Server AD 2

-
http://www2.isupportyou.net

Q. What is an operating system?
A. Operating system works as an interpreter between computer Hardware and application. Operation system works as a user
interface.
Q. Types of Operating systems?
A. There are two types of operating systems
1. SOS: Simple Operating System as for example- Windows 95,98, ME
2. NOS: Network Operating System as for example- Windows NT, 2000, 2003.
Q. What is server?
A. Server are computer that provides the services. As for Example:-
1. DNS Server
2. WINS Server
3. DHCP Server
4. RAS Server
5. VPN Server
Q. What is RAS Server?
A. RAS stands for Remote Access Server. It is basically use for mobile user in the network. This server provides the access
connectivity for mobile user. In this way all of the mobile users are connected to server through telephone line. This server also
provides the connectivity between two more offices in the network.
Q. What is VPN Server?
A. VPN Stands for Virtual Private Network. It is basically use for mobile user in the network. This server provides the remote
access connectivity for mobile user. In this way all of the mobile users are connected to server through internet. This server also
provides the connectivity between two or more office in the network. VPN is cost effective (No Costly).
Q. What is IAS Server?
A. IAS stands for Internet Authentication Services. IAS server is also known as RADIUS Server. IAS Server provides the
centralized management of multiple RAS & VPN Server in the Network. On this Server Remote Access Policy and Remote Access
logging options are available.
Q. FAT/NTFS?
A. there is major difference are available between FAT and NTFS file systems Such as:
FAT:
· FAT Stands for File Allocation Table
· There are three categories in FAT file system.
FAT
FAT-16
FAT-32
· In FAT Not up to folder level security is available
· Compression option is not available
· Encryption Option is not available
· Disk Quota Option is not available
· FAT supported by all of the Microsoft Based Operating Systems.
NTFS:
· NTFS stands for New Technology File Systems
· There are three categories in NTFS file systems
NTFS 4.0- NT Operating Systems
NTFS 5.0- 2000 Operating Systems
NTFS 6.0- 2003 Operating Systems
· In NTFS up to File level security is available
· Compression option is available
· Encryption option is available
· Disk Quota Option is available
· NTFS supported by only limited Microsoft Based Operating System
Q. What is the difference between Windows NT/2000/2003?
A. There is many differences are available between Windows NT, 2000 and 2003 O/S, such as NT:
· There is no active directory
· There is no tree/forest hierarchical structure is available
· There is no site relationship
· There is no parent domain and child domain concepts are available in the network/
· NT support NTFS 4.0 file system
· NT support NTLM version 2 LAN Authentication Protocol
· In NT by default no trust relationship are configured
· In NT we will use System Policy
· In NT specific Client site Operation system is available i.e. NT Workstation 4.0 Edition
· In NT we will use Exchange 5.5 Server
· In NT we can create only one way trust relationship inside the network
2000:
· There is Active Directory
· Tree/Forest Hierarchical Structure are available
· There is Site Relationship is available
· There is parent domain and child domain concept are available
· 2000 Support NTFS 5.0 file system
· 2000 Support Kerberos version 5.0 authentication protocol
· In 2000 by default Two-way Trust Relationship are configured
· In 2000 we will use Group Policy
· 2000 support maximum 32 Processor and 64 GB Ram
· In 2000 Specific client site operating system is available i.e. 2000 Professional
· In 2000 we will use Exchange 2000 server
· In 2000 no stub zone is available in DNS
· In 2000 Resultant Setup Policy is not available
· In 2000 GPMC is not available
· In 2000 Conditional forwarding option is not available
· In 2000 Effective Permission option is not available
· In 2000 only some Administrative Command Line Tools are available
· Active Directory saved query option is not available
· Shadow copy Option is not available in windows 2000 Operating System
· ASR Option is not available in Windows 2000 operating System
· In Windows 2000 we can create Maximum 1 DFS Root on a single DFS Server in the network.
· In 2000 we can create two way trust relationship inside the network
2003:
· There is Active Directory
· Tree/Forest Hierarchical Structure are available
· There is site relationship is available
· There is parent domain and child domain concept are available
· 2003 support NTFS 6.0 File system
· 2003 support Kerberos 5.0 Authentication Protocol
· In 2003 we will use group policy
· 2003 support maximum 64 Processor and 64 GB RAM
· In 2003 no specific client site Operating System is available you can use either windows 2000 Professional either Windows
XP Professional in the network
· In 2003 we will use Exchange 2003 Server
· In 2003 Stub Zone is available in DNS
· In 2003 GPMC is available
· In 2003 Resultant Setup Policy is available
· In 2003 Conditional Forwarding option is available
· In 2003 Effective Permission option is available
· Active Directory Saved Query option is available
· Shadow Copy option is available in Windows 2003 Operating System
· ASR Option is available in Windows 2003 Operating System
· In Windows 2003, we can create more than 1 DFS Root on A single DFS Server in the Network
· In 2003 we can create two way Trust Relationship inside the network
Q. What is Active Directory?
A. Active Directory is the main concept of Windows 2000/2003 Network. it stores all of the information about the whole network
such as users, printers, computers etc.
Q. What is tree?
A. A group of domain is called tree and sharing a contiguous Name Space.
Q. What is forest?
A. A group of tree is called forest and does not sharing a contiguous name space but sharing a common configuration (Schema).
Q. Difference between D.C. and A.D.C.?
A. D.C. stands for Domain Controller and A.D.C. stands for Additional Domain Controller. A.D.C. is a backup of D.C. Only one
different is available between D.C. and A.D.C. i.e. – Operation master Role. On D.C. all of five Operation Master Roles are
available-
1. Schema Master
2. Domain Naming Master
3. RID Master
4. PDC Emulator
5. Infrastructure Master
But on A.D.C. only Three Operation Master Role are Available:
1. RID Master
2. PDC Emulator
3. Infrastructure Master
Q. What is the benefit of Child Domain?
A. There are many benefits of Child Domain Such As:
1. Security Boundary
2. Administrative Overhead Low
3. Network Traffic Low
Q. What is Group?
A. Group is a collection of user account. It provides the simplified administration in the network.
Q. What is OU?
A. OU stands for Organizational Unit. On OU we define group Policy in the network. Group policy is basically assigned on active
directory container i.e. Site, domain, OU. When ever we want some users then we put that user in the OU and assign the
appropriate Group Policy on that OU.
Q. What is Group Policy?
A. Group Policy provides the stream line access to all of the users in the network. Group policy is basically assigned on active
directory container i.e. Site, Domain and O.U. When ever we want some users in the network do not use shut down the system,
do not use run command, do not use Control Panel, then we put that user in the OU and assign the appropriate Group Policy on
that OU.
Q. Difference between permission, rights and policy?
