active directory interview questions with answers
TRANSCRIPT
-
5/26/2018 Active Directory Interview Questions With Answers
1/367
Active Directory Interview questionswith answers
Learn about basic Active directory functionality.Happy learning!!!
Below are the Active Directory Interview Questions and answers. However there are more Interview question:
Wintel /AD Interview uestions"http//yourco#puter.in/wintel"interview"questions"and"answers
Windows $luster Interview questions "http//yourco#puter.in/windows"cluster"interview"questions"and"
answers
%ersonal Interview uestions"http//yourco#puter.in/personal"interview"questions"answers
What is &lobal $atalog and its function'
The global catalog is a distributed data repository that contains a searchable partial representation o! every ob"ect in
every domain in a multidomain Active Directory Domain #ervices $AD D#% !orest. The global catalog is stored on
domain controllers that have been designated as global catalog servers and is distributed through multimaster
replication. #earches that are directed to the global catalog are !aster because they do not involve re!errals to
di!!erent domain controllers.
The global catalog provides the ability to locate ob"ects !rom any domain without having to &now the domain name. A
global catalog server is a domain controller that in addition to its !ull writable domain directory partition replica also
stores a partial read'only replica o! all other domain directory partitions in the !orest.
(orest"wide searches.The global catalog provides a resource !or searching an AD D# !orest. (orest'wide
searches are identi!ied by the )DA* port that they use. I! the search query uses port +,- the query is sent
to a global catalog server.
)ser logon.In a !orest that has more than one domain two conditions require the global catalog during
user authentication: /niversal 0roup 1embership 2aching: In a !orest that has more than one domain in
sites that have domain users but no global catalog server /niversal 0roup 1embership 2aching can be
used to enable caching o! logon credentials so that the global catalog does not have to be contacted !or
subsequent user logons. This !eature eliminates the need to retrieve universal group memberships across a
3A4 lin& !rom a global catalog server in a di!!erent site.
http://yourcomputer.in/wintel-interview-questions-and-answers/http://yourcomputer.in/wintel-interview-questions-and-answers/http://yourcomputer.in/wintel-interview-questions-and-answers/http://yourcomputer.in/windows-cluster-interview-questions-and-answers/http://yourcomputer.in/windows-cluster-interview-questions-and-answers/http://yourcomputer.in/windows-cluster-interview-questions-and-answers/http://yourcomputer.in/personal-interview-questions-answers/http://yourcomputer.in/personal-interview-questions-answers/http://yourcomputer.in/windows-cluster-interview-questions-and-answers/http://yourcomputer.in/windows-cluster-interview-questions-and-answers/http://yourcomputer.in/personal-interview-questions-answers/http://yourcomputer.in/wintel-interview-questions-and-answers/ -
5/26/2018 Active Directory Interview Questions With Answers
2/367
o In a domain that operates at the 3indows ,555 native domain !unctional level or higher domain
controllers must request universal group membership enumeration !rom a global catalog server.
o 3hen a user principal name $/*4% is used at logon and the !orest has more than one domain a
global catalog server is required to resolve the name.
67change Address Boo& loo&ups. #ervers running 1icroso!t 67change #erver rely on access to the global
catalog !or address in!ormation. /sers use global catalog servers to access the global address list $0A)%.
What are the co#ponents of Logical AD'
The logical parts o! Active Directory include !orests trees domains 8/s and global catalogs.
Do#ain9It is still a logical group o! users and computers that share the characteristics o! centralied security and
administration. A domain is still a boundary !or security 9 this means that an administrator o! a domain is an
administrator !or only that domain and no others by de!ault.
*ree9 a tree is a collection o! Active Directory domains that share a contiguous namespace.
(orest9 a !orest is the largest unit in Active Directory and is a collection o! trees that share a common #chema. In a
!orest all trees are connected by transitive two'way trust relationships thus allowing users in any tree access to
resources in another !or which they have been given appropriate permissions and rights. By de!ault the !irst domain
created in a !orest is re!erred to as the root domain.
What are the different %artition in AD and e+plain all'
The Active Directory database is logically separated into directory partitions:
#chema partition
2on!iguration partition
Domain partition
Application partition
6ach partition is a unit o! replication and each partition has its own replication topology. ;eplication occurs between
replicas o! directory partition. 1inimum two directory partitions are common among all domain controllers in the same
!orest: the schema and con!iguration partitions. All domain controllers which are in the same domain in addition
share a common domain partition.
-
5/26/2018 Active Directory Interview Questions With Answers
3/367
,che#a %artition
8nly one schema partition e7ists per !orest. The schema partition is stored on all domain controllers in a !orest. The
schema partition contains de!initions o! all ob"ects and attributes that you can create in the directory and the rules !or
creating and manipulating them. #chema in!ormation is replicated to all domain controllers in the attribute de!initions.
$onfiguration %artition
There is only one con!iguration partition per !orest. #econd on all domain controllers in a !orest the con!iguration
partition contains in!ormation about the !orest'wide active directory structure including what domains and sites e7ist
which domain controllers e7ist in each !orest and which services are available. 2on!iguration in!ormation is replicated
to all domain controllers in a !orest.
Do#ain %artition
1any domain partitions can e7ist per !orest. Domain partitions are stored on each domain controller in a given
domain. A domain partition contains in!ormation about users groups computers and organiational units. The
domain partition is replicated to all domain controllers o! that domain. All ob"ects in every domain partition in a !orest
are stored in the global catalog with only a subset o! their attribute values.
Application %artition
Application partitions store in!ormation about application in Active Directory. 6ach application determines how it
stores categories and uses application speci!ic in!ormation. To prevent unnecessary replication to speci!ic
application partitions you can designate which domain controllers in a !orest host speci!ic application partitions.
/nli&e a domain partitions an application partition cannot store security principal ob"ects such as user accounts. In
addition the data in an application partition is not stored in the global catalog.
As an e7ample o! application partition i! you use a Domain 4ame #ystem $D4#% that is integrated with Active
Directory you have two application partitions !or D4# ones < (orestD4#=ones and DomainD4#=ones:
http://yourcomputer.in/wp-content/uploads/2013/01/schema.jpg -
5/26/2018 Active Directory Interview Questions With Answers
4/367
(orestD4#=ones is part o! a !orest. All domain controllers and D4# servers in a !orest receive a replica o!
this partition. A !orest'wide application partition stores the !orest one data.
DomainD4#=ones is unique !or each domain. All domain controllers that are D4# servers in that domain
receive a replica o! this partition. The application partitions store the domain D4# one in the
DomainD4#=ones>domain name?.
6ach domain has a DomainD4#=ones partition but there is only one (orestD4#=ones partition. 4o D4# data is
replicated to the global catalog server.
Different types of Dis- partition'
How #any types of AID and e+plain any advantage and disadvantage'
http:@@yourcomputer.in@what'is'raid'con!iguration'in'windows@
AID Levels and *ypes
;AID an acronym o! edundant Array of Independent 0Ine+pensive1 Dis-sis the tal& o! the day. These are an
array o! dis& to give more power per!ormance !ault tolerance and accessibility to the data as a single storage
system. Its not mere combination o! dis&s but all the dis&s are combined providing standard 1TB( $mean time be!ore
!ailure% reliability scheme otherwise chances are per!ormance would be a!!ected drastically i! dis&s are not combined
as a single storage unit.
AID Levels
All the ;AID types and models are commonly classi!ied as ;AID levels since ;AID represented by a highernumber is regarded to be superior more e!!icient high'per!ormance array than the low numbered ;AID. Hence
high security !eature o! ;AID also depends on the ;AID level you are using. ;AID arrays not only provide the
users with ma7imum security and reliability but also ma&e sure that i! a dis& !ails no data is lost. The in'depth
&nowledge about ;AID levels would help you through buying o! ;AID servers.)ets brie!ly discuss here the main
;AID levels and classes:
AID 2 3 ,triping
It is the ,tripped Dis- Arraywith no !ault tolerance and it requires at least , drives to be implemented. Due to no
redundancy !eature ;AID 5 is considered to be the lowest ran&ed ;AID level. #triped data mapping technique is
implemented !or high per!ormance at low cost. The I@8 per!ormance is also improved as it is loaded across manychannels. ;egeneration ;ebuilding and !unctional redundancy are some salient !eatures o! ;AID 5.
