windows windows-ad -adm minist inistrat ratoror-l2-in l2-intterview-qu erview-quest estion ion-- | Inte Intervie rview w
htt http://www.sy p://www.syste stem madmin administ istrat rator or.in .in/I /Int ntervi erview/win ew/windows dows-ad -adm minist inistrat ratoror-l2-in l2-in... ...
Register | Lost pass?
HOME
CAREER
SKILL TEST
TECHNET
HELPDESK
DNS TOOLS
IT STANDARD
Windows Administrator Administrator L2 Interview Question 1. What is the pur pose of having AD?
Active directory is a directory service that identifies all resources on a network and makes that information available to users and services. The Main purpose of AD is to control and authenticate network resources. 2. Explain about sysvol folder?
The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users, and groups of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume. 3 . Ex Ex p l a i n F u n c t i o n s o f A c t i v e D i r e c t o r y ?
AD enables centralization in a domain environment. The Main purpose of AD is to control and authenticate network resources. 4 . W h a t i s t h e n a m e o f A D d a t a b a s e? e?
AD database is NTDS.DIT 5. Explain briefly about AD Partition?
The Active Directory database is logically separated into directory partitions: S c h e m a P a r t i t i o n : Only Only one schema schema partition partition exists exists per forest. The schema schema partition is stored on all domain controllers in a forest. The schema partition contains definitions of all objects and attributes that you can create in the directory directory,, and the rules rules for creating and manipulatin manipulating g them. them. Schema Schema informati information on is replicated replicated to all domain domain controllers in the attribute definitions. Co n f i g u r a t i o n P a r t i t i o n : There is only one configuration partition per forest. Second on all domain controllers in a forest, the configuration partition contains information about the forest-wide forest-wide active directory structure structure i ncluding ncluding what domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration Configuration information is replicated to all domain controllers in a forest. D o m a i n P a r t i t i o n : Many Many domain domain partition partitions s can exist per forest. forest. Domain partition partitions s are stored stored on each domain controlle controllerr in a given given domain. domain. A domain domain partition partition contains contains informati information on about about users, users, groups, groups, computer computers s and organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values. A p p l i c a t i o n P a r t i t i o n : Application partitions partitions store information about application in Active Directory. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific specific applicat application ion partition partitions, s, you can designate designate which which domain domain controlle controllers rs in a forest forest host specific specific applicati application on partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog. 6 . E x p l a i n d i f f e r e n t z o n e i n v o l v e d i n D N S S er er v e r ?
DNS has two different Zones Forward Lookup Zone and Reverse Lookup Zone. There two Zones are categorized into three zones and are as follows P r i m a r y z o n e : It contains the read and writable copy of the DNS Database. S e c o n d a r y Z o n e : It acts as a backup for the primary zone and contains the read only copy of the DNS database. S t u b z o n e : It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for all name servers authoritative for the zone. 7. Explain Briefly about Stub Zone?
It is also read-only like a secondary zone, so administrators can't manually add, remove, or modify resource records on it. But secondary zones contain copies of all the resource records in the corresponding zone on the master name server; stub zones contain only three kinds of resource records: A copy of the SOA record for the zone. Copies of NS records for all name servers authoritative for the zone.
COMMUNI TY
MAIL
windows-administrator-l2-interview-question- | Interview
http://www.systemadministrator.in/Interview/windows-administrator-l2-in...
Copies of A records for all name servers authoritative for the zone.
8 . E x p l a i n F i l e R ep l i c a t i o n S e r v i c e ( F R S ) .
File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft’s Active Directory Service. 9 . W h a t i s au t h o r i t a t i v e a n d n o n - a u t h o r i t a t i v e r e s t o r e ? N o n a u t h o r i t a t i v e r e s t o r e : When a nonauthoritative restore is performed, Active Directory i s restored from backup media on the domain controller. This information is then updated during replication from the other domain controllers. The nonauthoritative restore method is the default method to restore system state data to a domain controller. A u t h o r i t a t i v e r e s t o r e : In an authoritative restore, Active Directory is installed to the point of the last backup job. This method is typically used to recover Active Directory objects that were deleted in error. An authoritative restore is performed by first performing a nonauthoritative restore, and then r unning the Ntdsutil utility prior to r estarting the server. You use the Ntdsutil utility to indicate those items that are authoritative. Items that are marked as authoritative are not updated when the other domain controllers replicate to the particular domain controller. 10. What is the replication protocol involved in replication from PDC and ADC?
