1. What is the purpose of having AD?
Active directory
is a directory service that identifies all resources on a network and makes
that information available to users and services. The Main purpose of AD is to
control and authenticate network resources.
2. Explain about sysvol folder?
The sysvol
folder stores the server's copy of the domain's public files. The contents such
as group policy, users, and groups of the sysvol folder are replicated to all
domain controllers in the domain. The sysvol folder must be located on an NTFS
volume.
3.Explain Functions of Active Directory?
AD enables
centralization in a domain environment. The Main purpose of AD is to control
and authenticate network resources.
4. What is the name of AD database?
AD database is
NTDS.DIT
5. Explain briefly about AD Partition?
The Active
Directory database is logically separated into directory partitions:
Schema
Partition: Only one schema partition exists per forest. The schema partition is
stored on all domain controllers in a forest. The schema partition contains
definitions of all objects and attributes that you can create in the directory,
and the rules for creating and manipulating them. Schema information is
replicated to all domain controllers in the attribute definitions.
Configuration
Partition: There is only one configuration partition per forest. Second on all
domain controllers in a forest, the configuration partition contains
information about the forest-wide active directory structure including what
domains and sites exist, which domain controllers exist in each forest, and
which services are available. Configuration information is replicated to all
domain controllers in a forest.
Domain
Partition: Many domain partitions can exist per forest. Domain partitions are
stored on each domain controller in a given domain. A domain partition contains
information about users, groups, computers and organizational units. The domain
partition is replicated to all domain controllers of that domain. All objects
in every domain partition in a forest are stored in the global catalog with
only a subset of their attribute values.
Application
Partition: Application partitions store information about application in Active
Directory. Each application determines how it stores, categorizes, and uses
application specific information. To prevent unnecessary replication to
specific application partitions, you can designate which domain controllers in
a forest host specific application partitions. Unlike a domain partitions, an
application partition cannot store security principal objects, such as user
accounts. In addition, the data in an application partition is not stored in
the global catalog.
6. Explain different zone involved in DNS Server?
DNS has two
different Zones Forward Lookup Zone and Reverse Lookup Zone. There two Zones
are categorized into three zones and are as follows
Primary zone: It
contains the read and writable copy of the DNS Database.
Secondary Zone:
It acts as a backup for the primary zone and contains the read only copy of the
DNS database.
Stub zone: It is
also read-only like a secondary zone; stub zone contains only SOA, copies of NS
and A records for all name servers authoritative for the zone.
7. Explain Briefly about Stub Zone?
It is also
read-only like a secondary zone, so administrators can't manually add, remove,
or modify resource records on it. But secondary zones contain copies of all the
resource records in the corresponding zone on the master name server; stub
zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers
authoritative for the zone.
Copies of A records for all name servers
authoritative for the zone.
8. Explain File Replication Service (FRS).
File Replication
Service is a Microsoft service which replicates folders stored in sysvol shared
folders on domain controllers and distributed file system shared folders. This
service is a part of Microsoft’s Active Directory Service.
9. What is authoritative and non-authoritative
restore?
Nonauthoritative
restore: When a nonauthoritative restore is performed, Active Directory is
restored from backup media on the domain controller. This information is then
updated during replication from the other domain controllers. The
nonauthoritative restore method is the default method to restore system state
data to a domain controller.
Authoritative
restore: In an authoritative restore, Active Directory is installed to the
point of the last backup job. This method is typically used to recover Active
Directory objects that were deleted in error. An authoritative restore is
performed by first performing a nonauthoritative restore, and then running the
Ntdsutil utility prior to restarting the server. You use the Ntdsutil utility
to indicate those items that are authoritative. Items that are marked as authoritative
are not updated when the other domain controllers replicate to the particular
domain controller.
10. What is the replication protocol involved in
replication from PDC and ADC?
Normally Remote
Procedure Call (RPC)is used to replicate data and is always used for intrasite
replication since it is required to support the FRS. RPC depends on IP
(internet protocol) for transport.
Simple Mail
Transfer Protocol (SMTP)may be used for replication between sites.
11. What are the benefits of AD integrated DNS?
A few advantages
that Active Directory-integrated zone implementations have over standard
primary zone implementations are:
Active Directory replication is faster,
which means that the time needed to transfer zone data between zones is far less.
The Active Directory replication topology
is used for Active Directory replication, and for Active Directory-integrated
zone replication. There is no longer a need for DNS replication when DNS and
Active Directory are integrated.
Active Directory-integrated zones can enjoy
the security features of Active Directory.