A. Permission: permission is basically assigned on network resources as for example – file, folder, share folder, printer.
Right: Right is basically assign to users and groups.
Policy: Policy is basically assigned on active directory container i.e. – Site, Domain, OU.
Q What is ISA Server?
A. ISA stands for Internet Security Acceleration. ISA server provides the internet connectivity for all of the users in network ISA
Server also works as proxy Server in the network. With the help of ISA Server Administrator can filtering a client request for a
specific web site in the network.
Q. What is Default Gateway?
A. Default Gateway is the IP address of router in the network. When ever any clients want to go to another network that query will
forward to default gateway.
Q. What is site?
A. A site is a geographical area where all of the domains are available. Site manages the replication traffic between two or more
different sites in the network.
Q. What is Operation Master Role?
A. Operation Master Role is available on Domain Controller in the Network. There are five types of operation master roles:-
1. Schema master
2. Domain Naming Master
3. RID Master
4. PDC Emulator
5. Infrastructure Master
Q. Difference between Mixed Mode and Native Mode?
A. There are two types of domain mode:
1. Mixed Mode: In this mode NT, win 2000 and win 2003 D.C. are available.
2. Native Mode: there are two types of native mode.
i. Win 2000 Native Mode: In this mode win 2000 and win 2003 DC are available.
ii. Win 2003 Native mode: in this mode only win 2003 DC are available.
Q. What is SCSI?
A. SCSI stands for Small Computer System Interface. In SCSI the rate of data transmission is fast. SCSI Hard Disk Speed R.P.M.
is fast in SCSI Data Transmission speed is 320 MBPS in the Network. In SCSI Controller We can connect Maximum 15 Physical
Devices in the System.
Q. What are A-Host Record and PTR Record?
A. A record is also called host record. This record is basically created in forward lookup Zone
PTR record is also called a Pointer record. This record is basically created in reverse lookup Zone
Q. What is reservation?
A. Reservation is basically used in DHCP Server. When Ever we want this computer is always received this IP address from DHCP
Server in the network, in the network, in that case we create a reservation in DHCP Server of that particular computer in the
network.
Q. IP Address Range/Classes?
A. There are two types of IP address:-
1. Class Full IP Address
2. Class Less IP Address
Class Full IP Address – There are five classes:
1. Class A - 0 - 126(127 is reserved for Loop back)
2. Class B - 128 – 191
3. Class C - 192 – 223
4. Class D - 224 - 239
5. Class E - 240 - 255
Q. Difference between Hardware Router & Software Router?
A. Hardware Router: Hardware Router is a dedicated Router. It’s having a lot of feature such as Security, dedicated routing in
the networking. As for Example Cisco Router.
Software Router: Software Router is not a dedicated router. It provides the different services also such as DNS Server, DHCP
Server i.e. Windows Based Router.
Q. Difference between Hardware Firewall and Software Firewall?
A. Hardware Firewall: It is a dedicated firewall. A lots of security features are available on hardware based firewall. As for
Example- Cisco Pix Firewall.
Software Firewall: It is a dedicated firewall. It provides the normal security in the network- Check Point.
Q. What is Domain Controller?
A. D.C. stands for Domain Controller. It provides the centralized management of entire domain in the network. When ever we will
install active directory database on a server side operating system, then after that system becomes a D.C. Domain controller
manages all security related interaction between users and computers in the network.
Q. What is B Router?
A. B Router stands for Bridge Router. We can say this is a layer three bridge that provides the communication between two or
more different network ID.
Q. What is a Bridge?
A. Bridge is a layer 2 network device that provides the communication within the same network ID. In bridge maximum 16 ports
are available.
Q. Difference between Gateway and Router?
A. Router works on same network architecture but Gateway works on different network architecture.
Q. What is POP Server/SMTP Server?
A. POP Stands for Post Office Protocol. It is basically use for mail receiving purpose in the network.
SMTP Stands for Simple Mail Transfer Protocol. It is basically use for sending a mail as well as receiving a mail in the network.
Q. What is Active Directory Partitions?
A. Active Directory Partition is a logical Partition of Active Directory. This Partition is basically use for replication from D.C. to A.D.
C. & D.C. to G.C.S. (Global Catalog Server) in the network. There are three Types of Active Directory Partition:
1. Schema Partition
2. Configuration Partition
3. Domain Partition
Q. Types of Active Directory Partitions?
A. There are Three types of Active Directory Partitions:
1. Schema Partition
2. Configuration Partition
3. Domain Partition
Q. What is the function of Ping Command?
A. Ping provides to check the Physical IP Connectivity between two or more devices in the network. Ping sends an ICMP request
from source Computer to destination computer and destination computer sends an ICMP reply.
Q. What are Broadcasting, Multicasting and unicasting?
A. Broadcasting – one to all
Multicasting - one to many not all
Unicasting - One to One.
Q. What is Group Nesting?
A. When we add two or more Groups within a Single Group. It is called Group Nesting.
Q. What is FIXMBR?
A. FIXMBR Repair the Master boot record of the Partition Boot Sector.
Q. What is FIXBOOT?
A. FIXBOOT write a new partition boot sector on to the system partition.
Q. What is SID?
A. SID stands for Security Identifier. Every object has a unique ID, it is called SID.
Q. What is RADIUS Server?
A. RADIUS Stands for Remote Authentication Dial-in User Service, RADIUS Server Provides the Centralized Management of
Multiple RAS & VPN Server in the network. On this Server Remote Access Policy and Remote Access Logging Options are available.
Q. What is Trusting Domain?
A. In Trusting Domain Resources are available.
Q. What is Trusted Domain?
A. In Trusted Domain User Account’s are available.
Q. What is Microsoft Exchange Server?
A. Microsoft Exchange Server is Software that provides the services such as sending & receiving the Mail.
Q. What is Printer?
A. Printer is a Software that Governing the print Device. There are two types of Printer:
1. Local Printer
Chatting is a Real Time Conversation between two or more people in the network.
2. Network Printer
Q. What is Chatting?
A.
Q. What is Directory Services restore mode?
A. When our Active Directory Database is not working properly, then we restart the domain Controller and press f8 key. Then after
Selecting the Directory services restore mode and then after restoring the active directory database from the last backup.
Q. What is Normal Backup?
A. Just like a normal backup by default Backup.
Q. What is incremental backup?
A. In incremental backup only incremental parts are backup not full backup.
Q. What is differential backup?
A. In differential backup, we take full backup after the normal backup.
Q. What is packet?
A. A packet is a logical grouping of information that includes a header which contains location information and user data.
Q. What is forwarder?
A. It is basically use in DNS Server. When client query to the DNS Server. In that case if the DNS is having best results then
DNS Server give the best result. To the client computer in the network otherwise DNS.