Normally Remote Procedure Call (RPC)is used to replicate data and is always used for intrasite replication since it is required to support the FRS. RPC depends on I P (internet protocol) for transport. Simple Mail Transfer Protocol (SMTP)may be used for replication between sites. 11. What are t he benefits of AD integrated DNS?
A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementations are: Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far less. The Active Directory replication topology is used for Active Directory replication, and for Active Directoryintegrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated. Active Directory-integrated zones can enjoy the security features of Active Directory. The need to m anage your Active Directory domains and DNS namespaces as separate entities is eliminated. This in turn reduces administrative overhead. When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored on any new domain controllers automatically. Synchronization takes place automatically when new domain controllers are deployed. 12. Explain some types of DNS records?
A Record: Binds an Name with an IP Address PTR Record: Binds an IP Address with an Host Name NS Record: Is name of an DNS Server MX Record: Responsible for Mail receiving mail from different MTA 1 3 . H o w m a n y t a b l e s a r e t h e r e i n N T D S. D I T ?
The Active Directory ESE database, NTDS.DIT, consists of the following tables: Schema table the types of objects that can be created in the Active Directory, relationships between them, and the optional and mandatory attributes on each type of object. This table is fairly static and much smaller than the data table. Link table contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member Of attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table. Data table users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be thought of as having rows where each row represents an instance of an object such as a user, and columns where each column represents an attribute in the schema such as Given Name. 1 4 . W h a t i s t h e p u r p o s e o f t h e c o m m a n d N ET D OM ?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels. 1 5 . W h a t i s R EP A DM I N ?
This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. 1 6 . W h a t i s t h e p u r p o se o f t h e c o m m a n d r e p m o n ?
Replmon displays information about Active Directory Replication.
windows-administrator-l2-interview-question- | Interview
http://www.systemadministrator.in/Interview/windows-administrator-l2-in...
1 7 . H o w w i l l t a k e b a c k u p o f r e g i s t r y u s i n g N T B AC KU P ?
Using System State. 1 8 . E x p l a i n b r i e f l y a b o u t S u p e r S c op e .
Using a super scope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP server can: Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often called multinets. 19. Explain how client obtain I P address from DHCP Server?
It’s a four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d) acknowledgement. 20. Explain about SRV Record.
For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers. 21. What are the advantages of having RAID 5?
Strip set with Distributed Parity. Fault Torrance. 100% Data guarantee. 2 2 . H o w c l i e n t a r e g e t a u t h e n t i c a t e d w i t h A c t i v e D i r e c t o r y S er v e r ?
Using PDC Emulator roles involved in FSMO. If you create same user name or Computer name, AD through an error that the object already exists, Can you explain how AD identifies the existing object? Using RID Master roles involved in FSMO. 2 3 . H o w w i l l v e r i f y A c t i v e D i r e ct o r y s u c c e s s f u l i n s t a l l at i o n ?
Check DNS services and errors, check for domain name resolution, check for RPC, NTFRS, DNS and replication related errors 2 4 . G r o u p P o li c y f i l e e x t e n s i o n i n W i n d o w s 2 0 0 3 S e r v e r
*.adm files 25. What is Global Catalog?
Global Catalog is a server which maintains the information about multiple domains with trust relationship agreement. The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. 26. What is Active Directory schema?
The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object. 27. What is a site?
one or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network. 2 8 . W h a t i s t h e f i l e t h a t ’ s r e s p o n s i b l e f o r k e e p a l l A ct i v e D i r e c t o r y d a t a b a s e ?
Schema master. 2 9 . W h a t i s t h e n t d s . d i t f i l e d e f a u l t s i ze ?
40Mb 3 0 . W h a t ’ s t h e d i f f e r e n c e b e t w e e n l o c al , g l o b a l an d u n i v e r s a l g r o u p s ?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains. 3 1 . I a m t r y i n g t o c r e a t e a n e w u n i v e r s a l u s er g r o u p . W h y c a n ’t I ?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory. 32. W hat is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units. 3 3 . W h a t i s t h e c o m m a n d u s e d t o c h a n g e c om p u t e r n a m e , M ak e Cl i e n t M e m b e r o f D o m a i n ?
Using the command netdom
windows-administrator-l2-interview-question- | Interview
http://www.systemadministrator.in/Interview/windows-administrator-l2-in...
3 4 . D i f f e r e n c e b e t w e e n S I D a n d G UI D ?
A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems. 35. Explain FSMO in Details.