AID 4 3 5irroring
It is the 5irroring 0,hadowing1 Arraymeant to provide high per!ormance. ;AID C controller is able to per!orm ,
separate parallel reads or writes per mirrored pair. It also requires at least , drives to implement a non'redundant dis&
array. High level o! availability access and reliability can be achieved by entry'level ;AID C array. 3ith !ull
redundancy !eature available need o! readability is almost negligible. 2ontroller con!igurations and storage
subsystem design is the easiest and simplest amongst all ;AID levels.
http://yourcomputer.in/what-is-raid-configuration-in-windows/http://yourcomputer.in/what-is-raid-configuration-in-windows/ -
5/26/2018 Active Directory Interview Questions With Answers
5/367
AID 264
It is the ;AID array providing high data trans!erence per!ormance with at least dis&s needed to implement the ;AID
5EC level. Its a unique combination o! stripping and mirroring with all the best !eatures o! ;AID 5 and ;AID C
included such as !ast data access and !ault tolerance at single drive level. The multiple stripe segments have added
high I@8 rates to the ;AID per!ormance and it is the best solution !or ma7imum reliability.
AID 7 08$$1
It is the combination o! Inherently %arallel 5apping and %rotection AID array . Its also &nown as 622 ;AID
because each data word bit is written to data dis& which is veri!ied !or correct data or correct dis& error when the
;AID dis& is read. Due to special dis& !eatures required ;AID , is not very popular among the corporate data
storage masses despite the e7tremely high data trans!erence rates.
AID
;AID + wor&s on the %arallel *ransfer with %aritytechnique. The least number o! dis&s required to implement the
;AID array is + dis&s. In the ;AID + data bloc&s are striped and written on data drives and then the stripe parity is
generated saved and a!terwards used to veri!y the dis& reads. ;ead and write data trans!er rate is very high in ;AID
+ array and dis& !ailure causes insigni!icant e!!ects on the overall per!ormance o! the ;AID.
AID 9
;AID requires a minimum o! + drives to be implemented. It is composed o! independent dis&s with shared parity to
protect the data. Data transaction rate !or ;ead is e7ceptionally high and highly aggregated. #imilarly the low ratio o!
parity dis&s to data dis&s indicates high e!!iciency.
AID :
;AID# F is Independent Distributed parity bloc-o! data dis&s with a minimum requirement o! at least + drives to
be implemented and 4'C array capacity. It helps in reducing the write inherence !ound in ;AID . ;AID F array o!!ers
highest data transaction ;ead rate medium data transaction 3rite rate and good cumulative trans!er rate.
AID ;
;AID# - is Independent Data Dis- array with Independent Distributed parity. It is &nown to be an e7tension o!
;AID level F with e7tra !ault tolerance and distributed parity scheme added. ;AID - is the best available ;AID array!or mission critical applications and data storage needs though the controller design is very comple7 and overheads
are e7tremely high.
AID ed Asynchrony array!or high I@8 and data trans!er rates and is considered to be the most
manageable ;AID controller available. The overall write per!ormance is also &nown to be F5 to 5 better and
improved than the single spindle array levels with no e7tra data trans!erence required !or parity handling. ;AID G is
registered as a standard trademar& o! #torage 2omputer 2orporation.
AID 42
;AID C5 is classi!ied as the !uturistic ;AID controller with e7tremely high ;eliability and per!ormance embedded in a
single ;AID controller. The minimum requirement to !orm a ;AID level C5 controller is data dis&s. Theimplementation o! ;AID C5 is based on a striped array o! ;AID C array segments with almost the same !ault
tolerance level as ;AID C. ;AID C5 controllers and arrays are suitable !or uncompromising availability and e7tremely
high throughput required systems and environment.
-
5/26/2018 Active Directory Interview Questions With Answers
6/367
3ith all the signi!icant ;AID levels discussed here brie!ly another important point to add is that whichever level o!
;AID is used regular and consistent data bac&up maintenance using tape storage is must as the regular tape storage
is best media to recover !rom lost data scene.
What is (,5= oles'
2lic& here to &now about (#18 in detail
How to find which server hold which role'
4etdom query (#18
How we can replication #onitoring'
The Active Directory ;eplication 1onitor replmon.e7e is part o! the 3indows ,555 #upport /tilities available on the
3indows ,555 #erver 2D in the J#/**8;TJT88)# !older. *rimary uses o! replmon :
2hec& !or replication errors
;un the K22 Knowledge 2onsistency 2hec&er to chec& replication topology
#ynchronie each directory partition with all servers
0enerate status reports on replication in!o on servers
)ist domain controllers
2hec& 0roup *olicy 8b"ect status
2hoose per!ormance counters to be monitored
)ist server hosting 0lobal 2atalog
)ist bridgehead servers
Display trust relationships )ist AD meta'data in!o
How we can diagnosis any issue related to ad replication'
What is intersite and Intra site replication e+plain'
http:@@technet.microso!t.com@en'us@library@ccGFF$3#.C5%.asp7
What is Authoritative and ?on authorities restoration'
http://yourcomputer.in/fsmo-roles/http://yourcomputer.in/fsmo-roles/http://technet.microsoft.com/en-us/library/cc755994(WS.10).aspxhttp://yourcomputer.in/fsmo-roles/http://technet.microsoft.com/en-us/library/cc755994(WS.10).aspx -
5/26/2018 Active Directory Interview Questions With Answers
7/367
Active Directory is bac&ed up as part o! system state a collection o! system components that depend on each other.
Lou must bac& up and restore system state components together.
2omponents that comprise the system state on a domain controller include:
,yste# ,tart"up (iles 0boot files1. These are the !iles required !or 3indows ,555 #erver to start. ,yste# registry.
$lass registration database of $o#ponent ,ervices.The 2omponent 8b"ect 1odel $281% is a binary
standard !or writing component so!tware in a distributed systems environment.
,@,=L. The system volume provides a de!ault Active Directory location !or !iles that must be shared !or
common access throughout a domain. The #L#M8) !older on a domain controller contains:
o 46T)8084 shared !olders. These usually host user logon scripts and 0roup *olicy ob"ects
$0*8s% !or non'3indows ,555based networ& clients.
o /ser logon scripts !or 3indows ,555 *ro!essionalbased clients and clients that are running
3indows F 3indows or 3indows 4T .5.
o 3indows ,555 0*8s.
o (ile system "unctions.
o (ile ;eplication service $(;#% staging directories and !iles that are required to be available and
synchronied between domain controllers.
Active Directory.Active Directory includes:
o 4tds.dit: The Active Directory database.
o 6db.ch&: The chec&point !ile.
o 6dbN.log: The transaction logs each C5 megabytes $1B% in sie.
o ;esC.log and ;es,.log: ;eserved transaction logs.
?oteI! you use Active Directory'integrated D4# then the one data is bac&ed up as part o! the Active Directory
database. I! you do not use Active Directory'integrated D4# you must e7plicitly bac& up the one !iles. However i!
you bac& up the system dis& along with the system state one data is bac&ed up as part o! the system dis&.I! you
installed 3indows 2lustering or 2erti!icate #ervices on your domain controller they are also bac&ed up as part o!
system state.
?on"authoritative restore of Active Directory
A non'authoritative restore returns the domain controller to its state at the time o! bac&up then allows normal
replication to overwrite that state with any changes that have occurred a!ter the bac&up was ta&en. A!ter you restore
-
5/26/2018 Active Directory Interview Questions With Answers
8/367
the system state the domain controller queries its replication partners. The replication partners replicate any changes
to the restored domain controller ensuring that the domain controller has an accurate and updated copy o! the Active
Directory database.
4on'authoritative restore is the de!ault method !or restoring Active Directory and you will use it in most situations that
result !rom Active Directory data loss or corruption. To per!orm a non'authoritative restore you must be able to start
the domain controller in Directory #ervices ;estore 1ode.
?on"authoritative restore of ,@,=L
3hen you non'authoritatively restore the #L#M8) the local copy o! #L#M8) on the restored domain controller is
compared with that o! its replication partners. A!ter the domain controller restarts it contacts its replication partners
compares #L#M8) in!ormation and replicate the any necessary changes bringing it up'to'date with the other
domain controllers within the domain.
*er!orm a non'authoritative restore o! #L#M8) i! at least one other !unctioning domain controller e7ists in thedomain. This is the de!ault method !or restoring #L#M8) and occurs automatically i! you per!orm a non'authoritative
restore o! the Active Directory.
I! no other !unctioning domain controller e7ists in the domain then per!orm a primary restore o! the #L#M8). A
primary restore builds a new (ile ;eplication service $(;#% database by loading the data present under #L#M8) on
the local domain controller. This method is the same as a non'authoritative restore e7cept that the #L#M8) is
mar&ed primary.
