema master. There can be only one schema master in the whole
forest.
Domain naming master: The domain naming master domain
controller controls the addition or removal of domains in the forest. There can
be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible
for updating references from objects in its domain to objects in other domains.
At any one time, there can be only one domain controller acting as the
infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible
for processing RID pool requests from all domain controllers in a particular
domain. At any one time, there can be only one domain controller acting as the
RID master in the domain.
PDC Emulator: The PDC emulator is a domain controller
that advertises itself as the primary domain controller (PDC) to workstations,
member servers, and domain controllers that are running earlier versions of
Windows.
37. Can you Move FSMO roles?
Yes, moving a FSMO server role is a manual process, it does not happen
automatically. But what if you only have one domain controller in your domain?
That is fine. If you have only one domain controller in your organization then
you have one forest, one domain, and of course the one domain controller. All 5
FSMO server roles will exist on that DC. There is no rule that says you have to
have one server for each FSMO server role.
38. What permissions you should have in order to transfer a FSMO role?
Before you can transfer a role, you must have the appropriate permissions
depending on which role you plan to transfer:
Schema Master - member of the Schema Admins group
Domain Naming Master - member of the Enterprise Admins
group
PDC Emulator - member of the Domain Admins group and/or
the Enterprise Admins group
RID Master - member of the Domain Admins group and/or
the Enterprise Admins group
Infrastructure Master - member of the Domain Admins
group and/or the Enterprise Admins group
The following command would replace both the Default Domain Security Policy and
Default. Domain Controller Security Policy. You can specify Domain or DC
instead of both, to onlyrestore one or the other.> dcgpofix /target: Both
40. What is caching only DNS Server?
When DNS is installed, and you do not add or configure any zones for the DNS
server, the DNS server functions as a caching-only DNS server by default.
Caching-only DNS servers do not host zones, and are not authoritative for any
DNS domain. The information stored by caching-only DNS servers is the name
resolution data that the server has collected through resolving name resolution
queries.
41. By Default how many shares in SYSVOL folder?
By default, a share with the domain name will be there under the SYSVOL folder.
Under the domain name share, two folders named Policies & Scripts will be
there.
42. Zone not loaded by DNS server. How you troubleshoot?
Need to check Zone Transfer is enabled for all DNS Servers.
Also check the required Name Server has been added in the Authoritative Name
Server Tab in DNS properties.
43. What is LDAP?
LDAP (lightweight directory access protocol) is an internet protocol which
Email and other services is used to look up information from the server.
44. What is ADSIEDIT?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a
low-level editor for Active Directory. It is a Graphical User Interface (GUI)
tool. Network administrators can use it for common administrative tasks such as
adding, deleting, and moving objects with a directory service.
45. What are application partitions? When do I use them?
AN application directory partition is a directory partition that is replicated
only to specific domain controller. Only domain controller running windows
Server 2003 can host a replica of application directory partition. Using an
application directory partition provides redundancy, availability or fault
tolerance by replicating data to specific domain controller pr any set of
domain controllers anywhere in the forest.
46. How do you create a new application partition?
Use the DnsCmd command to create an application directory partition.
47. Why WINS server is required
Windows Internet Naming Service (WINS) is an older network service (a protocol)
that takes computer names as input and returns the numeric IP address of the
computer with that name or vice versa.
48. What is the purpose of the command ntdsutil?
To transfer or seize FSMO Roles.
49. Explain Forest Functional Level in Windows 2003 Server.
50. Explain Domain Functional Level in Windows 2003 Server.
51. How will you extend schema database?
52. What is the purpose of adprep command?
53. Briefly explain about netlogon?
54. What are forwarders in DNS server?
55. Explain about root hints.
56. Explain types of DNS queries?
57. How you will defragment AD Database?
1. What is the purpose of having AD?
2. Explain about sysvol folder?
The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users, and groups of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.
3.Explain Functions of Active Directory?
AD enables centralization in a domain environment. The Main purpose of AD is to control and authenticate network resources.
5. Explain briefly about AD Partition?
The Active Directory database is logically separated into directory partitions:
Schema Partition: Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. The schema partition contains definitions of all objects and attributes that you can create in the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain controllers in the attribute definitions.
Primary zone: It contains the read and writable copy of the DNS Database.
Secondary Zone: It acts as a backup for the primary zone and contains the read only copy of the DNS database.
Stub zone: It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for all name servers authoritative for the zone.
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone. 8. Explain File Replication Service (FRS).
9. What is authoritative and non-authoritative restore?
Nonauthoritative restore: When a nonauthoritative restore is performed, Active Directory is restored from backup media on the domain controller. This information is then updated during replication from the other domain controllers. The nonauthoritative restore method is the default method to restore system state data to a domain controller.
Authoritative restore: In an authoritative restore, Active Directory is installed to the point of the last backup job. This method is typically used to recover Active Directory objects that were deleted in error. An authoritative restore is performed by first performing a nonauthoritative restore, and then running the Ntdsutil utility prior to restarting the server. You use the Ntdsutil utility to indicate those items that are authoritative. Items that are marked as authoritative are not updated when the other domain controllers replicate to the particular domain controller.