The need to manage your Active Directory
domains and DNS namespaces as separate entities is eliminated. This in turn
reduces administrative overhead.
When DNS and Active Directory are
integrated; the Active Directory-integrated zones are replicated, and stored on
any new domain controllers automatically. Synchronization takes place
automatically when new domain controllers are deployed.
12. Explain some types of DNS records?
A Record: Binds
an Name with an IP Address
PTR Record:
Binds an IP Address with an Host Name
NS Record: Is
name of an DNS Server
MX Record:
Responsible for Mail receiving mail from different MTA
13. How many tables are there in NTDS.DIT?
The Active Directory
ESE database, NTDS.DIT, consists of the following tables:
Schema table
the types of
objects that can be created in the Active Directory, relationships between
them, and the optional and mandatory attributes on each type of object. This
table is fairly static and much smaller than the data table.
Link table
contains linked
attributes, which contain values referring to other objects in the Active
Directory. Take the Member Of attribute on a user object. That attribute
contains values that reference groups to which the user belongs. This is also
far smaller than the data table.
Data table
users, groups,
application-specific data, and any other data stored in the Active Directory.
The data table can be thought of as having rows where each row represents an
instance of an object such as a user, and columns where each column represents
an attribute in the schema such as Given Name.
14. What is the purpose of the command NETDOM?
NETDOM is a
command-line tool that allows management of Windows domains and trust
relationships. It is used for batch management of trusts, joining computers to
domains, verifying trusts, and secure channels.
15. What is REPADMIN?
This
command-line tool assists administrators in diagnosing replication problems
between Windows domain controllers. Administrators can use Repadmin to view the
replication topology (sometimes referred to as RepsFrom and RepsTo) as seen
from the perspective of each domain controller.
16. What is the purpose of the command repmon?
Replmon displays
information about Active Directory Replication.
17. How will take backup of registry using NTBACKUP?
Using System
State.
18. Explain briefly about Super Scope.
Using a super
scope, you can group multiple scopes as a single administrative entity. With
this feature, a DHCP server can: Support DHCP clients on a single physical
network segment (such as a single Ethernet LAN segment) where multiple logical
IP networks are used. When more than one logical IP network is used on each
physical subnet or network, such configurations are often called multinets.
19. Explain how client obtain IP address from DHCP
Server?
It’s a four-step
process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d)
acknowledgement.
20. Explain about SRV Record.
For mapping a
DNS domain name to a specified list of DNS host computers that offer a specific
type of service, such as Active Directory domain controllers.
21. What are the advantages of having RAID 5?
Strip set with
Distributed Parity. Fault Torrance. 100% Data guarantee.
22. How client are get authenticated with Active
Directory Server?
Using PDC
Emulator roles involved in FSMO.
If you create
same user name or Computer name, AD through an error that the object already
exists, Can you explain how AD identifies the existing object?
Using RID Master
roles involved in FSMO.
23. How will verify Active Directory successful
installation?
Check DNS
services and errors, check for domain name resolution, check for RPC, NTFRS,
DNS and replication related errors
24. Group Policy file extension in Windows 2003 Server
*.adm files
25. What is Global Catalog?
Global Catalog
is a server which maintains the information about multiple domains with trust
relationship agreement. The global catalog is a distributed data repository
that contains a searchable, partial representation of every object in every
domain in a multidomain Active Directory forest.
26. What is Active Directory schema?
The Active
Directory schema contains formal definitions of every object class that can be
created in an Active Directory forest it also contains formal definitions of
every attribute that can exist in an Active Directory object.
27. What is a site?
one or more
well-connected highly reliable and fast TCP/IP subnets. A site allows
administrator to configure active directory access and replication topology to
take advantage of the physical network.
28. What is the file that’s responsible for keep all
Active Directory database?
Schema master.
29. What is the ntds.dit file default size?
40Mb
30. What’s the difference between local, global and
universal groups?
Domain local
groups assign access permissions to global domain groups for local domain
resources. Global groups provide access to resources in other trusted domains.
Universal groups grant access to resources in all trusted domains.
31. I am trying to create a new universal user group.
Why can’t I?
Universal groups
are allowed only in native-mode Windows Server 2003 environments. Native mode
requires that all domain controllers be promoted to Windows Server 2003 Active
Directory.
32. What is LSDOU?
Its group policy
inheritance model, where the policies are applied to Local machines, Sites,
Domains and Organizational Units.
33. What is the command used to change computer name,
Make Client Member of Domain?
Using the
command netdom
34. Difference between SID and GUID?
A security
identifier (SID) is a unique value of variable length that is used to identify
a security principal or security group in Windows operating systems. Well-known
SIDs are a group of SIDs that identify generic users or generic groups. Their
values remain constant across all operating systems.