Windows Topics on http://www2.isupportyou.net


Ques1: What is Active Directory?
Ans: An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks
and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.

An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize
these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the
Directory.

Active Directory is a hierarchical collection of network resources that can contain users, computers, printers, and other Active Directories. Active Directory
Services (ADS) allow administrators to handle and maintain all network resources from a single location . Active Directory stores information and settings
in a central database


Ques2: What is LDAP?
Ans: The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying directory services running over TCP/IP.
Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to
obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of
server hosting the directory.


Ques3: Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Ans: Yes you can connect other vendors Directory Services with Microsoft’s version.

-Yes, you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell or NDS (Novel directory  System).
-Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft
Identity Integration Server )


Ques4: Where is the AD database held? What other folders are related to AD?
Ans: AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure

ntds.dit
edb.log
res1.log
res2.log
edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log
file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log
file. Any time the system is shut down, all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that
changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD
database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in
the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn’t exist on reboot or the shutdown statement isn’t
present, AD will use the edb.log file to update the AD database. The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file
is located in\NTDS, along with the other files we’ve discussed


Ques5:  What is the SYSVOL folder?
Ans: - All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition.
- The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the
Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS)
forest.
- This is a quote from microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder
structure


Ques6: Name the AD NCs and replication issues for each NC
Ans: *Schema NC, *Configuration NC, Domain NC
-Schema NC This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn
defines the different object classes and attributes within Active Directory.
-Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of
Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas.
-Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed
Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain.


Ques7: What are application partitions? When do I use them
Ans: Application directory partitions: These are specific to Windows Server 2003 domains.
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the
replication of a particular application directory partition hosts a replica of that partition. Only Domain controllers running Windows Server 2003 can host a
replica of an application directory partition.


Ques8: How do you create a new application partition
Ans: http://wiki.answers.com/Q/How_do_you_create_a_new_application_partition


Ques9: How do you view replication properties for AD partitions and DCs?
Ans: By using replication monitor
          go to start > run > type replmon


Ques10: What is the Global Catalog?
Ans: The global catalog contains a complete replica of all objects in Active Directory for its Host domain, and contains a partial replica of all objects
in Active Directory for every other domain in the forest.

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active
Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest
stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an
object in a different domain would require the user or application to provide the domain of the requested object.

The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain
controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions
in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the
attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global
catalog server.


Ques11: How do you view all the GCs in the forest?
Ans: C:\>repadmin/showreps
          domain_controller
OR- You can use Replmon.exe for the same purpose.
OR- AD Sites and Services and nslookup gc._msdcs.%USERDNSDOMAIN%


Ques12: Why not make all DCs in a large forest as GCs?
Ans: The reason that all DCs are not GCs to start is that in large (or even Giant) forests the DCs would all have to hold a reference to every object in 
the entire forest which could be quite large and quite a replication burden.
          For a few hundred, or a few thousand users even, this not likely to matter unless you have really poor WAN lines.


Ques13: Trying to look at the Schema, how can I do that?
Ans:

adsiedit.exe
option to view the schema
register schmmgmt.dll using this command
c:\windows\system32>regsvr32 schmmgmt.dll
Open mmc –> add snapin –> add Active directory schema
name it as schema.msc
Open administrative tool –> schema.msc


Ques14: What are the Support Tools? Why do I need them?
Ans: Support Tools are the tools that are used for performing the complicated tasks easily. These can also be the third party tools. Some of the Support
tools include DebugViewer, DependencyViewer, RegistryMonitor, etc.  -edit by Casquehead  I beleive this question is reffering to the Windows Server 2003
Support Tools, which are included with Microsoft Windows Server 2003 Service Pack 2. 

You need them because you cannot properly manage an Active Directory network without them.
Here they are, it would do you well to familiarize yourself with all of them.

Acldiag.exe
Adsiedit.msc
Bitsadmin.exe
Dcdiag.exe
Dfsutil.exe
Dnslint.exe
Dsacls.exe
Iadstools.dll
Ktpass.exe
Ldp.exe
Netdiag.exe
Netdom.exe
Ntfrsutl.exe
Portqry.exe
Repadmin.exe
Replmon.exe
Setspn.exe


Ques15: What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
Ans: ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI)
tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The
attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active
Directory. The following are the required files for using this tool:
· ADSIEDIT.DLL
· ADSIEDIT.MSC


Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary

A: Replmon is the first tool you should use when troubleshooting Active Directory replication issues. As it is a graphical tool, replication issues are easy to
see and somewhat easier to diagnose than using its command line counterparts. The purpose of this document is to guide you in how to use it, list some
common replication errors and show some examples of when replication issues can stop other network installation actions.

NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining
computers to domains, verifying trusts, and secure channels

A: Enables administrators to manage Active Directory domains and trust relationships from the command prompt.
Netdom is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role
installed. To use netdom, you must run the netdomcommand from an elevated command prompt. To open an elevated command prompt, click Start,
right-click Command Prompt, and then click Run as administrator.

REPADMIN.EXE is a command line tool used to monitor and troubleshoot replication on a computer running Windows. This is a command line tool that
allows you to view the replication topology as seen from the perspective of each domain controller.

REPADMIN is a built-in Windows diagnostic command-line utility that works at the Active Directory level. Although specific to Windows, it is also useful for
diagnosing some Exchange replication problems, since Exchange Server is Active Directory based.

REPADMIN doesn’t actually fix replication problems for you. But, you can use it to help determine the source of a malfunction.


Ques16: What are sites? What are they used for?
Ans: Active directory sites, which consist of well-connected networks defined by IP subnets that help define the physical structure of your AD, give you
much better control over replication traffic and authentication traffic than the control you get with Windows NT 4.0 domains.
Using Active Directory, the network and its objects are organized by constructs such as domains, trees, forests, trust relationships, organizational units
(OUs), and sites.


Ques17: What’s the difference between a site link’s schedule and interval?
Ans: Schedule enables you to list weekdays or hours when the site link is available for replication to happen in the give interval. Interval is the 
re occurrence of the inter site replication in given minutes. It ranges from 15 – 10,080 mins. The default interval is 180 mins.


Ques18: What is the KCC?
Ans: The KCC is a built IN  process that runs on all domain controllers and generates replication topology for the Active Directory forest. The KCC creates
separate replication topologies depending on whether replication is occurring within a site (intrasite) or between sites (intersite). The KCC also
dynamically adjusts the topology to accommodate new domain controllers, domain controllers moved to and from sites, changing costs and schedules,
and domain controllers that are temporarily unavailable.


Ques19: What is the ISTG? Who has that role by default?
Ans: Intersite Topology Generator (ISTG), which is responsible for the connections among the sites. By default Windows 2003 Forest level functionality
has this role.  By Default the first Server has this role. If that server can no longer preform this role then the next server with the highest GUID then takes
over the role of ISTG.


Ques20: What are the requirements for installing AD on a new server?
Ans: An NTFS partition with enough free space (250MB minimum)
· An Administrator’s username and password
· The correct operating system version
· A NIC
· Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway)
· A network connection (to a hub or to another computer via a crossover cable)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder)
From the Petri IT Knowledge base. For more info, follow this link:


Ques21: What can you do to promote a server to DC if you’re in a remote location with slow WAN link?
Ans: First available in Windows 2003, you will create a copy of the system state from an existing DC and copy it to the new remote server. Run 
“Dcpromo /adv”. You will be prompted for the location of the system state files


Ques22: How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords from the AD database?
Ans: Demote the server using dcpromo /forceremoval, then remove the metadata from Active directory using ndtsutil. There is no way to get user
passwords from AD that I am aware of, but you should still be able to change them.