Authoritative restore of Active Directory
An authoritative restore is an e7tension o! the non'authoritative restore process. Lou must per!orm the steps o! a
non'authoritative restore be!ore you can per!orm an authoritative restore. The main di!!erence is that an authoritative
restore has the ability to increment the version number o! the attributes o! all ob"ects in an entire directory all ob"ects
in a subtree or an individual ob"ect $provided that it is a lea! ob"ect% to ma&e it authoritative in the directory. ;estore
the smallest unit necessary !or e7ample do not restore the entire directory in order to restore a single subtree.
As with a non'authoritative restore a!ter a domain controller is bac& online it will contact its replication partners to
determine any changes since the time o! the last bac&up. However because the version number o! the ob"ect
attributes that you want to be authoritative will be higher than the e7isting version numbers o! the attribute held on
replication partners the ob"ect on the restored domain controller will appear to be more recent and there!ore will be
replicated out to the rest o! the domain controllers within the environment.
/nli&e a non'authoritative restore an authoritative restore requires the use o! a separate tool 4tdsutil.e7e. 4o
bac&up utilities< including the 3indows ,555 #erver system tools< can per!orm an authoritative restore.
-
5/26/2018 Active Directory Interview Questions With Answers
9/367
An authoritative restore will not overwrite new ob"ects that have been created a!ter the bac&up was ta&en. Lou can
authoritatively restore only ob"ects !rom the con!iguration and domain'naming conte7ts. Authoritative restores o!
schema'naming conte7ts are not supported.
*er!orm an authoritative restore when human error is involved such as when an administrator accidentally deletes a
number o! ob"ects and that change replicates to the other domain controllers and you cannot easily recreate the
ob"ects. To per!orm an authoritative restore you must start the domain controller in Directory #ervices ;estore 1ode.
Authoritative restore of ,@,=L
By authoritatively restoring the #L#M8) you are speci!ying that the copy o! #L#M8) that is restored !rom bac&up is
authoritative !or the domain. A!ter the necessary con!igurations have been made Active Directory mar&s the local
#L#M8) as authoritative and it is replicated to the other domain controllers within the domain.
The authoritative restore o! #L#M8) does not occur automatically a!ter an authoritative restore o! Active Directory.
Additional steps are required.
As with Active Directory authoritative restore you typically per!orm an authoritative restore o! #L#M8) when human
error is involved and the error has replicated to other domain controllers. (or e7ample you might per!orm an
authoritative restore o! #L#M8) i! an administrator has accidentally deleted an ob"ect that resides in #L#M8) such
as a 0roup *olicy ob"ect.
http:@@yourcomputer.in@authoritative'vs'non'authoritative'restoration'o!'active'directory
http:@@technet.microso!t.com@en'us@library@bbG,G5.asp7
How to restore the AD
http:@@technet.microso!t.com@en'us@library@bbG,G5.asp7
What is *o#bstone period'
The tombstone li!etime in an Active Directory !orest determines how long a deleted ob"ect $called a OtombstoneP% is
retained in Active Directory Domain #ervices $AD D#%. The tombstone li!etime is determined by the value o!
the to#bstoneLifeti#eattribute on the Directory #ervice ob"ect in the con!iguration directory partition.
In 1icroso!t 3indows #erver ,55+ ;, the de!ault tombstone li!etime $T#)% value remains at -5 days.
?ote In 3indows #erver ,55+ #ervice *ac& C the de!ault T#) value has increased !rom -5 days to C5 days.
What are Lingering =bBects'
)ingering ob"ects can occur i! a domain controller does not replicate !or an interval o! time that is longer than the
tombstone li!etime $T#)%. The domain controller then reconnects to the replication topology. 8b"ects that are deleted
http://yourcomputer.in/authoritative-vs-non-authoritative-restoration-of-active-directoryhttp://technet.microsoft.com/en-us/library/bb727048.aspxhttp://technet.microsoft.com/en-us/library/bb727048.aspxhttp://yourcomputer.in/authoritative-vs-non-authoritative-restoration-of-active-directoryhttp://technet.microsoft.com/en-us/library/bb727048.aspxhttp://technet.microsoft.com/en-us/library/bb727048.aspx -
5/26/2018 Active Directory Interview Questions With Answers
10/367
!rom the Active Directory directory service when the domain controller is o!!line can remain on the domain controller
as lingering ob"ects.
What is the difference between 722 and 722C'
http:@@yourcomputer.in@di!!erence'between'windows',55+'and',55@
,55 is combination o! vista and windows ,55+r,.#ome new services are introduced in it
C. ;8D2 one new domain controller introduced in it
;ead'only Domain controllers.R
,. 3D# $windows deployment services% instead o! ;I# in ,55+ server
+. shadow copy !or each and every !olders
.boot sequence is changed
F.installation is +, bit where as ,55+ it is C- as well as +, bit thats why installation o! ,55 is !aster
-.services are &nown as role in itG. 0roup policy editor is a separate option in ads
,% The main di!!erence between ,55+ and ,55 is Mirtualiation management.
,55 has more inbuilt components and updated third party drivers 1icroso!t introduces new !eature with ,& that is
Hyper'M 3indows #erver ,55 introduces Hyper'M $M !or Mirtualiation% but only on -bit versions. 1ore and more
companies are seeing this as a way o! reducing hardware costs by running several Svirtual servers on one physical
machine. I! you li&e this e7citing technology ma&e sure that you buy an edition o! 3indows #erver ,55 that includes
Hyper'M then launch the #erver 1anger add ;oles.
+% In 3indows #erver ,55 1icroso!t is introducing new !eatures and technologies some o! which were not available
in 3indows #erver ,55+ with #ervice *ac& C $#*C% that will help to reduce the power consumption o! server and
client operating systems minimie environmental byproducts and increase server e!!iciency.
1icroso!t 3indows #erver ,55 has been designed with energy e!!iciency in mind to provide customers with ready
and convenient access to a number o! new power'saving !eatures. It includes updated support !or Advanced
2on!iguration and *ower Inter!ace $A2*I% processor power management $**1% !eatures including support !or
processor per!ormance states $*'states% and processor idle sleep states on multiprocessor systems. These !eatures
simpli!y power management in 3indows #erver ,55 $3#5% and can be managed easily across servers and clients
using 0roup *olicies.
What Is ,trict eplication and How Do @ou 8nable'
http://yourcomputer.in/difference-between-windows-2003-and-2008/http://yourcomputer.in/difference-between-windows-2003-and-2008/ -
5/26/2018 Active Directory Interview Questions With Answers
11/367
#trict ;eplication is a mechanism developed by 1icroso!t developers !or Active Directory ;eplication. I! a domain
controller has the #trict ;eplication enabled then that domain controller will not get O)ingering 8b"ectsP !rom a domain
controller which was isolated !or more than the Tomb#tone )i!e Time. T#) is C5 days by de!ault on a (orest created
with 3indows #erver ,55+ #*C. A domain controller shouldnt be outo! sync !or more than this period. )ingering
8b"ects may appear on other domain controllers i! replication happens with the outdated domain controllers. These
domain controllers will not replicate with the outdated domain controllers i! you have set the below mentioned registry
&ey.Lou must set the !ollowing registry setting on all the domain controllers to enable the #trict ;eplication:
8@ ?a#eHK6L)82A)1A2HI46J#L#T61J2urrent2ontrol#etJ#ervicesJ4TD#J*arameters
egistry 8ntry#trict ;eplication 2onsistency
alueC $enabled% 5 $disabled%
Type;60D38;D
What are the new feature of Win722C'
How #any flavours of Win-7-C'
Windows ,erver 722C
Web 8dition
Windows ,erver 722C
,tandard 8dition
Windows ,erver 722C
8nterprise 8dition
Windows ,erver 72
Datacenter 8ditio
,upersedes
3indows #erver ,55+
3eb 6dition
3indows #erver ,55+
;, #tandard 6dition
3indows #erver ,55+
;, #tandard 7-
6dition
3indows #erver ,55+;,
6nterprise 6dition
3indows #erver ,55+ ;,
6nterprise 7- 6dition
3indows #erver ,55+
Datacenter 6ditio
3indows #erver ,55+
Datacenter 7- 6ditio
Hyper"
virtuali>ation
technology 4ot included IncludedC IncludedC IncludedC
=, instances
per#itted per
server license
8ne instance $physical or
virtual%
8ne physical instance
plus one virtual
instance,8ne physical instance and
up to virtual instances,/nlimited number o!
