actice directory faq with answers

8/2/2019 Actice Directory FAQ With Answers

1/10

1 of 10

Actice Directory FAQ with Answers

1. What is Global Catalog Server?Global Catalog server is the server which keeps the stores the details of each object created in the forest.Global Catalog is the master searchable index to all objects in forest

2. Can GC Server and Infrastructure place in single server? If not explain why?

No, As Infrastructure master does the same job as the GC. It does not work together.

3. What is the size of log file which created before updating into ntds.dit and the total number offiles?

Three Log files Names

Edb.log

Res1.log

Res2.log

Each initially 10 MB

4. What does SYSVOL contains?

SysVol Folder contains the public information of the domain & The information for replicationEx: Group policy object & scripts can be found in this directory.

5. Which is service in your windows is responsible for replication of Domain controller to anotherdomain controller.

KCC generates the replication topology.

Use SMTP / RPC to replicate changes.

6. How data will travel between sites in ADS replication?

As determined in the site connectors

7. What is the port number for SMTP, Kerberos, LDAP, and GC Server??SMTP 25, Kerberos 88, GC 3268, LDAP 389

8. What Intrasite and Intersite Replication?

Intrasite is the replication within the same site & intersite the replication between sites

9. What is lost & found folder in ADS?

It's the folder where you can find the objects missed due to conflict.Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn't find the OUthen it will put that in Lost & Found Folder.

10. What is Garbage collection?Garbage collection is the process of the online defragmentation of active directory. It happens every 12Hours.

11. What System State data contains?

Contains Startup files,

Registry

Com + Registration Database

Memory Page file

System files


2/10

2 of 10

AD information

Cluster Service information

SYSVOL Folder

12. How do you restore a particular OU which got deleted by accident?

Go authoritative restore

13. What is IPSec Policy?IPSec provides secure gateway-to-gateway connections across outsourced private wide area network(WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode.

IPSec Policy can be deployed via Group policy to the Windows Domain controllers 7 Servers.

14. What are different types of Group Policy?

I don't think there are types of group policies????

15. What is the order of applying Group Policy?

Local Policy.

Site Policy.Domain Policy.

OU Policy.

16. What are the new features in Windows 2003 related to ADS, Replication, and Trust?

ADS: Can more than 5000 users in the groups

17. How to edit the Schema in ADS?

ADSI Edit

18. What is Domain Local, Global Group, Universal group?

Domain Local Only Users with in DomainGlobal groups are used to grant permissions to objects in any domain in the domain tree or forest. Membersof global groups can include only accounts and groups from the domain in which they are defined.Universal groups are used to grant permissions on a wide scale throughout a domain tree or forest.Members of global groups include accounts and groups from any domain in the domain tree or forest.

19. Diff between Global & Universal group?

Check the answer above.

20. What are the different types of Terminal Services?

User Mode & Application Mode

21. What does mean by root DNS servers?

Public DNS servers Hosted in the Internet which registers the DNS

22. What are the different records in DNS?

A Address record

MX Mail Server Record

NS Name Server

CNAME Canonical name / Alias


3/10

3 of 10

SOA. Start of authority

23. What is a SOA record?

Start of authority authorized DNS in the domain

24. How does the down-level clients register it names with DNS server?

Enable the WINS integration with DNS.

25. What is RsOP?

RsOP is the resultant set of policy applied on the object (Group Policy)

26. What is default lease period for DHCP Server?

8 days Default

27. What is the process of DHCP clients for getting the ip address?

Discover Order Receive - Acknowledge

28. What is multicast?

Multicast scopes enable you to lease Class D IP addresses to clients for participation in multicasttransmissions, such as streaming video and audio transmissions.

29. What is superscope?Superscope enables you to group several standard DHCP scopes into a single administrative group withoutcausing any service disruption to network clients.

30. What is the System Startup process?

Windows 2K boot process on Intel architecture.

1. Power-On Self Tests (POST) is run.

2. The boot device is found, the Master Boot Record (MBR) is loaded into memory, and its program is run.

3. The active partition is located, and the boot sector is loaded.

4. The Windows 2000 loader (NTLDR) is then loaded.

The boot sequence executes the following steps:

1. The Windows 2000 loader switches the processor to the 32-bit flat memory model.

2. The Windows 2000 loader starts a mini-file system.

3. The Windows 2000 loader reads the BOOT.INI file and displays the operating system selections (bootloader menu).

4. The Windows 2000 loader loads the operating system selected by the user. If Windows 2000 is selected,NTLDR runs NTDETECT.COM. For other operating systems, NTLDR loads BOOTSECT.DOS and gives itcontrol.