Another way out too

Restart the DC is DSRM mode
a. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions
b. In the right-pane, double-click ProductType.
c. Type ServerNT in the Value data box, and then click OK.
Restart the server in normal mode

its a member server now but AD entries are still there. Promote teh server to a fake domain say ABC.com and then remove gracefully using DCpromo.
Else after restart you can also use ntdsutil to do metadata as told in teh earlier post


Ques23: What tool would I use to try to grab security related packets from the wire?
Ans: you must use sniffer-detecting tools to help stop the snoops. … A good packet sniffer would be “ethereal”


Ques24: Name some OU design considerations ?
Ans: OU design requires balancing requirements for delegating administrative rights – independent of Group Policy needs – and the need to scope the
application of Group Policy. The following OU design recommendations address delegation and scope issues:

Applying Group Policy An OU is the lowest-level Active Directory container to which you can assign Group Policy settings.

Delegating administrative authority
usually don’t go more than 3 OU levels


Ques25: What is tombstone lifetime attribute?
Ans: The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and
preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC by default 2000 (60 days)
2003 (180 days)


Ques26: What do you do to install a new Windows 2003 DC in a Windows 2000 AD?
Ans: If you plan to install windows 2003 server domain controllers into an existing windows 2000 domain or upgrade a windows 2000 domain controllers
to windows server 2003, you first need to run the Adprep.exe utility on the windows 2000 domain controllers currently holding the schema master and
infrastructure master roles. The adprep / forestprer command must first be issued on the windows 2000 server holding schema master role in the forest
root doman to prepare the existing schema to support windows 2003 active directory. The adprep /domainprep command must be issued on the sever
holding the infrastructure master role in the domain where 2000 server will be deployed.


Ques27: What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?
Ans: A. If you’re installing Windows 2003 R2 on an existing Windows 2003 server with SP1 installed, you require only the second R2 CD-ROM. Insert the
second CD and the r2auto.exe will display the Windows 2003 R2 Continue Setup screen.

If you’re installing R2 on a domain controller (DC), you must first upgrade the schema to the R2 version (this is a minor change and mostly related to the
new Dfs replication engine). To update the schema, run the Adprep utility, which you’ll find in the Cmpnents\r2\adprep folder on the second CD-ROM.
Before running this command, ensure all DCs are running Windows 2003 or Windows 2000 with SP2 (or later)


Ques28: What are the DScommands?
Ans: New DS (Directory Service) Family of built-in command line utilities for Windows Server 2003 Active Directory
New DS built-in tools for Windows Server 2003
The DS (Directory Service) group of commands are split into two families. In one branch are DSadd, DSmod, DSrm and DSMove and in the other branch
are DSQuery and DSGet.

When it comes to choosing a scripting tool for Active Directory objects, you really are spoilt for choice. The the DS family of built-in command line
executables offer alternative strategies to CSVDE, LDIFDE and VBScript.

Let me introduce you to the members of the DS family:

DSadd – add Active Directory users and groups
DSmod – modify Active Directory objects
DSrm – to delete Active Directory objects
DSmove – to relocate objects
DSQuery – to find objects that match your query attributes
DSget – list the properties of an object


Ques29: What are the FSMO roles? Who has them by default? What happens when each one fails?
Ans: FSMO stands for the Flexible single Master Operation

It has 5 Roles: -

Schema Master:
The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from
the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only
one schema master in the whole forest.

Domain naming master:
The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a
domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in
the whole forest.

Infrastructure Master:
When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to
security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and
distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in
each domain.

Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on
a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because
a Global Catalog server holds&









Active directory:

1) What is the active directory?
Ans: Active directory is a centralized hierarchical directory database and it’s a directory service which contains information of all user accounts and shared resources on a network.

2) What is the organizational unit?
Ans: OU are additional container objects that can store users, computers, groups &other OU’s.

3) What is the use of organizational unit?
      Ans: OU are additional container objects that can store users, computers, groups &other OU’s.
Uses:1) To control replication traffic
2) To make authentication faster and more efficient.
3) To locate the nearest server providing directory enabled services
4) To manage the application of group policy.

4) What are the main roles in active directory?
Ans:  FSOM stands for flexible Single operation Master
1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID  master
5)Infrastructure master

5) What is the location & file system type where the active directory
     Information is installed?
 Ans: On NTFS partition, c:\windows\ntds.dit & c:\windows\sysvolv.
   
6) For the replication between DC&ADC some file are used, what is the location of
       that Directory?
 Ans: c:\windows\sysvolv.
7)What is the use of SYSVOL folder
SYS VOL folder contains data and files common between DC and AD. SYSVOL is included in the system state backup. The win 2003 SYSVOL is collection of folders and repairs point in the file systems that exist on each domain controller in a domain. SYSVOL provides standard location to store important elements of Group policy objects (GPO) and scripts so that the File replication system (FRS) can distribute them to other domain controllers within that domain

8) What is the protocol used by the active directory to perform it’s function?
 Ans: LDAP: Lightweight directory access protocol base on TCP/IP.

9) What is a tree?
Ans: a tree is a collection of domains that share a single dns name space and are connected by transitive trust relationship.

10) What is forest?
Ans:A forest is collection of one or more domains that share a common schema and global catalog.
Forest — Tree — Domain

 12)what is domain controllers?
      Ans: domain controllers are the physical storage location for the active directory database.
     
14)what are physical components of  a active directory?
Ans: Domain controllers, sites.

15)what are logical components of active directory?
Ans: Forests, trees, domains, OU’s

16)what is the command to make a server into domain controller in win 2000&2003?
Ans: DCPROMO.

17) What is the command to remove the domain controller functionality?
Ans: DCPROMO  /FORCEREMOVAL.
18)which version of active directory in win2000&win2003?
Ans: Win2000 : 1.0
Win2003  : 1.1.
22)What is Kerberos?
      Ans: this protocol is an internet standard authentication protocol that provides a   higher level of security. More efficient than windows NT LAN Manager
      
 23)What is Win NT LAN Manager (NTLM)?
      Ans: This protocol enables users of win95 and win98 and Win NT client’s computers to be authenticated to win 2000 domains. This protocol is only available when win 2000 Active Directory is configured to operate in mixed-mode
24)What command line utility is used on windows 2000 servers domain controllers before they upgrade to plan win2003 domain controllers?
Ans:1) adprep  /forest prep.
(This command must be issued on win 2000server holding schema master role in forest root  domain to prepare existing schema to support win2003AD.)
      2)adprep  /domain prep
(Infrastructure master to be deployed on win 2003 server
Note: adpreptool on win 2003 CD ROM i386 directory
25) How can you authenticate between forests?
      Ans: Windows 2000 always uses NTLM for authentication between forests; 2003 will use kerebros if and only if dns is used while setting up the domains. If the netbios name is uses; NTLM is used for 2003.

 27)Which protocol plays the security role for the authentication in 2000&2003?
       Ans: KEREBROS
     
 28) What is version of kerebros in 2003 o/s?
       Ans: KEREBROS v 5.5
     

30) what is the type of backup is used to take the active directory?
Ans: system state data backup.


