FAQs
Mention What is Active Directory?
An active directory is a directory structure used in Windows-based servers and computers to store data and information about networks and domains.
What are domains in Active Directory?
In Windows 2000, a domain defines an administrative limit and a security limit for a collection of objects that are relevant to a specific group of users in a network. A domain is an administrative limit because administrative privileges do not extend to other domains. It is a security limit because each domain has a security policy that extends to all security accounts within the domain. Active Directory stores information about objects in one or more domains.
Domains can be organized in parent-child relationships to form a hierarchy. A primary domain is the directly superior domain in the hierarchy to one or more subordinate or secondary domains. A secondary domain can also be the parent of one or more secondary domains.
Mention What is the default protocol used in directory services?
The default protocol used in directory services is LDAP (Lightweight Directory Access Protocol).
What is mixed mode?
It allows domain controllers running Windows 2000 and earlier versions of Windows NT to coexist in the domain. In mixed mode, the domain features of earlier versions of Windows NT Server are still enabled, while some features of Windows 2000 are disabled. Windows 2000 Server domains are installed in mixed mode by default. In mixed mode, the domain may have Windows NT 4.0 backup domain controllers present. Nested groups are not supported in mixed mode.
Explain the term forest in advertisement?
The forest is used to define a set of AD domains that share a single scheme for the AD. All DCs in the forest share this scheme and replicate hierarchically between them.
What is the native mode?
When all domain controllers in a given domain run Windows 2000 Server. This mode allows organizations to take advantage of new Active Directory features, such as universal groups, nested group membership and cross-domain group membership.
Explain What is Sysvol?
The SysVOL folder keeps the server copy of the public files of the domain. Content such as users, group policies, etc. of the sysvol folders are replicated to all domain controllers in the domain.
What is Ldap?
LDAP is the directory service protocol used to query and update AD. LDAP naming paths are used to access AD objects and include the following:
Distinguished names
Relative distinguished names
Mention What is Kerberos?
Kerberos is an authentication protocol for the network. It is designed to offer strong authentication for server / client applications through the use of secret key cryptography.
Minimum requirement to install the ad?
Windows Server, advanced server, data center server
Minimum disk space of 200 MB for AD and 50 MB for log files
NTFS partition
TCP / IP installed and configured to use DNS
Administrative privilege to create a domain in an existing network.
Mention What are persistent objects?
Persistent objects may exist if a domain controller does not replicate for a period of time that is longer than the gravestone’s lifetime (TSL).
What is the domain controller?
In an Active Directory forest, the domain controller is a server that contains a writable copy of the Active Directory database that participates in Active Directory replication and controls access to network resources.
Mention What is the life of Tombstone?
The lifetime of Tombstone in an Active Directory determines how long a deleted object is retained in Active Directory. Objects deleted in Active Directory are stored in a special object called TOMBSTONE. Usually, the windows will use a 60-day gravestone life
Why do we need Netlogon?
It maintains a secure channel between this computer and the domain controller to authenticate users and services. If this service is stopped, the computer may not authenticate users and services, and the domain controller cannot register DNS records. ”
Explain What is the Active Directory schema?
Schema is an active directory component that describes all the attributes and objects that the directory service uses to store data.
What is Dns Scavenging?
The scan will help you clean old records not used in DNS.
Explain What is a DC child?
CDC or DC child is a subdomain controller under root domain controller that shares namespace
What’s new in Windows Server 2008 Active Directory domain services?
Audit of AD domain services, fine-grained password policies, read-only domain controllers, restarted Active Directory domain services
Explain What is Rid Master?
The RID master means relative identifier to assign unique identifications to the object created in AD.
Explain What are the Rodcs? And what are the main benefits of using Rodcs?
Read-only domain controller, organizations can easily implement a domain controller in locations where physical security cannot be guaranteed.
Mention What are the components of the ad?
AD components include
Logical structure: trees, forests, domains and organizational units.
Physical structures: domain controller and sites.
What is the number of failed logins allowed in the administrator account?
Unlimited. However, remember that it is the administrator account, not any account that is part of the administrators group.
Explain What is the infrastructure master?
Infrastructure Master is responsible for updating information about the user and the group and the global catalog.
What hidden resources exist in the installation of Windows Server 2003?
Admin $, Drive $, IPC $, NETLOGON, print $ and SYSVOL.
Emc Symmetrix interview questions
Can you connect Active Directory to other third-party directory services? Name some options?
Yes, you can connect Active Directory to other third-party directory services such as dictionaries used by SAP, Domino, etc. with the help of MIIS (Microsoft Identity Integration Server).
What is the content permission of the list folder in the folder in NTFS?
Same as Read and execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
How do I configure Dns for other Dcs in the domain that runs Dns?
For each additional DC that is running DNS, the preferred DNS configuration is the primary DNS server (first DC in the domain), and the alternative DNS configuration is the actual IP address of the network interface.
Group Policy Interview Questions
Where is the Gpt stored?
% SystemRoot% SYSVOLsysvoldomainnamePoliciesGUID
What should I do if the Dc points itself to Dns, but Srv records still do not appear in the area?
Check if there is a disjointed namespace and then run Netdiag.exe / fix. You must install the support tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.
Abbreviate Gpt and Gpc?
GPT: group policy template.
GPC: group policy container.
What happens if my Windows 2000 or Windows Server 2003 Dns server is behind a proxy server or firewall?
If you can query the ISP DNS servers from behind the proxy server or firewall, the Windows 2000 DNS server and Windows Server 2003 can query the root suggestion servers. UDP and TCP port 53 must be open on the proxy server or firewall.
Explain what is the difference between local, global and universal groups.
Local domain groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
Do you know what the “.” Zone in my direct search zone?