5. NTDETECT.COM scans the hardware installed in the computer, and reports the list to NTLDR for


4/10

4 of 10

inclusion in the Registry under the HKEY_LOCAL_MACHINE_HARDWARE hive.

6. NTLDR then loads the NTOSKRNL.EXE, and gives it the hardware information collected byNTDETECT.COM. Windows NT enters the Windows load phases.

31. What is WINS hybrid & mixed mode?Systems that are configured to use WINS are normally configured as a hybrid (H-node) client, meaning theyattempt to resolve NetBIOS names via a WINS server and then try a broadcast (B-node) if WINS isunsuccessful. Most systems can be configured to resolve NetBIOS names in one of four modes:

Broadcast (B-node)Clients use a broadcast only to resolve names. An enhanced B-node setting has theclient use an LMHOST file as well. The hex value for this setting is 0x1.

Peer-to-Peer (P-node)Clients use WINS only to resolve names. The hex value for this setting is 0x2.Mixed (M-node)Clients first use a broadcast in an attempt to resolve NetBIOS names. If this fails, theyattempt the resolution via the WINS server. The hex value for this setting is 0x4.Hybrid (H-node)Clients first use the WINS service in an attempt to resolve NetBIOS names. If this fails,they attempt the resolution via broadcast. The hex value for this setting is 0x8.

32. What is Disk Quota?

Disk Quota is the specifying the limits of usage on the disks.

==========================================================

1) What is different Editions of Windows 2003 server?

i)Standard Edition

ii)Web Edition

iii)Enterprise Edition

iv)Datacenter Edition

2) What is active directory?

Active Directory is the directory service included in the Windows Server 2003 family. Active Directoryincludes the directory, which stores information about network resources, as well as all the services thatmake the information available and useful. Active Directory is also the directory service included in Windows2000.

3)What is the active directory database name and where it is located?

Name : NTDS.Dit located in c:\windows\ntds\

4)What is the expansion of .Dit ? Scalable size of NTDS in 2k3?

Dit Directory Information Tree. It is scalable up to 70 TB.

5) What is schema in AD?

The Active Directory schema defines objects that can be stored in Active Directory. The schema is a list ofdefinitions that determines the kinds of objects and the types of information about those objects that can bestored in Active Directory. Because the schema definitions themselves are stored as objects, they can beadministered in the same manner as the rest of the objects in Active Directory. Normally called schemaobject or metadata.


5/10

5 of 10

6) Structure of AD in 2kX?

1)Physical structure

Sites ,Domain Controllers

2)Logical structures

Forest, Tree, Domain, OU, object

7) What are the domain functional levels in 2k3?

1)Mixed mode

2)Native mode

3)Interim mode

8) What is Global catalog and GC server?

The global catalog is the central repository of information about objects in a tree or forest. By default, aglobal catalog is created automatically on the initial domain controller in the first domain in the forest. Adomain controller that holds a copy of the global catalog is called a global catalog server.

9) What are the functions of GC?

A) It enables a user to log on to a network by providing universal group membership information to a domaincontroller when a logon process is initiated.

B) It enables finding directory information regardless of which domain in the forest actually contains the data.

10) What is the active directory database engine name?

ESE (Extensible Storage Engine)

11) What are the partitions available in AD?

i) Schema partition

ii) Configuration Partition

iii) Domain Partition

iv)Application Partition

12) What are the two types of replications?

Inter-site (Site to site) and Intra-site (With in site) replications.

13) What is KCC? What is the function of the KCC?The KCC is a built-in process that runs on all domain controllers. The KCC configures connection objectsbetween domain controllers. Within a site, each KCC generates its own connections. For replication betweensites, a single KCC per site generates all connections between sites.

14) What is the two trust protocols 2k3 using?

Kerberos V5 and NTLM

15) What are the trust relations available in 2k3?

Tree-Root , Parent- Child , Shortcut, Realm, Forest trust , External trust


6/10

6 of 10

16)What is the hierarchy of applying Gpo in 2k3?

It is applied from parent level to child level in AD.

i) Local GPO

ii) GPOs linked to sites

iii) GPOs linked to domains

iv) GPOs linked to OUs

17) What are the protocols used on replication?

RPC over IP (Used for synchronies transfer) , SMTP over IP (Asynchronies transfer)

18) What is the default time delay on replication?