35. Explain FSMO in Details.
In a forest,
there are at least five FSMO roles that are assigned to one or more domain
controllers. The five FSMO roles are:
Schema Master:
The schema master domain controller controls all updates and modifications to
the schema. To update the schema of a forest, you must have access to the
schema master. There can be only one schema master in the whole forest.
Domain naming
master: The domain naming master domain controller controls the addition or
removal of domains in the forest. There can be only one domain naming master in
the whole forest.
Infrastructure
Master: The infrastructure is responsible for updating references from objects
in its domain to objects in other domains. At any one time, there can be only
one domain controller acting as the infrastructure master in each domain.
Relative ID
(RID) Master: The RID master is responsible for processing RID pool requests
from all domain controllers in a particular domain. At any one time, there can
be only one domain controller acting as the RID master in the domain.
PDC Emulator:
The PDC emulator is a domain controller that advertises itself as the primary
domain controller (PDC) to workstations, member servers, and domain controllers
that are running earlier versions of Windows.
36. Which service is responsible for replicating files
in SYSVOL folder?
File Replication
Service (FRS)
37. Can you Move FSMO roles?
Yes, moving a
FSMO server role is a manual process, it does not happen automatically. But
what if you only have one domain controller in your domain? That is fine. If
you have only one domain controller in your organization then you have one
forest, one domain, and of course the one domain controller. All 5 FSMO server
roles will exist on that DC. There is no rule that says you have to have one
server for each FSMO server role.
38. What permissions you should have in order to
transfer a FSMO role?
Before you can
transfer a role, you must have the appropriate permissions depending on which
role you plan to transfer:
Schema Master -
member of the Schema Admins group
Domain Naming
Master - member of the Enterprise Admins group
PDC Emulator -
member of the Domain Admins group and/or the Enterprise Admins group
RID Master -
member of the Domain Admins group and/or the Enterprise Admins group
Infrastructure
Master - member of the Domain Admins group and/or the Enterprise Admins group
39. How to restore Group policy setting back to
default?
The following
command would replace both the Default Domain Security Policy and Default.
Domain Controller Security Policy. You can specify Domain or DC instead of
both, to onlyrestore one or the other.> dcgpofix /target: Both
40. What is caching only DNS Server?
When DNS is
installed, and you do not add or configure any zones for the DNS server, the
DNS server functions as a caching-only DNS server by default. Caching-only DNS
servers do not host zones, and are not authoritative for any DNS domain. The
information stored by caching-only DNS servers is the name resolution data that
the server has collected through resolving name resolution queries.
41. By Default how many shares in SYSVOL folder?
By default, a
share with the domain name will be there under the SYSVOL folder.
Under the domain
name share, two folders named Policies & Scripts will be there.
42. Zone not loaded by DNS server. How you
troubleshoot?
Need to check
Zone Transfer is enabled for all DNS Servers.
Also check the
required Name Server has been added in the Authoritative Name Server Tab in DNS
properties.
43. What is LDAP?
LDAP
(lightweight directory access protocol) is an internet protocol which Email and
other services is used to look up information from the server.
44. What is ADSIEDIT?
ADSIEdit is a
Microsoft Management Console (MMC) snap-in that acts as a low-level editor for
Active Directory. It is a Graphical User Interface (GUI) tool. Network
administrators can use it for common administrative tasks such as adding,
deleting, and moving objects with a directory service.
45. What are application partitions? When do I use
them?
AN application
directory partition is a directory partition that is replicated only to specific
domain controller. Only domain controller running windows Server 2003 can host
a replica of application directory partition. Using an application directory
partition provides redundancy, availability or fault tolerance by replicating
data to specific domain controller pr any set of domain controllers anywhere in
the forest.
46. How do you create a new application partition?
Use the DnsCmd
command to create an application directory partition.
47. Why WINS server is required
Windows Internet
Naming Service (WINS) is an older network service (a protocol) that takes
computer names as input and returns the numeric IP address of the computer with
that name or vice versa.
48. What is the purpose of the command ntdsutil?
To transfer or
seize FSMO Roles.
49. Explain Forest Functional Level in Windows 2003
Server.
50. Explain Domain Functional Level in Windows 2003
Server.
51. How will you extend schema database?
52. What is the purpose of adprep command?
53. Briefly explain about netlogon?
54. What are forwarders in DNS server?
55. Explain about root hints.
56. Explain types of DNS queries?
57. How you will defragment AD Database?
No comments:
Post a Comment