instances
5a+i#u# server
A5 supported+
+,'bit: 0B
-'bit: +,0B
+,'bit: 0B
-'bit: +,0B
+,'bit: -0B
-'bit: ,TB
+,'bit: -0B
-'bit: ,TB
5a+i#u# nu#ber -
-
5/26/2018 Active Directory Interview Questions With Answers
12/367
of $%)s
Hot swap A5
and $%)s 4o 4o 4o Les
$luster ,ervice
0failover1 4o 4o
Les up to C- nodes per
cluster
Les up to C- nodes
cluster
*er#inal ,erver 4o LesF Les Les
?etwor- Access
%rotection 4o Les- Les Les
).,. esti#ated
retail priceG
/#UG5 per server
$ available only without
Hyper'M%
/#U55 per server
$/#UGG, without Hyper'
M%
/#U+555 per server
$/#U,G, without Hyper'
M%
/#U+555 per proces
$/#U,G, per proces
without Hyper'M%
$ALs or 8+ternal
$onnector
required 4o Les Les Les
How you find the server hold DH$%'
How to configure the DH$% server'
If user are not getting I% fro# the DH$% servers what step you ta-e to fi+ the issue'
What is the process of user getting I% fro# DH$% ,erver'
D8;A *;826##
DI#28M6;:3hen a client is con!igured with the ip setting to obtain Ip address automatically. Then the client
will search !or DH2* server and the /D* Broadcast to the server about the DH2* discover
8((6;: DH2* #erver will o!!ers a scope o! ip address available in the pool.
;6Q/6#T: In response to the o!!er the 2lient will requests !or an ip address.
A2K483)6D06:In response to the request server will responds with all Ip address 1as& 0ty Dns and
wins in!o along with the ac&nowledgment pac&et.
-
5/26/2018 Active Directory Interview Questions With Answers
13/367
DH2* 1essage Types
DH2*DI#28M6;
This DH2* message type is used by the DH2* client to discover DH2* servers.
DH2*8((6;
This DH2* message type is used by the DH2* server to respond to a received DH2*DI#28M6; message
and also o!!ers con!iguration details at that time.
DH2*;6Q/6#T
This message comes !rom a client and to the DH2* server to convey three various messages. The !irst is to
request con!iguration details !rom one speci!ic DH2* server and speci!ically re"ecting o!!ers !rom any other
potential DH2* servers. #econdly it can be used !or veri!ication o! previously used I* address a!ter a
system has undergone a reboot. )astly it can be used to e7tend the lease o! a speci!ic I* address.
How we can sei>e roles'
How we can transfers roles fro# one D$ to another'
What is -erbores and its process'
http:@@technet.microso!t.com@en'us@library@bbG,FC-.asp7
What contain syste# state bac-up'
(ollowing system components as #ystem #tate data:
;egistry
281E class registration database
Boot !iles including the system !iles
2erti!icate services database
Active Directory
The system volume
I! the wor&station is a domain controller the !ollowing components are bac&ed up:
Active directory $4TD#%
The system volume $#L#M8)%
http://technet.microsoft.com/en-us/library/bb742516.aspxhttp://technet.microsoft.com/en-us/library/bb742516.aspx -
5/26/2018 Active Directory Interview Questions With Answers
14/367
I! the wor&station is a certi!icate server then the related data is also bac&ed up. 1any security and other disasters
can be !i7ed by restoring #ystem #tate to a good con!iguration.
How you can ta-e the bac-up of D$'
Did you aware of I*IL %rocess'
8+pain the process in I*IL li-e Incident 5anage#ntE $hange 5anage#ent and %roble# 5g#t'
How you do the pactching'
Did you -now ,$=5 and its configuration'
What is the tic-eting tool used'
How to upgrade the =/,'
What are all the different #ode of =/,'
Kernel 1ode
In Kernel mode the e7ecuting code has complete and unrestricted access to the underlying hardware. It can e7ecute
any 2*/ instruction and re!erence any memory address. Kernel mode is generally reserved !or the lowest'level most
trusted !unctions o! the operating system. 2rashes in &ernel mode are catastrophic they will halt the entire *2.
/ser 1ode
In /ser mode the e7ecuting code has no ability to directly access hardware or re!erence memory. 2ode running in
user mode must delegate to system A*Is to access hardware or memory. Due to the protection a!!orded by this sort
o! isolation crashes in user mode are always recoverable. 1ost o! the code running on your computer will e7ecute in
user mode.
What are all the files contain AD Database'
3indows ,555 Active Directory data store the actual database !ile is #ystem;ootJntdsJ4TD#.DIT. The ntds.dit
!ile is the heart o! Active Directory including user accounts. Active Directorys database engine is the 67tensible
#torage 6ngine $ 6#6 % which is based on the Vet database used by 67change F.F and 3I4#. The 6#6 has thecapability to grow to C- terabytes which would be large enough !or C5 million ob"ects. Bac& to the real world. 8nly the
Vet database can maniuplate in!ormation within the AD datastore.
(or in!ormation on domain controller con!iguration to optimie Active Directory see=pti#i>e Active Directory Dis-
%erfor#ance
The Active Directory 6#6 database 4TD#.DIT consists o! the !ollowing tables:
http://web.archive.org/web/20060111135435/http:/www.windowsnetworking.com/nt/nt2000/atips/atips80.shtmlhttp://web.archive.org/web/20060111135435/http:/www.windowsnetworking.com/nt/nt2000/atips/atips80.shtmlhttp://web.archive.org/web/20060111135435/http:/www.windowsnetworking.com/nt/nt2000/atips/atips80.shtmlhttp://web.archive.org/web/20060111135435/http:/www.windowsnetworking.com/nt/nt2000/atips/atips80.shtmlhttp://web.archive.org/web/20060111135435/http:/www.windowsnetworking.com/nt/nt2000/atips/atips80.shtml -
5/26/2018 Active Directory Interview Questions With Answers
15/367
#chema table
the types o! ob"ects that can be created in the Active Directory relationships between them and the optional and
mandatory attributes on each type o! ob"ect. This table is !airly static and much smaller than the data table.
)in& table
contains lin&ed attributes which contain values re!erring to other ob"ects in the Active Directory. Ta&e the 1ember8!
attribute on a user ob"ect. That attribute contains values that re!erence groups to which the user belongs. This is also
!ar smaller than the data table.
Data table
users groups application'speci!ic data and any other data stored in the Active Directory. The data table can be
thought o! as having rows where each row represents an instance o! an ob"ect such as a user and columns where
each column represents an attribute in the schema such as 0iven4ame.
Any idea about virtuali>ation technology'
What is virtual #e#ory'
The purpose o! virtual memory is to enlarge the address space the set o! addresses a program can utilie. (or
e7ample virtual memory might contain twice as many addresses as main memory. A program using all o! virtual
memory there!ore would not be able to !it in main memory all at once. 4evertheless the computer could e7ecute
such a program by copying into main memory those portions o! the program needed at any given point during
e7ecution.
To !acilitate copying virtual memory into real memory the operating system divides virtual memory intopages each
o! which contains a !i7ed number o! addresses. 6ach page is stored on a dis& until it is needed. 3hen the page is
needed the operating system copies it !rom dis& to main memory translating the virtual addresses into real
addresses.
I#portant port nos li-e (*%E *alnetE D% and D?,'
What is heart beat'
What is the difference between ?*(, and share per#issions' What is ,,'
Are you aware of olu#e shadow copy please e+paing'
$an we use a Linu+ D?, ,ever in 7222 Do#ain'
&%5$ F ,=% in windows 722'
-
5/26/2018 Active Directory Interview Questions With Answers
16/367
How to use recovery console'
How to ta-e D?, and WI?,E DH$% bac-up ' What is the use of ter#inal services'
And its #ode How is Active Directory scalable'
What is #ulti#aster replication'
5ulti#aster eplication
Active Directory uses multimaster replication to accomplish the synchroniation o! directory in!ormation. True
multimaster replication can be contrasted with other directory services that use a master-slave approach to updates
wherein all updates must be made to the master copy o! the directory and then be replicated to the slave copies. This
system is adequate !or a directory that has a small number o! copies and !or an environment where all o! the changes
can be applied centrally. But this approach does not scale beyond small'sied organiations nor does it address the
needs o! decentralied organiations. 3ith Active Directory no one domain controller is the master. Instead alldomain controllers within a domain are equivalent. 2hanges can be made to any domain controller unli&e a single'
master system where changes must be made to one server. In the single'master system the primary server
replicates the updated in!ormation to all other directory servers in the domain.