Intra site 15 min ( KCC automatically create the topology for Replication)

Inter-site 1 hrs.

Security related changes replicated immediately across sites.

19) What Different tables available in NTDS database?i) Schema table

Ii) Link Table

iii) Data table

iv)Configuration Table

19) Where is the FRS logs stored in and what is the database engine name?

c:\windows\ntfrs\jet\log, The engine used is jet database engine. Ntfrs.jdb.

20) What is tombstone object in AD? What is its life time?Any objects deleted from Active directory will not removed from Database immediately. That object is calledtombstone object. The default life time for that object is 60 days. For win 2k3 SP1 180 days

21) FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The fiveFSMO roles are

Schema Master:

The schema master domain controller controls all updates and modifications to the schema. To update the

schema of a forest, you must have access to the schema master. There can be only one schema master inthe whole forest.

Domain naming master

The domain naming master domain controller controls the addition or removal of domains in the forest.There can be only one domain naming master in the whole forest.

Infrastructure Master:

The infrastructure is responsible for updating references from objects in its domain to objects in otherdomains. At any one time, there can be only one domain controller acting as the infrastructure master in


7/10

7 of 10

each domain.

Relative ID (RID) Master:

The RID master is responsible for processing RID pool requests from all domain controllers in a particulardomain. At any one time, there can be only one domain controller acting as the RID master in the domain.

PDC Emulator

The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) toworkstations, member servers, and domain controllers that are running earlier versions of Windows.

For example, if the domain contains computers that are not running Microsoft Windows XP Professional orMicrosoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers,the PDC emulator master acts as a Windows NT PDC.

It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can beonly one domain controller acting as the PDC emulator master in each domain in the forest

============================================================

Quicker Q&A

What are the required components of Windows Server 2003 for installing Exchange 2003? -ASP.NET, SMTP, NNTP, W3SVC

What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep

What Exchange process is responsible for communication with AD? - DSACCESSWhat 3 types of domain controller does Exchange access? - Normal Domain Controller, GlobalCatalog, Configuration Domain ControllerWhat connector type would you use to connect to the Internet, and what are the two methods ofsending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route toeach addressHow would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with morethan 1Gb of memory? - Add /3Gb switch to boot.iniWhat would a rise in remote queue length generally indicate? - This means mail is not being sent toother servers. This can be explained by outages or performance issues with the network or remoteservers.What would a rise in the Local Delivery queue generally mean? - This indicates a performance issueor outage on the local server. Reasons could be slowness in consulting AD, slowness in handingmessages off to local delivery or SMTP delivery. It could also be databases being dismounted or alack of disk space.

What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? -SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP 389, Global Catalog - 3268Name the process names for the following: System Attendant? MAD.EXE, Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXEWhat is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20databases. 4 SGs x 5 DBs.What are the disadvantages of circular logging? - In the event of a corrupt database, data can onlybe restored to the last backup.

========================================================

1. What are the Default shares in Windows Server 2003?By default, Windows automatically creates special hidden administrative shares that administrators,


8/10

8 of 10

programs, and services can use to manage the computer environment or network. These special sharedresources are not visible in Windows Explorer or in My Computer, but you can use the Shared Folders tool inComputer Management to view them. Depending on the configuration of your computer, you may see someor all the following special shared resources listed in the Shares folder in Shared Folders:

DriveLetter$: Root partitions and volumes are shared as the drive letter name appended with the $character. For example, drive letters C and D are shared as C$ and D$.

ADMIN$: A resource that is used during remote administration of a computer.

IPC$: A resource that shares the named pipes that you must have for communication between programs.Note that this resource cannot be deleted.

NETLOGON: A resource that is used on domain controllers.

SYSVOL: A resources that is used on domain controllers.

PRINT$: A resource that is used during the remote administration of printers.

FAX$: A shared folder on a server that is used by fax clients during fax transmission.Note NETLOGON and SYSVOL are not hidden shares but are instead special administrative shares.Generally, Microsoft recommends that you do not modify these special shared resources. However, if youwant to remove the special shared resources and prevent them from being created automatically, you cando this by editing the registry.

