1. What is the purpose of having AD?
Active directory is a directory service that identifies all resources on a network and makes that information available to users and services. The Main purpose of AD is to control and authenticate network resources.
2. Explain about sysvol folder?
The sysvol folder stores the server’s copy of the domain’s public files. The contents such as group policy, users, and groups of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.
3.Explain Functions of Active Directory?
AD enables centralization in a domain environment. The Main purpose of AD is to control and authenticate network resources.
4. What is the name of AD database?
AD database is NTDS.DIT
5. Explain briefly about AD Partition?
The Active Directory database is logically separated into directory partitions:
Schema Partition: Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. The schema partition contains definitions of all objects and attributes that you can create in the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain controllers in the attribute definitions.
Configuration Partition: There is only one configuration partition per forest. Second on all domain controllers in a forest, the configuration partition contains information about the forest-wide active directory structure including what domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration information is replicated to all domain controllers in a forest.
Domain Partition: Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information about users, groups, computers and organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.
Application Partition: Application partitions store information about application in Active Directory. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific application partitions, you can designate which domain controllers in a forest host specific application partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog.
6. Explain different zone involved in DNS Server?
DNS has two different Zones Forward Lookup Zone and Reverse Lookup Zone. There two Zones are categorized into three zones and are as follows
Primary zone: It contains the read and writable copy of the DNS Database.
Secondary Zone: It acts as a backup for the primary zone and contains the read only copy of the DNS database.
Stub zone: It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for all name servers authoritative for the zone.
7. Explain Briefly about Stub Zone?
It is also read-only like a secondary zone, so administrators can’t manually add, remove, or modify resource records on it. But secondary zones contain copies of all the resource records in the corresponding zone on the master name server; stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
- Copies of NS records for all name servers authoritative for the zone.
- Copies of A records for all name servers authoritative for the zone.
8. Explain File Replication Service (FRS).
File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft’s Active Directory Service.
9. What is authoritative and non-authoritative restore?
Nonauthoritative restore: When a nonauthoritative restore is performed, Active Directory is restored from backup media on the domain controller. This information is then updated during replication from the other domain controllers. The nonauthoritative restore method is the default method to restore system state data to a domain controller.
Authoritative restore: In an authoritative restore, Active Directory is installed to the point of the last backup job. This method is typically used to recover Active Directory objects that were deleted in error. An authoritative restore is performed by first performing a nonauthoritative restore, and then running the Ntdsutil utility prior to restarting the server. You use the Ntdsutil utility to indicate those items that are authoritative. Items that are marked as authoritative are not updated when the other domain controllers replicate to the particular domain controller.
10. What is the replication protocol involved in replication from PDC and ADC?
Normally Remote Procedure Call (RPC)is used to replicate data and is always used for intrasite replication since it is required to support the FRS. RPC depends on IP (internet protocol) for transport.
Simple Mail Transfer Protocol (SMTP)may be used for replication between sites.
11. What are the benefits of AD integrated DNS?
A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementations are:
Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far less.
- The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.
- Active Directory-integrated zones can enjoy the security features of Active Directory.
- The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This in turn reduces administrative overhead.
- When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored on any new domain controllers automatically. Synchronization takes place automatically when new domain controllers are deployed.
12. Explain some types of DNS records?
A Record: Binds an Name with an IP Address
PTR Record: Binds an IP Address with an Host Name
NS Record: Is name of an DNS Server
MX Record: Responsible for Mail receiving mail from different MTA
13. How many tables are there in NTDS.DIT?
The Active Directory ESE database, NTDS.DIT, consists of the following tables:
the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table.
contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member Of attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table.
users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as Given Name.
14. What is the purpose of the command NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
15. What is REPADMIN?
This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller.
16. What is the purpose of the command repmon?
Replmon displays information about Active Directory Replication.
17. How will take backup of registry using NTBACKUP?
Using System State.
18. Explain briefly about Super Scope.
Using a super scope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP server can: Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often called multinets.