32)what is command to know the SID,RID,DID of a user?
Ans: who am I  /user(SID: security identifier
33)can you create a new domain tree in existing forest  in win2000?
Ans:No, in win 2003 only we can create.
Windows Server 2003
The last functional level is Windows Server 2003. This domain functional level only provides support for Windows Server 2003 domain controllers. If you want to take advantage of all the features included with Windows Server 2003, you must implement this functional level. One of the most important features introduced at this functional level is the ability to rename domain controllers
37) When should you create a forest?
A: Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
38) what type domain names  are used in win 2003& win2000?
Ans:Fully qualified domain names(Any name with extension)

39)what are FSOM rules?
Ans: FSOM stands for flexible Single operation Master
1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID  master
5)Infrastructure master

40) what are the six underplaying major roles in active directory to be transferred to ADC from DC to make additional domain controller to act as a domain controller?
Ans: Forest Level                                               Domain Level
     1)Domain naming master                           4)PDC Emulator
     2)Schema master                                      5) RID  master
     3)Globalcatalog server.                            6)Infrastructure master
41)   Define the six responsibilities of  an  active directory?
Ans: Domain naming master: ensures the domain names to be unique.
       Schema master: classes and attributes and architecture is maintained by the schema.
       Global catalog Server: help to find objects across domains ,supply information about universal  group membership and authenticate
       RID Master: ensures user accounts to be unique
       PDC Emulator: Act as a emulator for user login, replication between DC and BDC’s.
      Infrastructure Master: responsible for changes or modifications in group membership.
Allows to user to move from one group to other.
42)Can I change password if my machine’s connectivity to DC who holds PDC emulator role has been fails?
      Ans:No you cannot change the password.
43)what is Global catalog Server?
Ans: A Global catalog server is a searchable index which stores all the information about all objects in an active directory. The main role of global catalog server is to help quickly find objects across domains ,supply information about universal group membership and authenticate user principal  names(UPN) are supplied.
44)What is Global Catalog?
Ans:The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.
45)What is GC? How many required for A Tree?
Ans:GlobalCatalog server is a Searchable Index book. With this we can find out any object in the Active Directory. Also it works as logon authentication for Group memberships. We can have each domain controller in domain or only first domain controller in a domain.
46)where global catalog servers are configured?
Ans:Domain controller individually
47)which type of zone is created when you install active directory?
Ans:active directory integrated zone with six service records are created with domain  name when you install A.D on application directory partition.

48)How many services are installed ,when you install active directory and what are they?
Ans: Total five services
1)Active directory domains &t rusts
2)Active directory sites and services
3)Active directory users and groups
4)Domain controller security policy.
5)Domain security policy.
50) What snap-in administrative tools are available for Active Directory?
A: Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from admin pack)
51) How do you delete a lingering object?
A: Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.
52)where universal group membership  cache is configured?
Ans:At the site ,it applies to all domain controllers with in a specific site.
53) what are the types of partitions a win2000 domain controller holds in a  active directory?
Ans:  Domain Partition: It contains all objects,objects associated  with particular domain.
        Schema master: It contains a copy  of active directory schema  for a given forest. this partition was replicated to all DC.
        Configuration Master:which contains information about active directory sites& services.
        Global catalog partition: :which contains a subset of the attributes of all objects in active directory forest.
54)what are  the types of partitions that is supported by win 2003 server?
Ans: win 2003 server supports all four partitions,i.e supports win 2000 server.it also supports new partition.
Application directory partition:  the main purpose of this partition is to store data (objects and attributes) related to active directory integrated application and services.
Note: it’s a partition that is replicated only to specific domain controller. it is  used to store data relating to services such as DNS
Some benefits of using this partition
1)provides redundancy, availability, fault tolerance.
2) reduce replication traffic
3)allows applications or services that use LDAP to store& access their data In A.D.
4)it holds any type of object except security principal such as users & computer & security groups.

 55)How to check DC replication status,
 Ans: Go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.

56)How to Enable or Disable a Global Catalog (GC)
Ans:Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.

57)How to install/remove AD/DC
Ans:To install/remove AD/DC, use Promote and Demote command.

58)How to repopulate AD DNS entries
Ans:Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

This domain controller holds the last replica of the following application directory partitions
Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com
Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.

59) What will happen when demoting a DC
Ans: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.
60) What is Active Directory Defragmentation?
Windows 2000 running Directory services (DS s) performs a directory online defragmentation every 12 hours by default as part of the garbage collection process. This defragmentation only moves data around the database file (ntds.dit ) and doesn’t reduce the file size.

61) Difference between online and offline Defragmentation?
On line defragmentation makes space available, but does not reduce the size of the database file.
Only offline defragmentation provides you with clear picture of the amount of space consumed by the database file.
62) What is tombstone period
Tomb stone objects have quotas. When security principle deletes objects windows creates tombstone object for a designated period of time by default 60 days before purging the tombstone from the system. These tombstone objects count towards the security principle quota
A. Because of the complex replication available in Windows 2000 and the Active Directory just deleting an object would result in it potentially being recreated at the next replication interval and so deleted objects are 'Tombstone' instead. This basically marks them as deleted and applies to all objects.
Objects marked as tombstone are actually deleted 60 days after their original tombstone status setting, however this time can be changed by modifying tombstone lifetime.
63)How can I change the Recovery Console administrator password on a domain controller
A. When you use the Recovery Console (RC), the system uses the account passwords in the local SAM file. But if a system is a domain controller (DC), it doesn't use the local SAM file, so changing the Administrator password changes the Active Directory (AD) account and not the local SAM password. To modify the SAM password, perform the following steps:
1.                   Shut down the DC on which you want to change the password.
2.                   Restart the computer. When the system displays the selection menu during the restart process, press F8 to view advanced startup options.
3.                   Select Directory Service Restore Mode.
4.                   After you successfully log on, to change the local Administrator password, at a command prompt, type the following command:
Net user administrator *
5.                   Restart the computer.
If you don't know the password, you can demote the DC to a regular server, change the password, then promote the system to a DC. You can also copy the SAM in the %SystemRoot%\Repair folder to the %SystemRoot%\System32\Config folder.

What is GPO ?
Ans: Group Policy gives you administrative control over users and computers in your network.

11) what are sites?
Ans: a site is a physical component of active directory that is used to define and represent the topology of a network. A site is collection of one or more well connected  IP  subnets.
Uses:1)To control replication traffic
        2)To make authentication faster and more efficient.
        3)To locate the nearest server providing directory enabled services.

 13) What is Active Directory schema?
A)                  The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object. Active Directory stores and retrieves information from a wide variety of applications and services. So that it can store and replicate data from a potentially infinite variety of sources, Active Directory standardizes how data is stored in the directory. By standardizing how data is stored, the directory service can retrieve, update, and replicate data while ensuring that the integrity of the data is maintained.
Schema master is a set of rules which is used to define the structure of active directory. It contains definitions of all the objects which are stored in AD. It maintains information and detail information of objects.
19) what is the command used to install active directory on remote servers?
Ans: dcpromo /answer: answerfile
(answer file is a text file created from the /support/tool folder by using deploy.cab file)
    
 20)Where are the Windows NT Primary Domain Controller (PDC) and its Backup       Domain Controller (BDC) in Server 2003?
A)                  The Active Directory replaces them. Now all domain controllers share a multi-master peer-to-peer read and write relationship that hosts copies of the Active Directory.
 21) How long does it take for security changes to be replicated among the domain controllers?
A)                  Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).