3ith multimaster replication it is not necessary !or every domain controller to replicate with every other domain
controller. Instead the system implements a robust set o! connections that determines which domain controllers
replicate to which other domain controllers to ensure that networ&s are not overloaded with replication tra!!ic and that
replication latency is not so long that it causes inconvenience to users. The set o! connections through which
changes are replicated to domain controllers in an enterprise is called the replication topology.
1ultimaster update capability provides high availability o! write access to directory ob"ects because several servers
can contain writable copies o! an ob"ect. 6ach domain controller in the domain can accept updates independently
without communicating with other domain controllers. The system resolves any con!licts in updates to a speci!ic
directory ob"ect. I! updates cease and replication continues all copies o! an ob"ect eventually reach the same value.
The manner in which a directory service stores in!ormation directly determines the per!ormance and scalability o! the
directory service. Directory services must handle a large number o! queries compared to the number o! updates they
must process. A typical ratio o! queries to updates is :C. By creating multiple copies o! the directory and &eeping
the copies consistent the directory service can handle more queries per second.
1ultimaster replication provides the !ollowing advantages over single'master replication:
I! one domain controller becomes inoperable other domain controllers can continue to update the directory.
In single'master replication i! the primary domain controller becomes inoperable directory updates cannot
ta&e place. (or e7ample i! the !ailed server holds your password and your password has e7pired you
cannot reset your password and there!ore you cannot log on to the domain.
-
5/26/2018 Active Directory Interview Questions With Answers
17/367
#ervers that are capable o! ma&ing changes to the directory which in 3indows ,555 are domain controllers
can be distributed across the networ& and can be located in multiple physical sites.
Define each of the following na#es D?E D?E &)IDE )%?. What is the pri#ary reason for defining an =)'
What is the difference between a site lin- and a connection obBect'
What is the booting process'
C. (irst is the *8#T this stands !or *ower 8n #el! Test !or the computer. This process tests memory as well
as a number o! other subsystems. Lou can usually monitor this as it runs each test. A!ter that is complete
the system will run *8#T !or any device that has a BI8# $Basic Input'8utput #ystem%. An A0* has its ownBI8# as do some networ& cards and various other devices.
,. 8nce the *8#T is complete and the BI8# is sure that everything is wor&ing properly the BI8# will then
attempt to read the 1B; $1aster Boot ;ecord%. This is the !irst sector o! the !irst hard drive $called the
1aster or HD5%. 3hen the 1B; ta&es over it means that 3indows is now in control.
+. The 1B; loo&s at the B88T #62T8; $the !irst sector o! the active partition%. That is where 4T)D; is
located 4T)D; is the B88T )8AD6; !or 3indows W*. 4T)D; will allow memory addressing initiate the
!ile system read the boot.ini and load the boot menu. 4T)D; has to be in the root o! the active partition as
do 4TD6T62T.281 B88T.I4I B88T#62T.D8# $!or multi'8# booting% and 4TB88TDD.#L# $i! you
have #2#I adapters%
. 8nce W* is selected !rom the Boot 1enu 4T)D; will run 4TD6T62T.281 B88T.I4I and
B88T#62T.D8# to get the proper 8# selected and loaded. The system starts in C-'bit real mode and then
moves into +,'bit protected mode.
F. 4T)D; will then load 4T8#K;4).6W6 and HA).D)). 6!!ectively these two !iles are windows W*. They
must be located in #ystem;oot#ystem+,.
-. 4T)D; reads the registry chooses a hardware pro!ile and authories device drivers in that e7act order.
G. At this point 4T8#K;4).6W6 ta&es over. It starts 3I4)8084.6W6 that in turn starts )#A##.6W6 this is
the program that display the )ogon screen so that you can logon.
Which co##and use to create the application directory partition'
Dns2md ServerName@6nlistDirectory*artition FQDN of partition
Default settings for password policy
-
5/26/2018 Active Directory Interview Questions With Answers
18/367
What will we be the ne+t action plan if we get a hardware alert'
What will be the ne+t action plan if a custo#er reports that a server is down'
What is Loopbac- &roup %olicy'
Ans:' 0roup *olicy applies to the user or computer in a manner that depends on where both the user and the
computer ob"ects are located in Active Directory. However in some cases users may need policy applied to them
based on the location o! the computer ob"ect alone. Lou can use the 0roup *olicy loopbac& !eature to apply 0roup
*olicy 8b"ects $0*8s% that depend only on which computer the user logs on to.
*$%/)D% ports used in Windows'
Ans:'http:@@yourcomputer.in@list'port'numbers'windows@
Also clic& this lin& !or more AD questionshttp:@@yourcomputer.in@wintel'interview'questions'and'answers
What is dhcp ?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that
enables a server to automatically assign an IP address to a computer from a
defined range of numbers (i.e., a scope) configured for a given network.
What is the dhcp process for client machine?
1. A user turns on a computer with a DHCP client.
2.The client computer sends a broadcast request (called aDISCOVER or
DHCPDISCOVER), looking for a DHCP server to answer.
3.The router directs the DISCOVER packet to the correct DHCP server.
http://yourcomputer.in/list-port-numbers-windows/http://yourcomputer.in/list-port-numbers-windows/http://yourcomputer.in/wintel-interview-questions-and-answers/http://yourcomputer.in/wintel-interview-questions-and-answers/http://yourcomputer.in/list-port-numbers-windows/http://yourcomputer.in/wintel-interview-questions-and-answers/ -
5/26/2018 Active Directory Interview Questions With Answers
19/367
4.The server receives the DISCOVER packet. Based on availability and
usage policies set on the server, the server determines an appropriate
address (if any) to give to the client. The server then temporarily reserves that
address for the client and sends back to the client an OFFER (or
DHCPOFFER) packet, with that address information. The server also
configures the clients DNS servers, WINS servers, NTP servers, and
sometimes other services as well.
5.The client sends a REQUEST (or DHCPREQUEST) packet, letting the
server know that it intends to use the address.
6. The server sends an ACK (or DHCPACK) packet, confirming that the client
has a been given a lease on the address for a server-specified period of time.
What is dhcp scope ?
DHCP scopes are used to define ranges of addresses from which a DHCP
server can assign IP addresses to clients.
Types of scopes in windows dhcp ?
Normal Scope Allows A, B and C Class IP address ranges to be specified
including subnet masks, exclusions and reservations. Each normal scope
defined must exist within its own subnet.
Multicast Scope Used to assign IP address ranges for Class D networks.
Multicast scopes do not have subnet masks, reservation or other TCP/IP
-
5/26/2018 Active Directory Interview Questions With Answers
20/367
options.
Multicast scope address ranges require that a Time To Live (TTL) value be
specified (essentially the number of routers a packet can pass through on the
way to its destination).
Superscope Essentially a collection of scopes grouped together such that
they can be enabled and disabled as a single entity.
What is Authorizing DHCP Servers in Active Directory ?
If a DHCP server is to operate within an Active Directory domain (and is not
running on a domain controller) it must first be authorized.
This can be achieved either as part of the DHCP Server role installation, or
subsequently using either DHCP console or at the command prompt using the
netsh tool.
If the DHCP server was not authorized during installation, invoke the DHCP
console (Start -> All Programs -> Administrative Tools -> DHCP),
right click on the DHCP to be authorized and select Authorize. To achieve the
same result from the command prompt, enter the following command:
netsh dhcp server serverID initiate auth
In the above command syntax, serverID is replaced by the IP address or full
UNC name of system on which the DHCP server is installed.
-
5/26/2018 Active Directory Interview Questions With Answers
21/367
What ports are used by DHCP and the DHCP clients ?
Requests are on UDP port 68, Server replies on UDP 67 .
List some Benefits of using DHCP
DHCP provides the following benefits for administering your TCP/IP-based
network:
Safe and reliable configuration.DHCP avoids configuration errors caused by
the need to manually type in values at each computer. Also, DHCP helps
prevent address conflicts caused by a previously assigned IP address being
reused to configure a new computer on the network.
Reduces configuration management.
Using DHCP servers can greatly decrease time spent to configuring and
reconfiguring computers on your network. Servers can be configured to supply
a full range of additional configuration values when assigning address leases.
These values are assigned using DHCP options. Also, the DHCP lease
renewal process helps assure that where client configurations need to be
updated often (such as users with mobile or portable computers who change
locations frequently), these changes can be made efficiently
andautomatically by clients communicating directly with DHCP servers.