This setting designates the Windows 2000 DNS server to be a root suggestion server and is generally deleted. If you do not delete this setting, you may not be able to perform a name resolution external to the root suggestion servers on the Internet.
Define Lsdou?
It is the group policy inheritance model, where the policies are applied to local machines, sites, domains and organizational units.
Define attribute value?
The attribute of an object is simultaneously set to one value in a master and another value in a second master.
What is Netdom?
NETDOM is a command line tool that allows the administration of Windows domains and trust relationships
Do you know how Kerberos V5 works?
The Kerberos V5 authentication mechanism issues tickets (a set of identification data for a security principle, issued by a DC for user authentication purposes. Two forms of tickets in Windows 2000 are ticket granting tickets (TGT) and tickets service) to access the network services. These tickets contain encrypted data, including an encrypted password, which confirms the identity of the user for the requested service.
What is Adsiedit?
ADSI Edit is an LDAP editor to manage objects in Active Directory. This Active Directory tool allows you to view objects and attributes that are not exposed in the Active Directory Administration Console.
What is the Kerberos V5 authentication process?
Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and the network services. This dual verification is known as mutual authentication.
Define the schema master failure?
The temporary loss of the schema operations master will be visible only if we are trying to modify the schema or install an application that modifies the schema during installation. A DC whose schema master role has been taken must never be online again.
What is Replmon?
Replmon is the first tool you should use when troubleshooting Active Directory replication
How to find the roles of Fsmo?
Netdom query fsmo O Replmon.exe
Describe the infrastructure role of Fsmo?
When an object in a domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principles) and the DN of the object to which reference is made. The owner of the FSMO infrastructure function is the DC responsible for updating the SID and the distinguished name of an object in a cross-domain object reference.
Active Directory sites and services allow you to specify site information. Active Directory uses this information to determine the best way to use available network resources.Define Edb.chk?
This is the checkpoint file used to track data not yet written to the database file. This indicates the starting point from which the data in the log file will be recovered, in case of failure.Define Edb.log?
This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the increasing number from 1.How to see all the Gcs in the forest?
repadmin.exe / options * and use IS_GC for current domain options.
nltest / dsgetdc: corp / GCHow to take advantage of Fsmo’s roles?
ntdsutil – type roles – connections – connect servername – q – type seize role – at the fsmo maintenance prompt – type seize rid masterHow to transfer Fsmo roles?
ntdsutil – type roles – connections – connect server name – q – type transfer role – at the fsmo maintenance prompt – type trasfer rid masterWhat is the Kcc (Knowledge Consistency Checker)?
The KCC generates and maintains the replication topology for replication within and between sites. KCC runs every 15 minutes.What is schema information in Active Directory?
Definitive details about objects and attributes that CAN be stored in the AD. Replica all DC. Static in nature.What is online defragmentation in Active Directory?
Online defragmentation method that runs as part of the garbage collection process. The only advantage of this method is that it is not necessary to disconnect the server to run. However, this method does not reduce the Active Directory database file (Ntds.dit).
What is the garbage collection process of the ad database?
Garbage collection is a process designed to free up space within the Active Directory database. This process is executed independently in each DC with a predetermined useful life interval of 12 hours.
Define Res1.log and Res2.log?
These are reserved transaction log files of 20 MB (10 MB each) that provide the transaction log files with enough space to shut down if the other spaces are used.
What is domain information in Active Directory?
Object information for a domain. Replicate all DCs within a domain. The part of the object becomes part of GC. Attribute values are only replicated within the domain.
What is the lightweight directory access protocol?
LDAP is the directory service protocol used to query and update AD. LDAP naming paths are used to access AD objects and include the following:
Distinguished names
Relative distinguished names
How will you verify if the ad installation is adequate with the Srv resource records?
Verify SRV resource records: After installing AD, DC will register SRV records in DNS when it restarts. We can verify this using DNS MMC or the nslookup command.
What is Ntds.dit?
This is the AD database and stores all AD objects. The default location is SystemRoot% ntdsNTDS.DIT.
The Active Directory database engine is the extensible storage engine that is based on the Jet database and can grow up to 16 TB.
What is the Ntds.dit schema table?
The types of objects that can be created in Active Directory, the relationships between them and the attributes in each type of object. This table is quite static and much smaller than the data table.
Mention What is the difference between the groups of domain administrators and the group of business administrators in the ad?
Members of this group have complete control of all domains in the forest. By default, this group belongs to the administrators group on all domain controllers in the forest. As such, this group has full control of the forest, add users with caution
Domain Administrator Group:
Members of this group have full control of the domain By default, this group is a member of the administrators group on all domain controllers, workstations and member servers at the time they are linked to the domain. As such, the group has full control in the domain, add users with cautionActive Directory partition is how and where the AD information logically stored.
What are all the Active Directory Partitions?
- Schema
- Configuration
- Domain
- Application partition
How to find the Active Directory Partitions and their location?
It stores details about objects and attributes. Replicates to all domain controllers in the Forest
DN location is CN=Schema,CN=Configuration,DC=Domainname, DC=com
DN Location is CN=Configuration,DC=Domainname,DC=com
object information for a domain like a user, computer, group, printer, and other Domain-specific information. Replicates to all domain controllers within a domain
DN Location is DC=Domainname, DC=com
System state backup will back up the Active Directory, NTbackup can be used to backup active directory
Non-authoritative restore
An authoritative restore is the next step of the non-authoritative restore process. We have to do a non-authoritative restore before you can perform an authoritative restore. The main difference is that an authoritative restore has the ability to increment the version number of the attributes of all objects or an individual object in an entire directory, this will make it authoritative restore an object in the directory. This can be used to restore a single deleted user/group and event an entire