 26) Compare Active directory & SAM?
Windows NT
Windows 2000
Single-master replication is used via PDCs and BDCs.
Multimaster replication is used via DCs.
Domain is the smallest unit of partitioning.
Domain is the smallest unit of partitioning.
Domain is the smallest unit of authentication.
OU is the smallest unit of authentication.
Domain is the smallest unit of policy (system policies).
OU is the smallest unit of policy (group policy objects).
Domain is the smallest unit of security delegation/administration.
A property of an object is the smallest unit of security delegation/administration.
NetBIOS broadcasts as primary browsing and connection mechanism.
TCP/IP connections to Active Directory as primary browsing and connection mechanism.
WINS or LMHOSTS required for effective browsing.
DNS and Active Directory required for effective browsing
WINS required for older clients.
Object is the smallest unit of replication.
Property is the smallest unit of replication.
Maximum recommended database size for SAM is 40 MB.
Maximum database size for Active Directory is 70 TB.
Maximum effective number of users is 40,000 (if you accept the recommended 40 MB maximum).
Maximum number of users (objects) in one domain is between one and two million
Maximum number of users (objects) in one forest is 10 million.
Four domain models (single, single-master, multimaster, complete-trust) required to solve admin-boundary and user-limit problems being per domain.
No domain models required as the complete-trust model is implemented.
One-way trusts can be implemented manually.
Schema is not extensible.
Schema is fully extensible.
29) What is the command, which display the DC? Adc, Member server?
Ans: Net accounts.
34)In what replication process  goes in win2000 and win2003?
Ans: two way replication process.(ADC::read &write copy)
35)  What types of classes exist in Windows Server 2003 Active Directory?
A: Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.
Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.
88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments

36)What is the default domain functional level in Windows Server 2003?
A) The four domain functional levels are:
Windows 2000 Mixed                                          Windows 2000 Native
Windows Server 2003 Interim                             Windows Server 2003
Windows 2000 Mixed
When you configure a new Windows Server 2003 domain, the default domain functional level is Windows 2000 mixed. Under this domain functional level, Windows NT, 2000, and 2003 domain controllers are supported. However, certain features such as group nesting, universal groups, and so on are not available.
Windows 2000 Native
Upgrading the functional level of a domain to Windows 2000 Native should only be done if there are no Windows NT domain controllers remaining on the network. By upgrading to Windows 2000 Native functional level, additional features become available including: group nesting, universal groups, SIDHistory, and the ability to convert security groups and distribution groups.
Windows Server 2003 Interim
The third functional level is Windows Server 2003 Interim and it is often used when upgrading from Windows NT to Windows Server 2003. Upgrading to this domain functional level provides support for Windows NT and Windows Server 2003 domain controllers. However, like Windows 2000 Mixed, it does not provide new features.

What is the difference between site links and connection objects?
Site links represent potential connections, and connection objects represent actual connections
What tool is used to report on the overall directory replication health?
dcdiag.exe
What tool will provide replication information for a specific server?
Replication Diagnostics Tool (repadmin.exe)
What two tools are used to analyze and report on replication?
Replication Diagnostics Tool (repadmin.exe) and Directory Server Diagnosis (dcdiag.exe)

What is the minimum inter-site polling interval?
Fifteen minutes
What is the default inter-site replication interval?
Three hours
What is the default site link cost?
100
Are fast site links given a high or low cost?
Low
What should you do if you disable transitivity on a site link?
Build site link bridges
Are site links transitive or intransitive by default?
Transitive
What happens if preferred bridgehead servers are selected and none are available?
Inter-site replication does not occur
How are bridgehead servers selected?
They are selected automatically
What is the term for a domain controller responsible for inter-site replication for a particular site?
Bridgehead server
What protocol should be used for inter-site replication when connections are not always available?
Inter-Site Messaging-Simple Mail Transport Protocol (ISM-SMTP)
What protocol is preferred for inter-site replication?
Directory Service Remote Procedure Call (DS-RPC)
What protocol is used for intrasite replication?
Directory Service Remote Procedure Call (DS-RPC)

What are the two protocols used for replication?
Directory Service Remote Procedure Call (DS-RPC) and Inter-Site Messaging-Simple Mail Transport Protocol (ISM-SMTP)
What generates connections between sites?
theIntersite Topology Generator (ISTG), part of the KCC
What is the default intrasite replication polling interval?
One hour
What is polling?
The process by which a downstream partner queries the upstream partner as to whether any directory changes are queued
What component of Active Directory generates the replication topology?
Three hops
Are connection objects one-way or two-way?
One-way
What tool is used to configure Universal Group Membership Caching?
Active Directory Sites and Services
What tool is used to make an existing domain controller a Global Catalog server?
Active Directory Sites and Services
Where is it recommended that Universal Group Membership Caching (UGMC) be enabled?
On domain controllers in sites with slow or unreliable links to Global Catalogs
How often does a domain controller update universal group membership if UGMC is enabled?
Every eight hours
What is another name for the Global Catalog?
Partial Attribute Set (PAS)
What two services does a domain controller advertise?
Kerberos (for authentication) and LDAP (for directory access)

What is a Domain Controller?
A server that stores the Active Directory database and authenticates users
Define: Global Catalog
The Global Catalog is a Domain Controller that contains a parital replica of every domain in Active Directory. It is the index of the forest. It defines where a object is. Active Directory builds the Global Catalog automatically.
Define: Schema
Schema is the "key" or "legend" of Active Directory .

How many Schemas can you have in a Forest?
1

How can we think of OUs and what are they used for?
OUs can be thought of as empty containers. They are used for
1) Delegation
2) To manage many objects as one object

What is a OU?
A OU is a Organizational Unit.

Define: Domain
A logical security boundary

Define: Tree
A collection of 1 or more Domains that all share a contiguous Namespace
Where is the Active Directory database stored on the Domain Controller?
Windows\NTDS\Ntds.dit
How many partitions (also called Naming Contexts) are there in Ntds.dit?
3  Partitions with 2 additional potential partitions. The 3 main are: Schema, Configuration, and Domain
What kind of database/directory is Active Directory?
Active Directory is a Multimaster database where Info is automatically replicated between multiple Domain Controllers

What is the difference between a Domain Controller (DC) and a Read Only Domain Controller (RODC)?
A Read Only Domain Controller only takes data in. It cannot be modified and does not replicate to other Domain Contollers. This is a new feature in Windows Server 2008.
What is a Forest Root Domain?
It is the first Domain created within a Active Directory Forest.