The following section covers issues that affect the use of the DHCP Server
service with other services or network configurations. UsingDNS servers with
-
5/26/2018 Active Directory Interview Questions With Answers
22/367
DHCP Using Routing and Remote Access servers with DHCP Multihomed
DHCP servers.
Describe the process of installing a DHCP server in an AD
infrastructure ?
Open Windows Components Wizard. Under Components , scroll to and click
Networking Services. Click Details . Under Subcomponents of Networking
Services , click Dynamic Host Configuration Protocol (DHCP) and then click
OK .
Click Next . If prompted, type the full path to the Windows Server 2003
distribution files, and then click Next. Required files are copied to your hard
disk.
How to authorize a DHCP server in Active Directory Open DHCP ?.
In the console tree, click DHCP
. On the Action menu, click Manage authorized servers.
. The Manage Authorized Servers dialog box appears. Click Authorize.
. When prompted, type the name or IP address of the DHCP server to be
authorized, and then click OK.
What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain DHCP
options. While PPP remote access clients do not use DHCP to obtain IP
-
5/26/2018 Active Directory Interview Questions With Answers
23/367
addresses for the remote access connection, Windows 2000 and Windows 98
remote access clients use the DHCPInform message to obtain DNS server IP
addresses, WINS server IP addresses, and a DNS domain name.
The DHCPInform message is sent after the IPCP negotiation is concluded.
The DHCPInform message received by the remote access server is then
forwarded to a DHCP server. The remote access server forwards
DHCPInform messages only if it has been configured with the DHCP Relay
Agent.
Describe the integration between DHCP and DNS?
Traditionally, DNS and DHCP servers have been configured and managed
one at a time. Similarly, changing authorization rights for a particular user on a
group of devices has meant visiting each one and making configuration
changes.
DHCP integration with DNS allows the aggregation of these tasks across
devices, enabling a companys network services to scale in step with the
growth of network users, devices, and policies, while reducing administrative
operations and costs. This integration provides practical operational
efficiencies that lower total cost of ownership.
Creating a DHCP network automatically creates an associated DNS zone, for
example, reducing the number of tasks required of network administrators.
-
5/26/2018 Active Directory Interview Questions With Answers
24/367
And integration of DNS and DHCP in the same database instance provides
unmatched consistency between service and management views of IP
address-centric network services da
-
5/26/2018 Active Directory Interview Questions With Answers
25/367
-
5/26/2018 Active Directory Interview Questions With Answers
26/367
-
5/26/2018 Active Directory Interview Questions With Answers
27/367
InterviewFAQNo:1 Source to prepare for job interviews.
InterviewFAQ
Dot Net
SAP
Testing
JAVA
Microsoft
Windows Server Group Policy Interview Questions 23. Sep
/
Active Directory
/
No Comments
Below is the list of Windows Server Group Policy Interview Questions Asked
in Windows System Administrator / L1/l2/l3 Support Engineer Interviews.
What is group policy in active directory ? What are Group Policy objects
(GPOs)?
Group Policy objects, other than the local Group Policy object, are virtual
http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-server-group-policy-interview-questions.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-server-group-policy-interview-questions.html#commentshttp://interviewfaq.co.in/author/ifaqadminhttp://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-server-group-policy-interview-questions.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-server-group-policy-interview-questions.html#comments -
5/26/2018 Active Directory Interview Questions With Answers
28/367
objects. The policy setting information of a GPO is actually stored in two
locations: the Group Policy container and the Group Policy template.
The Group Policy container is an Active Directory container that stores GPO
properties, including information on version, GPO status, and a list
of components that have settings in the GPO.
The Group Policy template is a folder structure within the file system that
stores Administrative Template-based policies, security settings, script files,
and information regarding applications that are available for Group Policy
Software Installation.
The Group Policy template is located in the system volume folder (Sysvol) in
the Policies subfolder for its domain.
What is the order in which GPOs are applied ?
Group Policy settings are processed in the following order:
1.Local Group Policy object : Each computer has exactly one Group Policy
object that is stored locally. This processes for both computer and user Group
Policy processing.
2.Site : Any GPOs that have been linked to the site that the computer belongs
to are processed next. Processing is in the orderthat is specified by the
administrator, on the Linked Group Policy Objects tab for the site in Group
-
5/26/2018 Active Directory Interview Questions With Answers
29/367
Policy Management Console (GPMC). The GPO with the lowest link order is
processed last, and therefore has the highest precedence.
3.Domain: Processing of multiple domain-linked GPOs is in the
order specified by the administrator, on the Linked Group Policy Objects tab
for the domain in GPMC. The GPO with the lowest link order is processed
last, and therefore has the highest precedence.
4.Organizational units : GPOs that are linked to the organizational unit that is
highest in the Active Directory hierarchy are processed first, then POs that are
linked to its child organizational unit, and so on. Finally, the GPOs that are
linked to the organizational unit that contains the user or computer are
processed.
At the level of each organizational unit in the Active Directory hierarchy, one,
many, or no GPOs can be linked. If several GPOs are linked to an
organizational unit, their processing is in the order that is specified by the
administrator, on the Linked Group Policy Objects tab for the organizational
unit in GPMC.
The GPO with the lowest link order is processed last, and therefore has the
highest precedence.
This order means that the local GPO is processed first, and GPOs that are
linked to the organizational unit of which the computer or user is a direct
-
5/26/2018 Active Directory Interview Questions With Answers
30/367
member are processed last, which overwrites settings in the earlier GPOs if
there are conflicts. (If there are no conflicts, then the earlier and later settings
are merely aggregated.)
How to backup/restore Group Policy objects ?
Begin the process by logging on to a Windows Server 2008 domain controller,
and opening the Group Policy Management console. Now, navigate through
the console tree to Group Policy Management | Forest: | Domains | | Group
Policy Objects.
When you do, the details pane should display all of the group policy objects
that are associated with the domain. In Figure A there are only two group
policy objects, but in a production environment you may have many more. The
Group Policy Objects container stores all of the group policy objects for the
domain.
Now, right-click on the Group Policy Objects container, and choose the Back
Up All command from the shortcut menu. When you do, Windows will open
the Back Up Group Policy Object dialog box.
As you can see in Figure B, this dialog box requires you to provide the path to
which you want to store the backup files. You can either store the backups in
a dedicated folder on a local drive, or you can place them in a folder on a
-
5/26/2018 Active Directory Interview Questions With Answers
31/367
mapped network drive. The dialog box also contains a Description field that
you can use to provide a description of the backup that you are creating.
You must provide the path to which you want to store your backup of the
group policy objects.
To initiate the backup process, just click the Back Up button. When the
backup process completes, you should see a dialog box that tells you how
many group policy objects were successfully backed up. Click OK to close the
dialog box, and youre all done.
When it comes to restoring a backup of any Group Policy Object, you have
two options. The first option is to right-click on the Group Policy Object, and
choose the Restore From Backup command from the shortcut menu. When
you do this, Windows will remove all of the individual settings from the Group
Policy Object, and then implement the settings found in the backup.
Your other option is to right-click on the Group Policy Object you want to
restore, and choose the Import Settings option. This option works more like a
merge than a restore.
Any settings that presently reside within the Group Policy Object are retained
unless there is a contradictory settings within the file that is being imported.
You want to standardize the desktop environments (wallpaper, My
Documents, Start menu, printers etc.) on the computers in one
-
5/26/2018 Active Directory Interview Questions With Answers
32/367
department. How would you do that?
go to Start->programs->Administrative tools->Active Directory Users and
Computers
Right Click on Domain->click on preoperties
On New windows Click on Group Policy
Select Default Policy->click on Edit
on group Policy console
go to User Configuration->Administrative Template->Start menu and Taskbar
Select each property you want to modify and do the same
What?s the difference between software publishing and assigning?
Assign Users :The software application is advertised when the user logs on. It
is installed when the user clicks on the software application icon via the start
menu, or accesses a file that has been associated with the software
application.
Assign Computers :The software application is advertised and installed when
it is safe to do so, such as when the computer is nextrestarted.
Publish to users : The software application does not appear on the start menu
or desktop. This means the user may not know that the software is available.
The software application is made available via the Add/Remove Programs
option in control panel, or by clicking on a file that has been associated with
-
5/26/2018 Active Directory Interview Questions With Answers
33/367
the application. Published applications do not reinstall themselves in the event
of accidental deletion, and it is not possible to publish to computers.
What are administrative templates?
Administrative Templates are a feature of Group Policy, a Microsoft
technology for centralised management of machines and users in an Active
Directory environment. Administrative Templates facilitate the management of
registry-based policy. An ADM file is used to describe both the user interface
presented to the Group Policy administrator and the registry keys that should
be updated on the target machines.