1. Q) Can I changed password if my machinces connectivity to DC who holds PDC emulator role hasbeen fails?A) No You cant the password.Q) i have been asked if there is set of 30 harddisk configured for raid 5 if two harddisk failed whatabout dataA) It depends how u had configured ur RAID its only Raid5 or with with spare if its onlyraid 5 then in raid5 if ur 2 nos of HDD goes then ur raid is gone.Q) How Can i Deploy the Latest Patched in Pc through G.P. wihtout having the Admin Right in Pc.A)Create a batch file and place all the patches in the Netlogon, and deploy the batch file through GP toall the pcs so the same should take affect after restarting the pc.Q) In Raid 5,Suppose i have 5 HDD of 10-10 GB, After configuring the Raid how much space do ihave for utilise.A) -1 out of the total (eg- if u r using 5 u will get only 4 because 1 goes for parity).Q) How Can i Resolve the Svr name through NslookupA) what exactly u want to do, nslookupcommand will let u know through which server u r getting routed, (eg- c:\nslookup then u will get urdomain name to which u r getting routed. and if u want to get the name of the pc/server with the ipaddress then u have to give the command c:\nbtstat -a ip xx-xx-xx-xx)

===========================================================

1. DHCP relay agent where to place it?

Ans: DHCP Relay agent u need to place in Software Router.

Question: How many Zones in Windows 2000 server and Windows 2003 Server ?

Ans: In Windows 2000 there are mainly 3 zonesStandard Primary zone information is written in Txt fileStandard Secondary copy of PrimaryActiveDirectory Integrated Information stores in Active Directory

In Win2k3 one more zone is added that is Stub zoneStub is like secondary but it contains only copy of SOA records, copy of NS records, copy of A records forthat zone. No copy of MX, SRV records etc.,With this Stub zone DNS traffic will be lowQuestion: What is Kerberos? Which version is currently used by Windows? How does Kerberoswork?


9/10

9 of 10

Answer: Kerberos is the user authentication used in Windows 2000 and Win2003 Active Directory servers

Kerberos version in 5.0

Port is: 88

Its more secure and encrypted than NTLM (NT authentication)

1. Which protocol is used for Public Folder?

ANS: SMTP

What is the use of NNTP with exchange?

ANS: This protocol is used the news group in exchange.

1. What is the content of System State backup?The contents are: Boot files, system filesActive directory (if its done on DC)SysVol folder(if it done onDC)Certificate service ( on a CA server)Cluster database ( on a cluster server)registryPerformance counterconfiguration informationComponent services class registration database

Q: What are the perquisites for installation of Exchange Server?The prerequisite are

IISSMTPWWW serviceNNTP.NET FrameworkASP.NETThen run ForestprepThen run domainprep

Question: What is Multi Master Replication?Answer: Multi-master replication is a method of replication employed by databases to transfer data orchanges to data across multiple computers within a group. Multi-master replication can be contrasted with amaster-slave method (also known as single-master replication).

DFS? DFS Namespace ?

1. DFS Replication. New state-based, multimaster replication engine that is optimized for WANenvironments. DFS Replication supports replication scheduling, bandwidth throttling, and a new byte-levelcompression algorithm known as remote differential compression (RDC).DFS Namespaces. Technology that helps administrators group shared folders located on different serversand present them to users as a virtual tree of folders known as a namespace. DFS Namespaces wasformerly known as Distributed File System in Windows 2000 Server and Windows Server 2003.

What are the four domain functional levels?

Windows 2000 MixedWindows 2000 NativeWindows Server 2003 InterimWindows Server 2003

Windows 2000 MixedWhen you configure a new Windows Server 2003 domain, the default domain functional level is Windows2000 mixed.Under this domain functional level, Windows NT, 2000, and 2003 domain controllers aresupported. However,certain features such as group nesting, universal groups, and so on are not available.

Windows 2000 NativeUpgrading the functional level of a domain to Windows 2000 Native should only be done if there arenoWindows NT domain controllers remaining on the network. By upgrading to Windows 2000 Native functionallevel,additional features become available including: group nesting, universal groups, SID History, and theability to convertsecurity groups and distribution groups.

Windows Server 2003 InterimThe third functional level is Windows Server 2003 Interim and it is often used when upgrading fromWindowsNT to Windows Server 2003. Upgrading to this domain functional level provides support forWindows NT andWindows Server 2003 domain controllers. However, like Windows 2000 Mixed, it does not provide new


10/10

10 of 10

features.Windows Server 2003The last functional level is Windows Server 2003. This domain functional level onlyprovides support forWindows Server 2003 domain controllers. If you want to take advantage of all thefeatures included withWindows Server 2003, you must implement this functional level. One of the mostimportant features introducedat this functional level is the ability to rename domain controllers

actice directory faq with answers

Documents