What Windows Server 2003 features at least two GPO troubleshooting tools that administrators are expected to be familiar
with?
RSOP and GPRESULT
Default policy refresh interval is?
90 minutes for client computers
and member servers
5 Minutes for DC
Group policy files are stored in?
SYSVOL shares on domain controllers

What is used to replicate the content of SYSVOL shares?
The File Replication
Service (FRS)
What tool is runs a series of diagnostic tests on a domain controller;
these tests include replication and topology integrity checks
Dcdiag

This tool is used to analyze replication mechanisms in great detail.
Repadmin

Very convenient and fast way to To verify whether FRS is having problems replicating SYSVOL data to other domain controllers.
File Replication Service log in Event Viewer

GPO Process starts with?
Local, Site, Domain, OU

What three Active Directory, partitions exist on any DC and must be replicated?
Domain partition
Configuration partition
Schema partition
Publishing software
packages is only available to users, and applications published through group policies
can be found in - Add/Remove Programs applet in Control Panel
If your software package is assigned to a computer object, it will install when?
When the comuter is rebooted.

Logging Policy Processing Information is located where?
%systemroot%\debug\usermode folder\userenv.log

What is a build in process which creates the replication topology in active directory Forest
Knowledge
Consistency Checker (KCC)

What is a Schema?
The schema is a database that is used to define objects and their attributes.

The schema is made up of?
Classes and attributes

What is the purpose of a stub zone?
to identify the authoritative DNS servers for that zone
Does DNS work on a push or pull basis?
pull: when changes are made, the DNS server notifies other servers that changes are available

What do incremental zone transfers do?
replicate only changes to DNS (rather than all records)
What 2 containers are created when DNS is integrated with AD?
forestDNSzone and domainDNSzone
What is server scavenging?
process of getting rid of stale DNS records
When DNS recursion is usually disabled?
When the network is sensitive
What is recursion?
Forwarding requests to other servers for fulfillment
What sort of servers most often utilize round robin DNS?
Web servers
What are 3 reasons to divide namespaces into more than 1 zone?
Delegate responsibility, break up large namespaces for management, extend namespace to add subdomains
What do root hints do?
Provide a link between DNS servers and top-level DNS servers
Trust - A relationship in which one domain trusts the directory information stored in another domain
Trust Relationship - They work in a one-way direction DomainA trust DomainB.
Note this does not mean that DomainB trusts DomainA.
How does Dynamic DNS (DDNS) differ from standard DNS?
DDNS allows real-time DNS updates
What command will send DNS registration info to a DNS server?
ipconfig /registerdns

How is DNS information replicated in DDNS?
Through Active Directory
How was DNS information replicated in standard DNS?
Through manual copies of the zone file
What two name resolution technologies does DDNS cover?
DNS and WINS
When does DDNS update the record?
When a client leases an IP address
What is Scope Option 003?
Default gateway
What is Scope Option 006?
Preferred DNS server
What is the scope for default gateway?
003
What is the scope for preferred DNS server?
006
Where does non-dynamic DNS store data?
In a text file located at %SystemRoot%\\System32\\DNS
What are the 3 types of DNS zones?
Primary, secondary, and stub zone
What is a primary DNS zone?
A DNS zone which stores a copy of the zone that can be directly updated
What is a secondary DNS zone?
A copy of a primary DNS zone

What are secondary DNS zones used for?
Load balancing, fault tolerance, and increasing capacity
What is a DNS stub zone?
A copy of a DNS zone containing only NS, SOA, and sometimes glue A records; it is not authoritative
What limitation exists on a DNS server storing its data in AD?
The DNS server must be a DC
What is secure DNS?
A DNS system where updates occur over a secure channel
How does secure DNS work?
When a DNS transfer is initiated, the DNS server verifies that the DNS server sending the update is on an approved list
What is the purpose of secure DNS?
To prevent poison entries
How is secure DNS set up in an Active Directory domain?
It is set up automatically
What are 3 reasons to use a stub zone?
Keep delegated zone info current, improve name resolution, simplify administration
What does a Start of Authority (SOA) record do?
specifies the DNS server in charge of a zone

What 4 items does an SOA record specify?
primary server for the zone, zone administrator's email address, secondary zone expiration values, minimum default TTL values
What is the Global Name Zone designed to do?
Replace WINS
What is an A record?
Address record
What 3 types of records are stored in a Forward Lookup Zone?
LDAP, Global Catalog, and Name Server records
How can repopulation be forced if a Forward Lookup Zone does not appear in AD?
Use net stop logon and net start logon
What do Forward Lookup Zones do?
Store domain name-to-IP address mappings
What do Reverse Lookup Zones do?
Store IP address-to-domain name mappings
At what 3 times are Reverse Lookup Zones populated?
When IP addresses are leased, when machines are restarted, when ipconfig /registerdns is executed
What do root hints do?
Provide a link between DNS servers and top-level DNS servers
What are 3 reasons to divide namespaces into more than 1 zone?
Delegate responsibility, break up large namespaces for management, extend namespace to add subdomains
When creating subdomains, what needs to be done to make sure that all zone records stay current?
Delegation records need to be added to other DNS servers to point to the authoritative server
How does round robin DNS work?
When an IP address for a server in a round robin pool is given out, that address is moved to the bottom of the list
What sort of servers most often utilize round robin DNS?
web servers
Explain a
"Transitive Trust Relationship"
Domains are not transitive. For example, DomainA trust DomainB and DomainB trusts domain DomainC but this does not mean that DomainA trusts DomainC.
What do domain controllers use to manage accounts when Active Directory is removed?
Security Accounts Manager (SAM)
What is Active Directory Migration Tool used for?
Migrating data between forests and domains
What tool is used to migrate AD data between domains?
Active Directory Migration Tool
What application normally makes use of the Active Directory Migration Tool?
Exchange
What snap-in is used to raise the forest functional level?
AD Domains and Trusts
What is the default functional level for Active Directory?
Windows 2000 Native Mode
What is Forestprep used for?
Preparing a forest for new applications like Exchange
What tool is used to prepare a forest for an Exchange installation?
forestprep
Where must forestprep be run?
on a DC within the forest root domain
What is domainprep used for?
prepping a domain for a new application that uses AD
Where must domainprep be run?
on a DC within each domain to receive the new application
What do trusts do?
allow authentication by one domain or forest to be accepted by another
What is a transitive trust?
a trust that allows an entity to trust any entity that another entity trusts
What is an external trust?
a trust with a domain or forest which is not part of the same forest
What is a shortcut trust used for?
improving logon times between domains in a forest. It is useful to define between domains in different trees.
How does a domain know that a request from an external trust is coming from a trusted source?
the domain's SID is included with the security principal's SID
Why does a domain include its own SID with the security principal's SID when authenticating via an external trust?
so the receiving domain knows that the request is coming from a trusted source
What snap-in is used to create subnets?
AD Sites and Services
What are site links for?
defining a replication path
What is site link cost used for?
determining what type and frequency of traffic that uses the link
What does a higher cost in a site link cost indicate?
less probability of usage
What are the 3 steps in configuring a site infrastructure?
configure subnets
What are the 2 types of DFS?
Domain-based DFS and standalone DFS
What is one-way replication?
Data is replicated to a Read-Only Domain Controller
What is a bridgehead server?
A server chosen to manage replication for its site
How are bridgehead servers chosen?
They are chosen automatically when a site is created
When is SMTP used for AD replication?
When links between sites are unreliable
What does Universal Group Membership Caching (UGMC) do?
Caches a user's universal group membership the first time the user logs onto the domain
Where is Universal Group Membership Caching (UGMC) useful?
In sites without a global catalog server
Where is Universal Group Membership Caching configured?
In site settings
Where are bridgehead servers configured?
In server settings
Why is it important to have more than one global catalog per site?
Users need either global catalogs or UGMC to logon due to universal group membership























IT Interview Preparation
·         HOME
·         QUESTION ANSWERS
·         OTHER OS
·         OTHER TOPICS
·         OTHER IMPORTANT BOOKS
·         BLOG

Interview Questions on RAID

Question 1: what is the difference raid 1 and raid 5?
Answer: On most situations you will be using one of the following four levels of RAIDs.