Normally Remote Procedure Call (RPC)is used to replicate data and is always used for intrasite replication since it is required to support the FRS. RPC depends on IP (internet protocol) for transport.
Simple Mail Transfer Protocol (SMTP)may be used for replication between sites.
Active Directory replication is faster,
which means that the time needed to transfer zone data between zones is far
less.
The Active Directory replication topology is used for Active Directory
replication, and for Active Directory-integrated zone replication. There is no
longer a need for DNS replication when DNS and Active Directory are integrated.
Active Directory-integrated zones can enjoy the security features of
Active Directory.
The need to manage your Active Directory domains and DNS namespaces as
separate entities is eliminated. This in turn reduces administrative overhead.
When DNS and Active Directory are integrated; the Active
Directory-integrated zones are replicated, and stored on any new domain
controllers automatically. Synchronization takes place automatically when new
domain controllers are deployed. PTR Record: Binds an IP Address with an Host Name
NS Record: Is name of an DNS Server
MX Record: Responsible for Mail receiving mail from different MTA
Schema table
the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table.
Link table
contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member Of attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table.
Data table
users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as Given Name.
15. What is REPADMIN?
This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller.
16. What is the purpose of the command repmon?
Replmon displays information about Active Directory Replication.
17. How will take backup of registry using NTBACKUP?
Using System State.
18. Explain briefly about Super Scope.
Using a super scope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP server can: Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often called multinets.
20. Explain about SRV Record.
For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers.
21. What are the advantages of having RAID 5?
Strip set with Distributed Parity. Fault Torrance. 100% Data guarantee.
22. How client are get authenticated with Active Directory Server?
Using PDC Emulator roles involved in FSMO.
If you create same user name or Computer name, AD through an error that the object already exists, Can you explain how AD identifies the existing object?
Using RID Master roles involved in FSMO.
23. How will verify Active Directory successful installation?
Check DNS services and errors, check for domain name resolution, check for RPC, NTFRS, DNS and replication related errors
24. Group Policy file extension in Windows 2003 Server
*.adm files
25. What is Global Catalog?
Global Catalog is a server which maintains the information about multiple domains with trust relationship agreement. The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest.
26. What is Active Directory schema?
The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object.
27. What is a site?
one or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network.
28. What is the file that’s responsible for keep all Active Directory database?
Schema master.
29. What is the ntds.dit file default size?
40Mb
30. What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
31. I am trying to create a new universal user group. Why can’t I?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
32. What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.
33. What is the command used to change computer name, Make Client Member of Domain?
Using the command netdom
34. Difference between SID and GUID?
A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems.
35. Explain FSMO in Details.
In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows.
37. Can you Move FSMO roles?
Yes, moving a FSMO server role is a manual process, it does not happen automatically. But what if you only have one domain controller in your domain? That is fine. If you have only one domain controller in your organization then you have one forest, one domain, and of course the one domain controller. All 5 FSMO server roles will exist on that DC. There is no rule that says you have to have one server for each FSMO server role.
38. What permissions you should have in order to transfer a FSMO role?
Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to transfer:
Schema Master - member of the Schema Admins group
Domain Naming Master - member of the Enterprise Admins group
PDC Emulator - member of the Domain Admins group and/or the Enterprise Admins group
RID Master - member of the Domain Admins group and/or the Enterprise Admins group
Infrastructure Master - member of the Domain Admins group and/or the Enterprise Admins group
The following command would replace both the Default Domain Security Policy and Default. Domain Controller Security Policy. You can specify Domain or DC instead of both, to onlyrestore one or the other.> dcgpofix /target: Both
40. What is caching only DNS Server?
When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any DNS domain. The information stored by caching-only DNS servers is the name resolution data that the server has collected through resolving name resolution queries.
41. By Default how many shares in SYSVOL folder?
By default, a share with the domain name will be there under the SYSVOL folder.
Under the domain name share, two folders named Policies & Scripts will be there.
42. Zone not loaded by DNS server. How you troubleshoot?
Need to check Zone Transfer is enabled for all DNS Servers.
Also check the required Name Server has been added in the Authoritative Name Server Tab in DNS properties.
43. What is LDAP?
LDAP (lightweight directory access protocol) is an internet protocol which Email and other services is used to look up information from the server.
44. What is ADSIEDIT?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service.
45. What are application partitions? When do I use them?
AN application directory partition is a directory partition that is replicated only to specific domain controller. Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundancy, availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest.
46. How do you create a new application partition?
Use the DnsCmd command to create an application directory partition.
47. Why WINS server is required
Windows Internet Naming Service (WINS) is an older network service (a protocol) that takes computer names as input and returns the numeric IP address of the computer with that name or vice versa.
48. What is the purpose of the command ntdsutil?
To transfer or seize FSMO Roles.
49. Explain Forest Functional Level in Windows 2003 Server.
50. Explain Domain Functional Level in Windows 2003 Server.
51. How will you extend schema database?
52. What is the purpose of adprep command?
53. Briefly explain about netlogon?
54. What are forwarders in DNS server?
55. Explain about root hints.
56. Explain types of DNS queries?
57. How you will defragment AD Database?
No comments:
Post a Comment