An ADM file is a text file with a specific syntax which describes both the
interface and the registry values which will be changed if the policy is enabled
or disabled.
ADM files are consumed by the Group Policy Object Editor (GPEdit).
Windows XP Service Pack 2 shipped with five ADM files (system.adm,
inetres.adm, wmplayer.adm, conf.adm and wuau.adm). These are merged
into a unified namespace in GPEdit and presented to the administrator under
the Administrative Templates node (for both machine and user policy).
Can I deploy non-MSI software with GPO?
create the fiile in .zap extension.
-
5/26/2018 Active Directory Interview Questions With Answers
34/367
Name some GPO settings in the computer and user parts ?
Group Policy Object (GPO) computer=Computer Configuration, User=User
ConfigurationName some GPO settings in the computer and user parts.
A user claims he did not receive a GPO, yet his user and computer
accounts are in the right OU, and everyone else there gets the GPO.
What will you look for?
make sure user not be member of loopback policy as in loopback policy it
doesnt effect user settings only computer policy will applicable. if he is
member of gpo filter grp or not?
You may also want to check the computers event logs. If you find event ID
1085 then you may want to download the patch to fix this and reboot the
computer.
How can I override blocking of inheritance ?
What can I do to prevent inheritance from above?
Name a few benefits of using GPMC.
How frequently is the client policy refreshed ?
90 minutes give or take.
Where is secedit?
Its now gpupdate.
-
5/26/2018 Active Directory Interview Questions With Answers
35/367
What can be restricted on Windows Server 2003 that wasnt there in
previous products ?
Group Policy in Windows Server 2003 determines a users right to modify
network and dial-up TCP/IP properties. Users may be selectively restricted
from modifying their IP address and other network configuration parameters.
You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritanceamong the options when creating
the policy.
How does the Group Policy No Override and Block Inheritance work ?
Group Policies can be applied at multiple levels (Sites, domains,
organizational Units) and multiple GPs for each level. Obviously it may be
that some policy settings conflict hence the application order of Site Domain
Organization Unit and within each layer you set order for all defined policies
but you may want to force some polices to never be overridden (No Override)
and you may want some containers to not inherit settings from a parent
container (Block Inheritance).
A good definition of each is as follows:
No Override This prevents child containers from overriding policies set at
higher levels
-
5/26/2018 Active Directory Interview Questions With Answers
36/367
Block Inheritance Stops containers inheriting policies from parent containers
No Override takes precedence over Block Inheritance so if a child container
has Block Inheritance set but on the parent a group policy has No Override
set then it will get applied.
Also the highest No Override takes precedence over lower No Overrides set.
To block inheritance perform the following:
1. Start the Active Directory Users and Computer snap-in (Start
Programs Administrative Tools Active Directory Users and Computers)
2. Right click on the container you wish to stop inheriting settings from its
parent and select
3. Select the Group Policy tab
4. Check the Block Policy inheritance option
5. Click Apply then OK
To set a policy to never be overridden perform the following:
1. Start the Active Directory Users and Computer snap-in (Start - -
Administrative Tools Active Directory Users and Computers)
2. Right click on the container you wish to set a Group Policy to not be
overridden and select Properties
-
5/26/2018 Active Directory Interview Questions With Answers
37/367
3. Select the Group Policy tab
4. Click Options
5. Check the No Override option
6. Click OK
7. Click Apply then OK
Previous Page 1234Next Page
1icroso!t publisher !ree trial
Healthcare insurance !or individuals
1anual Testing Answers
Tent starter pac&s
The )ist
4e7t
Copyright2014 Theme design by the Bluth Company www.bluth.is
http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/3http://www.alexa.com/data/details/main?url=http://interviewfaq.co.inhttp://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/3 -
5/26/2018 Active Directory Interview Questions With Answers
38/367
-
5/26/2018 Active Directory Interview Questions With Answers
39/367
-
5/26/2018 Active Directory Interview Questions With Answers
40/367
InterviewFAQNo:1 Source to prepare for job interviews.
InterviewFAQ
Dot Net
SAP
Testing
JAVA
Microsoft
Windows Active directory Interview Questions User
Submitted Part 10 21. Sep /
Active Directory
/
No Comments
What is sites ? What are they used for ?
One or more well-connected (highly reliable and fast) TCP/IP subnets.
A site allows administrators to configure Active Directory access and
replication topology to take advantage of the physical network.
http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.htmlhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.html#commentshttp://interviewfaq.co.in/author/ifaqadminhttp://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.htmlhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-10.html#comments -
5/26/2018 Active Directory Interview Questions With Answers
41/367
A Site object in Active Directory represents a physical geographic location that
hosts networks. Sites contain objects called Subnets.
Sites can be used to Assign Group Policy Objects, facilitate the discovery of
resources, manage active directory replication, and manage network link
traffic.
Sites can be linked to other Sites. Site-linked objects may be assigned a cost
value that represents the speed, reliability, availability, or other real property of
a physical resource. Site Links may also be assigned a schedule.
Trying to look at the Schema, how can I do that ?
register schmmgmt.dll using this command
c:windowssystem32>regsvr32 schmmgmt.dll
Open mmc > add snapin > add Active directory schema
name it as schema.msc
Open administrative tool > schema.msc
What is the port no of Kerbrose ?
88
What is the port no of Global catalog ?
3268
What is the port no of LDAP ?
389
-
5/26/2018 Active Directory Interview Questions With Answers
42/367
Explain Active Directory Schema ?
Windows 2000 and Windows Server 2003 Active Directory uses a database
set of rules called Schema. The Schema is defines as the formal definition of
all object classes, and the attributes that make up those object classes, that
can be stored in the directory. As mentioned earlier, the Active Directory
database includes a default Schema, which defines many object classes,
such as users, groups, computers, domains, organizational units, and so on.
These objects are also known as Classes. The Active Directory Schema can
be dynamically extensible, meaning that you can modify the schema by
defining new object types and their attributes and by defining new attributes
for existing objects. You can do this either with the Schema Manager snap-in
tool included with Windows 2000/2003 Server, or programmatically.
How can you forcibly remove AD from a server, and what do youdo
later? ? Can I get user passwords from the AD database?
Dcpromo /forceremoval , an administrator can forcibly remove Active
Directory and roll back the system without having to contact or replicate any
locally held changes to another DC in the forest. Reboot the server then After
you use the dcpromo /forceremoval command, all the remaining metadata for
the demoted DC is not deleted on the surviving domain controllers, and
therefore you must manually remove it by using the NTDSUTIL command.
-
5/26/2018 Active Directory Interview Questions With Answers
43/367
In the event that the NTDS Settings object is not removed correctly you can
use the Ntdsutil.exe utility to manually remove the NTDS Settings object. You
will need the following tool: Ntdsutil.exe, Active Directory Sites and Services,
Active Directory Users and Computers
What are the FSMO roles? Who has them by default? What happens
when each one fails?
Flexible Single Master Operation (FSMO) role. Currently there are five FSMO
roles:
Schema master
Domain naming master
RID master
PDC emulator
Infrastructure master
What is domain tree ?
Domain Trees: A domain tree comprises several domains that share a
common schema and configuration, forming a contiguous namespace.
Domains in a tree are also linked together by trust relationships. Active
Directory is a set of one or more trees.
Trees can be viewed two ways. One view is the trust relationships between
domains. The other view is the namespace of the domain tree.
-
5/26/2018 Active Directory Interview Questions With Answers
44/367
What is forests ?
A collection of one or more domain trees with a common schema and implicit
trust relationships between them. This arrangement would be used if you have
multiple root DNS addresses.
How to Select the Appropriate Restore Method ?
You select the appropriate restore method by considering:
Circumstances and characteristics of the failure. The two major categories of
failure, From an Active Directory perspective, are Active Directory data
corruption and hardware failure.
Active Directory data corruption occurs when the directory contains corrupt
data that has been replicated to all domain controllers or when a large portion
of the Active Directory hierarchy has been changed accidentally (such as
deletion of an OU) and this change has replicated to other domain controllers.
Where are the Windows NT Primary Domain Controller (PDC) and its
Backup Domain Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a
multimaster peer-to-peer read and write relationship that hosts copies of the
Active Directory.
What is Global Catalog?
-
5/26/2018 Active Directory Interview Questions With Answers
45/367
The Global Catalog authenticates network user logons and fields inquiries
about objects across a forest or tree. Every domain has at least one GC that
is hosted on a domain controller. In Windows 2000, there was typically one
GC on every site in order to prevent user logon failures across the network.