19. Explain how client obtain IP address from DHCP Server?
It’s a four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d) acknowledgement.
20. Explain about SRV Record.
For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers.
21. What are the advantages of having RAID 5?
Strip set with Distributed Parity. Fault Torrance. 100% Data guarantee.
22. How client are get authenticated with Active Directory Server?
Using PDC Emulator roles involved in FSMO.
If you create same user name or Computer name, AD through an error that the object already exists, Can you explain how AD identifies the existing object?
Using RID Master roles involved in FSMO.
23. How will verify Active Directory successful installation?
Check DNS services and errors, check for domain name resolution, check for RPC, NTFRS, DNS and replication related errors
24. Group Policy file extension in Windows 2003 Server
25. What is Global Catalog?
Global Catalog is a server which maintains the information about multiple domains with trust relationship agreement. The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest.
26. What is Active Directory schema?
The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object.
27. What is a site?
one or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network.
28. What is the file that’s responsible for keep all Active Directory database?
29. What is the ntds.dit file default size?
30. What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
31. I am trying to create a new universal user group. Why can’t I?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
32. What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.
33. What is the command used to change computer name, Make Client Member of Domain?
Using the command netdom
34. Difference between SID and GUID?
A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems.
35. Explain FSMO in Details.
In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows.
36. Which service is responsible for replicating files in SYSVOL folder?
File Replication Service (FRS)
37. Can you Move FSMO roles?
Yes, moving a FSMO server role is a manual process, it does not happen automatically. But what if you only have one domain controller in your domain? That is fine. If you have only one domain controller in your organization then you have one forest, one domain, and of course the one domain controller. All 5 FSMO server roles will exist on that DC. There is no rule that says you have to have one server for each FSMO server role.
38. What permissions you should have in order to transfer a FSMO role?
Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to transfer:
Schema Master – member of the Schema Admins group
Domain Naming Master – member of the Enterprise Admins group
PDC Emulator – member of the Domain Admins group and/or the Enterprise Admins group
RID Master – member of the Domain Admins group and/or the Enterprise Admins group
Infrastructure Master – member of the Domain Admins group and/or the Enterprise Admins group
39. How to restore Group policy setting back to default?
The following command would replace both the Default Domain Security Policy and Default. Domain Controller Security Policy. You can specify Domain or DC instead of both, to onlyrestore one or the other.> dcgpofix /target: Both
40. What is caching only DNS Server?
When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any DNS domain. The information stored by caching-only DNS servers is the name resolution data that the server has collected through resolving name resolution queries.
41. By Default how many shares in SYSVOL folder?
By default, a share with the domain name will be there under the SYSVOL folder.
Under the domain name share, two folders named Policies & Scripts will be there.
42. Zone not loaded by DNS server. How you troubleshoot?
Need to check Zone Transfer is enabled for all DNS Servers.
Also check the required Name Server has been added in the Authoritative Name Server Tab in DNS properties.
43. What is LDAP?
LDAP (lightweight directory access protocol) is an internet protocol which Email and other services is used to look up information from the server.
44. What is ADSIEDIT?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service.
45. What are application partitions? When do I use them?
AN application directory partition is a directory partition that is replicated only to specific domain controller. Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundancy, availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest.
46. How do you create a new application partition?
Use the DnsCmd command to create an application directory partition.
47. Why WINS server is required
Windows Internet Naming Service (WINS) is an older network service (a protocol) that takes computer names as input and returns the numeric IP address of the computer with that name or vice versa.
48. What is the purpose of the command ntdsutil?
To transfer or seize FSMO Roles.
49. Explain Forest Functional Level in Windows 2003 Server.
50. Explain Domain Functional Level in Windows 2003 Server.
51. How will you extend schema database?
52. What is the purpose of adprep command?
53. Briefly explain about netlogon?
54. What are forwarders in DNS server?
55. Explain about root hints.
56. Explain types of DNS queries?
57. How you will defragment AD Database?