In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are: Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. D o m a i n n a m i n g m a s t er : The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest. I n f r a s t r u c t u r e M a s t e r : The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain. R el a t iv e I D ( R I D ) M a st e r : The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain. P D C E m u l a t o r : The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. 3 6 . W h i c h s e r v i c e i s r e s p o n s i b l e f o r r e p l i c a t i n g f i l e s i n S Y SV O L f o l d e r ?
File Replication Service (FRS) 37. Can you M ove FSMO roles?
Yes, moving a FSMO server role is a manual process, it does not happen automatically. But what if you only have one domain controller in your domain? That is fine. If you have only one domain controller in your organization then you have one forest, one domain, and of course the one domain controller. All 5 FSMO server roles will exist on that DC. There is no rule that says you have to have one server for each FSMO server role. 3 8 . W h a t p e r m i s s i on s y o u s h o u l d h a v e i n o r d e r t o t r a n s f e r a F S M O r o l e ?
Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to transfer: Schema Master - member of the Schema Admins group D o m a i n N a m i n g M a s t e r - member of the Enterprise Admins group P D C Em u l a t o r - member of the Domain Admins group and/or the Enterprise Admins group R I D M a s t e r - member of the Domain Admins group and/or the Enterprise Admins group I n f r a s t r u c t u r e M a s t er - member of the Domain Admins group and/or the Enterprise Admins group 3 9 . H o w t o r e s t o r e Gr o u p p o l i c y s e t t i n g b a c k t o d e f a u l t ?
The following command would replace both the Default Domain Security Policy and Default. Domain Controller Security Policy. You can specify Domain or DC instead of both, to onlyrestore one or the other.> dcgpofix /target: Both 4 0 . W h a t i s c a c h i n g o n l y D N S Se r v e r ?
When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any DNS domain. The information stored by caching-only DNS servers is the name resolution data that the server has collected through resolving name resolution queries. 4 1 . B y D e f a u l t h o w m a n y s h a r e s i n S YS VO L f o l d e r ?
By default, a share with the domain name will be there under the SYSVOL folder. Under the domain name share, two folders named Policies & Scripts will be there. 4 2 . Z o n e n o t l o a d ed b y D N S s e r v e r . H o w y o u t r o u b l e s h o o t ?
Need to check Zone Transfer is enabled for all DNS Servers. Also check the required Name Server has been added in the Authoritative Name Server Tab in DNS properties. 43. What is LDAP?
LDAP (lightweight directory access protocol) is a n internet protocol which Email and other services is used to look up information from the server. 44. What is ADSIEDIT?
windows-administrator-l2-interview-question- | Interview
http://www.systemadministrator.in/Interview/windows-administrator-l2-in...
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. 45. What are application partitions? When do I use them?
AN application directory partition is a directory partition that is replicated only to specific domain controller. Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundancy, availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest. 4 6 . H o w d o y o u c r e a t e a n e w a p p l i c a t i on p a r t i t i o n ?
Use the DnsCmd command to create an application directory partition. 4 7 . W h y W I N S se r v e r i s r e q u i r e d
Windows Internet Naming Service (WINS) is an older network service (a protocol) that takes computer names as input and returns the numeric IP address of the computer with that name or vice versa. 4 8 . W h a t i s t h e p u r p o s e of t h e c o m m a n d n t d s u t i l ?
To transfer or seize FSMO Roles. 4 9 . E x p l a i n F o r e st F u n c t i o n a l L e v e l i n W i n d o w s 2 0 0 3 S e r v e r . 5 0 . E x p l a i n D o m a i n F u n c t i o n a l Le v e l i n W i n d o w s 2 0 0 3 S e r v e r . 51. How w ill you extend schema database? 5 2 . W h a t i s t h e p u r p o s e of a d p r e p c o m m a n d ? 53. Briefly explain about netlogon? 54. What are forw arders in DNS server? 5 5 . E x p l a i n ab o u t r o o t h i n t s . 56. Explain types of DNS queries? 5 7 . H o w y o u w i l l d ef r a g m e n t A D D a t a b a s e?
Another Articles: Windows Administrator L1 Interview Question (2010-07-08) Desktop Administrator Interview Question (2010-04-30) HR Interview Questions (2009-11-30) Network Administrator Interview Questions (2009-11-30) Hardware Interview Questions (2009-11-30)
About Us |Blog | Contact Us | Gallery | Site Map Copyright © 2011 System Administrator. All Rights Reserved. Powered by V For U Technology.