How long does it take for security changes to be replicated among the domain controllers?
Security-related modifications are replicated within a site immediately. These
changes include account and individual user lockout policies, changes to
password policies, changes to computer account passwords, and
modifications to the Local Security Authority (LSA).
When should you create a forest?
Organizations that operate on radically different bases may require separate
trees with distinct namespaces. Unique trade or brand names often give rise
to separate DNS identities. Organizations merge or are acquired and naming
continuity is desired. Organizations form partnerships and joint ventures.
While access to common resources is desired, a separately defined tree can
enforce more direct administrative and security restrictions.
Describe the process of working with an external domain name ?
If it is not possible for you to configure your internal domain as a subdomain of
your external domain, use a stand-alone internal domain. This way, your
internal and external domain names are unrelated. For example, an
-
5/26/2018 Active Directory Interview Questions With Answers
46/367
organization that uses the domain name contoso.com for their external
namespace uses the name corp.internal for their internal namespace.
The advantage to this approach is that it provides you with a unique internal
domain name. The disadvantage is that this configuration requires you to
manage two separate namespaces. Also, using a stand-alone internal domain
that is unrelated to your external domain might create confusion for users
because the namespaces do not reflect a relationship between resources
within and outside of your network.
In addition, you might have to register two DNS names with an Internet name
authority if you want to make the internal domain publicly accessible.
Previous Page 12345Next Page
1anual Testing
Interview uestion
Answers
#ecurity #ystem 3indows Wp
;egistering
;estore windows 7p
#o!tware Testing
Copyright2014 Theme design by the Bluth Company www.bluth.is
http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/4http://www.alexa.com/data/details/main?url=http://interviewfaq.co.inhttp://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/4http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/4 -
5/26/2018 Active Directory Interview Questions With Answers
47/367
-
5/26/2018 Active Directory Interview Questions With Answers
48/367
-
5/26/2018 Active Directory Interview Questions With Answers
49/367
InterviewFAQNo:1 Source to prepare for job interviews.
InterviewFAQ
Dot Net
SAP
Testing
JAVA
Microsoft
Windows Active directory Interview Questions User
Submitted Part 8 21. Sep /
Active Directory
/
No Comments
Got a list of some Active Directory Interview Questions submitted by User :
Noel.
What is the default size of ntds.dit ?
10 MB in Server 2000 and 12 MB in Server 2003 .
http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.htmlhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.html#commentshttp://interviewfaq.co.in/author/ifaqadminhttp://interviewfaq.co.in/http://interviewfaq.co.in/http://interviewfaq.co.in/dot-nethttp://interviewfaq.co.in/saphttp://interviewfaq.co.in/software-testing-faqhttp://interviewfaq.co.in/java-2http://interviewfaq.co.in/windowshttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.htmlhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.htmlhttp://interviewfaq.co.in/windows/active-directoryhttp://interviewfaq.co.in/windows-active-directory-interview-questions-user-submitted-part-8.html#comments -
5/26/2018 Active Directory Interview Questions With Answers
50/367
Where is the AD database held and What are other folders related to
AD ?
AD Database is saved in %systemroot%/ntds. You can see other files also in
this folder. These are the main files controlling the AD structure.
ntds.dit
edb.log
res1.log
res2.log
edb.chk
When a change is made to the Win2K database, triggering a write operation,
Win2K records the transaction in the log file (edb.log). Once written to the log
file, the change is then written to the AD database. System performance
determines how fast the systemwrites the data to the AD database from the
log file. Any time the system is shut down, all transactions are saved to the
database.
During the installation of AD, Windows creates two files: res1.log and res2.log.
The initial size of each is 10MB. These files are used to ensure that changes
can be written to disk should the system run out of free disk space. The
checkpoint file (edb.chk) records transactions committed to the AD database
-
5/26/2018 Active Directory Interview Questions With Answers
51/367
(ntds.dit). During shutdown, a shutdown statement is written to the edb.chk
file.
Then, during a reboot, AD determines that all transactions in the edb.log file
have been committed to the AD database. If, for some reason, the edb.chk file
doesnt exist on reboot or the shutdown statement isnt present, AD will use
the edb.log file to update the AD database. The last file in our list of files to
know is the AD database itself, ntds.dit. By default, the file is located inNTDS,
along with the other files weve discussed
What FSMO placement considerations do you know of ?
Windows 2000/2003 Active Directory domains utilize a Single Operation
Master method called FSMO (Flexible Single Master Operation), as described
in Understanding FSMO Roles in Active Directory.
In most cases an administrator can keep the FSMO role holders (all 5 of
them) in the same spot (or actually, on the same DC) as has been configured
by the Active Directory installation process.
However, there are scenarios where an administrator would want to move one
or more of the FSMO roles from the default holder DC to a different DC.
Windows Server 2003 Active Directory is a bit different than the Windows
2000 version when dealing with FSMO placement.
-
5/26/2018 Active Directory Interview Questions With Answers
52/367
In this article I will only deal with Windows Server 2003 Active Directory, but
you should bear in mind that most considerations are also true when planning
Windows 2000 AD FSMO roles
What do you do to install a new Windows 2003 R2 DC in a Windows 2003
AD?
If youre installing Windows 2003 R2 on an existing Windows 2003 server with
SP1 installed, you require only the second R2 CD-ROM.
Insert the second CD and the r2auto.exe will display the Windows 2003 R2
Continue Setup screen. If youre installing R2 on a domain controller (DC),
you must first upgrade the schema to the R2 version (this is a minor change
and mostly related to the new Dfs replication engine).
To update the schema, run the Adprep utility, which youll find in the
Componentsr2adprep folder on the second CD-ROM.
Before running this command, ensure all DCs are running Windows 2003 or
Windows 2000 with SP2 (or later).
Heres a sample execution of the Adprep /forestprep
command:
D:CMPNENTSR2ADPREP>adprep /forestprep
ADPREP WARNING:
Before running adprep, all Windows 2000 domain controllers in the forest
-
5/26/2018 Active Directory Interview Questions With Answers
53/367
should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE
265089, or to Windows 2000 SP2 (or later).
QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent
potential domain controller corruption.
[User Action] If ALL your existing Windows 2000 domain controllers meet this
requirement, type C and then press ENTER to continue. Otherwise, type any
other key and press ENT ER to quit.
C Opened Connection to SAV
DALDC01 SSPI Bind succeeded Current Schema Version is 30 Upgrading
schema to version 31 Connecting to SAVDALDC01Logging in as current
user using SSPI Importing directory from file
C:WINDOWSsystem32sch31.ldf Loading entries 139 entries modified
successfully.
The command has completed successfully Adprep successfully updated the
forest-wide information.
After running Adprep, install R2 by performing these steps:
1. Click the Continue Windows Server 2003 R2 Setup link, as the
figureshows.
2. At the Welcome to the Windows Server 2003 R2 Setup Wizard
screen, click Next.
-
5/26/2018 Active Directory Interview Questions With Answers
54/367
-
5/26/2018 Active Directory Interview Questions With Answers
55/367
The following OU design recommendations address delegation and scope
issues:
Applying Group Policy An OU is the lowest-level Active Directory container to
which you can assign Group Policy settings.
Delegating administrative authority
usually dont go more than 3 OU levels
Previous Page23456Next Page
1icroso!t publisher !ree trial Tent starter pac&s
Database (rom 1anual Testing
)icense Key
#tatement
Answers
Copyright2014 Theme design by the Bluth Company www.bluth.is
How do you view replication properties for AD partitions and DCs?
By using replication monitor
http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/6http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/5http://faqspoint.com/wp-content/uploads/2012/06/Windows-Server-Active-Directory-Interview-Questions-Answers.jpg?9d7bd4http://www.alexa.com/data/details/main?url=http://interviewfaq.co.inhttp://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/2http://interviewfaq.co.in/windows/active-directory/page/3http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/6http://interviewfaq.co.in/windows/active-directory/page/5http://interviewfaq.co.in/windows/active-directory/page/15http://interviewfaq.co.in/windows/active-directory/page/5 -
5/26/2018 Active Directory Interview Questions With Answers
56/367
go to start > run > type repadmin
go to start > run > type replmon
Why cant you restore a DC that was backed up 4 months ago?
Because of the tombstone life which is set to only 60 days.
Different modes of AD restore ?
A nonauthoritative restore is the default method for restoring Active Directory.
To perform a nonauthoritative restore, you must be able to start t