~ RAID 0
~ RAID 1
~ RAID 5
~ RAID 10 (also known as RAID 1+0)

RAID 0

Following are the key points to remember for RAID level 0.

~ Minimum 2 disks.
~ Excellent performance ( as blocks are striped ).
~ No redundancy ( no mirror, no parity ).
~ Don’t use this for any critical system.

In all the diagrams mentioned below:
~ A, B, C, D, E and F – represents blocks
~ p1, p2, and p3 – represents parity


RAID 1

Following are the key points to remember for RAID level 1.

~ Minimum 2 disks.
~ Good performance ( no striping. no parity ).
~ Excellent redundancy ( as blocks are mirrored ).



RAID 5

Following are the key points to remember for RAID level 5.

~ Minimum 3 disks.
~ Good performance ( as blocks are striped ).
~ Good redundancy ( distributed parity ).
~ Best cost effective option providing both performance and redundancy. Use this for DB that is heavily read oriented. Write operations will be slow.


RAID 10

Following are the key points to remember for RAID level 10.

~ Minimum 4 disks.
~ This is also called as “stripe of mirrors”
~ Excellent redundancy ( as blocks are mirrored )
~ Excellent performance ( as blocks are striped )
~ If you can afford the dollar, this is the BEST option for any mission critical applications (especially databases).


Question 2: Explain Different RAID ?
Answer: However there are several non-standard raids, which are not used except in some rare situations. It is good to know what they are.

This article explains with a simple diagram how RAID 2, RAID 3, RAID 4, and RAID 6 works.

RAID 2

~ This uses bit level striping. i.e Instead of striping the blocks across the disks, it stripes the bits across the disks.

~ In the above diagram b1, b2, b3 are bits. E1, E2, E3 are error correction codes.

~ You need two groups of disks. One group of disks are used to write the data, another group is used to write the error correction codes.

~ This uses Hamming error correction code (ECC), and stores this information in the redundancy disks.

~ When data is written to the disks, it calculates the ECC code for the data on the fly, and stripes the data bits to the data-disks, and writes the ECC code to the redundancy disks.

~ When data is read from the disks, it also reads the corresponding ECC code from the redundancy disks, and checks whether the data is consistent.
 If required, it makes appropriate corrections on the fly.

~ This uses lot of disks and can be configured in different disk configuration. Some valid configurations are 1) 10 disks for data and 4 disks for ECC 2)
4 disks for data and 3 disks for ECC

~ This is not used anymore. This is expensive and implementing it in a RAID controller is complex, and ECC is redundant now-a-days, as the hard disk
 themselves can do this.

RAID 3

~ This uses byte level striping. i.e Instead of striping the blocks across the disks, it stripes the bits across the disks.

~ In the above diagram B1, B2, B3 are bytes. p1, p2, p3 are parities.

~ Uses multiple data disks, and a dedicated disk to store parity.

~ The disks have to spin in sync to get to the data.

~ Sequential read and write will have good performance.

~ Random read and write will have worst performance.

~ This is not commonly used.

RAID 4

~ This uses block level striping.

~ In the above diagram B1, B2, B3 are blocks. p1, p2, p3 are parities.

~ Uses multiple data disks, and a dedicated disk to store parity.

~ Minimum of 3 disks (2 disks for data and 1 for parity)

~ Good random reads, as the data blocks are striped.

~ Bad random writes, as for every write, it has to write to the single parity disk.

~ It is somewhat similar to RAID 3 and 5, but little different.

~ This is just like RAID 3 in having the dedicated parity disk, but this stripes blocks.

~ This is just like RAID 5 in striping the blocks across the data disks, but this has only one parity disk.

~ This is not commonly used.

RAID 6

~ Just like RAID 5, this does block level striping. However, it uses dual parity.

~ In the above diagram A, B, C are blocks. p1, p2, p3 are parities.

~ This creates two parity blocks for each data block.

~ Can handle two disk failure

~ This RAID configuration is complex to implement in a RAID controller, as it has to
calculate two parity data for each data block.








Comments

Post a Comment

Popular posts from this blog

altiris software key

-
Image
I think a lot of people, like me, spend a lot of time try finding how to get those download: Latest Symantec workspace Virtualization , SWV 6.1, that is advanced SVS version, is integrated with the Altiris client management suite CMS 7.  (Yes, it was also named "SVS PRO") Notice 1: This package includes the "Wise Virtual Composer", and both x86+x64 versions. Notice 2: This link currently also includes SWS (Streaming) and SWC (Corporate) [please vote my post if you use it ;-] Story : I was thinking only SVS 2.1 (Software Virtualization Solution) was integrated into the "Client Management Suite 7". But this is not the case and SWV 6.1 (Symantec Workspace Virtualization) must not be paid in addition . Free home license : Both SVS 2.1 "light" version & SWV are still free personal use. I suggest you use now the latest SWV 6.4 (That is SWV 6.1 SP7 or following! Yes Symantec do this version naming - vote here also to a...
Read more

Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

-
Image
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) Table of Contents SPN Purpose SPN Format SetSPN Viewing or Checking SPN Registrations SPN Registration Errors Related to SPN Registration or Configuration Manually Registering SPNs Troubleshooting SPN Issues Resolving SPN Registration Issues SPN Lookup Errors Delegation External Articles SPN Purpose A service principal name (SPN) is the name by which a Kerberos client uniquely identifies an instance of a service for a given Kerberos target computer. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. ↑  Return to T...
Read more

Troubleshooting Netlogon Error Codes

-
Image
Quick Reference: Troubleshooting Netlogon Error Codes ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ January 28, 2013   by  Mark Morowczynski [MSFT]   //   24 Comments 0 0 Hi this is Brandon Wilson and today I will be providing you with a quick reference for troubleshooting Netlogon error codes. I say “quick reference” very loosely here, because this is one of those sticky subjects that can easily expand into many more areas and become a very long discussion. So, I’m going to do my best to focus on just the codes and possible solutions for the error codes that are more common to see. Anyone who has dealt with some of these issues knows that some of these outlined areas can lead to huge revenue loss for a business, or at the very least an annoying authentication prompt J I welcome you to leave comments and questions, or suggestions for articles that you as the reader would be interested in seeing us do on AskPFE Platforms ( http://blogs.tech...
Read more